Forgot your password?
Close
typodupeerror

Submission + - Threat actors can simulate iPhone reboots and keep iOS malware on a device (therecord.media)

Submitted by Anonymous Coward
An anonymous reader writes: In a piece of groundbreaking research published on Tuesday night, security firm ZecOps said that it found a way to block and then simulate an iOS restart operation, a technique that they believe could be extremely useful to attackers who may want to trick users into thinking they rebooted their device and as a result, maintain access for their malware on that infected system.

The technique is of extreme importance and gravity because of the way the iPhone malware landscape has evolved in recent years, where, due to advances in the security of the iOS operating system, malware can’t achieve boot persistence as easily as it once did. As a result, many security experts have recommended over the past year that users who might be the target of malicious threat actors regularly reboot devices in order to remove backdoors or other implants. But in a blog post on Tuesday, ZecOps said that the iOS restart process isn’t immune to being hijacked once an attacker has gained access to a device, in a way to perform a fake restart where the user's device only has its UI turned off, instead of the entire OS.

Submission + - Emotet botnet returns after law enforcement mass-uninstall operation (therecord.media)

Submitted by Anonymous Coward
An anonymous reader writes: The Emotet malware botnet is back up and running once again almost ten months after an international law enforcement operation took down its command and control servers earlier this year in January.

The comeback is surprising because after taking over Emotet’s server infrastructure, law enforcement officials also orchestrated a mass-uninstall of the malware from all infected computers on April 25, effectively wiping out the entire botnet across the internet.

Submission + - Web host admin gets 27 years in prison for hosting 200+ child pornography sites (therecord.media)

Submitted by Anonymous Coward
An anonymous reader writes: An Irish man who ran a cheap dark web hosting service has been sentenced today to 27 years in prison for turning a blind eye to customers hosting child sex abuse material. Eric Eoin Marques, 36, from Dublin, operated the Freedom Hosting service between July 2008 and July 2013, when he was arrested following an FBI investigation.

“The investigation revealed that the hosting service contained over 200 child exploitation websites that housed millions of images of child exploitation material,” the US Department of Justice said today, announcing Marques’ sentencing. "Over 1.97 million of these images and/or videos were not previously known by law enforcement. Many of these images involved sadistic abuse of infants and toddlers to include bondage, bestiality and humiliation to include urination, defecation and vomit," officials said.

Submission + - EU agency advises against using search & browsing history for credit scores (therecord.media)

Submitted by Anonymous Coward
An anonymous reader writes: The European Union’s lead data protection supervisor has recommended on Thursday that personal data such as search queries & internet browsing history should not be used for the assessment of credit scores and creditworthiness. The recommendation comes from the European Data Protection Supervisor (EDPS), an independent agency attached to the EU that advises policymakers “on all matters relating to the processing of personal data.”

“[T]he EDPS considers that inferring consumers’ credit risk from data such as search query data or online browsing activities cannot be reconciled with the principles of purpose limitation, fairness and transparency, as well as relevance, adequacy or proportionality of data processing. Therefore, the EDPS recommends explicitly extending the prohibition to search query data or online browsing activities,” the EDPS said in a document published on Thursday.

Submission + - Motherboard vendor GIGABYTE hit by RansomExx ransomware gang (therecord.media)

Submitted by Anonymous Coward
An anonymous reader writes: Taiwanese computer hardware vendor GIGABYTE has suffered a ransomware attack, and hackers are currently threatening to release more than 112 GB of business data on the dark web unless the company agrees to their ransom demands. The Taiwanese company, primarily known for its high-performance motherboards, confirmed the attack in a phone call and in a message on its (now-down) Taiwanese website. A spokesperson said the incident did not impact production systems. Only a few internal servers at its Taiwanese headquarters have been affected and have now been taken down and isolated.

Submission + - Crypto-mining gangs are running amok on free cloud computing platforms (therecord.media)

Submitted by Anonymous Coward
An anonymous reader writes: Over the course of the last few months, some crypto-mining gangs have switched their modus operandi from attacking and hijacking unpatched servers to abusing the free tiers of cloud computing platforms. Gangs have been operating by registering accounts on selected platforms, signing up for a free tier, and running a cryptocurrency mining app on the provider’s free tier infrastructure. After trial periods or free credits reach their limits, the groups register a new account and start from the first step, keeping the provider’s servers at their upper usage limit and slowing down their normal operations.

The list of services that have been abused this way includes the likes of GitHub, GitLab, TravisCI, LayerCI, CircleCI, Render, CloudBees CodeShip, Sourcehut, and Okteto.

Submission + - Ransomware gang threatens to expose police informants if ransom is not paid (therecord.media)

Submitted by Anonymous Coward
An anonymous reader writes: A ransomware gang is threatening to leak sensitive police files that may expose police investigations and informants unless the Metropolitan Police Department of the District of Columbia agrees to pay a ransom demand. A group that emerged this year called Babuk claimed responsibility for the leak. Babuk is known for ransomware attacks, which hold victims’ data hostage until they pay a ransom, often in Bitcoin. The group also hit the Houston Rockets N.B.A. team this month.

In their post to the dark web, Babuk’s cybercriminals claimed they had downloaded 250 gigabytes of data and threatened to leak it if their ransom demands were not met in three days. They also threatened to release information about police informants to criminal gangs, and to continue attacking “the state sector,” including the F.B.I. and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency. The information already released appeared to include chief’s reports, lists of arrests and lists of persons of interest.

