tag:blogger.com,1999:blog-88417599692579828522024-03-21T07:15:17.727-07:00Defacers - Hacking News SiteDefacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.comBlogger199125tag:blogger.com,1999:blog-8841759969257982852.post-61408726869380587702022-04-09T07:36:00.000-07:002022-04-09T07:36:01.269-07:00Hackers Exploiting Spring4Shell Vulnerability to Deploy Mirai Botnet Malware<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioDcpo6Xwmu4X7Zq2xxZ9uRk98xJ_BGxpTPOWAuS9pcniejVxesTsGXzo4bGHxy4fb8wUYrTn9oJGkaW3m805-GFtx4qNDFoCsETQQSj-g-ux4xpSnrKOWeVjEZBAeA8bV83Re_vzLGXXACI2mL_EL8G5HLgi91tLDw7YrMA_cWguqHW2_7MHb4yBy/s726/hackers%20exploiting.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="382" data-original-width="726" height="168" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEioDcpo6Xwmu4X7Zq2xxZ9uRk98xJ_BGxpTPOWAuS9pcniejVxesTsGXzo4bGHxy4fb8wUYrTn9oJGkaW3m805-GFtx4qNDFoCsETQQSj-g-ux4xpSnrKOWeVjEZBAeA8bV83Re_vzLGXXACI2mL_EL8G5HLgi91tLDw7YrMA_cWguqHW2_7MHb4yBy/s320/hackers%20exploiting.png" width="320" /></a></div><br /><p></p><p><br /></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The recently disclosed critical <span style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Spring4Shell</span> vulnerability is being actively exploited by threat actors to execute the <a href="https://malpedia.caad.fkie.fraunhofer.de/details/elf.mirai" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">Mirai</a> <a href="https://blog.netlab.360.com/what-our-honeypot-sees-just-one-day-after-the-spring4shell-advisory-en/" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">botnet malware</a>, particularly in the Singapore region since the start of April 2022.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"The exploitation allows threat actors to download the Mirai sample to the '/tmp' folder and execute them after permission change using <a href="https://en.wikipedia.org/wiki/Chmod" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">'chmod</a>,'" Trend Micro researchers Deep Patel, Nitesh Surana, Ashish Verma <a href="https://www.trendmicro.com/en_us/research/22/d/cve-2022-22965-analyzing-the-exploitation-of-spring4shell-vulner.html" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">said</a> in a report published Friday.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Tracked as CVE-2022-22965 (CVSS score: 9.8), the vulnerability could allow malicious actors to achieve remote code execution in Spring Core applications under non-default circumstances, granting the attackers full control over the compromised devices.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The development comes as the U.S. Cybersecurity and Infrastructure Security Agency (CISA) earlier this week added the Spring4Shell vulnerability to its Known Exploited Vulnerabilities Catalog based on "evidence of active exploitation."</p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEio8WhSw-QIpeEhZEzpG6ZbweArmP6HTh3N5WuvSTrKDdlQum-IR2xuoGvt9gCWRpkFXtwmc0B-pNR-Mt9w4ut0cD27-gGJDWOM1tOFjlH4c042z40m1FiRMhem_BfeLbF7J7EvdXNoby9MGEvNKe8entBcSRhB4LSooVFeg_PnFi6w9k6cX4udeOvo/s728-e100/exploit.jpg" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; display: block; float: left; font: inherit; margin-bottom: 15px; margin-left: 0px; margin-right: 0px !important; margin-top: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: center; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="" border="0" data-original-height="459" data-original-width="728" src="https://thehackernews.com/new-images/img/b/R29vZ2xl/AVvXsEio8WhSw-QIpeEhZEzpG6ZbweArmP6HTh3N5WuvSTrKDdlQum-IR2xuoGvt9gCWRpkFXtwmc0B-pNR-Mt9w4ut0cD27-gGJDWOM1tOFjlH4c042z40m1FiRMhem_BfeLbF7J7EvdXNoby9MGEvNKe8entBcSRhB4LSooVFeg_PnFi6w9k6cX4udeOvo/s728-e100/exploit.jpg" style="border: 0px; box-sizing: border-box; content-visibility: auto; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" /></a></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">This is far from the first time the botnet operators have quickly moved to add newly publicized flaws to their exploit toolset. In December 2021, multiple botnets including Mirai and Kinsing were <a href="https://www.zscaler.com/blogs/security-research/threatlabz-analysis-log4shell-cve-2021-44228-exploit-attempts" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">uncovered</a> leveraging the Log4Shell vulnerability to breach susceptible servers on the internet.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://en.wikipedia.org/wiki/Mirai_(malware)" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">Mirai</a>, meaning "future" in Japanese, is the name given to a <a href="https://www.cloudflare.com/learning/ddos/glossary/mirai-botnet/" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">Linux malware</a> that has continued to target networked smart home devices such as IP cameras and routers and link them together into a network of infected devices known as a botnet.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The IoT botnet, using the herd of hijacked hardware, can be then used to commit further attacks, including large-scale phishing attacks, cryptocurrency mining, click fraud, and distributed denial-of-service (DDoS) attacks.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">To make matters worse, the leak of Mirai's source code in October 2016 has given birth to numerous variants such as Okiru, Satori, Masuta, and <a href="https://www.radware.com/security/ddos-threats-attacks/threat-advisories-attack-reports/reaper-botnet/" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">Reaper</a>, making it an ever-mutating threat.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Earlier this January, cybersecurity firm CrowdStrike noted that malware hitting Linux systems increased by 35% in 2021 compared to 2020, with XOR DDoS, Mirai, and Mozi malware families accounting for more than 22% of Linux-targeted threats observed in the year.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"The primary purpose of these malware families is to compromise vulnerable internet-connected devices, amass them into botnets, and use them to perform distributed denial-of-service (DDoS) attacks," the researchers <a href="https://www.crowdstrike.com/blog/linux-targeted-malware-increased-by-35-percent-in-2021/" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">said</a>.</p><div class="ad_two clear" style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 15px 0px; text-align: center; vertical-align: baseline;"><center class="cf" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://go.thn.li/cs-feb-header" rel="nofollow noopener sponsored" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank" title="CyberSecurity"></a></center></div>Defacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-47518622552911533502021-09-25T07:29:00.001-07:002021-09-25T07:29:57.949-07:00It’s Friday, here’s the Galaxy S22 Ultra render that has the Android blogosphere abuzzhttps://cdn.vox-cdn.com/thumbor/vGDZhWeZAoddcnCD9gSalXvski4=/0x100:5120x2781/fit-in/1200x630/cdn.vox-cdn.com/uploads/chorus_asset/file/22875856/GALAXY_S22_ULTRA_5K4.jpeg
<p>It’s Friday, it’s fall, there’s a breeze in the air (hopefully), and there’s fresh, I’d argue ridiculous, renders of Samsung’s expected Galaxy S22 Ultra to show you. The renders come courtesy of @OnLeaks and Digit, and they feature a new Samsung flagship with what looks like a Galaxy Note 20-inspired body and back that... well you should see for yourself.</p> <p>Since deciding to skip the Galaxy Note in 2021 — apparently much to the chagrin of T-Mobile — Samsung’s been seeding Note features across its popular phones. Both the Samsung Galaxy S21 Ultra and the Galaxy Z Fold 3 offer stylus support. If these new renders are to be believed, the Galaxy S22 Ultra will go even further. According to OnLeaks and Digit, the new phone will come with the hole-punch selfie camera and candy bar shape of last year’s Note, along with stylus support and what looks like an actual stylus slot.</p> <blockquote> <p lang="en" dir="ltr" xml:lang="en">Sooo... Here comes your very first and early look at the #Samsung #GalaxyS22Ultra and its quite "unique" rear camera housing design! (360° video + stunning 5K renders + dimensions)<br /><br />On behalf of @digitindia -> https://t.co/vBGM3WJfru pic.twitter.com/YDqfFrVGLW</p>— Steve H.McFly (@OnLeaks) September 24, 2021 </blockquote> <p>The render of the back of the device is where things get interesting, weird, or bad, depending on your taste. The Galaxy S22 Ultra appears to morph the camera “plateau” of the S21 Ultra into an unmistakable letter P shape. Is the P for... photos? Pictures? Maybe periscope? There certainly seems to be plenty of room. For reference, the previous Ultra included a main 108-megapixel wide-angle sensor, two 10-megapixel telephoto sensors, and a 12-megapixel ultrawide sensor on the back of the device. Who knows what the new S22 Ultra will fit?</p> <img alt="" src="https://cdn.vox-cdn.com/thumbor/IiSifWIBU5il8Qcn3ShK8BZBQbo=/0x0:1920x1080/1200x0/filters:focal(0x0:1920x1080):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22875857/GALAXY_S22_ULTRA_07.jpeg" /> It’s hard to miss the P-shaped cameras, a little bit easier to miss the stylus slot at the bottom of the rumored device. Image: Digit, OnLeaks <p>There’s some reason to believe this could be Samsung’s design, beyond it fitting with a general trend of camera bumps becoming big and increasingly... visible on devices like the iPhone 13 Pro and the yet-to-be-released Pixel 6. OnLeaks has a fairly good track record of leaking phones, pretty closely matching the looks of both the Pixel 5 and the Pixel 6. This kind of refinement to a camera housing also doesn’t seem out of the picture, in many ways it’s a reduction of the S21 Ultra’s cameras: a corner has been removed. That doesn’t mean it doesn’t look strange, though.</p> <img alt="The Galaxy S21 Ultra, in Phantom Black" src="https://cdn.vox-cdn.com/thumbor/mKS-uC4FQbuVb-2xXoplBbk0Sq0=/0x0:2040x1360/1200x0/filters:focal(0x0:2040x1360):no_upscale()/cdn.vox-cdn.com/uploads/chorus_asset/file/22248961/vpavic_210119_4377_0170.jpg" /> I can imagine seeing a “P” on the Galaxy S21 Ultra if I really look at it. Photo by Vjeran Pavic / The Verge sizlere www.defacers.org farkıyla sunulmuşturDefacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-42852394552526630982021-09-24T12:54:00.006-07:002021-09-24T12:54:44.736-07:00Cisco Releases Patches 3 New Critical Flaws Affecting IOS XE Software<p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6UdfPqcSEOlQ0ZRGNdOKJimesSoJhzhTL-3EdaYfWtj1xbgZiIcmGZmrd-NvUxpsttc7Jdjf43SoRX8pm8K9MFHDRa8SEY7xsLRsTGVFtFolFUZn11uEwaq6kVxtby9IG7Lf9jY9ZZkw/s728/cisco-update.png" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="380" data-original-width="728" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg6UdfPqcSEOlQ0ZRGNdOKJimesSoJhzhTL-3EdaYfWtj1xbgZiIcmGZmrd-NvUxpsttc7Jdjf43SoRX8pm8K9MFHDRa8SEY7xsLRsTGVFtFolFUZn11uEwaq6kVxtby9IG7Lf9jY9ZZkw/w640-h334/cisco-update.png" width="640" /></a></div><br /> <p></p><p><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Networking equipment maker Cisco Systems has rolled out patches to address three critical security vulnerabilities in its IOS XE network operating system that remote attackers could potentially abuse to execute arbitrary code with administrative privileges and trigger a denial-of-service (DoS) condition on vulnerable devices.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The list of three flaws is as follows -</p><ul style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; list-style-image: initial; list-style-position: initial; margin: 28px 0px 28px 50px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-ewlc-capwap-rce-LYgj8Kf" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">CVE-2021-34770</a> (CVSS score: 10.0) - Cisco IOS XE Software for Catalyst 9000 Family Wireless Controllers CAPWAP Remote Code Execution Vulnerability</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-iosxesdwan-rbuffover-vE2OB6tp" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">CVE-2021-34727</a> (CVSS score: 9.8) - Cisco IOS XE SD-WAN Software Buffer Overflow Vulnerability</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-aaa-Yx47ZT8Q" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">CVE-2021-1619</a> (CVSS score: 9.8) - Cisco IOS XE Software NETCONF and RESTCONF Authentication Bypass Vulnerability</li></ul><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The most severe of the issues is CVE-2021-34770, which Cisco calls a "logic error" that occurs during the processing of <a href="https://en.wikipedia.org/wiki/CAPWAP" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">CAPWAP</a> (Control And Provisioning of Wireless Access Points) packets that enable a central wireless Controller to manage a group of wireless access points.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"An attacker could exploit this vulnerability by sending a crafted CAPWAP packet to an affected device," the company noted in its advisory. "A successful exploit could allow the attacker to execute arbitrary code with administrative privileges or cause the affected device to crash and reload, resulting in a DoS condition."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">CVE-2021-34727, on the other hand, concerns an insufficient bounds check when accepting incoming network traffic to the device, thus allowing an attacker to transmit specially-crafted traffic that could result in the execution of arbitrary code with root-level privileges or cause the device to reload. 1000 Series Integrated Services Routers (ISRs), 4000 Series ISRs, ASR 1000 Series Aggregation Services Routers, and Cloud Services Router 1000V Series that have the SD-WAN feature enabled are impacted by the flaw.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Lastly, CVE-2021-1619 relates to an "uninitialized variable" in the authentication, authorization, and accounting (AAA) function of Cisco IOS XE Software that could permit an authenticated, remote adversary to "install, manipulate, or delete the configuration of a network device or to corrupt memory on the device, resulting a DoS."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Also <a href="https://tools.cisco.com/security/center/publicationListing.x?product=Cisco&sort=-day_sir#~Vulnerabilities" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">addressed by Cisco</a> are 15 high-severity vulnerabilities and 15 medium-severity flaws affecting different components of the IOS XE software as well as Cisco Access Points platform and Cisco SD-WAN vManage Software. Users and administrators are recommended to apply the necessary updates to mitigate any potential exploitation risk by malicious actors.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><br style="box-sizing: border-box; content: " "; display: block; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /></p><div class="sticky-stopper" style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"></div><div class="stophere" style="-webkit-text-stroke-width: 0px; background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-style: normal; font-variant-caps: normal; font-variant-east-asian: inherit; font-variant-ligatures: normal; font-variant-numeric: inherit; font-weight: 400; letter-spacing: normal; line-height: inherit; margin: 0px; orphans: 2; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: left; text-decoration-color: initial; text-decoration-style: initial; text-decoration-thickness: initial; text-indent: 0px; text-transform: none; vertical-align: baseline; white-space: normal; widows: 2; word-spacing: 0px;"></div>Defacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-44851680608359363012021-09-23T16:35:00.004-07:002021-09-23T16:35:55.217-07:00A New Bug in Microsoft Windows Could Let Hackers Easily Install a Rootkit<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrKeBIixo_PyHfn72UHFMijAcJcxMbHY1a4ebWqZTXUj8AzpHVsR9H9dYlR1apk6_H4pM9XGcBVfH-4YdJPPiaEeN4xoJoHJ1Ccjp1tMf5yayF9x_jbLGsBpRkfyCPPCbf6yyEcIeoMsM/s728/windows-rootkit.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="380" data-original-width="728" height="334" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgrKeBIixo_PyHfn72UHFMijAcJcxMbHY1a4ebWqZTXUj8AzpHVsR9H9dYlR1apk6_H4pM9XGcBVfH-4YdJPPiaEeN4xoJoHJ1Ccjp1tMf5yayF9x_jbLGsBpRkfyCPPCbf6yyEcIeoMsM/w640-h334/windows-rootkit.jpeg" width="640" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><p></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Security researchers have disclosed an unpatched weakness in Microsoft Windows Platform Binary Table (WPBT) affecting all Windows-based devices since Windows 8 that could be potentially exploited to install a rootkit and compromise the integrity of devices.</p><div class="separator" style="clear: both; text-align: center;"><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">"These flaws make every Windows system vulnerable to easily-crafted attacks that install fraudulent vendor-specific tables," researchers from Eclypsium <a href="https://eclypsium.com/2021/09/20/everyone-gets-a-rootkit/" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">said</a> in a report published on Monday. "These tables can be exploited by attackers with direct physical access, with remote access, or through manufacturer supply chains. More importantly, these motherboard-level flaws can obviate initiatives like <a href="https://techcommunity.microsoft.com/t5/itops-talk-blog/introduction-to-secured-core-computing/ba-p/2701672" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Secured-core</a> because of the ubiquitous usage of <a href="https://en.wikipedia.org/wiki/Advanced_Configuration_and_Power_Interface" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">ACPI</a> [Advanced Configuration and Power Interface] and WPBT."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">WPBT, introduced with Windows 8 in 2012, is a <a href="https://download.microsoft.com/download/8/a/2/8a2fb72d-9b96-4e2d-a559-4a27cf905a80/windows-platform-binary-table.docx" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">feature</a> that enables "boot firmware to provide Windows with a platform binary that the operating system can execute."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">In other words, it allows PC manufacturers to point to signed portable executables or other vendor-specific drivers that come as part of the UEFI firmware ROM image in such a manner that it can be loaded into physical memory during Windows initialization and prior to executing any operating system code.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">The main objective of WPBT is to allow critical features such as anti-theft software to persist even in scenarios where the operating system has been modified, formatted, or reinstalled. But given the functionality's ability to have such software "stick to the device indefinitely," Microsoft has warned of potential security risks that could arise from misuse of WPBT, including the possibility of deploying rootkits on Windows machines.</p><div class="video-container" style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; height: 0px; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; overflow: hidden; padding: 30px 0px 410.625px; position: relative; text-align: left; vertical-align: baseline;"><iframe allow="accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture" allowfullscreen="" frameborder="0" height="315" loading="lazy" src="https://www.youtube.com/embed/Ca8NRYT-HZA" style="border-style: initial; border-width: 0px; box-sizing: border-box; font: inherit; height: 440.625px; left: 0px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; position: absolute; top: 0px; vertical-align: baseline; width: 730px;" title="YouTube video player" width="560"></iframe></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">"Because this feature provides the ability to persistently execute system software in the context of Windows, it becomes critical that WPBT-based solutions are as secure as possible and do not expose Windows users to exploitable conditions," the Windows maker notes in its documentation. "In particular, WPBT solutions must not include malware (i.e., malicious software or unwanted software installed without adequate user consent)."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">The vulnerability uncovered by the enterprise firmware security company is rooted in the fact that the WPBT mechanism can accept a signed binary with a revoked or an expired certificate to completely bypass the integrity check, thus permitting an attacker to sign a malicious binary with an already available expired certificate and run arbitrary code with kernel privileges when the device boots up.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">In response to the findings, Microsoft has <a href="https://docs.microsoft.com/en-us/windows/security/threat-protection/windows-defender-application-control/wdac-and-applocker-overview" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">recommended</a> using a Windows Defender Application Control (WDAC) policy to tightly control what binaries can be permitted to run on the devices.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">The latest disclosure follows a separate set of findings in June 2021, which involved a set of four vulnerabilities — collectively called BIOS Disconnect — that could be weaponized to gain remote execution within the firmware of a device during a BIOS update, further highlighting the complexity and challenges involved in securing the boot process.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">"This weakness can be potentially exploited via multiple vectors (e.g., physical access, remote, and supply chain) and by multiple techniques (e.g., malicious bootloader, DMA, etc)," the researchers said. "Organizations will need to consider these vectors, and employ a layered approach to security to ensure that all available fixes are applied and identify any potential compromises to devices."