Tag: Security

Top security guard firm exposed over a million files online

Post author By lisa nichols
Post date May 8, 2024
No Comments on Top security guard firm exposed over a million files online

[ad_1]

A security guard firm was found leaking data that could lead to identity theft, physical breaches, theft, and even terrorism.

The news comes from cybersecurity researcher Jeremiah Fowler, who found an online database containing more than 1.2 million documents. The database did not have any sort of protection and could be accessed by anyone who knew where to look, WebsitePlanet reported.

Subsequent investigation uncovered that the database belonged to a UK-based company called Amberstone Security Ltd, a firm offering technology and physical security services.

Physical threats

In the database, the researcher found personally identifiable information (PII) and face photographs of thousands of security guards. Furthermore, he found images of security credentials, as well as license cards, issued by the Security Industry Authority (SIA). The database also contained incident reports, as well as names and birthdates of potential criminals.

Speaking with SIA, the researcher was told that the cards did not have any biometrics on them, hinting that with this database, a criminal could easily reproduce the cards, and thus impersonate security personnel. “This could potentially lead to a physical security breach, theft, vandalism, or — as a worse-case scenario — acts of terrorism,” the report states.

The researcher also found files on the development of an app called Guarded on Duty, which lets security guards log in and verify their current jobs by uploading images of their badges. Furthermore, he found APK files, which threat actors could use to infect the Android apps with malware.

After making the discovery, Fowler reached out to Amberstone Security, which confirmed locking down the database.

The company also shifted the blame to an unnamed third party: “Thank you for bringing this to our attention, this is deeply concerning,” a company representative told the researcher. “I am investigating this with the supplier who developed and hosts the platform. Please rest assured that we take data security seriously, and this will be investigated thoroughly”.

Security flaw in popular proxy service leaves 50,000 hosts vulnerable

Post author By lisa nichols
Post date May 7, 2024
No Comments on Security flaw in popular proxy service leaves 50,000 hosts vulnerable

[ad_1]

More than half of Tinyproxy service hosts are running a flawed version which hackers could use in remote code execution attacks, a new report from researchers from Cisco Talos has claimed.

Tinyproxy is a lightweight HTTP/HTTPS proxy server commonly used to improve internet access speed by caching frequently accessed web pages, filtering out unwanted content, and providing anonymity.

The tool is often used in home networks, small businesses, or on personal servers.

Thousands of vulnerable endpoints

In its findings, Cisco Talos said Tinyproxy version 1.10.0 and 1.11.1 were vulnerable to CVE-2023-49606, a use-after-free bug with a severity score of 9.8.

“A specially crafted HTTP header can trigger reuse of previously freed memory, which leads to memory corruption and could lead to remote code execution,” the researchers explained in their report. “An attacker needs to make an unauthenticated HTTP request to trigger this vulnerability.”

Citing data from attack surface management expert Censys, TheHackerNews reported that of the 90,310 hosts exposing a Tinyproxy service to the public internet, 57% – 52,000 – were running a vulnerable version of the tool. Most are located in the U.S. (32,846), followed by South Korea (18,358), China (7,808), France (5,208), and Germany (3,608).

In the days immediately following Talos’ report, Tinyproxy maintainers made a few commits, criticizing the researchers from trying to reach out via an “outdated email address”. They added that a Debian Tinyproxy package maintainer tipped them off on Sunday.

“No GitHub issue was filed, and nobody mentioned a vulnerability on the mentioned IRC chat,” rofl0r said in a commit. “If the issue had been reported on Github or IRC, the bug would have been fixed within a day.”

Users are advised to apply the patch, as soon as it becomes available.

Microsoft adds more security chiefs following recent cyberattacks

Post author By lisa nichols
Post date May 3, 2024
No Comments on Microsoft adds more security chiefs following recent cyberattacks

[ad_1]

Microsoft has just unveiled the next step in its major cybersecurity overhaul, and that is to hire security executives for different product groups.

