Tag Archive for: Worst

Security experts scramble to fix ‘worst possible’ computer bug, known as Log4Shell, on MILLIONS of servers

/in


Security experts around the world are racing to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software.

“I’d be hard-pressed to think of a company that’s not at risk,” said Joe Sullivan, chief security officer for Cloudflare, whose online infrastructure protects websites from malicious actors.

In the video above, details of how hackers almost shut down to Queensland power stations

Untold millions of servers have it installed, and experts said the fallout would not be known for several days.

New Zealand’s computer emergency response team was among the first to report that the flaw in a Java-language utility for Apache servers used to log user activity was being “actively exploited in the wild” just hours after it was publicly reported on Thursday and a patch released.

The vulnerability, dubbed ‘Log4Shell,’ was rated 10 on a scale of one to 10, the worst possible.

Anyone with the exploit can get full access to an unpatched machine.

Security experts around the world are racing to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software.
Security experts around the world are racing to patch one of the worst computer vulnerabilities discovered in years, a critical flaw in open-source code widely used across industry and government in cloud services and enterprise software. Credit: vchal/Getty Images/iStockphoto

“The internet’s on fire right now,” said Adam Meyers, senior vice president of intelligence at the cybersecurity firm Crowdstrike.

“People are scrambling to patch and there are script kiddies and all kinds of people scrambling to exploit it.

“In the last 12 hours it has been fully weaponised.”

Chevron Right Icon

In the last 12 hours it has been fully weaponised

The vulnerability in the Apache Software Foundation module was discovered on November 24 by the Chinese tech giant Alibaba, the foundation said.

Meyers expected computer emergency response teams to have a busy weekend trying to identify all impacted machines.

The hunt is complicated by the fact that affected software can be in programs provided by third parties.

Log4Shell’s link to Microsoft

The flaw’s exploitation was apparently first discovered in Minecraft, an online game…

Source…

Expert says N.L. cyberattack worst in Canadian history, deserves federal response – National

/in


The cyberattack that knocked down Newfoundland and Labrador’s health system data centres Saturday is a national security issue and should be treated as such by Ottawa, security experts say.

David Shipley, chief executive officer of Beauceron Security in New Brunswick, called the attack the worst in Canadian history. Similar attacks have targeted individual hospitals or more general government services in the country, but the extent and the consequences for human health make the Newfoundland and Labrador situation stand out, Shipley said.

“We’ve never seen an entire health network – multiple health networks – taken down like this,” the cybercrime expert said in an interview Wednesday. “This is not just a Newfoundland story, it’s not just a health-care story. This is a national story, and it’s about national security.”

Read more:
Cyberattacks are on the rise and prevention is nearly impossible, security experts say

Story continues below advertisement

On Thursday, there were some signs of recovery from the attack, as the province’s eastern health authority announced its email system was working again. “We are working to bring our health-care and clinical systems back online in a safe and controlled manner,” the authority said in a news release.

In the provincial legislature, the Opposition Progressive Conservatives questioned why Liberal Premier Andrew Furey hadn’t come home from the COP26 climate change conference in Scotland to address the crisis instead of writing on Twitter about “the challenging time” for the province.

“Please know our world-class teams are dedicated to getting things up and running as soon as possible, and I remain focused on this issue,” Furey wrote.

The attack was first discovered Saturday, affecting what Health Minister John Haggie described as the “two brains” behind the provincial health network’s data centre. Without access to such things as basic email, diagnostic images and lab results, the eastern health authority – which includes several major hospitals in St. John’s – was left operating largely with pen and paper and running only emergency services.

Thousands…

Source…

Expect The Best, But Prepare For The Worst: 5 Practical Steps To Take Before A Ransomware Attack – Technology

/in



United States:

Expect The Best, But Prepare For The Worst: 5 Practical Steps To Take Before A Ransomware Attack

24 April 2021


Lewis Brisbois Bisgaard & Smith LLP


To print this article, all you need is to be registered or login on Mondaq.com.

Last month, we wrote about steps to take after experiencing a
ransomware event. This month, as ransomware events continue to
grow in number and severity, we now share the following five
practical tips to implement before a ransomware event.
These tips should help you bolster your defenses and reduce the
havoc a ransomware attack can have on your business. 

1. Obtain Cyber Insurance

Obtain cyber insurance to protect yourself from potentially
devastating losses associated with a ransomware attack. In addition
to the financial peace of mind cyber insurance provides, your cyber
insurance carrier will be your first point of contact should your
business ever experience a ransomware attack. Your cyber insurance
carrier can connect you to the appropriate resources and experts to
assist you in responding to an attack. But please make sure that
you obtain adequate cyber insurance coverage, or else the
exceptionally high costs associated with a ransomware attack may
quickly make inadequate cyber insurance coverage feel like no cyber
insurance coverage at all. 

2. Use Off-Site Backups

Off-site backups are an effective way to recover from a
ransomware attack and restore operations if a ransomware attack
encrypts your on-site data. Ensure that your off-site…

Source…

A ‘Worst Nightmare’ Cyberattack: The Untold Story Of The SolarWinds Hack

/in


“This release includes bug fixes, increased stability and performance improvements.”

The routine software update may be one of the most familiar and least understood parts of our digital lives. A pop-up window announces its arrival and all that is required of us is to plug everything in before bed. The next morning, rather like the shoemaker and the elves, our software is magically transformed.

Last spring, a Texas-based company called SolarWinds made one such software update available to its customers. It was supposed to provide the regular fare — bug fixes, performance enhancements — to the company’s popular network management system, a software program called Orion that keeps a watchful eye on all the various components in a company’s network. Customers simply had to log into the company’s software development website, type a password and then wait for the update to land seamlessly onto their servers.

The routine update, it turns out, is no longer so routine.

Hackers believed to be directed by the Russian intelligence service, the SVR, used that routine software update to slip malicious code into Orion’s software and then used it as a vehicle for a massive cyberattack against America.

“Eighteen thousand [customers] was our best estimate of who may have downloaded the code between March and June of 2020,” Sudhakar Ramakrishna, SolarWinds president and CEO, told NPR. “If you then take 18,000 and start sifting through it, the actual number of impacted customers is far less. We don’t know the exact numbers. We are still conducting the investigation.”

On Thursday, the Biden administration announced a roster of tough sanctions against Russia as part of what it characterized as the “seen and unseen” response to the SolarWinds breach.

NPR’s months-long examination of that landmark attack — based on interviews with dozens of players from company officials to victims to cyber forensics experts who investigated, and intelligence officials who are in the process of calibrating the Biden administration’s response — reveals a hack unlike any other, launched by a sophisticated adversary who took aim at a soft underbelly of digital life: the routine software update.

By design,…

Source…