Security Research – Page 4 – WindowsTechs.com

Bad patching practices are a breeding ground for zero-day exploits, Google warns

Posted on February 3, 2021 by Sean Lyngaas

Customers of major software vendors take comfort whenever a vendor issues a security fix for a critical software vulnerability. The clients expect that software update to keep attackers from stealing sensitive information. But new data from Google’s elite hacking team, Project Zero, suggests that assumption is misplaced. One in four “zero-day,” or previously unknown, software exploits that the Google team tracked in 2020 might have been avoided “if a more thorough investigation and patching effort were explored,” Project Zero researcher Maddie Stone said Wednesday. In some cases, the attackers only changed a line or two of code to turn their old exploit into a new one. Many of the zero-day exploits were for popular internet browsers like Chrome, Firefox or Safari, exposing an array of users around the world. Project Zero’s sample size is modest, covering just 24 exploits in all. But the data points to a need for greater […]

The post Bad patching practices are a breeding ground for zero-day exploits, Google warns appeared first on CyberScoop.

Continue reading Bad patching practices are a breeding ground for zero-day exploits, Google warns→

SolarWinds issues patches for two new critical bugs found in Orion software

Posted on February 3, 2021 by Sean Lyngaas

Researchers at security firm Trustwave on Wednesday disclosed two critical vulnerabilities in the same software that suspected Russian spies have exploited to infiltrate multiple U.S. government agencies. One of the bugs could offer an attacker a similar level of control over the software made by federal contractor SolarWinds that the alleged Russians enjoyed, the researchers said. The analysis of SolarWinds’ Orion software platform — which is used by numerous Fortune 500 firms — illustrates the greater scrutiny the firm is under since disclosing the supply-chain hack. But it also shows the security benefits of having more outside researchers sift through Orion’s code. “As people were patching against the implant backdoor [used in the espionage campaign], this would provide the ability to get back into those systems, even though the backdoor had been removed,” Trustwave’s Karl Sigler said of one of the vulnerabilities, which could allow an attacker to remotely execute […]

The post SolarWinds issues patches for two new critical bugs found in Orion software appeared first on CyberScoop.

Continue reading SolarWinds issues patches for two new critical bugs found in Orion software→

Microsoft details how SolarWinds hackers hid their espionage

Posted on January 20, 2021 by Sean Lyngaas

Attackers behind an espionage campaign that exploited software built by the federal contractor SolarWinds separated their most prized hacking tool from other malicious code on victim networks to avoid detection, Microsoft said Wednesday. The findings make clear that, while the hackers have relied on a variety of tools in their spying, the tampered SolarWinds software functioned as the cornerstone of an operation that Microsoft described as “one of the most sophisticated and protracted” of the decade. Multiple U.S. federal agencies focused on national security have been breached in the campaign, which U.S. officials have linked to Russia. The latest Microsoft research comes as influential security firms continue to come forward as victims of the hacking campaign. Malwarebytes said Tuesday that the same hacking group had apparently breached some of the firm’s internal emails by abusing access to Microsoft Office 365 and Azure software. Malwarebytes said it doesn’t use SolarWinds software, […]

The post Microsoft details how SolarWinds hackers hid their espionage appeared first on CyberScoop.

Continue reading Microsoft details how SolarWinds hackers hid their espionage→

Symantec connects another hacking tool to SolarWinds breach

Posted on January 19, 2021 by Sean Lyngaas

Private sector analysts uncovered new hacking tools thought to be used in a suspected Russian spying operation in the latest example of how, as the investigation into the SolarWinds breach continues, the plot only thickens. Security firm Symantec on Tuesday said it had found previously undocumented malicious code that the attackers used to move through victim networks and then transmit additional malware onto specific computers. The attackers installed the malicious code, dubbed Raindrop, on a handful of carefully chosen computers in an effort to spy on them, according to the latest findings. The discovery underscores the range of tools the accused hackers had at their disposal — some to gain access to computer networks, others to sift through data — in a historic campaign that has infiltrated multiple U.S. federal agencies and consumed investigators at top security firms. U.S. federal investigators have said the hacking campaign is “likely Russian in origin.” Moscow […]

The post Symantec connects another hacking tool to SolarWinds breach appeared first on CyberScoop.

Continue reading Symantec connects another hacking tool to SolarWinds breach→

Hey Alexa, Who Am I Messaging?

Posted on December 23, 2020 by Elizabeth Montalbano

Research shows that microphones on digital assistants are sensitive enough to record what someone is typing on a smartphone to steal PINs and other sensitive info. Continue reading Hey Alexa, Who Am I Messaging?→

When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work

Posted on December 18, 2020 by Sean Lyngaas

While the cybersecurity industry marvels at the sophistication of the suspected Russian hackers who breached contractor SolarWinds and multiple federal agencies, another set of alleged Russian operatives continues to succeed with far less advanced techniques in their espionage campaigns. Fancy Bear, the hacking group linked with Russia’s GRU military intelligence agency, is showing a penchant for using blunt digital instruments to break into computers and try to steal data, according to analysts. It’s an example of how so-called advanced persistent threats don’t actually need advanced tools to accomplish their goals. Instead, they often rely on defensive weaknesses that plague the internet. “It looks like this is all part of a strategy: commit crude and aggressive attacks on infrastructure worldwide,” said Feike Hacquebord, a researcher a security firm Trend Micro. The hacking campaign involving tampered SolarWinds software, which the Washington Post has linked to another Russian intelligence service, the SVR, used […]

The post When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work appeared first on CyberScoop.