Following a string of major cyberattacks, and the subsequent US government “call to arms” of sorts, Microsoft decided to completely revamp its cybersecurity practices, and “put security above all else”, as CEO Satya Nadella recently put it.

One major milestone in that endeavor is the hiring of additional security chiefs to product groups, Bloomberg reports. While the identities of the new officials are yet to be released, we do know a couple of names.

Russians and the Chinese

Ann Johnson, for example, who’s been a Microsoft security executive for almost a decade now, has been named deputy CISO for consumer outreach and regulated industries. In an email to the publication, Microsoft said Johnson will work on “customer engagement and communication about Microsoft’s own security”. Johnson will report to Igor Tsyganskiy, the company’s global CISO since December last year.

Roughly a year ago, news broke that APT29, a known Russian state-sponsored threat actor, compromised Microsoft corporate email accounts, and through those breached accounts of officials working in several US federal agencies. “Midnight Blizzard’s successful compromise of Microsoft corporate email accounts and the exfiltration of correspondence between agencies and Microsoft presents a grave and unacceptable risk to agencies,” CISA said at the time.

A few months later, Chinese hackers were deemed responsible for stealing one of Microsoft’s access tools and using it to infiltrate email accounts of US Commerce Secretary Gina Raimondo, US Ambassador to China Nicholas Burns and hundreds more.

All this, and more, led the US Cyber Safety Review Board to issue a report earlier this month, criticizing Microsoft’s “shambolic cybersecurity”.

In the meantime, Microsoft promised to do better, by setting up the Secure Future initiative which Bloomberg described as the “most significant security plan since co-founder Bill Gates halted Windows development in 2002 and ordered engineers to prioritize product safety over new features.” However, the company is still being criticized for not doing enough.

Major industries reported two critical security incidents every day in 2023

Post author By lisa nichols
Post date May 2, 2024
No Comments on Major industries reported two critical security incidents every day in 2023

[ad_1]

Major industries, including finance, IT, industrial and government sectors, report over two critical security incidents with direct human involvement per day, new research from Kaspersky shows.

The Managed Detection and Response Analyst Report for 2023 details that more than one in five (22.9%) of high-severity incidents in 2023 were reported by the government sector, closely followed by the IT sector (15.4%).

The financial industry is less hard hit at just 14.9%, with industrial companies suffering just 11.8% of incidents.

Human coordinated attacks most effective

Almost one quarter of critical security incidents during 2023 were perpetrated with direct human involvement, with the most popular living-off-the-land attacks utilising powershell.exe, rendll32.exe and msiexec.exe.

In terms of MITRE ATT&CK techniques, phishing, account manipulation and exploitation of remote services were the most popular techniques used by attackers. The mean time to report for high severity incidents ranked at 36.37 minutes, with medium and low severity incidents taking 32.55 and 48.01 minutes respectively.

Speaking on the results of the report, Sergey Soldatov, Head of Security Operations Center at Kaspersky said, “In 2023, Kaspersky detected a smaller number of high-severity incidents, but observed a simultaneous increase in the number of medium and low severity ones. This redistribution of occurrences is associated with the detection of malware without visible traces of active human participation in attacks, which can be explained by the “commoditization of tools”.”

“However, it’s important to understand that the low number of high-severity incidents does not necessarily indicate low damage. Targeted attacks are now planned more carefully, and become more dangerous. Therefore, we recommend the use of effective automated cybersecurity solutions managed with the help of experienced SOC analysts,” Soldatov said.

Security and interoperability on the cards for US government use of Zoom, Slack and Teams

Post author By lisa nichols
Post date April 26, 2024
No Comments on Security and interoperability on the cards for US government use of Zoom, Slack and Teams

[ad_1]

Popular collaboration tools such as Microsoft Teams, Zoom, Slack and Google may be required to implement end-to-end encryption and interoperability if used by US federal agencies.

Legislation put forward by US Senator Ron Wyden, titled as the Secure and Interoperable Government Collaboration Technology Act is looking to boost security for such tools following a number of high-profile recent incidents.