</p></div><p><br /></p>Defacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-87901693970637054362021-09-23T16:07:00.001-07:002021-09-23T16:07:05.265-07:00Microsoft Exchange Bug Exposes ~100,000 Windows Domain Credentials<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1S_lZdiLv5zdA7pXCPE8SHZiy3JZ7W3Ml1lgFKyrVlENkUuViznkcO7xeBas6V_BpYhSarKD4r29e3vD6cYzvbkjchl8lF4IH67LXqr5jUcQ6_xtmuI8sOZNoacOyEKaQD38B2JDBcYQ/s700/password.gif" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="380" data-original-width="700" height="348" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj1S_lZdiLv5zdA7pXCPE8SHZiy3JZ7W3Ml1lgFKyrVlENkUuViznkcO7xeBas6V_BpYhSarKD4r29e3vD6cYzvbkjchl8lF4IH67LXqr5jUcQ6_xtmuI8sOZNoacOyEKaQD38B2JDBcYQ/w640-h348/password.gif" width="640" /></a></div><br /><p></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">An unpatched design flaw in the implementation of Microsoft Exchange's Autodiscover protocol has resulted in the leak of approximately 100,000 login names and passwords for Windows domains worldwide.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"This is a severe security issue, since if an attacker can control such domains or has the ability to 'sniff' traffic in the same network, they can capture domain credentials in plain text (HTTP basic authentication) that are being transferred over the wire," Guardicore's Amit Serper <a href="https://www.guardicore.com/labs/autodiscovering-the-great-leak/" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">said</a> in a technical report.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"Moreover, if the attacker has DNS-poisoning capabilities on a large scale (such as a nation-state attacker), they could systematically syphon out leaky passwords through a large-scale DNS poisoning campaign based on these Autodiscover TLDs [top-level domains]."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The Exchange <a href="https://docs.microsoft.com/en-us/exchange/client-developer/exchange-web-services/autodiscover-for-exchange" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Autodiscover</a> service enables users to configure applications such as Microsoft Outlook with minimal user input, allowing just a combination of email addresses and passwords to be utilized to retrieve other predefined settings required to set up their email clients.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The weakness discovered by Guardicore resides in a specific implementation of Autodiscover based on the <a href="https://docs.microsoft.com/en-us/exchange/client-developer/web-service-reference/pox-autodiscover-web-service-reference-for-exchange" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">POX</a> (aka "plain old XML") XML protocol that causes the web requests to Autodiscover domains to be leaked outside of the user's domain but in the same top-level domain.</p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-qt-Ve6l12Mo/YUy1tCQuq1I/AAAAAAAAD4Q/c0Fe0EMDhc4HrrN6z7wmOQgXTVNWIUIhwCLcBGAsYHQ/s0/email.jpg" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; display: block; float: left; font: inherit; margin-bottom: 15px; margin-left: 0px; margin-right: 0px !important; margin-top: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: center; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="" border="0" data-original-height="600" data-original-width="728" src="https://thehackernews.com/images/-qt-Ve6l12Mo/YUy1tCQuq1I/AAAAAAAAD4Q/c0Fe0EMDhc4HrrN6z7wmOQgXTVNWIUIhwCLcBGAsYHQ/s0/email.jpg" style="border: 0px; box-sizing: border-box; content-visibility: auto; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" /></a></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">In a hypothetical example where a user's email address is "user@example.com," the email client leverages the Autodiscover service to construct a URL to fetch the configuration data using any of the below combinations of the email domain, a subdomain, and a path string, failing which it instantiates a "back-off" algorithm —</p><ul style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; list-style-image: initial; list-style-position: initial; margin: 28px 0px 28px 50px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">https://Autodiscover.example.com/Autodiscover/Autodiscover.xml</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">https://Autodiscover.example.com/Autodiscover/Autodiscover.xml</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">https://example.com/Autodiscover/Autodiscover.xml</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">https://example.com/Autodiscover/Autodiscover.xml</li></ul><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"This 'back-off' mechanism is the culprit of this leak because it is always trying to resolve the Autodiscover portion of the domain and it will always try to 'fail up,' so to speak," Serper explained. "Meaning, the result of the next attempt to build an Autodiscover URL would be: 'https://Autodiscover.com/Autodiscover/Autodiscover.xml.' This means that whoever owns Autodiscover.com will receive all of the requests that cannot reach the original domain."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Armed with this discovery and by registering a number of Autodiscover top-level domains (e.g., Autodiscover.com[.]br, Autodiscover.com[.]cn, Autodiscover[.]in, etc.) as honeypots, Guardicore said it was able to access requests to Autodiscover endpoints from different domains, IP addresses, and clients, netting 96,671 unique credentials sent from Outlook, mobile email clients, and other applications interfacing with Microsoft's Exchange server over a four-month period between April 16, 2021, and August 25, 2021.</p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-FP72kCAEc70/YUy1t1bqPqI/AAAAAAAAD4U/rm3fSr8uOEM3uHksPxBaaqSS_NKaCfFogCLcBGAsYHQ/s0/email-2.jpg" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; display: block; float: left; font: inherit; margin-bottom: 15px; margin-left: 0px; margin-right: 0px !important; margin-top: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: center; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="" border="0" data-original-height="540" data-original-width="728" src="https://thehackernews.com/images/-FP72kCAEc70/YUy1t1bqPqI/AAAAAAAAD4U/rm3fSr8uOEM3uHksPxBaaqSS_NKaCfFogCLcBGAsYHQ/s0/email-2.jpg" style="border: 0px; box-sizing: border-box; content-visibility: auto; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" /></a></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The domains of those leaked credentials belonged to several entities from multiple verticals spanning publicly traded corporations in China, investment banks, food manufacturers, power plants, and real estate firms, the Boston-based cybersecurity company noted.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">To make matters worse, the researchers developed an "ol' switcheroo" attack that involved sending a request to the client to downgrade to a weaker authentication scheme (i.e., <a href="https://en.wikipedia.org/wiki/Basic_access_authentication" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">HTTP Basic authentication</a>) in place of secure methods like OAuth or NTLM, prompting the email application to send the domain credentials in cleartext.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"Oftentimes, attackers will try to cause users to send them their credentials by applying various techniques, whether technical or through social engineering," Serper said. "However, this incident shows us that passwords can be leaked outside of the organization's perimeter by a protocol that was meant to streamline the IT department's operations with regards to email client configuration without anyone from the IT or security department even being aware of it, which emphasises the importance of proper segmentation and Zero Trust."</p>Defacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-6044313607810636472021-09-23T16:05:00.003-07:002021-09-23T16:05:21.867-07:00Colombian Real Estate Agency Leak Exposes Records of Over 100,000 Buyers<p><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"><br /></span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh99YZJEd5VqpQJsRH2zVQOBrsd8lfSDm-aIL0J9I65MTS4NAy6mCg0cSRyEQ_rIi-eYRgTtq5f1ANpyJIem0pL6HvJfuNKmCz4oTY-IOavcAffG02rkimwmhiA-BsolmVSzGPf1Xgr2I/s728/real-estate-breach.jpeg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="380" data-original-width="728" height="209" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgh99YZJEd5VqpQJsRH2zVQOBrsd8lfSDm-aIL0J9I65MTS4NAy6mCg0cSRyEQ_rIi-eYRgTtq5f1ANpyJIem0pL6HvJfuNKmCz4oTY-IOavcAffG02rkimwmhiA-BsolmVSzGPf1Xgr2I/w400-h209/real-estate-breach.jpeg" width="400" /></a></div><br /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"><br /></span><p></p><p><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">More than one terabyte of data containing 5.5 million files has been left exposed, leaking personal information of over 100,000 customers of a Colombian real estate firm, according to cybersecurity company WizCase.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The breach was discovered by Ata Hakçıl and his team in a database owned by <span style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Coninsa Ramon</span> H, a company that specializes in architecture, engineering, construction, and real estate services. "There was no need for a password or login credentials to see this information, and the data was not encrypted," the researchers <a href="https://www.wizcase.com/blog/coninsa-breach-report/" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">said</a> in an exclusive report shared with The Hacker News.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The data exposure is the result of a misconfigured Amazon Web Services (AWS) Simple Storage Service (S3) bucket, causing sensitive information such as clients' names, photos, and addresses to be disclosed. The details stored in the bucket range from invoices and income documents to quotes and account statements dating between 2014 and 2021. The complete list of information contained in the documents is as follows -</p><ul style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; list-style-image: initial; list-style-position: initial; margin: 28px 0px 28px 50px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Full names</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Phone numbers</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Email addresses</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Residential addresses</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Amounts paid for estates, and</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Asset values</li></ul><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">In addition, the bucket is also said to contain a database backup that includes additional information such as profile pictures, usernames, and hashed passwords. Troublingly, the researchers said they also found malicious, backdoor code in the bucket that could be exploited to gain persistent access to the website and redirect unsuspecting visitors to fraudulent pages.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">It's not immediately clear if these files were put to use by bad actors in any campaign. Coninsa Ramon H did not respond to inquiries from The Hacker News sent via email regarding the vulnerability.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"Based on viewing a sample of the documents, […] the misconfiguration revealed $140 to $200 billion in transactions, or an annual transaction history of at least $46 billion," the researchers said. "For perspective, that's roughly 14% of Colombia's total economy."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, system-ui, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The highly confidential nature of the data contained within the database makes it highly susceptible to exploitation by cybercriminals to mount phishing attacks and conduct a variety of fraud or scam activities, including tricking users into making additional payments and worse, reveal more personally identifiable information by tampering with the website's backend infrastructure.</p>Defacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-67624072409440613862020-12-04T09:57:00.005-08:002020-12-04T09:57:35.108-08:00Hackers Targeting Companies Involved in Covid-19 Vaccine Distribution<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7S3xd252PNFr9iSRQHtXLdIIZZ5vgOj_ir7_WpKiJyOU5m8OJPkisOSLGwkIvdtRmgaTG_vWmjYnjYhmgopRnRatP0PfTPCYvqBa8A8pKZNKyXGGjGSC44uJRyj35QX-aNIEULWrZVns/s728/covid-19-vaccine.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="380" data-original-width="728" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEg7S3xd252PNFr9iSRQHtXLdIIZZ5vgOj_ir7_WpKiJyOU5m8OJPkisOSLGwkIvdtRmgaTG_vWmjYnjYhmgopRnRatP0PfTPCYvqBa8A8pKZNKyXGGjGSC44uJRyj35QX-aNIEULWrZVns/s16000/covid-19-vaccine.jpg" /></a></div><br /><p></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">A global spear-phishing campaign has been targeting organizations associated with the distribution of COVID-19 vaccines since September 2020, according to new research.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Attributing the operation to a nation-state actor, <a href="https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">IBM Security X-Force researchers</a> said the attacks took aim at the vaccine cold chain, companies responsible for storing and delivering the COVID-19 vaccine at safe temperatures.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The development has prompted the US Cybersecurity and Infrastructure Security Agency (CISA) to <a href="https://us-cert.cisa.gov/ncas/current-activity/2020/12/03/ibm-releases-report-cyber-actors-targeting-covid-19-vaccine-supply" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">issue an alert</a>, urging Operation Warp Speed (<a href="https://en.wikipedia.org/wiki/Operation_Warp_Speed" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">OWS</a>) organizations and companies involved in vaccine storage and transport to review the indicators of compromise (IoCs) and beef up their defenses.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">It is unclear whether any of the phishing attempts were successful, but the company said it has notified appropriate entities and authorities about this targeted attack.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The phishing emails, dating to September, targeted organizations in Italy, Germany, South Korea, the Czech Republic, greater Europe, and Taiwan, including the European Commission's Directorate-General for Taxation and Customs Union, unnamed solar panel manufacturers, a South Korean software development firm, and a German website development company.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">IBM said the attacks likely targeted organizations linked to the <a href="https://www.gavi.org/" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Gavi vaccine alliance</a> with the goal of harvesting user credentials to gain future unauthorized access to corporate networks and sensitive information relating to the COVID-19 vaccine distribution.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">To lend the emails an air of credibility, the operators behind the operation crafted lures that masqueraded as requests for quotations for participation in a vaccine program. The attackers also impersonated a business executive from Haier Biomedical, a legitimate China-based cold chain provider, in an attempt to convince the recipients to open the inbound emails without questioning the sender's authenticity.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"The emails contain malicious HTML attachments that open locally, prompting recipients to enter their credentials to view the file," IBM researchers Claire Zaboeva and Melissa Frydrych said.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Although the researchers could not establish the identities of the threat actor, the ultimate objective, it appears, is to harvest the usernames and passwords and abuse them to steal intellectual property and move laterally across the victim environments for subsequent espionage campaigns.</p><h3 style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 33px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">COVID-19 Vaccine Research Emerges a Lucrative Target</h3><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">COVID-19 vaccine research and development has been a target of sustained cyberattacks since the start of the year.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Back in June, IBM disclosed details of a similar <a href="https://securityintelligence.com/posts/german-task-force-for-covid-19-medical-equipment-targeted-in-ongoing-phishing-campaign/" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">phishing campaign</a> targeting a German entity connected with procuring personal protective equipment (PPE) from China-based supply and purchasing chains.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The cyberassaults led the US Department of Justice to charge two Chinese nationals for stealing sensitive data, including from companies developing COVID-19 vaccines, testing technology, and treatments, while operating both for private financial gain and on behalf of China's Ministry of State Security.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">In November, Microsoft said it <a href="https://blogs.microsoft.com/on-the-issues/2020/11/13/health-care-cyberattacks-covid-19-paris-peace-forum/" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">detected cyberattacks</a> from three nation-state agents in Russia (Fancy Bear aka Strontium) and North Korea (Hidden Cobra and Cerium) directed against pharmaceutical companies located in Canada, France, India, South Korea, and the US that are involved in COVID-19 vaccines in various stages of clinical trials.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The last week, it emerged that suspected North Korean hackers have targeted British drugmaker <a href="https://www.reuters.com/article/us-healthcare-coronavirus-astrazeneca-no/exclusive-suspected-north-korean-hackers-targeted-covid-vaccine-maker-astrazeneca-sources-idUSKBN2871A2" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">AstraZeneca</a> by posing as recruiters on networking site LinkedIn and WhatsApp to approach its employees with fake job offers and tricking them into opening what were purported to be job description documents to gain access to their systems and install malware.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><br /></p>Defacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-71327656467885314332020-12-04T09:46:00.004-08:002020-12-04T09:47:23.820-08:00Multiple Botnets Exploiting Critical Oracle WebLogic Bug — PATCH NOW<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqHfaq-K0lByELKAPoiSjtHTPHdA22ZAtSlZb8Chj2CbX25KO56UP9ZGtR1blTAo7pMSBZGG4j7PhLYMNuKS0ZkIMNBa83u7NiXyIgDQlvhkaFz8TODuTrOFNhjrYbd8_RfiLjAihu-3o/s728/oracle-weblogic-vulnerability.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="380" data-original-width="728" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgqHfaq-K0lByELKAPoiSjtHTPHdA22ZAtSlZb8Chj2CbX25KO56UP9ZGtR1blTAo7pMSBZGG4j7PhLYMNuKS0ZkIMNBa83u7NiXyIgDQlvhkaFz8TODuTrOFNhjrYbd8_RfiLjAihu-3o/s16000/oracle-weblogic-vulnerability.jpg" /></a></div><br /><p></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Multiple botnets are targeting thousands of publicly exposed and still unpatched Oracle WebLogic servers to deploy crypto miners and steal sensitive information from infected systems.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The attacks are taking aim at a recently patched WebLogic Server vulnerability, which was released by Oracle as part of its <a href="https://www.oracle.com/security-alerts/cpuoct2020.html" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">October 2020 Critical Patch Update</a> and subsequently again in November (<a href="https://www.oracle.com/security-alerts/alert-cve-2020-14750.html" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">CVE-2020-14750</a>) in the form of an out-of-band security patch.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">As of writing, about 3,000 Oracle WebLogic servers are accessible on the Internet-based on stats from the Shodan search engine.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Oracle <a href="https://www.oracle.com/java/weblogic/" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">WebLogic</a> is a platform for developing, deploying, and running enterprise Java applications in any cloud environment as well as on-premises.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The flaw, which is tracked as CVE-2020-14882, has a CVSS score of 9.8 out of a maximum rating of 10 and affects WebLogic Server versions 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0, and 14.1.1.0.0.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Although the issue has been addressed, the release of <a href="https://testbnull.medium.com/weblogic-rce-by-only-one-get-request-cve-2020-14882-analysis-6e4b09981dbf" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">proof-of-concept</a> <a href="https://twitter.com/GossiTheDog/status/1321430443611328513" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">exploit code</a> has made vulnerable Oracle WebLogic instances a lucrative target for threat actors to recruit these servers into a botnet that pilfers critical data and deploy second stage malware payloads.</p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8lMY63qDfpkMuoIOgr4k5tzthJRpJR0BnAQhk5nYc9Hfp2QLNutuGIs5Hq4wCRmzN2-aA7yrSUGbrPBn6TX3i5KNWb1GvsCtXPXu9nCinjHCIRtjnqZn9YKNgHZZtmIg_TGPnasLNbns/s728/shodan.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="325" data-original-width="728" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj8lMY63qDfpkMuoIOgr4k5tzthJRpJR0BnAQhk5nYc9Hfp2QLNutuGIs5Hq4wCRmzN2-aA7yrSUGbrPBn6TX3i5KNWb1GvsCtXPXu9nCinjHCIRtjnqZn9YKNgHZZtmIg_TGPnasLNbns/s16000/shodan.jpg" /></a></div><br /><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">According to <a href="https://blogs.juniper.net/en-us/threat-research/darkirc-bot-exploits-oracle-weblogic-vulnerability" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Juniper Threat Labs</a>, operators of the DarkIRC botnet are exploiting this RCE vulnerability to spread laterally across the network, download files, record keystrokes, steal credentials, and execute arbitrary commands on compromised machines.