Tag: Feb. | SpinSafe

Cyber Security Today, Feb. 16, 2024 – US takes down Russian botnet of routers

February 16, 2024/in Internet Security

U.S. takes down Russian botnet of routers.

Welcome to Cyber Security Today. It’s Friday, February 16th, 2024. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

American authorities have neutralized a botnet of hundreds of compromised small and home office routers that Russia’s military cyber unit used for attacks. This threat actor is called different names by cybersecurity researchers such as APT28, Fancy Bear and Forrest Blizzard. The compromised devices were Ubiquiti Edge routers whose owners didn’t change the default administrator passwords. The Justice Department said it got court permission to command the malware controlling the devices to delete stolen and malicious files on the routers. Remote management access was also disabled to give the router owners time to mitigate the compromise and reassert full control. However, if owners and administrators don’t change the default password on their Ubiquiti Edge routers they’ll be open to compromise even after a factory reset of the devices. That, of course, is true for any internet-connected device.

This was the second time in two months the U.S. has disrupted state-sponsored hackers launching cyber attacks from compromised American routers.

Also on Thursday the U.S. offered a US$10 million reward for information leading to the identification or location of leaders of the AlphV/BlackCat ransomware operation. Up to US$5 million is also available for information leading to the arrest or conviction of anyone participating in a ransomware attack using this variant. In December the U.S. and several countries said they are going after this gang. As part of that operation a decryptor for this strain of ransomware was released for victims to use. This week the AlphV gang listed Canada’s Trans-Northern Pipleline as one of its victims. The company said the attack happened last November.

ESET has issued patches for several of its server, business and consumer security products for Windows. These include ESET File Security for Microsoft Azure, ESET Security for SharePoint Server, Mail Security for IBM Domino and for Exchange Server and consumer products such…

Source…

Cyber Security Today, Feb. 24, 2023 – Holes in open source software, ransomware gang tries to evade cyber insurers and more

February 24, 2023/in Internet Security

Holes in open source software, ransomware gang tries to evade cyber insurers and more

Welcome to Cyber Security Today. It’s Friday, February 24th, 2023. I’m Howard Solomon, contributing reporter on cybersecurity for ITWorldCanada.com and TechNewsday.com in the U.S.

Creators of open-source projects still aren’t doing enough to ensure their code is squeaky clean. Researchers at Synopsys released their annual Open Source Security and Risk Analysis report this week, which looked at 1,700 audits of commercial and proprietary software. And the results weren’t pretty. Eighty-four per cent of the codebases examined had at least one known open source vulnerability. That’s up four per cent from last year. Here’s something else: Of the 1,480 audited codebases that included risk assessments by corporate owners of the software, 91 per cent contained outdated versions of open-source components. Developers of applications and IT departments that buy them need to have complete visibility of their software, says Synopsys. It helps for developers to create and buyers to demand a software bill of goods, the company adds.

Hackers have created a new class of bugs that get around the security protection of iPhones,iPads and Macs. Researchers at Trellix found the malware could evade protections preventing unapproved software running on the macOS and iOS operating systems. Normally this would be a significant breach of the Apple security model. However, the vulnerabilities were addressed with the recent releases of macOS 13.2 and iOS 16.3. Which is why you should have installed them by now.

The HardBit ransomware gang has a new tactic for dealing with corporate victims: Rather than haggling over payment to get access to encrypted data back, organizations are asked to go behind the backs of their insurers and divulge details of their cyber insurance policies (if they have one). Then the payment demanded will just be the maximum under the coverage. It’s pitched as a deal: If the gang knows you are insured only for, say $10 million, it promises not to demand more than $10 million.

A Russian citizen has been extradited to the U.S. from the republic of Georgia to face computer fraud and…

Source…