Federal agencies don’t seem to use a single standard collaboration tool between them, making it necessary that when inter-agency communication does happen, it should be fully secure.

Communication is key

If written into law – which would most likely happen in 2025 due to the upcoming elections – the bill would require each collaboration tool used by federal agencies to be assessed by the National Institute of Standards and Technology (NIST) in order to understand how they can interoperate securely.

Email accounts linked to several agencies have been cracked by Russian hackers exploiting a chain of vulnerabilities linked to Microsoft corporate email accounts, and other government agencies have succumbed to a cascade of Ivanti VPN vulnerabilities that resulted in data exfiltration and persistent system access affecting businesses and government departments alike.

Speaking on the proposal, Wyden said, “My bill will secure the US government’s communications from foreign hackers, while protecting taxpayer wallets. Vendor lock-in, bundling, and other anticompetitive practices result in the government spending vast sums of money on insecure software.”

“It’s time to break the chokehold of big tech companies like Microsoft on government software, set high cybersecurity standards and reap the many benefits of a competitive market,” he concluded.

Once signed into law, federal agencies would have up to four years to ensure their collaboration software meets the standards and requirements set by NIST, so while it isn’t an immediate fix to some of the security issues the federal government is experiencing, it’s certainly a step in the right direction.

Via The Register

CISOs are nervous Gen AI use could lead to more security breaches

Post author By lisa nichols
Post date April 25, 2024
No Comments on CISOs are nervous Gen AI use could lead to more security breaches

[ad_1]

Chief Information Security Officers (CISO) are becomingly ever more concerned the increasing use of Generative AI tools could lead to more cybersecurity incidents.

A new pape by security experts Metomic surveying more than 400 CISOs in the UK and the US found security breaches linked to generative AI worry almost three-quarters (72%) of the respondents.

But that’s not the only thing CISOs are worried about, when it comes to generative AI, the report warns, as they also fear people will use sensitive company data to train the Large Language Models (LLM) used to power these tools. Sharing the data this way is a security risk, as there is a theoretical possibility that a malicious third party might extract this information somehow.

Spotting malware

CISOs have every right to be worried, though. Data breaches and similar cybersecurity incidents have been rising quarter into quarter, year after year. Since the introduction of generative AI tools, these attacks have gotten even more sophisticated, some researchers said.

For example, poor writing, as well as grammar and typing errors, were the best way to spot a phishing attack. Today, most hacking groups use AI to write convincing phishing emails for them, not only making them harder to spot, but also significantly lowering the barrier for entry.

Another example is the writing of malicious code. Be it for a landing page, or for malware, hackers are constantly finding new ways to abuse the new tools. Generative AI developers are fighting back, putting limits in place that prevent the tools from being used this way, but threat actors have so far always managed to find a way around such roadblocks.

Good news is that AI can also be used in defense, and many organizations have already deployed advanced, AI-powered solutions.

Over a billion users could be at risk from keyboard logging app security flaw

Post author By lisa nichols
Post date April 25, 2024
No Comments on Over a billion users could be at risk from keyboard logging app security flaw

[ad_1]

Almost a billion mobile users, holding various devices, could have had their communications revealed to malicious third parties, a report from cybersecurity researchers Citizen Lab claims.

It says different device manufacturers have used different keyboard apps which were relaying unencrypted communications, transmitting keystrokes via plaintext, and similar. Tencent QQ Pinyin, Baidu IME, iFlytek IME, Samsung Keyboard on Android, Xiaomi (with keyboard apps from Baidu, iFlytek, and Sogou), OPPO, Vivo, Honor, all of these allowed potential threat actors to decrypt Chinese mobile users’ keystrokes, completely passively, and without the users needing to send any extra network traffic.

The team says it believes the keyboard apps found on these devices were “revealing the contents of users’ keystrokes in transit”.

Keeping private talk private

The only manufacturer whose keyboard app was secure is Huawei, the researchers said. As for Apple and Google, neither app has a feature to transmit keystrokes to cloud servers for cloud-based communications, it was said, which made it impossible to analyze the keyboards for the security of the feature.