Continue reading When Fancy Bear isn’t so Fancy: APT group’s ‘crude’ methods continue to work→

Scammers use Chrome, Firefox extensions in widespread ad fraud campaign

Posted on December 10, 2020 by Sean Lyngaas

Security experts at Microsoft on Thursday detailed how internet attackers are abusing some of the world’s most popular web browsers for a fraud campaign, which at its height has affected more than 30,000 devices per day. The scammers are using malicious browser extensions— a tried and tested fraud tactic — to inject bogus advertisements into the results displayed on a search engine page. The more users who visit the fraudulent ad pages, the more money the perpetrators earn via a traffic-driven advertising program. Microsoft did not identify who was responsible for the attacks, or how much money they had netted. The malicious campaign, which Microsoft said began in May, uses extensions on popular web browsers like Google Chrome, Mozilla Firefox, Microsoft Edge and Russian-language Yandex to reach as many internet users as possible. “[T]he fact that this campaign utilizes a piece of malware that affects multiple browsers is an indication of how […]

The post Scammers use Chrome, Firefox extensions in widespread ad fraud campaign appeared first on CyberScoop.

Continue reading Scammers use Chrome, Firefox extensions in widespread ad fraud campaign→

Bug could expose patient data from GE medical imaging devices, researchers warn

Posted on December 8, 2020 by Sean Lyngaas

Security researchers have discovered a software vulnerability that could allow an attacker to steal sensitive patient data from X-ray and MRI machines, or more than 100 models of General Electric medical devices. While there is no evidence that hackers have exploited the vulnerability for their own gain, the flaw points to the recurring issue of health care devices sending patient information over insecure channels. In this case, the maintenance software for the GE medical devices used publicly-exposed login credentials, which could allow attackers to execute code on the devices. “The bigger picture here is authentication and it’s a problem that’s unfortunately typical for medical devices,” said Elad Luz, a researcher at CyberMDX, the medical security company that publicly disclosed the vulnerability on Tuesday. Using the vulnerability to steal patient data would require a malicious hacker to first gain access to a health care organization’s computer network. Actually leveraging the bug […]

The post Bug could expose patient data from GE medical imaging devices, researchers warn appeared first on CyberScoop.

Continue reading Bug could expose patient data from GE medical imaging devices, researchers warn→

Kaspersky catches hacker-for-hire group using ‘PowerPepper’ malware

Posted on December 3, 2020 by Sean Lyngaas

The hack-for-hire business is thriving. Following the revelation in November that a new mercenary group had targeted organizations in South Asia, researchers on Thursday outlined how another suspected hack-for-hire shop has used malicious code to try to breach organizations in Europe and the Americas. It’s the latest innovation in a bustling market for buying access to government and corporate networks in a range of industries. The new code, uncovered by analysts at security firm Kaspersky, can be used to remotely take over victim devices, and it interacts with the attackers via a communications-concealing protocol. The group responsible for the malware, known theatrically as DeathStalker, has been around for at least eight years but has only drawn public scrutiny in recent months, according to Kaspersky. And researchers have more digging to do. “PowerPepper,” as the new malware is known, “is already the fourth malware strain affiliated with the actor, and we have discovered […]

The post Kaspersky catches hacker-for-hire group using ‘PowerPepper’ malware appeared first on CyberScoop.

Continue reading Kaspersky catches hacker-for-hire group using ‘PowerPepper’ malware→

COVID-19 hacking extends to supply chain for controlling vaccine temperature, IBM says

Posted on December 3, 2020 by Sean Lyngaas

As drug companies turn their attention from the development to the deployment of a coronavirus vaccine, well-resourced hackers are doing the same. IBM researchers on Thursday revealed a global spearphishing campaign they said was aimed at companies involved in the storage and transport of vaccines in temperature-controlled environments. Those controls allow the medicine to be sent to far-flung places. IBM suspects the attackers are tied to a government, but they said they didn’t have enough evidence to determine which one. The attackers’ goal may have been to steal login credentials from those companies in order to gain future access “to corporate networks and sensitive information relating to the COVID-19 vaccine distribution,” the researchers said. It’s unclear how successful the phishing has been. The findings illustrate how virtually every step of the month-long project by drug companies to produce a vaccine has been targeted by hackers. The U.S. government accused Chinese hackers of targeting […]

The post COVID-19 hacking extends to supply chain for controlling vaccine temperature, IBM says appeared first on CyberScoop.

Continue reading COVID-19 hacking extends to supply chain for controlling vaccine temperature, IBM says→