Posts

Hackers want millions in ransom. American schools are considering the cost.

Protect yourself from online attacks that threaten your identity, your files, your system, and your financial well-being.


The ransomware attack on her daughter’s school was the last thing Glynnis Sanders needed.

Like most parents, Sanders has been performing a daily juggling act. When she’s not teaching special education classes at Buffalo Public Schools, she and her husband are usually making sure their three kids are attending their remote classes.

So it hit hard when hackers struck the school of her youngest daughter in early March, the Friday before she was supposed to finally return to in-person learning twice a week.

“It’s very frustrating. You think, how could this happen? You wonder if your information is secure,” Sanders said. “It’s just the headache of Covid as it is, and it’s adding to the stress of the school year. Like what else could happen?”

The hackers infected Buffalo’s schools with malicious code that spidered through their networks, freezing computers and making it impossible for teachers to reach their students who were working remotely because of the pandemic. They demanded a ransom to make it go away.

School officials canceled remote classes for the day while they figured out what to do. They would end up needing more than a week to resume their planned class schedule. A single infection of a school district can affect dozens or hundreds of schools: Buffalo counts 63 individual schools and learning systems.

In public statements, Buffalo Public Schools referred to what happened broadly as a “cybersecurity attack.” But it wasn’t a mindless act of internet vandalism. Buffalo had become the latest in a long spree of ransomware attacks, a type of hack where malicious software locks as many related computers as possible, rendering files inaccessible in an attempt to coerce victims to pay up.

Image: Libby March for NBC News Glynnis Sanders, a parent with children in the Buffalo school system, on April 2, 2021. (Libby March / NBC News)

Image: Libby March for NBC News Glynnis Sanders, a parent with children in the Buffalo school system, on April 2, 2021. (Libby March / NBC News)

The attack underscores how a once obscure form of cybercrime now preys on Americans almost daily. While some ransomware gangs spend months targeting large businesses in hopes of a giant payday, many also go after institutions that don’t have dedicated cybersecurity staff or expensive cybersecurity contracts to better protect them from…

Source…

[Webinar] Risky Business – Protecting Your Data From Hackers? – April 21st, 11:30 am – 1:00 pm CDT | Association of Certified E-Discovery Specialists (ACEDS)

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


Paul Price

Paul Price
Vice President, Forensic Services
Xact Data Discovery

Paul Price is the Vice President, Forensic Services at Xact Data Discovery, where he manages the firm’s technical operations in areas of digital forensics and cyber security. In addition to supervising forensic examiners, he maintains an active case load and conduct digital forensic investigations for civil litigation, criminal matters, internal investigations, and cyber security efforts.

Prior to entering the private sector as a consultant, Mr. Price gained invaluable experience and training as a law enforcement officer, where he received certification as a Computer Forensic Examiner. Over the course of his career, Mr. Price has conducted, assisted, or supervised over 1000 forensic exams for local, state, and federal law enforcement agencies as well as law firms, corporations, and private individuals. His law enforcement background includes specialized assignments in Financial Crimes Investigation, Crime Scene, Computer Forensics, and Counterterrorism. Paul spent the last five years of his law enforcement career on assignment with the FBI working National Security matters and held a TS/SCI security clearance.

Mr. Price has worked on several high-profile engagements around the globe including cases dealing with Intellectual Properties, Trade Secrets, Bankruptcy, Embezzlement, Fraud, Commercial Litigation, Family Law, and Criminal matters. His work requires him to identify, preserve, analyze, and document electronically stored information (ESI) from computers, servers, mobile devices, VOIP systems, and many other sources of ESI for the purposes of evidentiary or root cause analysis. Mr. Price has been recognized and testified as a forensic expert in legal proceedings pending in both State and Federal courts.

Source…

CS:GO hackers can inject malware to steal passwords; Valve yet to fix the vulnerability

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


A new vulnerability related to CS:GO has come to light, as The Secret Club, a not-for-profit reverse-engineering group, tweeted about a security flaw in CS:GO, which hackers can use to run programs on a user’s system.

This potentially means hackers can steal skins and passwords and inject malware into a CS:GO player’s system using the flaw, which is technically called a remote code execution flaw.

Two years ago, The Secret Club members discovered this vulnerability in Valve’s game and let Valve know about it through a bug-bounty platform called HackerOne.

Valve is a customer of HackerOne, which provides cybersecurity solutions to many more big companies, like Uber, Goldman Sachs, and Nintendo, to name a few.


Hackers can exploit CS:GO’s critical security flaw to breach user’s systems

From what is implied from different reputed sources, the ethical hackers are under a non-disclosure agreement with the HackerOne platform, which deters them from disclosing the vulnerability to the public.

As can be made out of the videos in the tweets of the Secret Club, hackers can use Steam invites to access a user’s system utilizing a remote code execution flaw that affects all source engine games, which includes CS:GO, Titanfall 1, Titanfall 2, Apex Legends, etc.

This is one of the first vulnerabilities that the Secret Club reported, and this was two years ago. To be precise, it was Florian from the Secret Club, and needless to say, this is still to be fixed from the side of Valve.

In a second tweet on…

Source…

PHP Team Averted a Supply Chain Attack After Hackers Compromised Their Self-Hosted Git Server and Inserted a Backdoor

Opt-in to Cyber Safety. Multiple layers of protection for your devices, online privacy and more.


The PHP programming language maintainers averted a software supply chain attack when unknown threat actors compromised the self-managed Git server and inserted a backdoor.

The malicious commits were made on May 28, 2021 to a Git repository of a still-in-development version of PHP.

However, PHP contributors Markus Staab, Jake Birchallf, and Michael Voříšek noticed the changes during the post-commit code review.

Supply chain attack targeted Zlib library, turned PHP into a remote web shell

The supply chain attack targeted any server that uses PHP ZLib compression when sending data. Most servers use this functionality on almost all content except images and archives that are already size optimized.

The supply chain attack would have turned PHP into a remote web shell through which the attackers could execute any command without authentication. This is because the malicious attackers would have the same privileges as the web server running PHP.

The backdoor is triggered at the start of a request by checking if the request contains the word “zerodium.” If this condition was met, PHP executes the code in the “User-Agentt” request header.

The header closely resembles the PHP “User-Agent” request for checking for browser properties.

The rest of the request would thus be treated as a command that could be executed on a PHP server using the server’s privileges. This would allow the hackers to run any arbitrary command without the need for further privileges.

Zerodium, the company mentioned in the hack, is a vulnerability broker that buys zero-day vulnerabilities and sells them to government agencies. However, it denied any involvement in the PHP Git server compromise.

Zerodium CEO Chaouki Bekrar accused the researchers of introducing the backdoor and trying to sell it, only to disclose the vulnerability after failing to secure buyers. However, the accusation is preposterous given the lifetime of the backdoor.

The malicious commits were pushed using Rasmus Lerdorf, the PHP project author, and Nikita Popov, a major PHP contributor working at JetBrains names. The attackers described the commits as intended to fix typo on…

Source…