“However, we observed that none of the mobile devices that we analyzed included Google’s keyboard, Gboard, preinstalled, either,” the researchers claim.

The researchers disclosed their findings to the manufacturers and say that as of April 1, almost all have addressed their issues. Only Honor and Tencent (QQ Pinyin) still remain a work in progress.

To defend from potential eavesdroppers, users should keep their apps and mobile operating systems updated, and use a keyboard that fully works on the device. Developers, on the other hand, are advised to use well-tested and standard encryption protocols, instead of building their own, potentially vulnerable versions, The Hacker News reports.

“Given the scope of these vulnerabilities, the sensitivity of what users type on their devices, the ease with which these vulnerabilities may have been discovered, and that the Five Eyes have previously exploited similar vulnerabilities in Chinese apps for surveillance, it is possible that such users’ keystrokes may have also been under mass surveillance,” the researchers concluded.

Microsoft says Russian hackers are exploiting an ancient printer security flaw

Post author By lisa nichols
Post date April 23, 2024
No Comments on Microsoft says Russian hackers are exploiting an ancient printer security flaw

[ad_1]

Russian state-sponsored threat actors were observed abusing an old printer vulnerability to drop custom malware on target endpoints.

The malware helped them exfiltrate sensitive data and login credentials. This is according to a new report from Microsoft Threat Intelligence, published earlier this week.

As per the report, since mid-2019, a group known as Fancy Bear has been abusing a print spooler elevation of privilege bug found in Windows printers. The vulnerability, tracked as CVE-2022-38028, was discovered in 2022, and patched in October the same year.

The fall of Moobot

However, even after the release of the fix, Fancy Bear targeted unpatched endpoints in government, non-government, education, and transportation firms, located in Ukraine, Western European, and North American countries.

Once found, the devices would be infected with a custom-built malware called GooseEgg, which granted the attackers elevated privileges, and the ability to steal credentials across compromised systems.

Given that the patch has been available for almost two years now, it’s the best and easiest way to protect the endpoints from Russian spies.

Fancy Bear is probably Russia’s most popular threat actor. Some researchers have linked it to the GRU – the Russian General Staff Main Intelligence Directorate – the foreign military intelligence agency of the General Staff of the Armed Forces of the Russian Federation.

In mid-February this year, US law enforcement agents successfully shut down a malicious Fancy Bear botnet. At the time, the U.S. Department of Justice (DoJ) said its agents conducted a “court-authorized operation” that has neutralized a network of “hundreds of small office/home office (SOHO) routers”.

As explained by the DoJ, most of the Ubiquiti Edge OS routers used in the botnet were previously infected by malware called Moobot, which was developed by a private hacking group. This group targeted routers with factory settings and otherwise easy-to-guess passwords to install the malware. Then, APT 28 (as they call Fancy Bear) swooped in and took over the malware, turning the infected devices into a “global cyber espionage platform.”

Via The Register

A critical security flaw could affect thousands of WordPress sites

Post author By lisa nichols
Post date April 22, 2024
No Comments on A critical security flaw could affect thousands of WordPress sites

[ad_1]

Hundreds of thousands of WordPress websites are vulnerable to a critical severity flaw which allows threat actors to upload malware to the site through a bug in a plugin.

As reported by BleepingComputer, Japan’s CERT recently found a critical severity flaw (9.8) in the Forminator plugin, built by WPMU DEV. The flaw, now tracked as CVE-2024-28890, allows threat actors to obtain sensitive information by accessing files on the server.

The researchers also said the flaw could be used to change the contents of the site, mount denial-of-service (DoS) attacks, and more.

No evidence of abuse

Forminator is a plugin that allows WordPress operators to add custom contact, feedback, quizzes, surveys, polls, and payment forms. Everything is drag-and-drop and thus user-friendly, and plays well with many other plugins.

