Tag: Researcher | Page 4

FBI email servers were hacked to target a security researcher

November 13, 2021/in Computer Security

The FBI appears to have been used as a pawn in a fight between hackers and security researchers. According to Bleeping Computer, the FBI has confirmed intruders compromised its email servers early today (November 13th) to send fake messages claiming recipients had fallen prone to data breaches. The emails tried to pin the non-existent attacks on Vinny Troia, the leader of dark web security firms NightLion and Shadowbyte.

The non-profit intelligence organization Spamhaus quickly shed light on the bogus messages. The attackers used legitimate FBI systems to conduct the attack, using email addresses scraped from a database for the American Registry for Internet Numbers (ARIN), among other sources. Over 100,000 addresses received the fake emails in at least two waves.

The FBI described the hack as an “ongoing situation” and didn’t initially have more details to share. It asked email recipients to report messages like these to the bureau’s Internet Crime Complaint Center or the Cybersecurity and Infrastructure Security Agency. Troia told Bleeping Computer he believed the perpetrators might be linked to “Pompomourin,” a persona that has attacked the researcher in the past.

Feuds between hackers and the security community aren’t new. In March, attackers exploiting Microsoft Exchange servers tried to implicate security journalist Brian Krebs using a rogue domain. However, it’s rare that they use real domains from a government agency like the FBI as part of their campaign. While that may be more effective than usual (the FBI was swamped with calls from anxious IT administrators), it might also prompt a particularly swift response — law enforcement won’t take kindly to being a victim.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.

Source…

What’s it like to work as a malware researcher? 10 questions answered

November 3, 2021/in Mobile Security

Three ESET malware researchers describe what their job involves and what it takes to embark on a successful career in this field

Just days ago, we looked at how you can jump-start your career in the broader field of cybersecurity, leveraging insights from ESET security researchers with decades of experience under their belts. Since today is Antimalware Day, a day when we recognize the work of security professionals, we thought it apt to ask a trio of ESET malware researchers to ‘pick up the baton’ and share their thoughts and experiences about what their daily tasks involve.

Perhaps solving riddles is your thing? Have an inquisitive mind that thrives on new knowledge? Or you’re already contemplating carving out a career in the fight against cybercrime, but aren’t quite sure if you’re cut out for it? Or ‘just’ appreciate the fine work of malware researchers and wonder why they chose this career path?

Whatever the reason (perhaps a little bit of everything?), you need look no further than our Q&A with ESET’s Lukas Stefanko, Fernando Tavella and Matías Porolli to learn what the job of an expert in deconstructing malicious software is like.

First off, how did you get into malware analysis/research?

Lukas: It all started when I became more familiar with software reverse engineering and tried to understand how a piece of software works and behaves without having access to its source code. From there, curiosity took me further to gain an understanding how malicious software works, what its purpose is, how it communicates, and so on. It was a new experience that I hugely enjoyed – and still do!

Fernando: Most of all, I always liked the research part, whether it was focused on security or other activities. But after I actually started to work in security I realized that I liked reverse engineering best. This was because of its complexity and general allure, and so I started participating in capture-the-flag competitions (CTFs) and dived into various related topics. At one point, I came across a piece of malware and realized just how interesting it is…

Source…

Researcher Claims N-able Guideline Exposes MSPs to Security Risk

October 30, 2021/in Computer Security

N-able says only a small number of MSPs are at risk.

Fundamental Cyber says N-able, the spinoff of SolarWinds’ MSP business, is undoing Microsoft’s built-in protections

According to the Sweden-based company, N-able is recommending MSPs eliminate security safeguards, therefore exposing them to potentially devastating cyberattacks.

Fundamental Cyber is not a Solarwinds or N-able competitor. It just came across the N-able security flaws while conducting research.

In the aftermath of last year’s massive supply chain attack, SolarWinds said it was beefing up its security to better protect itself and its customers.

Sudhakar Ramakrishna is SolarWinds’ president and CEO. Back in March, he had this to say:

SolarWinds’ Sudhakar Ramakrishna

“We’ve added a level of security and review through tools, processes, automation and, where necessary, manual checks around our product development processes that we believe goes well beyond industry norms to ensure the integrity and security of all of our products. We firmly believe that the Orion software platform and related products, as well as all of our other products can be used by our customers without risk of the Sunburst malicious code.”

However, Fundamental Cyber’s research claims N-able‘s guidelines around Workgroup environments are putting MSPs at risk.

Fundamental Cyber assists companies with data protection, privacy law compliance and incident reporting.

David Williams is co-founder of Fundamental Cyber.

Fundamental Cyber’s David Williams

“The big picture is that N-able, which is meant to protect you, meant to protect your company, to add another level of protection, is actually undoing all of the built-in protection,” he said. “So they’re taking the most fundamental things that Microsoft puts there and disabling them, and then they’re using all the worst practices, like not just sharing a password and a username, but actually setting all of the computers at an administrator level. So they all have the power to do a lot of harm.”

Lewis Pope is head security nerd for N-able.

“As a documented best practice, N-able advises MSPs deploy agents directly to each workstation rather than use probes in…

Source…

Fortinet Security Researcher Discovers Multiple Vulnerabilities in Adobe Illustrator

October 29, 2021/in Internet Security

FortiGuard Labs Threat Research Report

Affected platforms: Windows
Impacted parties: Users of Adobe Illustrator 2021, versions 25.4.1 and earlier
Impact: Multiple Vulnerabilities leading to Arbitrary Code Execution, Memory Leak and Application Denial of Service
Severity level: Critical

In August of 2021, I discovered and reported multiple zero-day vulnerabilities in Adobe Illustrator to Adobe, Inc. On Tuesday, October 26, 2021, Adobe released several security patches that fixed these vulnerabilities. They are identified as CVE-2021-40718, CVE-2021-40746, CVE-2021-40747, CVE-2021-40748 and CVE-2021-40749. All these vulnerabilities have similar root causes related to a single Illustrator Plugin. We suggest users apply the Adobe patches as soon as possible.

Following are some details on these vulnerabilities. More information can be found on the related Fortinet Zero Day Advisory pages by clicking on the CVE links, below:

CVE-2021-40718:

This is a Memory Leak vulnerability that exists in the decoding of AutoCAD Drawing ‘DWG’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file, which causes an Out of Bounds Read memory access due to an improper bounds check.

Attackers can exploit this vulnerability for unintended memory reads, potentially leading to a memory data leak.

Fortinet previously released IPS signature Adobe.Illustrator.CVE-2021-40718.Memory.Leak for this specific vulnerability to proactively protect our customers.

CVE-2021-40746:

This is an Arbitrary Code Execution vulnerability that exists in the decoding of AutoCAD Drawing ‘DWG’ files in Adobe Illustrator. Specifically, the vulnerability is caused by a malformed DWG file, which causes an Out of Bounds memory access due to an improper bounds check.

Attackers can exploit this vulnerability to execute arbitrary code within the context of the application via a crafted DWG file.

Fortinet previously released IPS signature…

Source…

Tag Archive for: Researcher