Tag Archive for: operating

Apple patches operating systems due to ‘no click’ spyware exploit

/in


In mid-September, Apple was forced to issue an emergency security update for its iPhone, iPad, Mac, and Watch operating systems after being alerted to a “no click” exploit allegedly tied to the Pegasus surveillance software distributed by the Israeli company NSO Group.

The Citizen Lab, a Canadian human rights and security advocacy group, alerted Apple to the exploit, dubbed FORCEDENTRY. The exploit targeted Apple’s image rendering library, which was found on the phone of a Saudi activist that Citizen Lab examined back in March. The exploit uses “maliciously crafted” PDF files that could lead to “arbitrary code execution,” Apple said in a security bulletin .

The “no click” designation by Citizen Lab means Apple users don’t need to open the PDF sent to them for the spyware to infect their devices. Instead, Pegasus gives attackers “virtually unfettered access to the victim’s device, where it can monitor messages, listen in on calls, activate the camera, and more,” said Daniel Markuson, a digital privacy expert at NordVPN .

The Citizen Lab spearheaded recent reporting on the NSO Group’s surveillance software, with news stories in July saying the company’s military-grade Pegasus product had been used to spy on business executives, journalists, human rights advocates, and government officials. NSO Group has disputed the reporting, saying it sells the software to governments to fight crime and terrorism.

But with some NSO customers using the software to spy on other people, several security experts urged Apple users to update their devices immediately.

“These new accusations bring a heightened sense of concern among privacy activists that no smartphone user, even those using software like WhatsApp or Signal, is safe from their privacy being infringed upon,” Markuson told the Washington Examiner. “Cyber-tech surveillance can be a real threat from both individuals and institutions, and this situation with NSO Group is only bringing this long-lasting issue into the limelight.”

Pegasus illustrates the importance of comprehensive mobile security efforts at an organization, added Hank Schless, senior…

Source…

Microsoft warns about security flaw in its operating system

/in


The company asks its users to update their PC immediately to prevent access by hackers.

Entrepreneur en EspañolEntrepreneur.com

Microsoft released a security warning for users who have Windows 10 and Windows 7 operating systems who are asked to update their PCs as soon as possible. Researchers at the cybersecurity company Sangrof found a vulnerability in the system that they named PrintNightmare . The flaw is in the Windows Print Spooler program , an application that allows you to connect your computer to a printer.

The researchers who discovered the flaw accidentally posted instructions on how to attack this app. The data was posted on Twitter last week, and despite being deleted shortly thereafter, the information was already on many other websites. Microsoft warns that cybercriminals who know how to use this information are facilitated to carry out “remote code with elevation of system privileges” , this allows access to private information, install programs or change user accounts.


The update will install a security patch on PCs. Although the company had said it would not release new updates for Windows 7, it will also be available for the old operating system. The new update will also install protection and fixes to past issues.

These are the steps to follow to install the update:


  1. Go to “Settings” on your PC

  2. Enter “Update and security”

  3. Choose the option “Windows Update”

  4. Once there, the available updates will appear

  5. Click on “Install now”

  6. When installed, restart computer.

Copyright 2021 Entrepreneur.com Inc., All rights reserved

This article originally appeared on entrepreneur.com

Written By

Entrepreneur en Español

Source…

Chief Operating Officer of network security company charged with cyberattack on Gwinnett Medical Center | USAO-NDGA

/in


ATLANTA – Vikas Singla has been arraigned on charges arising out of a cyberattack conducted on Gwinnett Medical Center in 2018. Singla was indicted by a federal grand jury on June 8, 2021.

“Cyberattacks that target important infrastructure, like healthcare, pose a serious threat to public health and safety,” said Acting U.S. Attorney Kurt R. Erskine. “In this case, Singla allegedly compromised Gwinnett Medical Center’s operations in part for his own personal gain.”

“Criminal disruptions of hospital computer networks can have tragic consequences,” said Acting Assistant Attorney General Nicholas L. McQuaid of the Justice Department’s Criminal Division. “The department is committed to holding accountable those who endanger the lives of patients by damaging computers that are essential in the operation of our healthcare system.”

“This cyberattack on a hospital not only could have had disastrous consequences, but patient’s personal information was also compromised,” said Chris Hacker, Special Agent in Charge of FBI Atlanta. “The FBI and our law enforcement partners are determined to hold accountable, those who allegedly put peoples health and safety at risk while driven by greed.”

According to Acting U.S. Attorney Erskine, the indictment, and other information presented in court: Vikas Singla, the Chief Operating Officer of a metro-Atlanta network security company that served the healthcare industry, allegedly conducted a cyberattack on Gwinnett Medical Center that involved:

  • Disrupting phone service,
  • Obtaining information from a digitizing device, and
  • Disrupting network printer service.

The indictment further alleges that the cyberattack was conducted, in part, for financial gain. 

Vikas Singla, 45, of Marietta, Georgia, made his initial appearance before U.S. Magistrate Judge Linda T. Walker.  Singla was charged with 17 counts of intentional damage to a protected computer and one count of obtaining information from a protected computer. Members of the public are reminded that the indictment only contains charges. The defendant is presumed innocent of the charges and it will be the government’s burden to prove the defendant’s guilt beyond a…

Source…

G Data Internet Security 2014 review

/in