WPMU DEV has addressed the issue and released a patch. Users are advised to apply it and bring their Forminator plugin to version 1.29.3 as soon as possible. At press time, the WordPress.org website shows at least 500,000 active downloads, of which 56% run the latest version. That leaves at least 230,000 websites that are possibly still vulnerable.

So far, there is no evidence of CVE-2024-28890 being exploited in the wild, but given its destructive potential, and the simplicity to be abused, chances are abuse is just a matter of time.

While WordPress itself is generally considered a safe platform, its various plugins and add-ons present a unique opportunity for hackers looking for a way in. As a general rule of thumb, WordPress admins are advised to keep the platform, the plugins, themes, and add-ons updated at all times, and to deactivate all of the add-ons that they don’t actively use.

WordPress is the world’s number one website builder platform, with almost half of all websites on the internet being powered by the builder.

How to activate iPhone security feature

Post author By miranda cosgrove
Post date April 18, 2024
No Comments on How to activate iPhone security feature

[ad_1]

iPhone Stolen Device Protection offers increased safety for your accounts and financial information if someone steals your handset and its passcode.

Here’s how to activate the security feature that debuted in iOS 17.3, and — more importantly — why you should do it now.

Stolen Device Protection: How to activate

You don’t have to take my word that this new feature is a valuable enhancement. Tony Anscombe, chief security evangelist for global cybersecurity leader ESET, told Cult of Mac:

“Stolen Device Protection makes it harder for unauthorised access or alteration of sensitive settings making iPhones less appealing to criminals. This enhanced protection serves as a long-awaited deterrent, increasing the difficulty for thieves targeting such devices.

“While it’s impossible to completely prevent theft as perpetrators continually find new workarounds and exploits, this feature adds a significant hurdle. Organised crime groups, often involved in handling stolen phones, may now need to work that much harder to bypass it.”

The new feature in iOS 17.3 is intended to counter a specific type of crime: muggers who steal someone’s iPhone and then demand the passcode to unlock it. That gives the criminal access to all the personal information stored on the device.

Advantages of iPhone Stolen Device Protection

With iPhone Stolen Device Protection activated, changing the Apple ID passcode requires Face ID/Touch ID and an hour-long wait. It can’t be changed quickly.

What that means is if a mugger steals your iPhone and forces you to give them the passcode, you have an hour to get to another computer, go to icloud.com and lock the device so it can’t be accessed even with the passcode.

To keep that restriction from being burdensome, SDP is only in effect when the iPhone is away from your home or workplace.

And iPhone Stolen Device Protection does more to stymie criminals. It requires Face ID to access saved passwords. The same goes for erasing the device, accessing saved credit card info in Safari, applying for an Apple Card and more.

More security never hurt

How to activate iPhone Stolen Device Protection — Look for Stolen Device Protection in the Face ID & Passcode section of the Settings apps.
Screenshots: Ed Hardy/Cult of Mac

iPhone Stolen Device Protection is optional and must be activated by you. If you don’t, it’s off. But if you want to upgrade the security on your handset, here’s what to do.

The first step in taking advantage of the new security feature is installing iOS 17.3. Apple released this to the public on January 22, so head to Settings -> General -> Software Update to get the latest version.

Next, go to Settings -> Face ID & Passcode. You’ll be required to enter your passcode to access this section.

Scroll down until you get to Stolen Device Protection. It’ll be off, so tap Turn On Protection.

And there, you’re done. You get all the benefits described above.

iPhone Stolen Device Protection can't be quickly deactivated — A thief trying to deactivate iPhone Stolen Device Protection has to wait an hour.
Screenshot: Ed Hardy/Cult of Mac

If you decide to reactivate the feature at some later date, go through these same steps but tap Turn Off Protection. You’ll have to pass Face ID and wait an hour to make the change. If canceling SDP was quick and easy, the person who stole your iPhone could simply turn it off.

For more details on the security feature, read the Apple support document “About Stolen Device Protection for iPhone.”

We originally published this post on how to turn on iPhone Stolen Device Protection on January 25, 2024. We updated the info.

[ad_2]

Source Article Link

Tags Activate, feature, iPhone, Security