Tag: Fixing | SpinSafe

Fixing American Cybersecurity is Harder than it Looks

March 28, 2023/in Internet Security

BOOK REVIEW: Fixing American Cybersecurity: Creating a Strategic Public-Private Partnership

by Larry Clinton, Editor / Georgetown University Press

Reviewed by Glenn S. Gerstell

The Reviewer – Glenn S. Gerstell is a Cipher Brief Expert and Senior Adviser at the Center for Strategic & International Studies. He served as the General Counsel of the National Security Agency and Central Security Service from 2015 to 2020 and writes and speaks about the intersection of technology and national security and privacy.

REVIEW — A book describing the difficulty of keeping up with the pace of digital innovation can itself fall victim to that very problem.

This isn’t to say that Fixing American Cybersecurity isn’t an excellent and useful book. It is just that – a thoughtful, well-researched, crisply organized, carefully resourced and insightful description of our current state of cyber insecurity.

Edited and partly co-authored by Larry Clinton, the highly regarded head of the Internet Security Alliance, the book comprises two parts.

The first is a perceptive and intelligent analysis of the American approach to cybersecurity, contrasting it with that of the People’s Republic of China; the second (written mostly by top-notch corporate CISO’s) is a sector-by-sector discussion of the state of cyber vulnerabilities and the mitigations employed in the health, defense, financial services, energy, retail, telecommunications and information technology industries.

Clinton’s starting observation is “[w]e are losing the fight to secure cyberspace, and losing it badly.” He blames this on our historical approach to cybersecurity:

“The US cybersecurity effort over the past thirty years largely comes down to a series of modest, disjointed, incremental tactics. Unlike the Chinese, we have not operated from a thoughtful, comprehensive strategy that appreciates the extent of the impact digitalization has on everything and leverages our economic advantages, technical expertise and political philosophy in a pragmatic effort to secure our nation.”

Stay on top of what’s top of mind for cyber experts from the public and private sectors by subscribing to The Cyber Initiatives Group…

Source…

Fixing macOS Cannot Verify That This App is Free from Malware

February 28, 2023/in Computer Security

A rather common error crops up when you try to run apps that aren’t from the Mac App Store. “macOS cannot verify that this app is free from malware” displays when you try to certain third-party applications. These apps, downloaded from outside the Mac App Store, are typically by developers who don’t register their apps with Apple. Unfortunately, even perfectly safe apps occasionally experience difficulties passing the security checks done by the macOS Gatekeeper security framework.

Nonetheless, our team found a fix for you. Follow along as we show you how to allow the app to run anyways. Yes, you can bypass and fix the “macOS cannot verify that this app is free from malware” error.

What Does Does the Message That macOS Cannot Verify That This App Is Free from Malware Mean?

Gatekeeper is a security technology included in macOS that helps guarantee only trustworthy software is allowed to run on a user’s Mac.

When a user downloads and opens an app, plug-in, or installation package from a source other than the App Store, Gatekeeper performs a check to ensure that the program is from an identified developer. It also ensures the program has not been changed, and is notarized by Apple to be free of known dangerous material.

However, when these checks fail, you get an error that “macOS cannot verify that this app is free from malware.” When you attempt to install a third-party application from the Internet, Gatekeeper will not be able to confirm that the application does not include any forms of malicious software.

For example, a commonly used tool for debugging iOS, Android and React Native apps will throw such an error when you first try to run it.

“Flipper” cannot be opened because the developer cannot be verified.

macOS cannot verify that this app is free from malware.

How Do You Fix macOS Cannot Verify That This App Is Free from Malware?

It’s no surprise that there are dangers involved with running apps from unverified publishers. But if you trust the publisher or have the expertise to mitigate those risks, then you are free to open and install any program you wish.

Time needed: 1 minute.

To bypass Gatekeeper’s checks and install or run the app…

Source…

Emotet malware infects users again after fixing broken installer

April 25, 2022/in Computer Security

Emotet

The Emotet malware phishing campaign is up and running again after the threat actors fixed a bug preventing people from becoming infected when they opened malicious email attachments.

