Security and Windows TCO Leftovers
-
Security Week ☛ Android 15 Brings Improved Fraud and Malware Protections [Ed: This is mostly about blocking people from efforts to install programs of their choice; that's not security, it is corporate babysitting]
Google is boosting fraud and malware protections in Android 15 with live threat detection and expanded restricted settings.
-
Trail of Bits ☛ Understanding AddressSanitizer: Better memory safety for your code
This post will guide you through using AddressSanitizer (ASan), a compiler plugin that helps developers detect memory issues in code that can lead to remote code execution attacks (such as WannaCry or this WebP implementation bug).
-
Insight Hungary ☛ Internal documents prove Russian hackers infiltrated the Foreign Ministry
An internal report, obtained by 444. hu shows the extent of Russian hacking operations targeting Hungary's Foreign Ministry. The document, written by the head of Hungary's signals intelligence agency in September 2021 reveals that Russian hackers successfully infiltrated the Ministry of Foreign Affairs. Contrary to official statements, which downplayed the severity of the breach, the report suggests that the Orbán government engaged in a systematic cover-up.
"The Directory service, the mail service, the file server service, an unspecified number of user workstations, including the highest privileged administrator accounts, which serve Foreign Ministry's systems and handle user identification and privilege management, have been compromised. The total number of affected workstations and servers has been over 4,000 and 930 respectively," the report reads. "The recent attacks have been attributed to APT 28 (Russian, GRU) and APT 29 (Russian, FSB v. SVR) through attack attributes." (The abbreviation APT refers to 'advanced persistent threat'. This designation is given to hacker groups, typically state or state-sponsored.)
-
Standards/Consortia
-
Cyble Inc ☛ New WiFi Vulnerability Paves Ways For SSID Confusion Attack
A new WiFi vulnerability is reportedly leading users to a SSID confusion attack. The vulnerability has been identified in the very fabric of the IEEE 802.11 standard. This newly discovered vulnerability targets the foundation of WiFi security protocols and potentially places millions of users at risk worldwide.
The SSID confusion attack, identified under the identifier CVE-2023-52424, capitalizes on a critical oversight in WiFi design, allowing malicious actors to deceive WiFi clients across various operating systems into connecting to untrusted networks unwittingly.
The ramifications of this vulnerability extend beyond mere inconvenience, opening potential games for a host of malicious activities, including traffic interception and manipulation.
-
-
Windows TCO
-
The Register UK ☛ Crims abusing Microsoft Quick Assist to deploy ransomware
Quick Assist is a software tool installed by default in Windows 11 that allows someone to share their PC or macOS device with a remote user, typically in corporate IT, who can then control the computer remotely. This also makes it easier for scammers, posing as tech support, to trick people into giving them full access to the targeted device.
-
Security Week ☛ Nissan Data Breach Impacts 53,000 Employees
According to the company, it learned in early November 2023 that a threat actor had gained access to its systems through an external VPN. The attacker did not encrypt data or disrupt any systems, but it did steal files from local and network shares and demanded a ransom.
An initial investigation showed that the files potentially accessed by the hackers only contained business information. However, in late February 2024, Nissan determined that the compromised files did include personal information, mainly related to current and former employees, including names and social security numbers.
-
Security Week ☛ Personal Information Stolen in City of Wichita Ransomware Attack
The city said at the time that some of its online services were impacted, but not first responders, which immediately switched to business continuity measures. Payments across several services continue to be down.
This week, Wichita revealed that, between May 3 and 4, the attackers copied certain files from its network and that those files contain personal information.
-
Security Week ☛ City of Wichita Shuts Down Network Following Ransomware Attack
The disruptive incident occurred on May 5, when data on certain systems was encrypted by malware, prompting Wichita to turn off some of its systems, as a containment measure, with impact on certain online services.
“We turned off our computer network. This decision was not made lightly but was necessary to ensure that systems are securely vetted before returning to service,” the city said in an incident notice on its website.
-
The Record ☛ SEC to require financial firms to have data breach incident plans
The Securities and Exchange Commission (SEC) announced new rules on Thursday requiring certain kinds of financial institutions to have well-defined plans for what to do when a data breach involving customer information occurs.
The rules — pushed through as an amendment to previous regulations from 2000 — apply to broker-dealers, funding portals like Kickstarter or GoFundMe, investment companies, registered investment advisers, and transfer agents.
Institutions will have to “develop, implement, and maintain written policies and procedures” for detecting and addressing a breach involving customer information.
The amendments also add rules mandating firms have procedures in place for providing notice to customers who had sensitive information accessed or leaked.
-
Cyble Inc ☛ Russian Hackers Used New Backdoors To Spy On European MFA
On first run, the LunarMail backdoor collects information on the environment variables, and email addresses of all outgoing email messages. It then communicates with the command and control server through the Outlook Messaging API to receive further instructions.
-
Cyble Inc ☛ GhostSec Returns To Hacktivism After Ransomware Ops
In an announcement made on its Telegram channel, the GhostSec group stated that they had gathered sufficient funds from their ransomware operations to support other activities moving forward. Rather than completely abandoning their previous work, this transition includes transferring existing clients to the new Stormous locker by Stormous, a partner organization to whom they will also share the source code of the V3 Ghostlocker ransomware strain.
-
Bridge Michigan ☛ Ransomware update: Ascension can’t fill prescriptions at its Michigan pharmacies
A cyberattack at one of the nation’s largest hospital chains enters a second week with no end in sight
The latest: The chain can no longer fill prescriptions
-