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The malware also acts as a Bitcoin clipper that allows them to change bitcoin wallet addresses copied to the clipboard to the operator's bitcoin wallet address, allowing the attackers to reroute Bitcoin transactions.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">What's more, a threat actor by the name of "Freak_OG" has been selling the DarkIRC malware currently on hacking forums for $75 since August.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">But it's not just DarkIRC that's exploiting the WebLogic Server vulnerability. In a separate campaign—spotted by '<a href="https://twitter.com/0xrb" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">0xrb</a>' and detailed by researcher <a href="https://tolisec.com/multi-vector-minertsunami-botnet-with-ssh-lateral-movement/" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Tolijan Trajanovski</a>—evidence has emerged of a botnet that propagates via the WebLogic flaw to deliver Monero cryptocurrency miner and <a href="https://malpedia.caad.fkie.fraunhofer.de/details/elf.tsunami" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Tsunami</a> binaries.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Besides using SSH for lateral movement, the botnet has been found to achieve persistence through cron jobs, kill competing mining tools, and even uninstall Endpoint detection and response (EDR) tools from Alibaba and Tencent.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">It's recommended that users apply the October 2020 Critical Patch Update and the updates associated with CVE-2020-14750 as soon as possible to mitigate risks stemming from this flaw.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Oracle has also provided instructions to <a href="https://docs.oracle.com/en/middleware/standalone/weblogic-server/14.1.1.0/lockd/secure.html#GUID-8C0CC8CF-3D16-4DC1-BF54-1C1B17D2CEF8" rel="noopener" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">harden the servers</a> by preventing external access to internal applications accessible on the Administration port.</p>Defacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-3627162750476431182020-10-20T05:54:00.006-07:002020-10-20T05:54:38.973-07:00Suudi Arabistan Operasyonu #SİPAHİLER<p><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;"></span></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdwS-0vcm2ENX3FzmP2cJQ01kzJcQzA4pH0oTbABaNH9VGcZTXOAPd2wNnHwiHQrV4nkMGQmt6PkOjjjUY3Stu2kXQqtCkQ1CpF3fgIjPR-l4JSSR0FMqUaXZ0k-hcGmf7tw0GcybsSsg/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="459" data-original-width="816" height="180" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgdwS-0vcm2ENX3FzmP2cJQ01kzJcQzA4pH0oTbABaNH9VGcZTXOAPd2wNnHwiHQrV4nkMGQmt6PkOjjjUY3Stu2kXQqtCkQ1CpF3fgIjPR-l4JSSR0FMqUaXZ0k-hcGmf7tw0GcybsSsg/" width="320" /></a></div><br /><br /><p></p><p> </p><blockquote><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;"></span><blockquote><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">Türk ORDUSUNU SİNADA ARKADAN VURAN YİNE SİZİLERSİNİZ.</span><br style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;" /><br style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;" /><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">Selamlar, Suudi arabistan’a ait bir çok devlet kamu kuruluşu dernekler vakıflar ve millet vekiilerine kadar hackledik !</span><br style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;" /><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">ve diyoruz ki ;</span><br style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;" /><br style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;" /><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">Sizler </span><strong style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">Amerika</strong><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">‘nın köpeğisiniz! Bizleri yıldıramayacaksınız yıllardır içiniz de beslediğiniz </span><strong style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">Türk</strong><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;"> düşmanlığını bugün tekrar dile getirdiniz ve uyguladığınız </span><strong style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">ambargo</strong><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">, protestolar ile devam ediyorsunuz.</span><br style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;" /><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">Bizlerin buna sessiz kalacağını mı sandınız? Siz ve sizin </span><strong style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">para</strong><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">ya tapan kim var ise bizi karşısında görecek her ne kadar istemeseniz de şanlı </span><strong style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">Türk </strong><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">bayrağını ve </span><strong style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">İstiklâl marşı</strong><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">nı siteleriniz de göreceksiniz ve sistemlerinizdeki verileri tüm dünya ile paylaşmaya hazırız bizi ve şanlı </span><strong style="-webkit-font-smoothing: antialiased; background-color: #fafafa; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">Türk bayrağı</strong><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;">nı bekleyin!</span></blockquote><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;"></span></blockquote><span style="background-color: #fafafa; color: #111111; font-family: Lato, sans-serif; font-size: 17px; font-style: italic;"></span><p></p><p><span style="color: #111111; font-family: Lato, sans-serif;"><span style="font-size: 17px;"><i><br /></i></span></span><br /> <strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px;">Tümgeneral Şükri el-Jundi,Arap Parlementosu dini komitesi milletvekili resmi sitesi</strong></p><p style="-webkit-font-smoothing: antialiased; background-color: #f1f1f1; border: 0px; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; line-height: 1.7; margin: 0px 0px 1.5em; padding: 0px;"><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;"><em style="-webkit-font-smoothing: antialiased; border: 0px; box-sizing: border-box; font-family: inherit; line-height: 1; margin: 0px; padding: 0px; text-align: inherit;">MİRROR:<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></em></strong><a href="https://mirror-h.org/zone/2691698/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691698/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTgKYzZS9o-msxfZf0IxuX7IFjG95hwWlm40sSdtxxLhWE1LvzH2xZqOx5Z_NmxqdrnOts_EF8RP-wZ1OWjnc4Vkkd1KLOYS75kkdwT7m-djEREh6RUR7p6KVpKjGG1jBGvj5SvNLOScE/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="581" data-original-width="658" height="240" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiTgKYzZS9o-msxfZf0IxuX7IFjG95hwWlm40sSdtxxLhWE1LvzH2xZqOx5Z_NmxqdrnOts_EF8RP-wZ1OWjnc4Vkkd1KLOYS75kkdwT7m-djEREh6RUR7p6KVpKjGG1jBGvj5SvNLOScE/" width="272" /></a></div><br /><br /></div><br /><figure class="wp-block-image size-large" style="-webkit-font-smoothing: antialiased; background-color: #f1f1f1; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; margin: 30px 0px;"><br /></figure><p style="-webkit-font-smoothing: antialiased; background-color: #f1f1f1; border: 0px; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; line-height: 1.7; margin: 0px 0px 1.5em; padding: 0px;"><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Önce</strong></p><p style="-webkit-font-smoothing: antialiased; background-color: #f1f1f1; border: 0px; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; line-height: 1.7; margin: 0px 0px 1.5em; padding: 0px;"><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;"></strong></p><div class="separator" style="clear: both; text-align: center;"><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGkKxh1yCP6esIYn8t2YeshWokfkDyrU2vL2kZaxoIgGxQq9MGyJYsfDbSxKmJUv78zanNTBRsfo66wBIK61xu8Yt473A5uQcJs3NHZ95AZfieUhi08FGP3auuoY5OJuWclmtp4u9J-DY/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="434" data-original-width="1024" height="136" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiGkKxh1yCP6esIYn8t2YeshWokfkDyrU2vL2kZaxoIgGxQq9MGyJYsfDbSxKmJUv78zanNTBRsfo66wBIK61xu8Yt473A5uQcJs3NHZ95AZfieUhi08FGP3auuoY5OJuWclmtp4u9J-DY/" width="320" /></a></strong></div><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;"><br /><br /></strong><p></p><figure class="wp-block-image size-large" style="-webkit-font-smoothing: antialiased; background-color: #f1f1f1; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; margin: 30px 0px;"><br /></figure><p style="-webkit-font-smoothing: antialiased; background-color: #f1f1f1; border: 0px; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; line-height: 1.7; margin: 0px 0px 1.5em; padding: 0px;"><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Sonra</strong></p><figure class="wp-block-image size-large" style="-webkit-font-smoothing: antialiased; background-color: #f1f1f1; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; margin: 30px 0px;"><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh95fdf0HAd1YLUyQ4JhS90dU_9eP0oMzunGkA4iKSAFtzSXLSzQ6Dv-3sJrDSTPgnvyFSRB5EwgfYL35mkTckx8SOvncxif9YR2j7VDkx6_xQopqPrpI1RLcISWo9ttyolSSRCBh4n_Xk/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="489" data-original-width="800" height="196" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEh95fdf0HAd1YLUyQ4JhS90dU_9eP0oMzunGkA4iKSAFtzSXLSzQ6Dv-3sJrDSTPgnvyFSRB5EwgfYL35mkTckx8SOvncxif9YR2j7VDkx6_xQopqPrpI1RLcISWo9ttyolSSRCBh4n_Xk/" width="320" /></a></div><br /><br /></figure><p style="-webkit-font-smoothing: antialiased; background-color: #f1f1f1; border: 0px; box-sizing: border-box; color: #111111; font-family: Lato, sans-serif; font-size: 17px; line-height: 1.7; margin: 0px 0px 1.5em; padding: 0px;"> <br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">(.SA uzantılı diğer operasyonlar)</strong><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691615/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691615/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691617/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691617/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691619/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691619/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691621/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691621/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691623/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691623/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691625/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691625/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691704/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691704/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691627/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691627/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691630/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691630/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691631/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691631/<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></a><a href="https://mirror-h.org/zone/2691633/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691633/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691638/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691638/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691639/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691639/<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></a><a href="https://mirror-h.org/zone/2691638/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691643/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691645/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691645/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691649/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691649/<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></a><a href="https://mirror-h.org/zone/2691645/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691651/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691656/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691656/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691665/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691665/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691666/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691666/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691668/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691668/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691671/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691671/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691672/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691672/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691677/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691677/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691701/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691701/<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></a><a href="https://mirror-h.org/zone/2691656/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;"><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></a><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Yosr İtfaie;<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></strong><a href="https://mirror-h.org/zone/2691636/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691636/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Alhsharq Haber ajansı<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></strong><a href="https://mirror-h.org/zone/2691642/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691642/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">DHA Körler Derneği</strong><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691648/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691648/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Mashraw Üniversitesi<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></strong><a href="https://mirror-h.org/zone/2691654/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691654/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Kafr Al-Sheikh İşkur</strong><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691658/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691658/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Reklam ajansı</strong><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691660/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691660/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Nhabir Sosyal Yardım derneği / kuruluşu</strong><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691662/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691662/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Rabigh Eyaleti Albar Derneği<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></strong><a href="https://mirror-h.org/zone/2691675/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691675/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Sağlık Hizmetleri Liderlik Vakfı</strong><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691682/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691682/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Alfeker Eğitim öğretim danışmanlığı Düşünce liderliği Vakfı</strong><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691685/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691685/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">Haber Sitesi</strong><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><a href="https://mirror-h.org/zone/2691693/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691693/</a><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /><strong style="-webkit-font-smoothing: antialiased; box-sizing: border-box;">COD.EDU / COD ÜNİVERSİTESİ RESMİ SİTESİ<br style="-webkit-font-smoothing: antialiased; box-sizing: border-box;" /></strong><a href="https://mirror-h.org/zone/2691702/" style="-webkit-font-smoothing: antialiased; box-sizing: border-box; color: #0093c2; transition: all 0.1s ease-in-out 0s;">https://mirror-h.org/zone/2691702/</a></p><div><br /></div>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-17687557103143849352020-10-20T05:47:00.005-07:002020-10-20T05:50:35.615-07:00U.S. Charges 6 Russian Intelligence Officers Over Destructive Cyberattacks<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://thehackernews.com/images/-Iz7RXYB8Ee0/X459Oo16P3I/AAAAAAAAA5U/UxUOliHdpLIq3Cf48WEmFoDQTWFYkdraQCLcBGAsYHQ/s0/HACKERS.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="380" data-original-width="728" src="https://thehackernews.com/images/-Iz7RXYB8Ee0/X459Oo16P3I/AAAAAAAAA5U/UxUOliHdpLIq3Cf48WEmFoDQTWFYkdraQCLcBGAsYHQ/s0/HACKERS.jpg" /></a></div><br /><p><br /></p><br /><p></p><p>The US government on Monday formally charged six Russian intelligence officers for carrying out destructive malware attacks with an aim to disrupt and destabilize other nations and cause monetary losses.</p><p><br /></p><p>The individuals, who work for Unit 74455 of the Russian Main Intelligence Directorate (GRU), have been accused of perpetrating the "most disruptive and destructive series of computer attacks ever attributed to a single group," according to the Justice Department (DoJ).</p><p><br /></p><p>All the six men — Yuriy Sergeyevich Andrienko, Sergey Vladimirovich Detistov, Pavel Valeryevich Frolov, Anatoliy Sergeyevich Kovalev, Artem Valeryevich Ochichenko, and Petr Nikolayevich Pliskin — have been charged with seven counts of conspiracy to conduct computer fraud and abuse, conspiracy to commit wire fraud, wire fraud, damaging protected computers, and aggravated identity theft.</p><p><br /></p><p>"The object of the conspiracy was to deploy destructive malware and take other disruptive actions, for the strategic benefit of Russia, through unauthorized access ('hacking') of victim computers," the prosecutors said.</p><p><br /></p><p>"In furtherance of the conspiracy, Andrienko, Detistov, Frolov, Kovalev, Ochichenko, Pliskin, and others known and unknown to the grand jury procured, maintained, and utilized servers, email accounts, malicious mobile applications, and related hacking infrastructure to engage in spear-phishing campaigns and other network intrusion methods against computers used by the victims."</p><p><br /></p><p>Five years ago, Russian hackers belonging to Sandworm (aka APT28, Telebots, Voodoo Bear or Iron Viking) group attacked Ukraine's power grid, Ministry of Finance, and State Treasury Service using malware such as BlackEnergy, Industroyer, and KillDisk, before embarking on a spree of destructive cyberattacks — including unleashing NotPetya in 2017 and targeting the Pyeongchang Winter Olympics with phishing campaigns and "Olympic Destroyer" malware.</p><p></p><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both; text-align: center;"><a href="https://thehackernews.com/images/-mBiBp_R4Cg0/X454Nt6q1lI/AAAAAAAAA5I/90tE5uWcFKw2_WEUXQNdV2kNAj7x3tySwCLcBGAsYHQ/s0/hacking-malware.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="562" data-original-width="728" src="https://thehackernews.com/images/-mBiBp_R4Cg0/X454Nt6q1lI/AAAAAAAAA5I/90tE5uWcFKw2_WEUXQNdV2kNAj7x3tySwCLcBGAsYHQ/s0/hacking-malware.jpg" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><br /></div><p>The six individuals have been accused of developing components for NotPetya, Olympic Destroyer, KillDisk malware, as well as preparing spear-phishing campaigns directed against the 2018 PyeongChang Winter Olympic Games, resulting in damage and disruption to computer networks across France, Georgia, the Netherlands, Republic of Korea, Ukraine, the UK, and the US.</p><p></p><p><br /></p><p>"For example, the NotPetya malware impaired Heritage Valley's provision of critical medical services to citizens of the Western District of Pennsylvania through its two hospitals, 60 offices, and 18 community satellite facilities," the DoJ said. "The attack caused the unavailability of patient lists, patient history, physical examination files, and laboratory records."</p><p><br /></p><p>"Heritage Valley lost access to its mission-critical computer systems (such as those relating to cardiology, nuclear medicine, radiology, and surgery) for approximately one week and administrative computer systems for almost one month, thereby causing a threat to public health and safety," it added.</p><p><br /></p><p>The total damages brought about by NotPetya is pegged to more than $10 billion to date, crippling several multinational companies like Maersk, Merck, FedEx's TNT Express, Saint-Gobain, Mondelēz, and Reckitt Benckiser.</p><p><br /></p><p>In a similar development, the UK government also formally accused the GRU of perpetrating cyber reconnaissance against officials and organizations at the 2020 Tokyo Olympic and Paralympic Games earlier this summer before they were postponed next year due to COVID-19.</p><p><br /></p><p>This is not the first time GRU has come under the DoJ scanner. Two years back, the US government charged seven officers working for the military intelligence agency for conducting sophisticated computer intrusions against US entities as part of an influence and disinformation campaign designed to counter anti-doping efforts.