Emotet is a malware infection distributed through spam campaigns with malicious attachments. If a user opens the attachment, malicious macros or scripts will download the Emotet DLL and load it into memory.

Once loaded, the malware will search for and steal emails to use in future spam campaigns and drop additional payloads such as Cobalt Strike or other malware that commonly leads to ransomware attacks.

Buggy attachments broke the Emotet campaign

Last Friday, the Emotet malware distributors launched a new email campaign that included password-protected ZIP file attachments containing Windows LNK (shortcut) files pretending to be Word documents.

**Current Emotet phishing email example**
*Source: Cofense*

When a user double-clicked on the shortcut, it would execute a command that searches the shortcut file for a particular string that contains Visual Basic Script code, appends the found code to a new VBS file, and executes that VBS file, as shown below.

Emotet shortcut commands from Friday's campaign — **Emotet shortcut commands from Friday’s campaign**
*Source: BleepingComputer*

However, this command contained a bug as it used a static shortcut name of ‘Password2.doc.lnk,’ even though the actual name of the attached shortcut file is different, like ‘INVOICE 2022-04-22_1033, USA.doc’.

This caused the command to fail, as the Password2.doc.lnk file did not exist, and thus the VBS file was not created, as explained by the Emotet research group Cryptolaemus.

#emotet Update – As of the last few hours Ivan is running some tests on E4 to try to bypass detection by appending a VBS at the end of an LNK file in a zip. The LNK when launched will find a string in itself and then copy the remainder from that string after to a VBS file. 1/x https://t.co/pEcOWdbfOa

— Cryptolaemus (@Cryptolaemus1) April 22, 2022

Cryptolaemus researcher Joseph Roosen told BleepingComptuer that Emotet shut down the new email campaign at approximately 00:00 UTC on Friday after discovering that the bug was preventing users from becoming infected.

Unfortunately, Emotet fixed the bug today…

Source…

Kaseya was fixing zero-day just as REvil ransomware sprung their attack

July 4, 2021/in Internet Security

REvil

The zero-day vulnerability used to breach on-premise Kaseya VSA servers was in the process of being fixed, just as the REvil ransomware gang used it to perform a massive Friday attack.

The vulnerability had been previously disclosed to Kaseya by security researchers from the Dutch Institute for Vulnerability Disclosure (DIVD), and Kaseya was validating the patch before they rolled it out to customers.

However, in what can only be seen as a case of bad timing, the REvil ransomware gang beat Kaseya and used the same zero-day to conduct their Friday night attack against managed service providers worldwide and their customers.

“After this crisis, there will be the question of who is to blame. From our side, we would like to mention Kaseya has been very cooperative. Once Kaseya was aware of our reported vulnerabilities, we have been in constant contact and cooperation with them. When items in our report were unclear, they asked the right questions,” said DIVD Victor Gevers in a blog post today.

“Also, partial patches were shared with us to validate their effectiveness. During the entire process, Kaseya has shown that they were willing to put in the maximum effort and initiative into this case both to get this issue fixed and their customers patched.”

“They showed a genuine commitment to do the right thing. Unfortunately, we were beaten by REvil in the final sprint, as they could exploit the vulnerabilities before customers could even patch.”

Kaseya has confirmed with BleepingComputer that they are working closely with DIVD.

Little is known about the zero-day

The zero-day Kaseya vulnerability was discovered by DIVD researcher Wietse Boonstra and was assigned the CVE-2021-30116 identifier.

When questioned regarding how REvil learned of the vulnerability as it was being fixed, Gevers indicated in a tweet that the vulnerability was simple to exploit.

If I would show you the PoC, you would know how and why. Instantly.

— Victor Gevers (@0xDUDE) July 4, 2021

Gevers told BleepingComputer that the vulnerability disclosure was “within the industry-standard time for coordinated vulnerability disclosure,” and they would provide more information in a future advisory.

In our queries to…

Source…

Tag Archive for: Fixing

What Does Does the Message That macOS Cannot Verify That This App Is Free from Malware Mean?

How Do You Fix macOS Cannot Verify That This App Is Free from Malware?

Buggy attachments broke the Emotet campaign

Little is known about the zero-day