Security and Windows TCO, Microsoft Issues
-
Popular WordPress Security Plugin Caught Logging Plaintext Passwords
Installed on more than one million WordPress sites, the security and firewall plugin was designed to prevent cyberattacks such as brute-force attempts, warn when the default admin username is used for login, prevent bot attacks, log user activity, and eliminate comment spam.
It was discovered that AIOS version 5.1.9 writes plaintext passwords from login attempts to the database, which essentially provides any privileged user with access to the login credentials of all other administrator users.
-
SEO Expert Hired and Fired By Ashley Madison Turned on Company, Promising Revenge
[This is Part II of a story published here last week on reporting that went into a new Hulu documentary series on the 2015 Ashley Madison hack.]
-
[Repeat] Chinese [Intruders] Breached Government Email Accounts, Microsoft Says
The attack was targeted, according to a person briefed on the intrusion into the government networks, with the hackers going after specific accounts rather than carrying out a broad-brush intrusion that would suck up enormous amounts of data. Adam Hodge, a spokesman for the White House’s National Security Council, said no classified networks had been affected. An assessment of how much information was taken is continuing.
-
Chinese [intruders] breached unclassified government email by foiling Microsoft security
Nevertheless, Senate intelligence committee chair Mark Warner issued a statement saying it was “closely monitoring what appears to be a significant cybersecurity breach by Chinese intelligence” that shows China is “steadily improving its cyber collection capabilities directed against the U.S. and our allies.”
-
Chinese [intruders] stole US government emails, say Microsoft and White House
Beside the State Department, it wasn’t known which other US agencies were impacted by the breach. A senior official said the number of agencies was in the single digits.
-
Microsoft: Chinese group [breached] government email accounts
Citing a statement from US officials, the Washington Post reported that Storm-0558 also breached unclassified email accounts linked to the US government.
The US had detected the breach of federal government accounts "fairly rapidly" and had managed to prevent further breaches, White House national security adviser Jake Sullivan said in an interview with ABC television.
-
As Attacks Multiply, Experts Call for Continental Cybersecurity Hub
Internet access is growing rapidly across Africa. Although [Internet] penetration is 28% continentwide, it is more than 50% in Nigeria and more than 85% in Kenya, which are two of the continent’s top targets for cyberattacks.
South Africa, where nearly 72% of the population is online, spends a larger share of its economy on cybersecurity than any other African country, yet its citizens remain at risk of abuse by scam artists, criminals and other cybercriminals, according to Kearney, a global management company with an office in Johannesburg.
-
FTC investigating OpenAI for possible ‘reputational harm’ caused by ChatGPT
The FTC earlier this week sent a 20-page request for records about how OpenAI addresses risks related to its AI models. The agency is investigating whether the company engaged in unfair or deceptive practices that resulted in “reputational harm” to consumers, according to the letter, which was reported by the Washington Post.
-
FTC opens probe into ChatGPT maker OpenAI
A civil investigative demand letter has been sent and the investigation is now underway, per the source familiar.
-
FTC investigates OpenAI over data leak and ChatGPT’s inaccuracy
The FTC called on OpenAI to provide detailed descriptions of all complaints it had received of its products making “false, misleading, disparaging or harmful” statements about people. The FTC is investigating whether the company engaged in unfair or deceptive practices that resulted in “reputational harm” to consumers, according to the document.
-
[Old] NSA: BlackLotus BootKit Patching Won't Prevent Compromise
BlackLotus burst on the scene last fall when it was spotted for sale on the Dark Web for $5,000. It has the dubious distinction of being the first in-the-wild malware to successfully bypass to Microsoft's Unified Extensible Firmware Interface (UEFI) Secure Boot protections.
UEFI is the firmware that's responsible for the booting-up routine, so it loads before the operating system kernel and any other software. BlackLotus — a software, not a firmware threat, it should be noted — takes advantage of two vulnerabilities in the UEFI Secure Boot function to insert itself into the earliest phase of the software boot process initiated by UEFI: CVE-2022-21894, aka Baton Drop, CVSS score 4.4; and CVE-2023-24932, CVSS score 6.7. These were patched by Microsoft in January 2022 and May 2023 respectively.
But the country's top technology intelligence division warned that applying the available Windows 10 and Windows 11 patches is only a "a good first step."
-
[Old] Microsoft’s bootkit patches offer ‘false sense of security’ against BlackLotus threat, NSA says
BlackLotus targets Windows boot by exploiting a flaw in older boot loaders, or boot managers, to set off a chain of malicious actions that compromise endpoint security. This is achieved by exploiting the Baton Drop vulnerability to strip the Secure Boot policy and prevent its enforcement.
BlackLotus shares some characteristics with Boot Hole, a vulnerability discovered in 2020. Unlike Boot Hole, however, BlackLotus targets vulnerable boot loaders that have not been added to the Secure Boot Deny List Database (DBX) revocation list.
-
[Old] To kill BlackLotus malware, patching is a good start, but...
Then, in research published in March, ESET malware analyst Martin Smolár confirmed the myth of an in-the-wild bootkit bypassing Secure Boot "is now a reality," as opposed to hypothetical threats raised by some experts and the usual slew of fake bootkits criminals attempted to trick fellow miscreants into buying.
No Linux-targeting variant of the malware has been observed; BlackLotus strictly nobbles Microsoft Windows machines.
-
Millions of personal records unprotected in flawed telemedicine application software
QuickBlox’s video and chat features are commonly used in mainstream telemedicine applications and platforms. The researchers analyzed a mobile telemedicine application from an undisclosed organization that uses QuickBlox’s framework to provide chat and video services for patients to connect with physicians. The research revealed existing vulnerabilities that worsened when combined with QuickBlox’s framework.