</p><p><br /><br /></p>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-83757792978804281752020-10-20T05:45:00.003-07:002020-10-20T05:45:34.614-07:00Google Warns of Zero-Click Bluetooth Flaws in Linux-based Devices<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRea_grQ-OJWUIFdF38KZF59pd4_SKxWviftPQBra5jmSBlVzGdteij6jHHFnGjk3F86AbyAou-HlVrkoMzE62MCx_D54EW-ubF0pOKuf8jJYaP1RlplPlDIZGmOtJpI3V9IQQPPGYDJs/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="380" data-original-width="728" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiRea_grQ-OJWUIFdF38KZF59pd4_SKxWviftPQBra5jmSBlVzGdteij6jHHFnGjk3F86AbyAou-HlVrkoMzE62MCx_D54EW-ubF0pOKuf8jJYaP1RlplPlDIZGmOtJpI3V9IQQPPGYDJs/" width="320" /></a></div><br /><p></p><p><br /></p><p>Google security researchers are warning of a new set of zero-click vulnerabilities in the Linux Bluetooth software stack that can allow a nearby unauthenticated, remote attacker to execute arbitrary code with kernel privileges on vulnerable devices.</p><p><br /></p><p>According to security engineer Andy Nguyen, the three flaws — collectively called BleedingTooth — reside in the open-source BlueZ protocol stack that offers support for many of the core Bluetooth layers and protocols for Linux-based systems such as laptops and IoT devices.</p><p><br /></p><p>The first and the most severe is a heap-based type confusion (CVE-2020-12351, CVSS score 8.3) affecting Linux kernel 4.8 and higher and is present in the Logical Link Control and Adaptation Protocol (L2CAP) of the Bluetooth standard, which provides multiplexing of data between different higher layer protocols.</p><p><br /></p><p>"A remote attacker in short distance knowing the victim's [Bluetooth device] address can send a malicious l2cap packet and cause denial of service or possibly arbitrary code execution with kernel privileges," Google noted in its advisory. "Malicious Bluetooth chips can trigger the vulnerability as well."</p><p><br /></p><p>The vulnerability, which is yet to be addressed, appears to have been introduced in a change to the "l2cap_core.c" module made in 2016.</p><p><br /></p><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/qPYrLRausSw" width="320" youtube-src-id="qPYrLRausSw"></iframe></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><div class="separator" style="clear: both;">Intel, which has significantly invested in the BlueZ project, has also issued an alert characterizing CVE-2020-12351 as a privilege escalation flaw.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">The second unpatched vulnerability (CVE-2020-12352) concerns a stack-based information disclosure flaw affecting Linux kernel 3.6 and higher.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">A consequence of a 2012 change made to the core Alternate MAC-PHY Manager Protocol (A2MP) — a high-speed transport link used in Bluetooth HS (High Speed) to enable the transfer of larger amounts of data — the issue permits a remote attacker in short distance to retrieve kernel stack information, using it to predict the memory layout and defeat address space layout randomization (KASLR)</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">Lastly, a third flaw (CVE-2020-24490) discovered in HCI (Host Controller Interface), a standardized Bluetooth interface used for sending commands, receiving events, and for transmitting data, is a heap-based buffer overflow impacting Linux kernel 4.19 and higher, causing a nearby remote attacker to "cause denial of service or possibly arbitrary code execution with kernel privileges on victim machines if they are equipped with Bluetooth 5 chips and are in scanning mode."</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">The vulnerability, which has been accessible since 2018, has been patched in versions 4.19.137 and 5.7.13.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">For its part, Intel has recommended installing the kernel fixes to mitigate the risk associated with these issues.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;">"Potential security vulnerabilities in BlueZ may allow escalation of privilege or information disclosure," Intel said of the flaws. "BlueZ is releasing Linux kernel fixes to address these potential vulnerabilities."</div></div><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><p><br /></p>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-91956949505998261032020-10-20T05:44:00.000-07:002020-10-20T05:44:01.505-07:00India Witnessed Spike in Cyber Attacks Amidst Covid-19 - Here's Why?<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOEPiPNMetpZNw6OQ5d_zqdaIjfOsB9RSCUPbTH3WQj2d51rXd75o9Gr43wfA4JSZ7FfER-K9tinn1eYMGebW7d5ad7ReBxxhoGPmht9pSIYcorvAs3k-qwFSBZ9TAAiFeyoFPoO03zvw/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="380" data-original-width="728" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgOEPiPNMetpZNw6OQ5d_zqdaIjfOsB9RSCUPbTH3WQj2d51rXd75o9Gr43wfA4JSZ7FfER-K9tinn1eYMGebW7d5ad7ReBxxhoGPmht9pSIYcorvAs3k-qwFSBZ9TAAiFeyoFPoO03zvw/" width="320" /></a></div><br /><p></p><p>The COVID-19 outreach is turning out to be not only health, social, and economic hazard but also a cybersecurity crisis. The pandemic has presented new challenges for businesses in the areas of remote collaboration and business continuity.</p><p><br /></p><p>With increased remote working for better business continuity, employees are using numerous Internet tools. As businesses and people have started relying more on technology and are busy fighting with the pandemic, the attackers now have plenty of options to target them more than ever.</p><p><br /></p><p>According to PWC's April report, the number of security threats to the Indian company doubled in March 2020—especially what's more worrying is a 100% rise between March 17 and 20—from Jan 2020.</p><p><br /></p><p>Sanjay Dhotre, the Union Minister of State for Electronics & Information Technology (MeITY), said that India has seen over 350,000 cyberattacks in the second quarter, triple the number of recorded events in the first quarter of 2020. He also highlighted that there were 700,000 cybersecurity incidents until August 2020.</p><p><br /></p><p>Key Cybersecurity Crises in Numbers</p><p>According to ACRONIS Cyber Readiness Report 2020, 31% of companies worldwide are faced with at least one cybersecurity incident per day. However, India reported twice as many cyberattacks per day, where most of the cyberattacks comprise phishing, DDoS, video conferencing, exploiting weak services, and malware.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIASc7muuhln1ESDCHC3bNsDBznjV3imbHNno6xzp3HDSNBfRRe6DCIuq_oMsNWfKdnCzCEST27iQ73Ugkbv4wrPUU_Yxq3vQwRxaZez7f-FTzdtcgKAtBApSF6KKZ1PI7Eqrrwj3-3uU/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="407" data-original-width="728" height="179" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiIASc7muuhln1ESDCHC3bNsDBznjV3imbHNno6xzp3HDSNBfRRe6DCIuq_oMsNWfKdnCzCEST27iQ73Ugkbv4wrPUU_Yxq3vQwRxaZez7f-FTzdtcgKAtBApSF6KKZ1PI7Eqrrwj3-3uU/" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; text-align: start;">The phishing campaign is the most worrying attack as they attained the peak during this pandemic. Though malware hit fewer numbers, it remains a more critical issue in India – reports almost 2x times Malware issues than the global average.</span></div><br /><br /><p></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPysAZXfq471ytA_3P15jnxWPjLmrnD3Oa24vvHv-ExHE2loql0Nb3te4qlD0g3pa2b0JRVEpHPSe9AKqlmXlO4Hq5jOSwvVjKNAXLQosqpvH4OSLR0UPfOVqO709IW2hrpdg6kZFWdCQ/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="413" data-original-width="728" height="182" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhPysAZXfq471ytA_3P15jnxWPjLmrnD3Oa24vvHv-ExHE2loql0Nb3te4qlD0g3pa2b0JRVEpHPSe9AKqlmXlO4Hq5jOSwvVjKNAXLQosqpvH4OSLR0UPfOVqO709IW2hrpdg6kZFWdCQ/" width="320" /></a></div><br /><br /><p></p><p><br /></p><p>Further, 39% of all organizations surveyed experienced video conferencing attack. Among them, India, Canada, Switzerland, and the UK are the most affected countries.</p><p><br /></p><p>Coronavirus themed phishing emails and malicious websites claiming useful information on COVID-19 have emerged as the top threats to the companies. Also, 400,000 new ransomware assaults are recognized from April – June 2020 as per the report of Seqrite.</p><p><br /></p><p>Most of these cyber-attacks were succeeded by obtaining access to a remote system by exploiting vulnerable services.</p><p><br /></p><p>Why is India So Vulnerable to Cyberattacks?</p><p>Increased use of the Internet and Mobile technology — The NITI Aayog report states that India positions 3rd rank in the list of the highest number of internet users worldwide after the USA & China. With the exponential rise on the Internet and mobile phone users, there is a significant rise in the number of cyberattack incidents in India and globally.</p><p><br /></p><p>Ignoring Internal Security Threats — Enterprises are more focused on guaranteeing business continuity with seamless operations than bridging the gaps in their remote infrastructure. If sensitive data flows between various departments without a proper monitoring and logging process, then it becomes tricky to identify the loopholes in case any attack happens.</p><p><br /></p><p>Confronting External Threats — With the ever-increasing external threats, an organization can't be 100 % prepared. Only a few Indian companies maintain security measures in place like Web Application Firewalls to monitor external threats and stop cyberattack incidents as and when they happen.</p><p><br /></p><p>Detectable Weak Points During Remote Work — The main weak points, which get exposed during the sudden shift to remote work include Weak Authentication Techniques, Insufficient Monitoring, and Exposed Servers (DNS, VPN, RDP, etc.)</p><p><br /></p><p>Moreover, many employees usually ignore personal online security hygiene. With this 'work from anywhere culture,' employees begin to access their personal emails as well as social media sites on their official machine.</p><p><br /></p><p>Overall, with the merging of the personal and work-life online, cyber-attacks can easily occur through unsecured personal accounts.</p><p><br /></p><p>Missing Expertise in Cloud Technology — To ensure ease of accessing the data from any device and anywhere, many companies have adopted cloud technology.</p><p><br /></p><p>However, they don't have adequate in-house resources to manage and protect APIs, SaaS, or containers. The increasing number of poorly configured cloud architectures will inevitably open doors for the attackers.</p><p><br /></p><p>The Pandemic Landscape Demands Modern Protection</p><p>Here are the golden tips to keep you away from these recent cybersecurity incidents:</p><p><br /></p><p>Train your employees in security principles</p><p>Be cautious with attachments, links, or text received via emails, especially with a subject line related to COVID-19</p><p>Frame robust remote work policy</p><p>Use only trusted sources like legitimate websites for up-to-date information</p><p>Don't disclose your financial or personal information in an email or phone calls from unknown persons</p><p>Encourage the use of office devices only for official purpose</p><p>Don't reuse passwords between different accounts and applications</p><p>Take data backups and store it separately</p><p>Use multi-factor authentication</p><p>Modernize your stack with Cloud-based WAF, such as AppTrana, a next-generation cybersecurity protection suite that includes vulnerability assessments, virtual patching, zero false positives, DDoS attack prevention, and many more features.</p><p>The Closure</p><p><br /></p><p>In the cybersecurity space, attackers lead the learning curve, with security professionals following the lead to boost preventive measures. However, with advanced technologies, this scenario begins to change.</p><p><br /></p><p>The next-gen threat monitoring tools and predictive analytics go beyond the rule-based system and detect cyber risks, thereby flags potential threats in a secure and faster way.</p><p><br /></p><p>With adequate nationwide cybersecurity awareness and robust policies in place, companies should be capable of battling cyber threats effectively in the future.</p>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-19366819861604428972020-10-20T05:41:00.005-07:002020-10-20T05:42:12.597-07:00Police Raided German Spyware Company FinFisher Offices<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvKbCR1gcpXkuBCA2ZO_RrV2_2oNvmT7UGlLvalhwQFwPPAsXxOLbQjq6Mf8lwFOSmCgRQQuMl3_W_kizHo1WZbMwvDv4ku4IOwu1HHV1ZZJrlPSKckZqnacIEEhH5CkBl4Ec2p8BH8Sg/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="380" data-original-width="728" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEhvKbCR1gcpXkuBCA2ZO_RrV2_2oNvmT7UGlLvalhwQFwPPAsXxOLbQjq6Mf8lwFOSmCgRQQuMl3_W_kizHo1WZbMwvDv4ku4IOwu1HHV1ZZJrlPSKckZqnacIEEhH5CkBl4Ec2p8BH8Sg/" width="320" /></a></div><br /><p></p><p><br /></p><p>German investigating authorities have raided the offices of Munich-based company FinFisher that sells the infamous commercial surveillance spyware dubbed 'FinSpy,' reportedly in suspicion of illegally exporting the software to abroad without the required authorization.</p><p><br /></p><p>Investigators from the German Customs Investigation Bureau (ZKA), ordered by the Munich Public Prosecutor's Office, searched a total of 15 properties in Munich, including business premises of FinFisher GmbH, two other business partners, as well as the private apartments of the managing directors, along with a partner company in Romania from October 6 to 8.</p><p><br /></p><p>For those unaware, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world but has also been found in use by oppressive and dubious regimes to spy on activists, political dissidents and journalists.</p><p><br /></p><p>FinSpy malware can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, and gives its operator spying capabilities, including secretly turning on victims' webcams and microphones, recording everything they types on the keyboard, intercepting calls, and exfiltration of sensitive data.</p><p><br /></p><p>However, a new report from BR (Bayerischer Rundfunk) and (Norddeutscher Rundfunk) NDR suggests the spying firm illegally exported FinSpy to other countries without the correct export license issued by the federal government.</p><p><br /></p><p></p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1S5TM5EiZGBVKTIliUvJewDt6EWSUqobxDLqj2_ZsqNt9KsR_cU16ofUZdjU3-32fkOMJDyf88aLrb8kzkTEOyx0WSic2qpG-Wdo0ZcT7ytXlwieZPVcjDka1sBKd7kIfTjWkSjdDCEc/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="500" data-original-width="728" height="220" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi1S5TM5EiZGBVKTIliUvJewDt6EWSUqobxDLqj2_ZsqNt9KsR_cU16ofUZdjU3-32fkOMJDyf88aLrb8kzkTEOyx0WSic2qpG-Wdo0ZcT7ytXlwieZPVcjDka1sBKd7kIfTjWkSjdDCEc/" width="320" /></a></div><br /><br /><p></p><p>The Munich public prosecutor's office is now investigating "suspected violations of the Foreign Trade Act against managing directors and employees of FinFisher GmbH and at least two other companies," said a spokeswoman to BR and NDR.</p><p><br /></p><p>The raids were part of a criminal complaint [pdf] filed by the GFF, Netzpolitik, Reporters Without Borders (ROG), and the European Center for Constitutional Rights and Human Rights (ECCHR) against the managing directors of FinFisher GmbH in July 2019.</p><p><br /></p><p>In 2015, a permit requirement for exports of FinSpy to non-EU countries was introduced across Europe, but even after the federal government not issued a single export license, the surveillance software was found on a Turkish website in 2017 to spy on members of the opposition and was used in Egypt to target NGOs.</p><p><br /></p><p>This strongly suggests that the surveillance company illegally exported the FinSpy software despite the existing permit requirements.</p><p><br /></p><p>Unfortunately, the German media site has taken down the original report it posted last year after FinFisher sued the publication and won the case.</p><p><br /></p><p>We will update the article as and when new information becomes available.</p>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-84549312437491470382020-09-27T03:29:00.004-07:002020-09-27T03:31:41.354-07:00FinSpy Spyware for Mac and Linux OS Targets Egyptian Organisations<p></p><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRhOjnCxnhrJJmbA0l96l9wF9cu7O242rhOD6zMTaMDLBqMGeIjOwJgocjWcDP6FpmDmNcGmgzdVWnVDJr4WUqsxGHkRxdAcqmnu0MAhXTsjKLJA6F5tjGayONH-98daTQvC0s5AgX1HM/s728/finspy-malware.egypt.jpg" imageanchor="1" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="380" data-original-width="728" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgRhOjnCxnhrJJmbA0l96l9wF9cu7O242rhOD6zMTaMDLBqMGeIjOwJgocjWcDP6FpmDmNcGmgzdVWnVDJr4WUqsxGHkRxdAcqmnu0MAhXTsjKLJA6F5tjGayONH-98daTQvC0s5AgX1HM/s320/finspy-malware.egypt.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><br /><br /><p></p><p> <span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Amnesty International today exposed details of a new surveillance campaign that targeted Egyptian civil society organizations with previously undisclosed versions of FinSpy spyware designed to target Linux and macOS systems.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Developed by a <a href="https://thehackernews.com/2014/08/company-that-sells-finfisher-spying.html" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">German company</a>, FinSpy is extremely powerful spying software that is being sold as a legal law enforcement tool to governments around the world<span style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"> </span>but has also been <a href="https://thehackernews.com/2017/09/gamma-finfisher-hacking-tool.html" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">found</a> in use by oppressive and dubious regimes to spy on activists.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">FinSpy, also known as FinFisher, can target both desktop and mobile operating systems, including Android, iOS, Windows, macOS, and Linux, to gain spying capabilities, including secretly turning on their webcams and microphones, recording everything the victim types on the keyboard, intercepting calls, and exfiltration of data.</p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">According to the human rights organization Amnesty International, the newly discovered campaign is not linked to 'NilePhish,' a hacking group known for attacking Egyptian NGOs in a series of attacks, involving an older version of FinSpy, phishing technique, and malicious Flash Player downloads.</span></p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-UvzYiM4dXyQ/X24B0hYDhyI/AAAAAAAA3VY/FzRYe8bwujI6X1i1uiBvHI5cYp1pUgQyACLcBGAsYHQ/s0/finspy-malware-for-linux-hacking.jpg" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; display: block; float: left; font: inherit; margin-bottom: 15px; margin-left: 0px; margin-right: 0px !important; margin-top: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: center; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="finspy malware for linux hacking" border="0" data-original-height="526" data-original-width="728" src="https://thehackernews.com/images/-UvzYiM4dXyQ/X24B0hYDhyI/AAAAAAAA3VY/FzRYe8bwujI6X1i1uiBvHI5cYp1pUgQyACLcBGAsYHQ/s728-e1000/finspy-malware-for-linux-hacking.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="finspy malware for linux hacking" /></a></div><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-s8BD0OYgKMQ/X24B1XKt9-I/AAAAAAAA3Vc/LzFUKO4KC_Q2YQVWnjRT6Nb9ueTwqxTOgCLcBGAsYHQ/s0/finspy-malware-for-macos-hacking.jpg" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; display: block; float: left; font: inherit; margin-bottom: 15px; margin-left: 0px; margin-right: 0px !important; margin-top: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: center; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="finspy malware for macos hacking" border="0" data-original-height="526" data-original-width="728" src="https://thehackernews.com/images/-s8BD0OYgKMQ/X24B1XKt9-I/AAAAAAAA3Vc/LzFUKO4KC_Q2YQVWnjRT6Nb9ueTwqxTOgCLcBGAsYHQ/s728-e1000/finspy-malware-for-macos-hacking.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="finspy malware for macos hacking" /></a></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Instead, the new versions of FinSpy for Linux and macOS, along with Android and Windows, were used by a new unknown hacking group, which they believe is state-sponsored and active since September 2019.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Uploaded on VirusTotal, all new malware samples were discovered as part of an ongoing effort by Amnesty International to actively track and monitor NilePhish's activities.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The new binaries are obfuscated and stop malicious activities when it finds itself running on a virtual machine to make it challenging for experts to analyze the malware.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Moreover, even if a targeted smartphone isn't rooted, the spyware attempts to gain root access using previously disclosed exploits.</p><div class="ad_two clear" style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 15px 0px; vertical-align: baseline;"><center class="cf" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><div class="_ap_apex_ad" data-orig-id="8c2d7f94-a9c5-43b2-83a4-cdcf711ae05e" data-refresh-time="1601202450746" data-render-time="1601202424736" data-section="00000001-a44d3002-51f4-4f4c-8f60-460d47768ae8" data-timeout="228" id="00000001-a44d3002-51f4-4f4c-8f60-460d47768ae8" max-height="290" style="border: 0px; box-sizing: border-box; font: inherit; margin: 10px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: left; vertical-align: baseline;"><div id="ADP_37020_responsivexresponsive_00000001-a44d3002-51f4-4f4c-8f60-460d47768ae8" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"></div></div></center></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"The modules available in the Linux sample are almost identical to the MacOS sample," the researchers said.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"The modules are encrypted with the AES algorithm and compressed with the aplib compression library. The AES key is stored in the binary, but the IV is stored in each configuration file along with a MD5 hash of the final decompressed file."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"The spyware communicates with the Command & Control (C&C) server using HTTP POST requests. The data sent to the server is encrypted using functions provided by the 7F module, compressed using a custom compressor, and base64 encoded."