Tag Archive for: gain

Microsoft warns users of a security bug that lets hackers gain control of their personal data

/in




background pattern: Microsoft warns users of a security bug that lets hackers gain control of their personal data

© Carlsen Martin
Microsoft warns users of a security bug that lets hackers gain control of their personal data

Microsoft has issued a warning to its Windows users informing them of an exploit through the PrintSpooler service called PrintNightmare. This vulnerability was discovered by three separate security agencies, namely Tencent, AFINE and NSFOCUS. It was reported by Bleeping Computer.

Seeing the exploit out in the wild, another Chinese company called Sangfor released a technical writeup of the exploit calling it PrintNightmare. Administrators have been advised to stop and disable the ‘PrintSpooler’ service as this seems to be the primary source of infection and allows threat actors access to servers connected via the service.

Microsoft’s 365 Defender customers already have access to a threat analysis report and mitigation guidelines that will help them combat the threat. As of now, Microsoft has not released an official patch for the threat.

Microsoft 365 Defender customers can also refer to the threat analytics report we published on this vulnerability. The report provides tech details, guidance for mitigating the impact of this threat, and advanced hunting queries, which are published here: https://t.co/tBunCJgn6W

— Microsoft Security Intelligence (@MsftSecIntel) July 2, 2021

The exploit seems to be present on all versions of Windows and while Microsoft investigates the issue, unofficial patches have been made available on Opatch till the Redmond software giant provides a fix.

We have our first patch candidates for PrintNightmare / CVE-2021-34527, which should be deployed (and applied) within hours. We’re starting with:

– Server 2019

– Server 2016

– Server 2012

As usual, all must have June updates applied for our micropatches to work.

— 0patch (@0patch) July 2, 2021

Source…

Security startup Verkada breached as hackers gain access to 150,000 camera feeds

/in


Verkada Inc., a Silicon Valley-funded security camera startup, has suffered a data breach with hackers reportedly able to gain access to 150,000 live camera feeds from companies, jails, police departments and schools.

The data breach was led by an “international hacker collective” and intended to show the ease with which systems could be broken into, a spokesperson for the collective Tillie Kottmann told Bloomberg today.

Kottmann has been linked to previous hacks in the past, including releasing data stolen from Intel Corp. in August. Kottmann said its reasons for hacking are “lots of curiosity, fighting for freedom of information and against intellectual property, a huge dose of anti-capitalism, a hint of anarchism – and it’s also just too much fun not to do it.”

The hack is claimed by Kottmann to be relatively simple. The hacking collective gained “Super Admin” level to Verkada’s system using a username and password found publicly on the internet. With access gained, they then accessed the entire company’s network, including root access to the cameras including those belonging to some customers.

Verkada, founded in 2016 and funded by venture capital firms including Sequoia Capital, counts among its customers Tesla Inc. and Cloudflare Inc., both of which had their security cameras compromised. Other security cameras compromised included those belonging to Equinox gyms, Halifax Health in Florida, a police station in Stoughton, Massachusetts, the Madison County Jail in Huntsville, Alabama, the Graham County detention center in Arizona and Sandy Hook Elementary School, the site of a mass shooting in 2012.

A representative for Verkada said in a statement that “we have disabled all internal administrator accounts to prevent any unauthorized access” and that “our internal security team and external security firm are investigating the scale and scope of this potential issue.”

“Verkada positions itself as a ‘more secure, scalable’ alternative to on-premises network video recorders,” Rick Holland, chief information security officer at digital risk protection software company Digital Shadows Ltd., told SiliconANGLE. “The Verkada intrusion…

Source…

Could this proof-of-concept ransomware gain traction among attackers?

/in


A developer published via GitHub a proof-of-concept (POC) ransomware program featuring strong compatibility with the post-exploitation tool Cobalt Strike, open-source coding, and extensionless encryption.

The author claims the program, dubbed Povlsomware, is designed to be an educational tool for testing anti-virus protections; however, it’s possible that cybercriminals could adopt and modify the code in order to launch their own attacks, warns Trend Micro, which detailed the ransomware in a new company blog post this week.

The good news is that Trend Micro researchers have not seen Povlsomware discussed among members of dark web cybercriminal discussion forums. And at least some experts said it’s unlikely the program will gain significant traction among prominent cybercriminal players due to a lack of malware support infrastructure.

Such assessments are important as the threat intelligence and cyber research community track the evolution and popularity of various malware programs in order to stay on top of the latest trends. But this news also leads to some interesting questions: What are the motivations for posting a POC ransomware program online? And when a new POC malware emerges, what are the factors that ultimately lead it to become successful or disappear?

The nature of the malware

“Povlsomware is a Ransomware Proof-of-Concept created as a ‘secure’ way to test anti-virus vendors claims of Ransomware Protection,’ states developer “PovlTekstTV” on his or her GitHub page. “Povlsomware does not destroy the system nor does it have any way of spreading to any network-connected computer and/or removable devices.”

Despite this disclaimer, Trend Micro expressed concern, noting some of the malware’s alluring features. First and foremost, it works well with the post-exploitation tool Cobalt Strike, which enables the program to perform in-memory loading and execution.

Without tools like Cobalt Strike, “security products will likely block such attacks and even restoration of encrypted files is possible, bringing the impact to somewhat on the low side, but only with the default code by itself,” said Don Ovid…

Source…

OnePlus 8 series plus Nord gain Android Enterprise Recommended certification – 9to5Google

/in

OnePlus 8 series plus Nord gain Android Enterprise Recommended certification  9to5Google
“android security news” – read more