Submission + - US arrests suspect who wanted to blow up AWS data center (therecord.media)

Submitted by Anonymous Coward
An anonymous reader writes: The FBI has arrested on Thursday a Texas man who planned to blow up one of the Amazon Web Services (AWS) data centers in an attempt to “kill of about 70% of the internet.” Seth Aaron Pendley, 28, of Wichita Falls, Texas, was arraigned in front of a Texas judge today and formally indicted with a malicious attempt to destroy a building with an explosive.

The US Department of Justice said Pendley was arrested on Thursday after he tried to acquire C-4 plastic explosives from an undercover FBI employee in Fort Worth, Texas. The FBI said they learned of Pendley’s plans after the suspect confided in January 2021 via Signal, an encrypted communications app, to a third-party source about plans to blow up one of Amazon’s Virginia-based data centers.

Submission + - Yandex said it caught an employee selling access to users' inboxes (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: Russian search engine and email provider Yandex said today that it caught one of its employees selling access to user email accounts for personal gains. The company, which did not disclose the employee's name, said the person was "one of three system administrators with the necessary access rights to provide technical support" for its Yandex.Mail service. The Russian company said it's now in the process of notifying the owners of the 4,887 mailboxes that were compromised and to which the employee sold access to third-parties.

Submission + - Kazakhstan government is intercepting HTTPS traffic in its capital (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: Under the guise of a "cybersecurity exercise," the Kazakhstan government is forcing citizens in its capital of Nur-Sultan (formerly Astana) to install a digital certificate on their devices if they want to access foreign internet services. Once installed, the certificate would allow the government to intercept all HTTPS traffic made from users' devices via a technique called MitM (Man-in-the-Middle).

Starting today, December 6, 2020, Kazakh internet service providers (ISPs) such as Beeline, Tele2, and Kcell are redirecting Nur-Sultan-based users to web pages showing instructions on how to install the government's certificate. Earlier this morning, Nur-Sultan residents also received SMS messages informing them of the new rules. Kazakhstan users have told ZDNet today that they are not able to access sites like Google, Twitter, YouTube, Facebook, Instagram, and Netflix without installing the government's root certificate.

Submission + - Ubisoft, Crytek data posted on ransomware gang's site (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: A ransomware gang going by the of Egregor has leaked data it claims to have obtained from the internal networks of two of today's largest gaming companies — Ubisoft and Crytek. Data allegedly taken from each company has been published on the ransomware gang's dark web portal on Tuesday.

The hackers said they breached Ubisoft, stole data, but where kicked out before encrypted files. On the other hand, "Crytek has been encrypted fully," the Egregor crew told ZDNet. The Egregor group said that neither company engaged in discussions, despite their intrusions, and no ransom has been officially requested yet.

"In case Ubisoft will not contact us we will begin posting the source code of upcoming Watch Dogs and their engine," the group threatened, promising to publish more data in a press release tomorrow.

Submission + - Google to set up a special Android security team to find bugs in sensitive apps (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: Google is hiring to create a special Android security team that will be tasked with finding vulnerabilities in highly sensitive apps on the Google Play Store. The team will perform security audits and penetration tests against the infrastructure of sensitive apps and report the results to developers.

Applications that this new team will focus on include the likes of COVID-19 contact tracing apps and election-related applications, with others to follow, according to Sebastian Porst, Software Engineering Manager for Google Play Protect.

Submission + - Windows XP leak confirmed after user compiles the leaked code into a working OS (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: The Windows XP and Windows Server 2003 source code that was leaked online last week on 4chan has been confirmed to be authentic after a YouTube user compiled the code into working operating systems. The codebases of both operating systems are incomplete, as they lack the Winlogon component and various drivers, but the code is authentic and can be compiled into a somewhat-working OS.

"Certain files, such as the kernel and the Explorer can be compiled easily. I have tried some programs from the compiled source of XP, and it seems that they are identical to the retail versions of Windows," NTDEV, a US-based IT technician, told ZDNet.

Submission + - Russia Wants To Ban the Use Of Secure Protocols Such As TLS 1.3, DoH, DoT, ESNI (zdnet.com)

Submitted by Anonymous Coward
An anonymous reader writes: The Russian government is working on updating its technology laws so it can ban the use of modern internet protocols that can hinder its surveillance and censorship capabilities. According to a copy of the proposed law amendments and an explanatory note, the ban targets internet protocols and technologies such as TLS 1.3, DoH, DoT, and ESNI.

Moscow officials aren't looking to ban HTTPS and encrypted communications as a whole, as these are essential to modern-day financial transactions, communications, military, and critical infrastructure. Instead, the government wants to ban the use of internet protocols that hide "the name (identifier) of a web page" inside HTTPS traffic.

Submission + - Zerologon Attack Lets Hackers Take Over Enterprise Networks Within 3 Seconds (zdnet.com) 1

Submitted by Anonymous Coward
An anonymous reader writes: Researchers have developed and published a proof-of-concept exploit for a recently patched Windows vulnerability that can allow access to an organization’s crown jewels—the Active Directory domain controllers that act as an all-powerful gatekeeper for all machines connected to a network.

CVE-2020-1472, as the vulnerability is tracked, carries a critical severity rating from Microsoft as well as a maximum of 10 under the Common Vulnerability Scoring System. Exploits require that an attacker already have a foothold inside a targeted network, either as an unprivileged insider or through the compromise of a connected device. However, when this condition is met, it's literally game over for the attacked company, as an attacker can hijack its entire network within three seconds by leveraging a bug in the Netlogon authentication protocol cryptography by adding zero characters in certain Netlogon authentication parameters, bypassing authentication procedures and then changing the password for the DC server itself.

Slashdot Top Deals

"Truth never comes into the world but like a bastard, to the ignominy of him that brought her birth." -- Milton

Close