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Meanwhile, the researchers have also provided indicators of compromise (<a href="https://github.com/AmnestyTech/investigations" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">IoC</a>) to help researchers further investigate these attacks and users check whether their machines are among compromised ones.</p><div>Kaspersky researchers last year revealed a similar cyber-espionage campaign where 'then-new' FinSpy implants for iOS and Android were being used to spy on users from Myanmar.</div><div><br /></div>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-25877891917263345102020-09-27T03:26:00.005-07:002020-09-27T03:26:40.386-07:00Microsoft Windows XP Source Code Reportedly Leaked Online<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaWbq7V2TToaNxiSeVSKJrDtVUmkbKrCY595swIETWI-TmsLB57d9c7Uv217jj0NOTGRfRzZ7UBogfZ7VSnUaVtYzfhj3m5QZrJLZfu1hPIdRMY8_tin52uEAlWu2TO_XOIVPlta3XVCY/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="380" data-original-width="728" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgaWbq7V2TToaNxiSeVSKJrDtVUmkbKrCY595swIETWI-TmsLB57d9c7Uv217jj0NOTGRfRzZ7UBogfZ7VSnUaVtYzfhj3m5QZrJLZfu1hPIdRMY8_tin52uEAlWu2TO_XOIVPlta3XVCY/" width="320" /></a></div><br /><p></p><p><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"><br /></span></p><p><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Microsoft's long-lived operating system Windows XP—that still powers over 1% of all laptops and desktop computers worldwide—has had its source code leaked online, allegedly, along with Windows Server 2003.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Yes, you heard that right.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The source code for Microsoft's 19-year-old operating system was published as a torrent file on notorious bulletin board website 4chan, and it's for the very first time when source code for Microsoft's operating system has been leaked to the public.</p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Several reports suggest that the collection of torrent files, which weigh 43GB in size, also said to include the source code for Windows Server 2003 and several Microsoft's older operating systems, including:</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Windows 2000</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Windows CE 3 </span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Windows CE 4 </span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Windows CE 5 </span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Windows Embedded 7</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Windows Embedded CE</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Windows NT 3.5</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Windows NT 4</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">MS-DOS 3.30 </span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">MS-DOS 6.0</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">The torrent download also includes the alleged source code for various Windows 10 components that appeared in 2017 and source code for the first operating system of the original Xbox that appeared online in May.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;">While Microsoft has not officially confirmed or denied the leak yet, several independent security researchers have since begun analyzing the source code and spoken of its legitimacy (1, 2).</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;">Using the name billgates3, the leaker claims to have compiled the collection of leaked Microsoft source code over the course of the last few months.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;">The leaker also said that many Microsoft operating system source code files had been passed around privately between hackers for years.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;">So, the leaker decided to share the source code to the public, saying that "information should be free and available to everyone."</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;">"I created this torrent for the community, as I believe information should be free and available to everyone, and hoarding information for oneself and keeping it secret is an evil act in my opinion," the leaker said, adding that the company "claims to love open source so then I guess they'll love how open this source code is now that it's passed around on BitTorrent."</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;">Besides containing source code, the torrent also includes a media folder (files and videos) related to conspiracy theories about Bill Gates.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif;">The leaked source code should not come as a surprise as Microsoft does have a history of providing its OS source code to governments worldwide via a special Government Security Program (GSP) the company runs that allows governments and organizations controlled access to the source code</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">Needless to say, Microsoft ended its support for Windows XP back in 2014, so its source code leak doesn't make the systems running the outdated OS version more of a target, because there's probably a ton of other unpatched vulnerabilities already exist</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif;">But since operating systems may share code, exploitable flaws found in the Windows XP source code still present in Windows 10 can allow hackers to target newer versions of Windows operating system altogether, which would be a real threat to billions of users.</span></p>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-81289549658304485872020-09-27T03:24:00.001-07:002020-09-27T03:24:05.453-07:00Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjQIgdssVlPiUUCNiR6T7WybOPdHYouYeHwkFURWQCHitIRK2_TMiEHTy_xmV-nDX4n3rdMiUfAEDfju58cZqA4315V84a6SMConSXl56TJI9_bf1TYinmt7lfVqLcnear35cldyN2cgs/" style="margin-left: 1em; margin-right: 1em;"><img alt="" data-original-height="380" data-original-width="728" height="167" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEjjQIgdssVlPiUUCNiR6T7WybOPdHYouYeHwkFURWQCHitIRK2_TMiEHTy_xmV-nDX4n3rdMiUfAEDfju58cZqA4315V84a6SMConSXl56TJI9_bf1TYinmt7lfVqLcnear35cldyN2cgs/" width="320" /></a></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: left;"><br /></div><p></p>As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks.<br />Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution—with default configuration—to enable employees to connect remotely are vulnerable to man-in-the-middle (MitM) attacks, allowing attackers to present a valid SSL certificate and fraudulently take over a connection.<br /><br /><br />"We quickly found that under default configuration the SSL VPN is not as protected as it should be, and is vulnerable to MITM attacks quite easily," SAM IoT Security Lab's Niv Hertz and Lior Tashimov said.<br /><br /><br />"The Fortigate SSL-VPN client only verifies that the CA was issued by Fortigate (or another trusted CA), therefore an attacker can easily present a certificate issued to a different Fortigate router without raising any flags, and implement a man-in-the-middle attack."<div class="separator" style="clear: both;"><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;"><div class="separator" style="clear: both;">To achieve this, the researchers set up a compromised IoT device that's used to trigger a MitM attack soon after the Fortinet VPN client initiates a connection, which then steals the credentials before passing it to the server and spoofs the authentication process.</div><div class="separator" style="clear: both;"><br /></div><div class="separator" style="clear: both;"><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-qApYC1stC7k/X23BdtC9IOI/AAAAAAAAAzM/aVp915U4ASI4uX6cztfEBV29iUob006tQCLcBGAsYHQ/s0/Fortigate-VPN.jpg" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; display: block; float: left; font: inherit; margin-bottom: 15px; margin-left: 0px; margin-right: 0px !important; margin-top: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: center; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="" border="0" data-original-height="600" data-original-width="728" src="https://thehackernews.com/images/-qApYC1stC7k/X23BdtC9IOI/AAAAAAAAAzM/aVp915U4ASI4uX6cztfEBV29iUob006tQCLcBGAsYHQ/s0/Fortigate-VPN.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" /></a></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">SSL certificate validation, which helps vouch for the authenticity of a website or a domain, typically works by verifying its validity period, digital signature, if it was issued by a certificate authority (CA) that it can trust, and if the subject in the certificate matches with the server the client is connecting to.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The problem, according to the researchers, lies in the use of default <a href="https://en.wikipedia.org/wiki/Self-signed_certificate" style="border: 0px; box-sizing: border-box; color: #356ae6; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;">self-signed SSL certificates</a> by companies. </p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Given that every Fortigate router comes with a default SSL certificate that is signed by Fortinet, that very certificate can be spoofed by a third-party as long as it's valid and issued either by Fortinet or any other trusted CA, thus allowing the attacker to re-route traffic to a server their control and decrypt the contents.</p></div></div><div class="separator" style="clear: both; text-align: center;"><iframe allowfullscreen="" class="BLOG_video_class" height="266" src="https://www.youtube.com/embed/rzBMe8GN9o8" width="320" youtube-src-id="rzBMe8GN9o8"></iframe></div><div class="separator" style="clear: both; text-align: center;"><br /></div><div class="separator" style="clear: both; text-align: center;"><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">The main reason for this is that the bundled default SSL certificate uses the router's serial number as the server name for the certificate. While Fortinet can use the router's serial number to check if the server names match, the client appears to not verify the server name at all, resulting in fraudulent authentication.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">In one scenario, the researchers exploited this quirk to decrypt the traffic of the Fortinet SSL-VPN client and extract the user's password and OTP. </p><div class="ad_two clear" style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 15px 0px; text-align: left; vertical-align: baseline;"><center class="cf" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><div class="_ap_apex_ad" data-orig-id="8c2d7f94-a9c5-43b2-83a4-cdcf711ae05e" data-refresh-time="1601202126533" data-render-time="1601202013311" data-section="00000001-c7252093-92f5-4700-951e-0c7bf3f7ed6e" data-timeout="386" id="00000001-c7252093-92f5-4700-951e-0c7bf3f7ed6e" max-height="290" style="border: 0px; box-sizing: border-box; font: inherit; margin: 10px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: left; vertical-align: baseline;"><div id="ADP_37020_responsivexresponsive_00000001-c7252093-92f5-4700-951e-0c7bf3f7ed6e" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"></div></div></center></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">"An attacker can actually use this to inject his own traffic, and essentially communicate with any internal device in the business, including point of sales, sensitive data centers, etc," the firm said. "This is a major security breach that can lead to severe data exposure."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">For its part, Fortinet said it has no plans to address the issue, suggesting that users can manually replace the default certificate and ensure the connections are safe from MitM attacks.</p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: left; vertical-align: baseline;"><a href="https://thehackernews.com/images/-2BbimtnSC0g/X23DgLfGnMI/AAAAAAAAAzY/4lj-cXegoQEyHvY6l4sT_KG3zHvyEnCjgCLcBGAsYHQ/s0/Fortigate-VPN.jpg" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; display: block; float: left; font: inherit; margin-bottom: 15px; margin-left: 0px; margin-right: 0px !important; margin-top: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: center; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="Fortigate VPN" border="0" data-original-height="494" data-original-width="728" src="https://thehackernews.com/images/-2BbimtnSC0g/X23DgLfGnMI/AAAAAAAAAzY/4lj-cXegoQEyHvY6l4sT_KG3zHvyEnCjgCLcBGAsYHQ/s728-e1000/Fortigate-VPN.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="Fortigate VPN" /></a></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">Currently, Fortinet provides a warning when using the default certificate: "You are using a default built-in certificate, which will not be able to verify your server's domain name (your users will see a warning). It is recommended to purchase a certificate for your domain and upload it for use."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">"The Fortigate issue is only an example of the current issues with security for the small-medium businesses, especially during the epidemic work-from-home routine," Hertz and Tashimov noted.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">"These types of businesses require near enterprise grade security these days, but do not have the resources and expertise to maintain enterprise security systems. Smaller businesses require leaner, seamless, easy-to-use security products that may be less flexible, but provide much better basic security."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">UPDATE: </span>In a statement provided to The Hacker News, the company said: "The security of our customers is our first priority. This is not a vulnerability. Fortinet VPN appliances are designed to work out-of-the-box for customers so that organizations are enabled to set up their appliance customized to their own unique deployment."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: start; vertical-align: baseline;">"Each VPN appliance and the set up process provides multiple clear warnings in the GUI with documentation offering guidance on certificate authentication and sample certificate authentication and configuration examples. Fortinet strongly recommends adhering to its provided installation documentation and process, paying close attention to warnings throughout that process to avoid exposing the organization to risk."</p></div><br /><div class="separator" style="clear: both;"><br /></div></div><p><br /></p>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-75149098850463965772020-09-27T03:15:00.009-07:002020-09-27T03:20:01.761-07:00Major Instagram App Bug Could've Given Hackers Remote Access to Your Phone<p> </p><div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-eDShWMkXbGd7UscWPP9n3yNcnan3qz4ViGvzbJpy0CBbgWyoG0AsdBy9tLkOinf0dhpzIsjUQvQdJr-YeskvvKfbzaCtoo2V2HenOG3SesPaZCobEsLm_B7iRpJwt_1iackOWnetZqI/s728/instagram-hacking.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="380" data-original-width="728" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEj-eDShWMkXbGd7UscWPP9n3yNcnan3qz4ViGvzbJpy0CBbgWyoG0AsdBy9tLkOinf0dhpzIsjUQvQdJr-YeskvvKfbzaCtoo2V2HenOG3SesPaZCobEsLm_B7iRpJwt_1iackOWnetZqI/s320/instagram-hacking.jpg" width="320" /></a></div><br /><div class="separator" style="clear: both; text-align: center;"><br /></div><p></p><br />Ever wonder how hackers can hack your smartphone remotely?<br />In a report shared with The Hacker News today, Check Point researchers disclosed details about a critical vulnerability in Instagram's Android app that could have allowed remote attackers to take control over a targeted device just by sending victims a specially crafted image.<br /><br /><br />What's more worrisome is that the flaw not only lets attackers perform actions on behalf of the user within the Instagram app—including spying on victim's private messages and even deleting or posting photos from their accounts—but also execute arbitrary code on the device.<br /><br />According to an advisory published by Facebook, the heap overflow security issue (tracked as CVE-2020-1895, CVSS score: 7.8) impacts all versions of the Instagram app prior to 128.0.0.26.128, which was released on February 10 earlier this year.<br /><br /><br />"This [flaw] turns the device into a tool for spying on targeted users without their knowledge, as well as enabling malicious manipulation of their Instagram profile," Check Point Research said in an analysis published today.<br /><br />"In either case, the attack could lead to a massive invasion of users' privacy and could affect reputations — or lead to security risks that are even more serious."<br /><br />After the findings were reported to Facebook, the social media company addressed the issue with a patch update released six months ago. The public disclosure was delayed all this time to allow the majority of Instagram's users to update the app, thereby mitigating the risk this vulnerability may introduce.<br /><br />Although Facebook confirmed there were no signs that this bug was exploited globally, the development is another reminder of why it's essential to keep apps up to date and be mindful of the permissions granted to them.<div><br /><h3 style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 33px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">A Heap Overflow Vulnerability</h3><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span face="Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif" style="color: #2b2d41;">According to Check Point, the memory corruption vulnerability allows for remote code execution that, given Instagram's extensive permissions to access a user's camera, contacts, GPS, photo library, and microphone, could be leveraged to perform any malicious action on the infected device.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span face="Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif" style="color: #2b2d41;">As for the flaw itself, it stems from the way Instagram integrated MozJPEG — an open-source JPEG encoder library which aims to lower bandwidth and provide better compression for images uploaded to the service — resulting in an integer overflow when the vulnerable function in question ("read_jpg_copy_loop") attempts to parse a malicious image with specially crafted dimensions.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span face="Roboto, -apple-system, BlinkMacSystemFont, Segoe UI, Oxygen, Ubuntu, Cantarell, Fira Sans, Droid Sans, Helvetica Neue, sans-serif" style="color: #2b2d41;">In doing so, an adversary could gain control over the size of the memory allocated to the image, the length of the data to be overwritten, and lastly, the contents of the overflowed memory region, in turn giving the attacker the ability to corrupt specific locations in a heap and divert code execution.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; content: " "; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span face="Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif" style="color: #2b2d41;">The consequence of such a vulnerability is that all a bad actor needs to do is send a corrupted JPEG image to a victim via email or WhatsApp. Once the recipient saves the image to the device and launches Instagram, the exploitation takes place automatically, granting the attacker full control over the app.</span></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Even worse, the exploit can be used to crash a user's Instagram app and render it inaccessible unless it's removed and reinstalled all over again on the device.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">If anything, the vulnerability is indicative of how incorporating third-party libraries into apps and services can be a weak link for security if the integration is not done right.</p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-xmWdu_6y_9o/X2xtTPN8H4I/AAAAAAAAAy0/f213wm2w1jsjkGdJHAAD5nraS7GMe-4PQCLcBGAsYHQ/s0/instagram-hack.jpg" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; display: block; float: left; font: inherit; margin-bottom: 15px; margin-left: 0px; margin-right: 0px !important; margin-top: 0px; margin: 0px 0px 15px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: center; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="" border="0" data-original-height="451" data-original-width="728" src="https://thehackernews.com/images/-xmWdu_6y_9o/X2xtTPN8H4I/AAAAAAAAAy0/f213wm2w1jsjkGdJHAAD5nraS7GMe-4PQCLcBGAsYHQ/s0/instagram-hack.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" /></a></div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"Fuzzing the exposed code turned up some new vulnerabilities which have since been fixed," Check Point's Gal Elbaz said. "It is likely that, given enough effort, one of these vulnerabilities can be exploited for RCE in a zero-click attack scenario.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">"Unfortunately, it is also likely that other bugs remain or will be introduced in the future. As such, continuous fuzz-testing of this and similar media format parsing code, both in operating system libraries and third-party libraries, is absolutely necessary."</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; content: " "; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 28px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Yaniv Balmas, the head of cyber research at Check Point, provided the following safety tips for smartphone users:</p><ol style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; list-style: disc; margin: 28px 0px 28px 50px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Update! Update! Update! </span>Make sure you regularly update your mobile application and your mobile operating systems. Dozens of critical security patches are being shipped out in these updates every week, and each one can potentially have a severe impact on your privacy.</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Monitor permissions.</span> Pay better attention to applications asking for permission. It's effortless for app developers to ask the users for excessive permissions, and it's also very easy for users to click 'Allow' without thinking twice.</li><li style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px 0px 10px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><span style="border: 0px; box-sizing: border-box; font-family: inherit; font-size: inherit; font-stretch: inherit; font-style: inherit; font-variant: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">Think twice about approvals.</span> Take a few seconds to think before you approve anything. Ask: "do I really want to give this application this kind of access, do I really need it?" if the answer is no, DO NOT APPROVE.</li></ol></div>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-3294055267030943182020-09-05T06:56:00.002-07:002020-09-05T06:56:07.145-07:00New Web-Based Credit Card Stealer Uses Telegram Messenger to Exfiltrate Data<div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-3qVB_kOLoGI/X09dqubUOII/AAAAAAAAAuU/lUH4gARe-oEO_bcmeKy6VTw5X_KNMtmmACLcBGAsYHQ/s728-e100/telegram.jpg" imageanchor="1" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; float: left; font: inherit; margin: 0px 1em 15px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="telegram" border="0" data-original-height="380" data-original-width="728" src="https://thehackernews.com/images/-3qVB_kOLoGI/X09dqubUOII/AAAAAAAAAuU/lUH4gARe-oEO_bcmeKy6VTw5X_KNMtmmACLcBGAsYHQ/s728-e100/telegram.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="telegram" /></a></div><p><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Cybercriminal groups are constantly evolving to find new ways to pilfer financial information, and the latest trick in their arsenal is to leverage the messaging app Telegram to their benefit.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">In what's a new tactic adopted by Magecart groups, the encrypted messaging service is being used to send stolen payment details from compromised websites back to the attackers.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"For threat actors, this data exfiltration mechanism is efficient and doesn't require them to keep up infrastructure that could be taken down or blocked by defenders," Jérôme Segura of Malwarebytes said in a </span><a href="https://blog.malwarebytes.com/web-threats/2020/09/web-skimmer-steals-credit-card-data-via-telegram/" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Monday analysis</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">. "They can even receive a notification in real time for each new victim, helping them quickly monetize the stolen cards in underground markets."<br /><br /></span><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">The TTP was first publicly documented by security researcher @AffableKraut in a </span><a href="https://twitter.com/AffableKraut/status/1299206113016119296" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Twitter thread</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> last week using data from Dutch cybersecurity firm Sansec.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /></p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-htkclVKUfU4/X09ZqjN8fvI/AAAAAAAAAuA/n6FCNzSNhJsviCWcvyHH5X35uorDeaYKgCLcBGAsYHQ/s728-e100/magecart.jpg" imageanchor="1" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; float: left; font: inherit; margin: 0px 1em 15px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="Telegram Messenger" border="0" data-original-height="407" data-original-width="728" src="https://thehackernews.com/images/-htkclVKUfU4/X09ZqjN8fvI/AAAAAAAAAuA/n6FCNzSNhJsviCWcvyHH5X35uorDeaYKgCLcBGAsYHQ/s728-e100/magecart.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="Telegram Messenger" /></a></div><p><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Injecting e-skimmers on shopping websites by exploiting a known vulnerability or stolen credentials to steal credit card details is a tried-and-tested modus operandi of Magecart, a consortium of different hacker groups who target online shopping cart systems.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">These virtual credit card skimmers, also known as formjacking attacks, are typically JavaScript code that the operators stealthily insert into an e-commerce website, often on payment pages, with an intent to capture customers' card details in real-time and transmit it to a remote attacker-controlled server.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">But over the last few months, they have </span><a href="https://thehackernews.com/2020/06/google-analytics-hacking.html" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">stepped up in their efforts</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> to hide card stealer code </span><a href="https://thehackernews.com/2020/06/image-credit-card-skimmers.html" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">inside image metadata</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> and even carry out </span><a href="https://thehackernews.com/2020/08/magecart-homograph-phishing.html" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">IDN homograph attacks</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> to plant web skimmers concealed within a website's favicon file.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /></p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-Mue8_tohniw/X09aSMiovsI/AAAAAAAAAuI/9xTRCgPshD4H9WWeHiHBh4TB8O3LMViMgCLcBGAsYHQ/s728-e100/magecart-hackers.jpg" imageanchor="1" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; float: left; font: inherit; margin: 0px 1em 15px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="magecart hackers" border="0" data-original-height="692" data-original-width="728" src="https://thehackernews.com/images/-Mue8_tohniw/X09aSMiovsI/AAAAAAAAAuI/9xTRCgPshD4H9WWeHiHBh4TB8O3LMViMgCLcBGAsYHQ/s728-e100/magecart-hackers.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="magecart hackers" /></a></div><p><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">What's novel this time around is the method of exfiltrating the data (such as name, address, credit card number, expiry, and CVV) itself, which is done via an instant message sent to a private Telegram channel using an encoded bot ID in the skimmer code.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /></p><div class="ad_two clear" style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 15px 0px; vertical-align: baseline;"><center class="cf" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><div class="_ap_apex_ad" data-orig-id="8c2d7f94-a9c5-43b2-83a4-cdcf711ae05e" data-refresh-time="1599314189540" data-render-time="1599314170234" data-section="00000001-c113f40a-9155-4b54-b0e7-4ac9d1b5d136" data-timeout="220" id="00000001-c113f40a-9155-4b54-b0e7-4ac9d1b5d136" max-height="290" style="border: 0px; box-sizing: border-box; font: inherit; margin: 10px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: left; vertical-align: baseline;"><div id="ADP_37020_responsivexresponsive_00000001-c113f40a-9155-4b54-b0e7-4ac9d1b5d136" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"></div></div></center></div><p><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"The fraudulent data exchange is conducted via Telegram's API, which posts payment details into a chat channel," Segura said. "That data was previously encrypted to make identification more difficult."</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">The advantage of using Telegram is that threat actors no longer have to bother with setting up a separate command-and-control infrastructure to transmit the collected information nor risk facing the possibility of those domains being taken down or blocked by anti-malware services.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"Defending against this variant of a skimming attack is a little more tricky since it relies on a legitimate communication service," Segura said. "One could obviously block all connections to Telegram at the network level, but attackers could easily switch to another provider or platform (as they have done </span><a href="https://sansec.io/research/skimming-google-defeats-csp" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">before</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">) and still get away with it."</span></p>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-27483801554667129002020-09-05T06:54:00.005-07:002020-09-05T06:54:42.026-07:00Cisco Jabber Bug Could Let Hackers Target Windows Systems Remotely<p> </p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-6zBRyYa11Gw/X1CpnSAYh6I/AAAAAAAAAuw/bUKB1SKpOOETuY4wX7TFZnaPOpGfM31tACLcBGAsYHQ/s728-e100/cisco-jabber-hacking.gif" imageanchor="1" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; float: left; font: inherit; margin: 0px 1em 15px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img border="0" data-original-height="380" data-original-width="728" src="https://thehackernews.com/images/-6zBRyYa11Gw/X1CpnSAYh6I/AAAAAAAAAuw/bUKB1SKpOOETuY4wX7TFZnaPOpGfM31tACLcBGAsYHQ/s728-e100/cisco-jabber-hacking.gif" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" /></a></div><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Networking equipment maker Cisco has released a new version of its Jabber video conferencing and messaging app for Windows that includes patches for multiple vulnerabilities—which, if exploited, could allow an authenticated, remote attacker to execute arbitrary code.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">The flaws, which were uncovered by Norwegian cybersecurity firm </span><a href="https://watchcom.no/nyheter/nyhetsarkiv/uncovers-cisco-jabber-vulnerabilities/" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Watchcom</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> during a pentest, affect all currently supported versions of the Jabber client (12.1-12.9) and has since been fixed by the company.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Two of the four flaws can be exploited to gain remote code execution (RCE) on target systems by sending specially crafted chat messages in group conversations or specific individuals.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">The most severe of the lot is a flaw (CVE-2020-3495, CVSS score 9.9) that's caused by improper validation of message contents, which could be leveraged by an attacker by sending maliciously-crafted Extensible Messaging and Presence Protocol (</span><a href="https://en.wikipedia.org/wiki/XMPP" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">XMPP</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">) messages to the affected software.<br /><br /></span><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"A successful exploit could allow the attacker to cause the application to execute arbitrary programs on the targeted system with the privileges of the user account that is running the Cisco Jabber client software, possibly resulting in arbitrary code execution," Cisco said in an </span><a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-jabber-UyTKCPGg" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">advisory</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> published yesterday.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">The development comes days after Cisco warned of an </span><a href="https://thehackernews.com/2020/09/cisco-issue-warning-over-ios-xr-zero.html" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">actively exploited zero-day flaw</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> in its IOS XR router software.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><h2 style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 33px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">An XSS Flaw to an RCE Flaw</h2><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">XMPP (originally called Jabber) is an XML-based communications protocol used for facilitating instant messaging between any two or more network entities.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">It's also designed to be extensible so as to accommodate additional functionality, one of which is </span><a href="https://xmpp.org/extensions/xep-0071.html" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">XEP-0071: XHTML-IM</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> — a specification that lays down the rules for exchanging HTML content using the XMPP protocol.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-7-WFiNuCf2c/X1CqF26fZYI/AAAAAAAAAu4/n_YYDP5tXLwjE3phFiKjRtgZ_FGLQyw1ACLcBGAsYHQ/s728-e100/hacking-cisco.jpg" imageanchor="1" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; float: left; font: inherit; margin: 0px 1em 15px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="hacking cisco" border="0" data-original-height="375" data-original-width="728" src="https://thehackernews.com/images/-7-WFiNuCf2c/X1CqF26fZYI/AAAAAAAAAu4/n_YYDP5tXLwjE3phFiKjRtgZ_FGLQyw1ACLcBGAsYHQ/s728-e100/hacking-cisco.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="hacking cisco" /></a></div><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">The flaw in Cisco Jabber arises from cross-site scripting (XSS) vulnerability when parsing XHTML-IM messages.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"The application does not properly sanitize incoming HTML messages and instead passes them through a flawed XSS filter," Watchcom researchers explained.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">As a consequence, a legitimate XMPP message can be intercepted and modified, thereby causing the application to run an arbitrary executable that already exists within the local file path of the application.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><div class="ad_two clear" style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 15px 0px; vertical-align: baseline;"><center class="cf" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><div class="_ap_apex_ad" data-orig-id="8c2d7f94-a9c5-43b2-83a4-cdcf711ae05e" data-refresh-time="1599314101908" data-render-time="1599314081624" data-section="00000001-6583e891-d3a9-42b7-85cc-71467ab5d941" data-timeout="154" id="00000001-6583e891-d3a9-42b7-85cc-71467ab5d941" max-height="290" style="border: 0px; box-sizing: border-box; font: inherit; margin: 10px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; text-align: left; vertical-align: baseline;"><div id="ADP_37020_responsivexresponsive_00000001-6583e891-d3a9-42b7-85cc-71467ab5d941" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"></div></div></center></div><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">To achieve this, it takes advantage of a separate vulnerable function in Chromium Embedded Framework (</span><a href="https://en.wikipedia.org/wiki/Chromium_Embedded_Framework" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">CEF</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">) — an open-source framework that's used to embed a Chromium web browser within other apps — that could be abused by a bad actor to execute rogue ".exe" files on the victim's machine.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Attackers, however, are required to have access to their victims' XMPP domains to send the malicious XMPP messages needed to exploit the vulnerability successfully.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Additionally, three other flaws in Jabber (CVE-2020-3430, CVE-2020-3498, CVE-2020-3537) could be exploited to inject malicious commands and cause information disclosure, including the possibility of stealthily collecting users' </span><a href="https://thehackernews.com/2020/04/zoom-windows-password.html" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">NTLM password hashes</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">With video conferencing applications becoming popular in the wake of the pandemic, it's essential that Jabber users update to the latest version of the software to mitigate the risk.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"Given their newfound prevalence in organizations of all sizes, these applications are becoming an increasingly attractive target for attackers," Watchcom said. "A lot of sensitive information is shared through video calls or instant messages and the applications are used by the majority of employees, including those with privileged access to other IT systems."</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"The security of these applications is therefore paramount, and it is important to ensure that both the applications themselves, and the infrastructure they are using, are regularly audited for security gaps."</span>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-50738010624252236942020-09-05T06:53:00.005-07:002020-09-05T06:53:39.379-07:00(Live) Webinar – XDR and Beyond with Autonomous Breach Protection<p> </p><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-7JLpa1TdoqE/X1CckntOsSI/AAAAAAAAAuk/puApL_ByR5YMju4wYr3QYEqveolMYovWgCLcBGAsYHQ/s728-e100/cybersecurity-webinar.jpg" imageanchor="1" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; float: left; font: inherit; margin: 0px 1em 15px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="cybersecurity webinar" border="0" data-original-height="380" data-original-width="728" src="https://thehackernews.com/images/-7JLpa1TdoqE/X1CckntOsSI/AAAAAAAAAuk/puApL_ByR5YMju4wYr3QYEqveolMYovWgCLcBGAsYHQ/s728-e100/cybersecurity-webinar.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="cybersecurity webinar" /></a></div><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Anyone paying attention to the cybersecurity technology market has heard the term XDR - Extended Detection and Response.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">XDR is a new technology approach that combines multiple protection technologies into a single platform. All the analyst firms are writing about it, and many of the top cybersecurity companies are actively moving into this space.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Why is XDR receiving all the buzz? Combining (or orchestrating) security technologies in a usable manner has become the bane of cybersecurity as technology spread has overwhelmed the space. There's a massive market for cybersecurity technologies that combine and rationalize other cybersecurity technologies (see SIEM and SOAR).</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">However, most companies find selecting, implementing, integrating, normalizing, operating, and maintaining a fully combined set of cybersecurity technologies far too daunting and only within reach of the largest companies with the deepest pockets.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><h2 style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 33px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">XDR Insights</h2><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Next week, Senior Analyst Dave Gruber of ESG will join cybersecurity company Cynet for a webinar (</span><a href="https://cynet.easywebinar.live/xdr-webinar" rel="noopener" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">register here</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">) to help companies better understand the promise and realities of emerging XDR technologies. Honestly, this couldn't come at a better time as multiple cybersecurity providers are jumping onto the bandwagon of this nascent technology.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Some companies, like Cynet, have had an XDR solution in the market for some time while others are providing mostly marketing materials for technology that is still under development and has not been deployed in a meaningful way.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><h2 style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 33px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">More Buzz - A New Incident Engine</h2><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">In the webinar, Cynet will also introduce a new 'Incident Engine' that automates the full response workflow. The Incident Engine automatically analyzes high-risk threats and finds the root cause and the full extent of the attack across the environment. It then automatically implements remediation actions to eradicate all parts of the threat.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Fully automating incident investigation and response is a boon to companies that do not have the cybersecurity expertise to adequately investigate alerts, determine the full extent of the danger, and then take appropriate remediation actions.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">It's also a huge help to overworked cybersecurity analysts that might spend hours or days fully investigating and responding to dangerous threats. Cynet's Incident Engine promises to fully automate this process, in the background, in a few minutes, allowing cybersecurity analysts to focus on other important tasks. Automating repetitive or complex tasks will become increasingly important in the world of cybersecurity.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><h2 style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 20px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: 33px; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;">The Future</h2><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">While I don't believe AI robots will fully replace cybersecurity experts, I'm confident that many cybersecurity tasks will. Companies spend increasing amounts on cybersecurity every year but are busier and more frazzled than ever.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">We have expanded capabilities and coverage areas, but now it's time to simplify, consolidate, and automate. And, we need to do this with less technology and fewer providers, not more. I think XDR and response automation is undoubtedly a step in the right direction.</span>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-29761802667652203092020-09-05T06:52:00.004-07:002020-09-05T06:52:37.843-07:00Evilnum hackers targeting financial firms with a new Python-based RAT<p> <img src="https://thehackernews.com/images/-lV0e2MeG5DM/X1I0qVPbuaI/AAAAAAAAAvg/2JiGrSC2nm8QAmm0XXWSAv8lQ7n7AUXTgCLcBGAsYHQ/s728-e100/hacking.jpg" /><br /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"><br />An adversary known for targeting the fintech sector at least since 2018 has switched up its tactics to include a new Python-based remote access Trojan (RAT) that can steal passwords, documents, browser cookies, email credentials, and other sensitive information.</span></p><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">In an analysis published by Cybereason researchers yesterday, the Evilnum group has not only tweaked its infection chain but has also deployed a Python RAT called "PyVil RAT," which possesses abilities to gather information, take screenshots, capture keystrokes data, open an SSH shell and deploy new tools.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"Since the first reports in 2018 through today, the group's TTPs have evolved with different tools while the group has continued to focus on fintech targets," the cybersecurity </span>firm said<span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"These variations include a change in the chain of infection and persistence, new infrastructure that is expanding over time, and the use of a new Python-scripted Remote Access Trojan (RAT)" to spy on its infected targets.<br /><br /></span><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Over the last two years, </span><a href="https://malpedia.caad.fkie.fraunhofer.de/details/js.evilnum" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Evilnum</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> has been linked to several malware campaigns against companies across the UK and EU involving backdoors written in JavaScript and C# as well as through tools bought from the Malware-as-a-Service provider </span><a href="https://medium.com/@quoscient/golden-chickens-uncovering-a-malware-as-a-service-maas-provider-and-two-new-threat-actors-using-61cf0cb87648" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">Golden Chickens</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-OxB7atANuAY/X1Iv6sxK-CI/AAAAAAAAAvE/h0DYa2uUH7o6NcFobmt5rymLMf2CBLmKQCLcBGAsYHQ/s728-e100/web-malware.jpg" imageanchor="1" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; float: left; font: inherit; margin: 0px 1em 15px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="web malware" border="0" data-original-height="350" data-original-width="728" src="https://thehackernews.com/images/-OxB7atANuAY/X1Iv6sxK-CI/AAAAAAAAAvE/h0DYa2uUH7o6NcFobmt5rymLMf2CBLmKQCLcBGAsYHQ/s728-e100/web-malware.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="web malware" /></a></div><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Back in July, the APT group was found targeting companies with </span><a href="https://thehackernews.com/2020/08/google-drive-file-versions.html" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">spear-phishing emails</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;"> that contain a link to a ZIP file hosted on Google Drive to steal software licenses, customer credit card information, and investments and trading documents.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">While the modus operandi of gaining an initial foothold in the compromised system remains the same, the infection procedure has witnessed a major shift.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><div class="ad_two clear" style="background-color: white; border: 0px; box-sizing: border-box; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 15px 0px; vertical-align: baseline;"><center class="cf" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><div class="_ap_apex_ad" data-orig-id="8c2d7f94-a9c5-43b2-83a4-cdcf711ae05e" data-refresh-time="1599313961372" data-render-time="1599313920513" data-section="00000001-8a4b6a75-1f0f-42a8-ac09-d56088b632fd" data-timeout="272" id="00000001-8a4b6a75-1f0f-42a8-ac09-d56088b632fd" max-height="290" style="border: 0px; box-sizing: border-box; font: inherit; margin: 10px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><div id="ADP_37020_responsivexresponsive_00000001-8a4b6a75-1f0f-42a8-ac09-d56088b632fd" style="border: 0px; box-sizing: border-box; font: inherit; margin: 0px auto; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"></div></div></center></div><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">Besides using spear-phishing emails with fake know your customer (</span><a href="https://en.wikipedia.org/wiki/Know_your_customer" style="background-color: white; border: 0px; box-sizing: border-box; color: #356ae6; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;" target="_blank">KYC</a><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">) documents to trick employees of the finance industry into triggering the malware, the attacks have moved away from using JavaScript-based Trojans with backdoor capabilities to a bare-bones JavaScript dropper that delivers malicious payloads hidden in modified versions of legitimate executables in an attempt to escape detection.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"This JavaScript is the first stage in this new infection chain, culminating with the delivery of the payload, a Python written RAT compiled with py2exe that Nocturnus researchers dubbed PyVil RAT," the researchers said.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-L0Kt-vcskaA/X1IwZYmztlI/AAAAAAAAAvM/42MMuk3a4qcToYh2L_PPZC1XRsvnaBjnwCLcBGAsYHQ/s728-e100/hacking.jpg" imageanchor="1" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; float: left; font: inherit; margin: 0px 1em 15px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img border="0" data-original-height="350" data-original-width="728" src="https://thehackernews.com/images/-L0Kt-vcskaA/X1IwZYmztlI/AAAAAAAAAvM/42MMuk3a4qcToYh2L_PPZC1XRsvnaBjnwCLcBGAsYHQ/s728-e100/hacking.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" /></a></div><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">The multi-process delivery procedure ("ddpp.exe"), upon execution, unpacks shellcode to establish communication with an attacker-controlled server and receive a second encrypted executable ("fplayer.exe") that functions as the next stage downloader to fetch the Python RAT.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">"In previous campaigns of the group, Evilnum's tools avoided using domains in communications with the C2, only using IP addresses," the researchers noted. "While the C2 IP address changes every few weeks, the list of domains associated with this IP address keeps growing."</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><div class="separator" style="background-color: white; border: 0px; box-sizing: border-box; clear: both; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; font-stretch: inherit; font-variant-east-asian: inherit; font-variant-numeric: inherit; line-height: inherit; margin: 0px 0px 20px; outline: 0px; overflow-wrap: break-word; padding: 0px; vertical-align: baseline;"><a href="https://thehackernews.com/images/-XBYpfAMUji4/X1Iw1WO8EMI/AAAAAAAAAvU/GU744mXU8xw4p-v210G8uMR0_wkMod9jACLcBGAsYHQ/s728-e100/hacking-sites.jpg" imageanchor="1" style="border: 0px; box-sizing: border-box; clear: left; color: #356ae6; cursor: default; float: left; font: inherit; margin: 0px 1em 15px 0px; outline: 0px; overflow-wrap: break-word; padding: 0px; text-decoration-line: none; transition: all 0.2s linear 0s; vertical-align: baseline;"><img alt="hacking-sites" border="0" data-original-height="364" data-original-width="728" src="https://thehackernews.com/images/-XBYpfAMUji4/X1Iw1WO8EMI/AAAAAAAAAvU/GU744mXU8xw4p-v210G8uMR0_wkMod9jACLcBGAsYHQ/s728-e100/hacking-sites.jpg" style="border: 0px; box-sizing: border-box; display: block; font: inherit; height: auto; margin: 0px; max-width: 100%; opacity: 1; outline: 0px; overflow-wrap: break-word; padding: 0px; transition: opacity 0.3s ease 0s; vertical-align: baseline; width: inherit;" title="hacking-sites" /></a></div><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">While Evilnum's exact origins still remain unclear, it's evident that their constant improvisation of TTPs has helped them stay under the radar.</span><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><br style="background-color: white; box-sizing: border-box; color: #2b2d41; content: " "; display: block; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px; margin: 28px; outline: 0px; overflow-wrap: break-word; padding: 0px;" /><span style="background-color: white; color: #2b2d41; font-family: Roboto, -apple-system, BlinkMacSystemFont, "Segoe UI", Oxygen, Ubuntu, Cantarell, "Fira Sans", "Droid Sans", "Helvetica Neue", sans-serif; font-size: 16px;">As the APT's techniques continue to evolve, it's essential that businesses remain vigilant and employees monitor their emails for phishing attempts and exercise caution when it comes to opening emails and attachments from unknown senders.</span>Defacers Roothttp://www.blogger.com/profile/04975904960188832334noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-59908982972215470812020-06-17T10:22:00.001-07:002020-06-17T10:23:34.590-07:00İsimsizler Hareketi Hacklendi! Turkz Grup Sahnede!<div class="separator" style="clear: both; text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0LGRZxte3vFJqxdQ3nbzslUK9-_v02H9d0FvTSaQbdP9N3DWNtE1cxi7Ar9u0fWLmAWwlLid1L7B7JpV68YKaX3gyb563zByjSdOy9n6vEwi_WBSlm_cBJ6s3IuOyj6EsstSIu2xx504/s750/turkz+grup.jpg" style="margin-left: 1em; margin-right: 1em;"><img border="0" data-original-height="420" data-original-width="750" height="358" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEi0LGRZxte3vFJqxdQ3nbzslUK9-_v02H9d0FvTSaQbdP9N3DWNtE1cxi7Ar9u0fWLmAWwlLid1L7B7JpV68YKaX3gyb563zByjSdOy9n6vEwi_WBSlm_cBJ6s3IuOyj6EsstSIu2xx504/w640-h358/turkz+grup.jpg" width="640" /></a></div><h2 style="background-color: white; border: 0px; box-sizing: border-box; clear: both; font-family: tmsans; font-size: 26px; margin: 0px 0px 16px; padding: 5px 10px 5px 14px; position: relative; vertical-align: baseline;"><br /></h2><h2 style="background-color: white; border: 0px; box-sizing: border-box; clear: both; font-family: tmsans; font-size: 26px; margin: 0px 0px 16px; padding: 5px 10px 5px 14px; position: relative; vertical-align: baseline;"><br /></h2><h2 style="background-color: white; border: 0px; box-sizing: border-box; clear: both; font-family: tmsans; font-size: 26px; margin: 0px 0px 16px; padding: 5px 10px 5px 14px; position: relative; vertical-align: baseline;">İsimsizler Hareketi Hacklendi!</h2><div><p style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Daha önce RedHack Bilgisayar Korsanı grubundan içeriye alınan Taylan Kulaçoğlu’nun kurduğu İsimsizler Hareketi, Türkiye Cumhuriyeti aleyhine yayınlar ve yazılar paylaşmış, kendi içinde grubu adeta bir terör yuvasına çevirmişti. Son paylaştıkları PençeKartal Harekatı’na yönelik paylaşılan tweet bu gruba karşı Türkiyenin büyük hack gruplarından biri olan Turkz Hacker Grubunu ayağa kaldırdı. Bugün sabah saat 6 sularında gerçekleştirilen operasyon ile isimsizler hareketi resmi web sitesi, Sipahiler Grup lideri <span style="font-weight: 700;">Zer0Day </span>tarafından hacklendi.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Daha öncede yine Turkz Grup tarafından hacklenen İsimsizler hareketi bu son olaylardan sonra yeniden hacklendi!</p><h2 style="background-color: white; border: 0px; box-sizing: border-box; clear: both; font-family: tmsans; font-size: 26px; margin: 0px 0px 16px; padding: 5px 10px 5px 14px; position: relative; vertical-align: baseline;">İsimsizler Hareketi Kimdir?</h2><p style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Terör örgütü DHKP-C’yi sosyal medyada destekleyen ve terör örgütü propagandası yaptığı belirtilen Taylan Kulaçoğlu ismindeki şahıs “İsimsizler Hareketi” adı altında Twitter’da bir hesap açtı. 2016 yılında Redhack’dan gözaltına alınan Kulaçoğlu, İsimsizler Hareketi adı altında ayrıca 30 Nisan 2020 tarihinde Telegram’da da bir kanal açarak örgütleme faaliyetini başlatmıştı. TSK’nın YPG/PKK terör örgütüne karşı yaptığı harekatlara “Faşizm” adı altında değerlendirmelerde bulundular.</p><h2 style="background-color: white; border: 0px; box-sizing: border-box; clear: both; font-family: tmsans; font-size: 26px; margin: 0px 0px 16px; padding: 5px 10px 5px 14px; position: relative; vertical-align: baseline;">Bu olanlara ilişkin Tukz Hacker grubu şu açıklamalarda bulundu:</h2><blockquote class="wp-block-quote" style="background: rgb(243, 243, 243); border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom: 2px solid rgb(204, 204, 204); border-image: initial; border-left-color: initial; border-left-style: initial; border-left-width: 0px; border-right-color: initial; border-right-style: initial; border-right-width: 0px; border-top-color: initial; border-top-style: initial; border-top-width: 0px; border-width: 0px 0px 2px; box-sizing: border-box; color: #606060; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 24px; padding: 20px 20px 0px; quotes: none; vertical-align: baseline; width: 770px;"><p style="border: 0px; box-sizing: border-box; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Türkiye Cumhuriyeti Devletine karşı bu tweetleri atarken hesabın sorulmayacağını mı düşündünüz ? Türkiye Cumhuriyetine karşı saygısızlığı görmezlikten geleceğimizi mi düşünüyordunuz? Sizlere hesap sormayacağımızı mı düşündünüz ?</p><p style="border: 0px; box-sizing: border-box; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;"></p><span class="icon-quote" style="-webkit-font-smoothing: antialiased; font-family: "icomoon important"; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; speak: none;"></span></blockquote><figure class="wp-block-image size-large" style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 1em; padding: 0px; vertical-align: baseline;"><img alt="" class="wp-image-2900" sizes="(max-width: 598px) 100vw, 598px" src="https://siberbasin.net/wp-content/uploads/2020/06/CuXEhS.png" srcset="https://siberbasin.net/wp-content/uploads/2020/06/CuXEhS.png 598w, https://siberbasin.net/wp-content/uploads/2020/06/CuXEhS-300x150.png 300w" style="border: 0px; box-sizing: border-box; display: block; height: auto; margin: 15px 0px 0px; max-width: 100%; padding: 0px; vertical-align: baseline; width: auto;" /></figure><blockquote class="wp-block-quote" style="background: rgb(243, 243, 243); border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom: 2px solid rgb(204, 204, 204); border-image: initial; border-left-color: initial; border-left-style: initial; border-left-width: 0px; border-right-color: initial; border-right-style: initial; border-right-width: 0px; border-top-color: initial; border-top-style: initial; border-top-width: 0px; border-width: 0px 0px 2px; box-sizing: border-box; color: #606060; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 24px; padding: 20px 20px 0px; quotes: none; vertical-align: baseline; width: 770px;"><p style="border: 0px; box-sizing: border-box; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">TSK’nın YPG/PKK terör örgütüne karşı yaptığı harekatlara “Faşizm” dediniz! Türkiye Cumhuriyeti devletine faşist dediniz ! PKK’nın kucağına oturdunuz ! Bugünü unutmayın.. Sıra ağa babalarınıza da gelecek..</p><span class="icon-quote" style="-webkit-font-smoothing: antialiased; font-family: "icomoon important"; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; speak: none;"></span></blockquote><p style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;"><br /><span style="font-weight: 700;">Öncesi:</span></p><figure class="wp-block-image size-large" style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 1em; padding: 0px; vertical-align: baseline;"><img alt="" class="wp-image-2897" sizes="(max-width: 1024px) 100vw, 1024px" src="https://siberbasin.net/wp-content/uploads/2020/06/indir-10-1024x516.png" srcset="https://siberbasin.net/wp-content/uploads/2020/06/indir-10-1024x516.png 1024w, https://siberbasin.net/wp-content/uploads/2020/06/indir-10-300x151.png 300w, https://siberbasin.net/wp-content/uploads/2020/06/indir-10-768x387.png 768w, https://siberbasin.net/wp-content/uploads/2020/06/indir-10.png 1277w" style="border: 0px; box-sizing: border-box; display: block; height: auto; margin: 15px 0px 0px; max-width: 100%; padding: 0px; vertical-align: baseline; width: auto;" /></figure><p style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Sonrası:</p><figure class="wp-block-gallery columns-1 is-cropped" style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; display: flex; flex-wrap: wrap; font-family: roboto, sans-serif; font-size: 17px; list-style-type: none; margin: 0px; padding: 0px; vertical-align: baseline;"><ul class="blocks-gallery-grid" style="border: 0px; box-sizing: border-box; flex-wrap: wrap; list-style: none; margin: 0px 0px 15px 18px; padding: 0px; vertical-align: baseline; width: calc(100% - 18px);"><li class="blocks-gallery-item" style="border: 0px; box-sizing: border-box; display: flex; flex-direction: column; flex-grow: 1; float: none; justify-content: center; list-style-type: disc; margin: 0px 0px 16px; padding: 0px; position: relative; vertical-align: baseline; width: 752px;"><figure style="align-items: flex-end; border: 0px; box-sizing: border-box; display: flex; height: 395.406px; justify-content: flex-start; margin: 0px; padding: 0px; vertical-align: baseline;"><img alt="" class="wp-image-2896" data-full-url="https://siberbasin.net/wp-content/uploads/2020/06/indir-11.png" data-id="2896" data-link="https://siberbasin.net/hack-haber/isimsizler-hareketi-hacklendi-turkz-sahnede/attachment/indir-11/" sizes="(max-width: 1024px) 100vw, 1024px" src="https://siberbasin.net/wp-content/uploads/2020/06/indir-11-1024x518.png" srcset="https://siberbasin.net/wp-content/uploads/2020/06/indir-11-1024x518.png 1024w, https://siberbasin.net/wp-content/uploads/2020/06/indir-11-300x152.png 300w, https://siberbasin.net/wp-content/uploads/2020/06/indir-11-768x389.png 768w, https://siberbasin.net/wp-content/uploads/2020/06/indir-11.png 1195w" style="border: 0px; box-sizing: border-box; display: block; flex: 1 1 0%; height: 380.406px; margin: 15px 0px 0px; max-width: 100%; object-fit: cover; padding: 0px; vertical-align: baseline; width: 752px;" /></figure></li></ul></figure><ul style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 17px; list-style: none; margin: 0px 0px 15px 18px; padding: 0px; vertical-align: baseline; width: calc(100% - 18px);"><li style="border: 0px; box-sizing: border-box; float: none; list-style-type: disc; margin: 0px; padding: 0px; vertical-align: baseline; width: 752px;">Zamanında Facebook sayfanızı hackledik bizim değil dediniz, kullandığınız domaini hackledik yine bizim değil dediniz,</li></ul><blockquote class="wp-block-quote" style="background: rgb(243, 243, 243); border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom: 2px solid rgb(204, 204, 204); border-image: initial; border-left-color: initial; border-left-style: initial; border-left-width: 0px; border-right-color: initial; border-right-style: initial; border-right-width: 0px; border-top-color: initial; border-top-style: initial; border-top-width: 0px; border-width: 0px 0px 2px; box-sizing: border-box; color: #606060; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 24px; padding: 20px 20px 0px; quotes: none; vertical-align: baseline; width: 770px;"><p style="border: 0px; box-sizing: border-box; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Hakkınızda Facebook sayfanız da tek tek açıklama yaptık bir cevap veremediniz,</p><span class="icon-quote" style="-webkit-font-smoothing: antialiased; font-family: "icomoon important"; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; speak: none;"></span></blockquote><blockquote class="wp-block-quote" style="background: rgb(243, 243, 243); border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom: 2px solid rgb(204, 204, 204); border-image: initial; border-left-color: initial; border-left-style: initial; border-left-width: 0px; border-right-color: initial; border-right-style: initial; border-right-width: 0px; border-top-color: initial; border-top-style: initial; border-top-width: 0px; border-width: 0px 0px 2px; box-sizing: border-box; color: #606060; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 24px; padding: 20px 20px 0px; quotes: none; vertical-align: baseline; width: 770px;"><p style="border: 0px; box-sizing: border-box; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Xss ile hack yaptık dediniz millete yutturmaya çalıştınız,</p><span class="icon-quote" style="-webkit-font-smoothing: antialiased; font-family: "icomoon important"; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; speak: none;"></span></blockquote><blockquote class="wp-block-quote" style="background: rgb(243, 243, 243); border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom: 2px solid rgb(204, 204, 204); border-image: initial; border-left-color: initial; border-left-style: initial; border-left-width: 0px; border-right-color: initial; border-right-style: initial; border-right-width: 0px; border-top-color: initial; border-top-style: initial; border-top-width: 0px; border-width: 0px 0px 2px; box-sizing: border-box; color: #606060; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 24px; padding: 20px 20px 0px; quotes: none; vertical-align: baseline; width: 770px;"><p style="border: 0px; box-sizing: border-box; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Yıllarca “https” protokolü ile giriş yapılamayan devlet sitelerine “saldırı” yaptık çökerttik diye yutturdunuz, devlete ihanet içerisinde bulunan şerefsizlerden aldığınız bilgiler ile “emniyeti, askeriyi hackledik” dediniz milleti kandırdınız,</p><span class="icon-quote" style="-webkit-font-smoothing: antialiased; font-family: "icomoon important"; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; speak: none;"></span></blockquote><blockquote class="wp-block-quote" style="background: rgb(243, 243, 243); border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom: 2px solid rgb(204, 204, 204); border-image: initial; border-left-color: initial; border-left-style: initial; border-left-width: 0px; border-right-color: initial; border-right-style: initial; border-right-width: 0px; border-top-color: initial; border-top-style: initial; border-top-width: 0px; border-width: 0px 0px 2px; box-sizing: border-box; color: #606060; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 24px; padding: 20px 20px 0px; quotes: none; vertical-align: baseline; width: 770px;"><p style="border: 0px; box-sizing: border-box; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">O da yetmedi bir de redhack geri döndü gibi açıklamalarda bulundunuz… Sahi ne ara böyle kendinizi bir halt görür oldunuz?<span style="font-weight: 700;">Şimdide kalkmış her zaman ki gibi mağdur politikası oynuyorsunuz?</span></p><span class="icon-quote" style="-webkit-font-smoothing: antialiased; font-family: "icomoon important"; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; speak: none;"></span></blockquote><h2 style="background-color: white; border: 0px; box-sizing: border-box; clear: both; font-family: tmsans; font-size: 26px; margin: 0px 0px 16px; padding: 5px 10px 5px 14px; position: relative; vertical-align: baseline;">ÇAKALLARIN HÜKMÜ, KURTLAR GELİNCİYE KADARDIR …</h2><blockquote class="wp-block-quote" style="background: rgb(243, 243, 243); border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom: 2px solid rgb(204, 204, 204); border-image: initial; border-left-color: initial; border-left-style: initial; border-left-width: 0px; border-right-color: initial; border-right-style: initial; border-right-width: 0px; border-top-color: initial; border-top-style: initial; border-top-width: 0px; border-width: 0px 0px 2px; box-sizing: border-box; color: #606060; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 24px; padding: 20px 20px 0px; quotes: none; vertical-align: baseline; width: 770px;"><p style="border: 0px; box-sizing: border-box; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Selam olsun bu millet için canını feda edenlere.. Selam olsun bu bayrak için mücadele edenlere.. Selam olsun vatan sevdalılarına .. Selam olsun tüm yiğitlere ..</p><span class="icon-quote" style="-webkit-font-smoothing: antialiased; font-family: "icomoon important"; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; speak: none;"></span></blockquote><blockquote class="wp-block-quote" style="background: rgb(243, 243, 243); border-bottom-color: rgb(204, 204, 204); border-bottom-style: solid; border-bottom: 2px solid rgb(204, 204, 204); border-image: initial; border-left-color: initial; border-left-style: initial; border-left-width: 0px; border-right-color: initial; border-right-style: initial; border-right-width: 0px; border-top-color: initial; border-top-style: initial; border-top-width: 0px; border-width: 0px 0px 2px; box-sizing: border-box; color: #606060; font-family: roboto, sans-serif; font-size: 17px; margin: 0px 0px 24px; padding: 20px 20px 0px; quotes: none; vertical-align: baseline; width: 770px;"><p style="border: 0px; box-sizing: border-box; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Dipnot: Beyinleri cf kurmaya yetmişki zonelerde index’e cf sayfası yansımış ama hallettik</p><span class="icon-quote" style="-webkit-font-smoothing: antialiased; font-family: "icomoon important"; font-variant-east-asian: normal; font-variant-numeric: normal; line-height: 1; speak: none;"></span></blockquote><p style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Web Archive Kayıtları:</p><ul style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 17px; list-style: none; margin: 0px 0px 15px 18px; padding: 0px; vertical-align: baseline; width: calc(100% - 18px);"><li style="border: 0px; box-sizing: border-box; float: none; list-style-type: disc; margin: 0px; padding: 0px; vertical-align: baseline; width: 752px;"><a href="https://archive.fo/LVN8k" rel="noreferrer noopener" style="border: 0px; box-sizing: border-box; color: #333399; display: inline-block; margin: 0px; padding: 0px; text-decoration-line: none; vertical-align: baseline;" target="_blank">Attention Required!</a></li><li style="border: 0px; box-sizing: border-box; float: none; list-style-type: disc; margin: 0px; padding: 0px; vertical-align: baseline; width: 752px;"><a href="https://mirror-h.org/zone/2644860/" rel="noreferrer noopener" style="border: 0px; box-sizing: border-box; color: #333399; display: inline-block; margin: 0px; padding: 0px; text-decoration-line: none; vertical-align: baseline;" target="_blank">https://mirror-h.org/zone/2644860/</a></li><li style="border: 0px; box-sizing: border-box; float: none; list-style-type: disc; margin: 0px; padding: 0px; vertical-align: baseline; width: 752px;"><a href="https://www.zone-h.org/mirror/id/33962812" rel="noreferrer noopener" style="border: 0px; box-sizing: border-box; color: #333399; display: inline-block; margin: 0px; padding: 0px; text-decoration-line: none; vertical-align: baseline;" target="_blank">http://www.zone-h.org/mirror/id/33962812</a></li></ul><p style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Konu: <a href="https://www.turkz.org/Forum/konu/isimsizhareket-com-hacked.9961/#post-72528" rel="noreferrer noopener" style="border: 0px; box-sizing: border-box; color: #333399; display: inline-block; margin: 0px; padding: 0px; text-decoration-line: none; vertical-align: baseline;" target="_blank">https://www.turkz.org/Forum/konu/isimsizhareket-com-hacked.9961/</a></p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;">Yaptıkları icraatlerle göğsümüzü kabartan, ayrıca Türkiye Cumhuriyeti’ni sanal ortamda her zaman müdafa eden Türkz Hacker Grubunu tebrik ediyor, başarılarının devamını diliyoruz.</p><p style="background-color: white; border: 0px; box-sizing: border-box; color: #222222; font-family: roboto, sans-serif; font-size: 18px; letter-spacing: -0.2px; line-height: 1.7em; margin: 0px 0px 19px; padding: 0px; vertical-align: baseline;"><a href="https://siberbasin.net/hack-haber/isimsizler-hareketi-hacklendi-turkz-sahnede/" rel="nofollow">Kaynak</a></p></div>Defacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-5091852836406372392020-06-16T14:50:00.005-07:002020-06-16T14:51:03.389-07:00Microsoft, Xbox İçin Bing Uygulamasını Yayınladı<img alt="defacers" src="https://cdn.webtekno.com/media/cache/content_detail_v2/article/95027/microsoft-bing-xbox-1592337181.png"
<p>Microsoft, bugün arama motoru <strong>Bing</strong>'in <strong>Xbox</strong> için de yayınlandığını duyurdu. Bu uygulamayla birlikte Xbox'ınızda arama yapabilir, bunun yanı sıra TV, sinema ve oyunlardaki son gelişmeleri takip edebilirsiniz. Uygulama, aynı zamanda günlük görsel gibi popüler Bing özelliklerini de destekliyor. Tahmin edileceği üzere, yeni Xbox için Microsoft Bing uygulaması şu anda yalnızca <strong>ABD</strong> <strong>pazarı</strong> için geçerli. </p> <p>Bing, çeşitli platformlar arasında gezinme yeteneklerini de artırıyor. Microsoft, Bing’in daha fazla kullanıcıya ulaşması için uzun zamandır yeni uygulamalar yayınlıyor. Bing'i <strong>Windows</strong> <strong>10</strong> kullanıcıları için sık kullanılan bir uygulama hâline getirmek isteyen Microsoft, bunun için <strong>Bing</strong> <strong>Wallpaper</strong> duvar kağıdı uygulamasını yayınlamıştı. Sonrasındaysa Microsoft, Bing duvar kağıtlarının Windows ile sınırlı kalmasını gereksiz bulmuş olacak ki şirket, uygulamayı şimdi de mobil dünyanın en büyük ekosistemi olan Android için yayınladı.</p> <h2>Microsoft, Bing için yeni hamleler yapmaya devam ediyor:</h2> <p><img alt="Bing" src="http://www.webtekno.com/images/editor/default/0002/70/8a521ae47628b5c09bb875dc6a51d1a5b19bdd06.png" /></p> <p>Öte yandan Bing, çok uzun zamandır hizmet veren bir arama motoru ancak arama motoru devi olan Google'ın yanına yaklaşamıyor. Microsoft, bugüne dek Bing'i <strong>popüler</strong> <strong>hâle</strong> getirmek için pek çok girişimde bulundu ancak dev şirket, istediği geri dönüşü bir türlü alamadı. Bing'i popüler hâle getirmek için daha agresif adımlar atmaya karar veren Microsoft, şubat ayı itibarıyla ilk hamlesini yaptı. </p> <p>Microsoft'un tepki çekmesi muhtemel hamlesi <strong>Microsoft</strong> <strong>Office365</strong> <strong>Pro Plus</strong> kullanıcılarına sunulacak güncellemeyle birlikte gelecek olan bir eklentiden ibaretti. Eklentinin tepki çekecek olmasının nedeni ise Google Chrome'un varsayılan arama motorunu Bing'e çevirecek olmasıydı.</p> <h2>Bing uygulaması, Xbox'a nasıl yüklenir?</h2> <p><img alt="Bing" src="http://www.webtekno.com/images/editor/default/0002/70/03639dc4c5d3a95d8bbfff3097467084e8ceb35c.jpeg" /></p> <p>Son olarak ekleyelim; yeni Bing uygulamasını Xbox'ınızda denemek için <strong>şu adımları</strong> takip etmelisiniz:</p> Xbox One konsolunuzda oturum açın ve <strong>Xbox Insider Merkezi </strong>uygulamasını başlatın. Insider içeriği > Uygulamalar > Microsoft Bing adımlarını takip edin. 'Katıl'ı seçin. Kayıt işleminin tamamlanmasını bekleyin. Mağaza'ya yönlendirildikten sonra Xbox için Microsoft Bing'i yükleyin. sizlere www.defacers.org farkıyla sunulmuşturDefacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-24231406588829760532020-06-16T14:50:00.003-07:002020-06-16T14:51:03.394-07:00Kingdom Come: Deliverance, 3 Milyon Satışa Özel Steam'de Hafta Sonu Ücretsiz Oynanabilir Olacak<img alt="defacers" src="https://cdn.webtekno.com/media/cache/content_detail_v2/article/95026/3-milyon-satis-rakamini-gecen-kingdom-come-icin-steam-ucretsiz-hafta-sonu-etkinligi-1592337110.jpg"
<p>Aksiyon / rol yapma oyunu <strong>Kingdom Come: Deliverance</strong>, Şubat 2018’de PC, PlayStation 4 ve Xbox One platformlarına çıkmıştı. Oyun, özellikle PC’de olmak üzere hem eleştirmenler hem de oyuncular tarafından oldukça olumlu yorumlarla karşılanmıştı.</p> <p>Oyuncuların beğenisini kazanmayı başaran oyun, ticari olarak da oldukça önemli bir başarı elde etti. Oyunun yayıncısı Deep Silver, bugün yaptığı bir duyuruda oyunun <strong>3 milyondan fazla satış</strong> yaptığını açıkladı.</p> <h2>Ücretsiz hafta sonu etkinliği:</h2> <p><img alt="kingdom come: deliverance" src="http://www.webtekno.com/images/editor/default/0002/70/8cc634718f0d74ab1964e62c9f557ba5b6056892.jpeg" /></p> <p>Oyunun ulaştığı bu önemli başarıyı kutlamak için bu hafta, <strong>Steam ücretsiz hafta sonu</strong> etkinliğinin gerçekleştirileceği duyuruldu. Oyunun geliştiricisi <strong>Warhouse Studios</strong> ise yeni logoyu paylaştı. Warhouse Studios’un yeni şirket logosunun da tanıtıldığı açıklamada şu ifadelere yer verildi:</p> <p>“Ödüllü rol yapma oyunu Kingdom Come: Deliverance, çıkışından iki yol sonra tüm platformlarda (PC / PlayStation 4 / Xbox One) 3 milyondan fazla satışa ve 1,5 milyon DLC satışına ulaştı. Warhouse Studios, bu önemli kilometre taşını 18 Haziran – 22 Haziran tarihleri arasında <strong>Steam ücretsiz hafta sonu</strong> ile kutluyor.”</p> <p><img alt="kingdom come: deliverance" src="http://www.webtekno.com/images/editor/default/0002/70/7ef88c6712ddf45091bdbb307cd7bbe5646fc23a.jpeg" /></p> <p>Basın açıklamasında ayrıca Warhouse’un <strong>yeni bir proje</strong> üzerinde çalışmaya başladığından da bahsedildi. Henüz kesin bir şey olmasa da elde edilen bu ticari başarıdan sonra bir devam oyununun yolda olduğu varsayılıyor.</p> <p>Rol yapma oyunlarını seviyorsanız ve henüz Kingdom Come: Deliverance oynamadıysanız bu hafta sonu gerçekleştirilecek olan ücretsiz etkinlikten faydalanarak oyunu deneyebilirsiniz. <strong>50 TL</strong> gibi bir ücrete sahip olan oyunun Steam sayfasına buradan ulaşabilirsiniz. Son olarak belirtelim; oyunu belirtilen sürede ücretsiz oynayabilecekken, belirtilen tarihler dışında oyunu oynayabilmek için ödeme yapmanız gerekecek.</p> sizlere www.defacers.org farkıyla sunulmuşturDefacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0tag:blogger.com,1999:blog-8841759969257982852.post-18023799544795532622020-06-16T14:50:00.001-07:002020-06-16T14:51:03.392-07:00Deep Freeze Kaldırma Nasıl Yapılır?<img alt="defacers" src="https://cdn.webtekno.com/media/cache/content_detail_v2/article/93380/deep-freeze-kaldirma-nasil-yapilir-1590536119.png"
<p><strong>Deep Freeze</strong>, bilgisayarlarınızda siz ne işlem yaparsanız yapın kapatıp açtıktan sonra yaptığınız tüm işlemleri geçersiz sayan bir programdır. Sistem kaynağını çok az derecede tükettiği ve bu yüzden performansı <strong>olumlu yönde</strong> etkilediği için sıkça tercih edilen programlar arasındadır.</p> <p>Ancak Deep Freeze programının can sıkıcı olduğu noktalar olabiliyor. Bu durumlardan biri de <strong>Deep Freeze’i kaldırmak </strong>isterken çektiğimiz zorluklardır. Bu can sıkıcı durumun önüne geçmek için de programı kaldırmanın iki yolunu bu yazımızda sizlere anlattık. Yazımızı okuduktan sonra <strong>Deep Freeze kaldırma</strong> işlemini kolaylıkla yapabilirsiniz.</p> <h2>Parola ile Deep Freeze kaldırma işlemi nasıl yapılır?</h2> <strong>Adım #1: </strong>Shift tuşuna basılı tutarken bilgisayarınızın sağ alt kısmında bulunan program simgesine tıklayın. (Kısayol: CTRL + Shift + F6) <strong>Adım #2:</strong> Gelen ekranda parola bilgilerinizi girin ve "OK" butonuna basın.<br /> <br /> <img alt="Deep Freeze programını kaldırma adımları 1" src="http://www.webtekno.com/images/editor/default/0002/66/b3d62e93f5a14453695eacca6657e7f63d7ede35.jpeg" /> <strong>Adım #3:</strong> Karşınıza çıkan ekranda “Boot Thawed” seçeneğini işaretleyin.<br /> <br /> <img alt="Deep Freeze programını kaldırma adımları 2" src="http://www.webtekno.com/images/editor/default/0002/66/e1323e5dcde6dbb86d89da4141f8edbc3e5f96e0.jpeg" /> <strong>Adım #4:</strong> “Apply ve Reboot“ butonuna tıklayın. <strong>Adım #5:</strong> Bilgisayar yeniden başlatıldığında Deep Freeze’in kurulu olduğu klasöre erişin. <strong>Adım #6:</strong> Yükleme dosyası olan "DFStd.exe" (bazı sürümlerde DF6Std.exe) dosyasını çalıştırın. <strong>Adım #7:</strong> "Uninstall" seçeneğine tıklayarak programı kaldırın.<br /> <br /> <img alt="Deep Freeze programını kaldırma adımları 3" src="http://www.webtekno.com/images/editor/default/0002/66/2cc8b26ed3b73f413f103ab50f7ab7da3f72f7be.jpeg" /> <p>Yukarıdaki adımları uyguladıktan sonra Deep Freeze programını kaldırabileceksiniz. Adım #4’e kadar Deep Freeze’i <strong>devre dışı bıraktık </strong>ve ardından diğer adımlarla programı bilgisayarımızdan kaldırdık. <strong>Windows 7</strong> ve <strong>Windows 10</strong> işletim sistemlerini de içine alan bir kaldırma işlemi gerçekleştirmiş olduk.</p> <h2>Parola kullanmadan Deep Freeze kaldırma işlemi nasıl yapılır?</h2> <strong>Adım #1:</strong> Bilgisayarınızı yeniden başlatın ve BIOS kurulum ekranınıza giriş yapın. (Genelde kısayolu: F2, F10 veya DEL tuşlarıdır.) <strong>Adım #2:</strong> Sistem tarihini 10 yıl sonrasına ayarlayın ve ayarlarınızı kaydedin.<br /> <br /> <img alt="Deep Freeze programını parolasız kaldırma adımları 2" src="http://www.webtekno.com/images/editor/default/0002/66/7d5e7680bcb02860781754cf972065cfc3b6b78a.jpeg" /> <strong>Adım #3:</strong> F8 kısayoluyla Hata Ayıklama Modu'nda bilgisayarı başlatın.<br /> <br /> <img alt="Deep Freeze programını parolasız kaldırma adımları 3" src="http://www.webtekno.com/images/editor/default/0002/66/ea82facd6933fc10fe6f358796cce3cdbe089205.jpeg" /> <strong>Adım #4:</strong> Windows logosunu gördüğünüzde CTRL + Alt + Delete kısayoluyla Görev Yöneticisi’ni çalıştırın.<br /> <br /> <img alt="Deep Freeze programını parolasız kaldırma adımları 3" src="http://www.webtekno.com/images/editor/default/0002/66/a3261d101a35b6095c037264ccb24c37589a7572.jpeg" /> <strong>Adım #5:</strong> İşlemler sekmesine gidin ve "FrzState2K.exe" işlemini bularak sağ alttan “İşlemi Sonlandır” butonuna basın.<br /> <br /> <img alt="Deep Freeze programını parolasız kaldırma adımları 4" src="http://www.webtekno.com/images/editor/default/0002/66/4ab9ebb5c944b90f1ed2aa6cb743500a89f28a23.jpeg" /> <strong>Adım #6</strong>: Programın kurulu olduğu ana klasör dizinini silin.<br /> <br /> <img alt="Deep Freeze programını parolasız kaldırma adımları 5" src="http://www.webtekno.com/images/editor/default/0002/66/70a4ac75dfcc4bd224a9ca88a688301ce4d89f65.jpeg" /> <strong>Adım #7:</strong> Başlat → Çalıştır → Regedit komutlarını uygulayın. <strong>Adım #8:</strong> HKEY_LOCAL_MACHINE \ SOFTWARE klasörüne gidin ve Farconis klasörünü bu ekrandan silin.<br /> <br /> <img alt="Deep Freeze programını parolasız kaldırma adımları 8" src="http://www.webtekno.com/images/editor/default/0002/66/42f6015e985b6b35ce974f52edff7098f23ecc11.jpeg" /> <strong>Adım #9:</strong> Bilgisayarınızı yeniden başlatın. <p>İlk yola göre biraz daha zaman alan ikinci yol da etkili bir yöntemdir ve programı kaldırmanız için işe yarayacaktır. Biraz zaman alsa da bu işlemin ardından Deep Freeze’i <strong>parolasız olarak</strong> kaldırmanın keyfini sürebilirsiniz. :)</p> <h2>Deep Freeze’in avantajları nelerdir?</h2> <p>Deep Freeze’i birçoğumuz internet kafelerde ya da okul bilgisayar laboratuvarlarında görmüşüzdür. Kullanılma nedeniyse kişiden kişiye değişmekle birlikte ilk cümlemize sebebiyet veren bazı durumlar vardır. <strong>Kalabalık ortamlarda </strong>oluşturulan ağlarda sağladığı avantaj, bu durumlardan birincisidir. </p> <p>Bu programın <strong>çok kullanıcı içeren mekanlarda </strong>karşımıza çıkma nedeni olası yazılımsal sorunların önüne geçerek sistemlerin aksamasını belirli oranlarda önlemek olmuştur. Mesela bilgisayarımıza dışardan giren bir virüs sistemin aksamasına sebebiyet verebilir. Bu yönüyle Deep Freeze kullanmak, avantaj yaratabilir. Bir yere kadar bilgisayarınızın yazılımsal anlamda <strong>temiz ve düzenli</strong> olmasını da sağlar.</p> <p><img alt="Deep Freeze'in avantajları" src="http://www.webtekno.com/images/editor/default/0002/69/56280ea5bbf9233b8918b6a5f53b9137a13e5e8e.jpeg" /></p> <p>İsterseniz diskinizi C: ve D: olarak ikiye bölüp kullanmanızı da sağlayan program, birinde Deep Freeze’i kullanabilmenizi sağlarken isterseniz diğerinde programı kullanmama olanağı tanır. <strong>Özetlemiş olursak</strong>, Deep Freeze daha tertipli ve güvenli bir bilgisayar ortamını sizin için hazırlayabilir.</p> <h2>Deep Freeze’in dezavantajları nelerdir?</h2> <p>Deep Freeze programının diğer tüm programlarda olduğu gibi artı ve eksi yönleri vardır. Artılarını saydığımız Deep Freeze’in eksilerini de saydıktan sonra bu programı kullanıp kullanmama konusunu siz <strong>değerli takipçilerimize bırakıyoruz.</strong> Deep Freeze, artılarında olduğu kadar eksilerinde de çok olan bir programdır.</p> <p>Bazen çoğumuzun Deep Freeze’i yükleme nedeni olan virüslerden korunma fikri ağa bulaşan virüs, flash bellekten bulaşan virüsle birlikte yerini kötü bir anıya bırakabilir. Bu yönüyle <strong>tam bir güvence</strong> verdiğini söyleyemeyiz. Ayrıca bilgisayarları zaman zaman performans yönünden de olumsuz etkileyebilir. Program kurmak istediğimizde sürekli bilgisayarı yeniden başlatmak durumunda kalabilmek de Deep Freeze’in dezavantajları arasında sayılabilir. Bu işlem birçok kez <strong>kullanıcıları yorar</strong> ve programla ilgili olumsuz düşüncelere neden olur.</p> <p><img alt="Deep Freeze'in dezavantajları" src="http://www.webtekno.com/images/editor/default/0002/69/520aef6d987c28772c81b94342b6069e1562484b.jpeg" /></p> <p>Programın büyük bir dezavantajı ise kaldırmak isterkenki yaşanan zorluklardır. Program Ekle/Kaldır kısmından kaldırılamayan Deep Freeze, setup dosyası olmadan da kaldırılamıyor. Adeta insanı yoran işlemlere sahip olan bu uygulamanın <strong>en büyük handikapı</strong> bu olsa gerek.</p> <h2>Deep Freeze şifresi neden önemli?</h2> <p><img alt="deep freeze şifre" src="http://www.webtekno.com/images/editor/default/0002/69/67222d2f019e87f856f62ffbbb036c749c50a6f0.jpeg" /></p> <p>Az önce anlatmış olduğumuz şifreli ve şifresiz olarak Deep Freeze’i bilgisayarımızdan kaldırma işlemlerinin ardından şifre kısmı ne kadar önemli diye düşünenleriniz olabilir. Bu sorunun cevabıysa oldukça açık. Sizden başka bilgisayar kullanıcıları programda başka ayarları değiştirmesin diye önemlidir. Şifrenizi <strong>güçlü tutarak</strong> bu tip şeylerin önüne geçebilirsiniz.</p> <h2>Deep Freeze’e alternatif programlar:</h2> <p><img alt="Deep Freeze alternatif programlar" src="http://www.webtekno.com/images/editor/default/0002/69/3dd460e2f1611095e2d7aa6b489242e785500036.jpeg" /></p> <p>Bilişim sektöründe birçok programın olduğu gibi Deep Freeze’in de alternatifleri bulunuyor. İnternet kafelerde veya okullarımızda gördüğümüz Deep Freeze’in aynı ya da benzer işlevler gören farklı programlar arasında; <strong>Drive Vaccine, ToolWiz Time Freeze, Shadow Defender</strong> gibi programları sayabiliriz.</p> <p>Tıpkı Deep Freeze gibi her birinin artı ve eksi noktaları olmakla birlikte aşağı yukarı hepsi <strong>Deep Freeze’in yaptığı işlevleri</strong> ana hatlarıyla birlikte görmekte. Ancak bir tanesi Deep Freeze’in yarattığı dezavantajı ortadan kaldırmış bir programdır.</p> <p>Drive Vaccine programının Deep Freeze’e göre önemli bir avantajı da bulunmaktadır. Bu avantaj, bilgisayarda yaptığımız her değişiklik için defalarca kez bilgisayarı tekrar yeniden başlatmaya <strong>ihtiyaç duymamak.</strong> Ancak diğer saydığımız programlarda bu yine Deep Freeze’de olduğu gibi yeniden başlatma işlemini tekrar etmeniz gerekiyor.</p> <h2>Deep Freeze ile geri yükleme noktaları oluşturabilir miyiz?</h2> <p><img alt="deep freeze geri yükleme noktası" src="http://www.webtekno.com/images/editor/default/0002/69/145510dd544ec273c44e551e815ce656685b6abb.jpeg" /></p> <p>Her insan hatalarından dönmek için bir parça geçmişe gitmek isteyebilir. Geçmişe götürmek, gerçek hayatta elimizde olan bir şey değildir ama bu durum bilgisayar ortamında gayet mümkün bir şeydir. Deep Freeze programı da tıpkı Windows’un <strong>“Sistemi Geri Yükleme” </strong>özelliği gibi size bu imkanı sunar.</p> <p>Deep Freeze, geçici olarak devre dışı bırakılma imkanını da kullanıcılara tanır. Sistemi dondurduğunuz noktadan itibaren bilgisayarı her yeniden başlattığınızda o noktaya getirebilirsiniz. Böylelikle bunu <strong>tek bir noktadan</strong> yapıyor olmak, işletim sistemlerinin geri alma işlemlerine göre daha avantajlıdır.</p> sizlere www.defacers.org farkıyla sunulmuşturDefacers Newshttp://www.blogger.com/profile/08223956122242233678noreply@blogger.com0