Has your computer been infected with a suspected NSA spying implant? A security researcher has come up with a free tool that can tell.
Luke Jennings of security firm Countercept wrote a script in response to last week’s high-profile leak of cyberweapons that some researchers believe are from the National Security Agency. It's designed to detect an implant called Doublepulsar, which is delivered by many of the Windows-based exploits found in the leak and can be used to load other malware.
The script, which requires some programming skill to use, is available for download on GitHub.
Users that run unpatched software beware. Hackers have been relying on an old software bug tied to the Stuxnet worm to carry out their attacks.
Microsoft may have initially patched the flaw in 2010, but it's nevertheless become the most widespread software exploit, according to security firm Kaspersky Lab.
On Thursday, Kaspersky posted research examining the use of exploits, or malicious programs designed to take advantage of certain software flaws. Once an exploit goes to work, it can typically pave the way for other malicious programs to install onto a computer.
An anonymous developer has published a patch that negates Microsoft's barring of security updates from Windows 7 and 8.1 PCs equipped with the very newest processors.
The developer, identified as "Zeffy," posted the patch and accompanying documentation on GitHub, the code repository.[ Related: Fix Windows 10 problems with these free Microsoft tools ]
"I was inspired to look into these new rollup updates that Microsoft released on March 16 [after reading about the processor-related blocking of Windows Update]," wrote Zeffy. "[That was] essentially a giant middle finger to anyone who dare not 'upgrade' to the steaming pile of garbage known as Windows 10."
Since the emergence of Mirai, you may have wondered if your IoT device has ever been infected with malware; you even may have rebooted the device which would remove the infection. But if your IoT device becomes infected with BrickerBot, you will know because the malware will “brick” it. Just the same, some people will believe the hardware failed.
Radware security researchers previously said BrickerBot malware was responsible for permanent denial of service attacks (PDoS) that would “destroy” the infected devices. PDoS, also known as “phlashing,” is “an attack that damages a system so badly that it requires replacement or reinstallation of hardware. By exploiting security flaws or misconfigurations, this type of cyberattack can destroy the firmware and/or basic functions of system.”
Microsoft delayed its February security update slate to finish patching critical flaws in Windows that a hacker gang tried to sell, several security experts have argued.
"Looks like Microsoft had been informed by 'someone,' and purposely delayed [February's] Patch Tuesday to successfully deliver MS17-010," tweeted Matt Suiche, founder of Dubai-based security firm Comae Technologies.
MS17-010, one of several security bulletins Microsoft issued in March, was just one of several cited Friday by the Redmond, Wash. developer when it said it had already patched most of the vulnerabilities exploited by just-leaked hacking tools.
Those tools -- 12 different Windows exploits -- had been included in a large data dump made April 14 by a hacker group dubbed Shadow Brokers, which is believed to have ties to Russia. The exploits, as well as a trove of documents, had been stolen from the National Security Agency (NSA), Shadow Brokers claimed.
As cyber insurance slowly moves from corporate to consumer coverage, some interestingly comprehensive policies have been introduced. One, introduced this month by AIG, puts a strong emphasis on services to prevent attacks rather than merely paying for them once they happen. We decided to dive into the fine print to see how much wiggle room the insurer gave itself.
The new policy, called Family CyberEdge, is designed as a supplement to existing homeowner’s insurance and will cost an extra $597 for $50,000 limits for each key area, consisting of cyber extortion, data restoration, crisis management and cyber bullying, with no deductibles beyond a flat $1,000 for data restoration. Bump the coverage limit up to $100,000 and the annual premium rises to $972, or go for the maximum coverage of $250,000 and the annual premium comes in at $1,723.
Late last week, a hacker group known as The Shadow Brokers released a trove of Windows exploits it claims to have obtained from National Security Agency's (NSA's) elite hacking team. The group released the tools and presentations and files claiming to detail the agency's methods of carrying out clandestine surveillance on Windows server software dating back to Windows XP and set off a mild panic for what was otherwise a slow Friday.
There’s just one problem: Microsoft says it has already issued patches for the majority of exploits, with some of them coming out as recently last month. The MSRC team made a blog post on Friday, the same day Shadow Brokers released the exploits, pointing this out. It was a remarkably quick response.
Microsoft on Friday said it had patched most of the Windows vulnerabilities purportedly exploited by the National Security Agency (NSA) using tools that were leaked last week.
The Windows flaws were disclosed by the hacking gang Shadow Brokers in a large data dump earlier Friday. The group has released several collections of documents about the internal operations of the NSA, and the code it allegedly has used to compromise computers and other devices worldwide.[ Related: Fix Windows 10 problems with these free Microsoft tools ]
"Most of the exploits that were disclosed fall into vulnerabilities that are already patched in our supported products," Phillip Misner, a group manager in the Microsoft Security Response Center (MSRC), wrote in a post to a company blog.
You may recall commercials for Holiday Inn Express that revolved around a “Stay smart” theme, but if you stayed in Holiday Inn Express, or other InterContinental Hotels Group-branded franchise hotel late last year, then you would be really smart if you keep an eye out for unexpected charges on your credit card.
IHG finally reported the findings from an investigation into a breach of the company’s payment systems. The company has over 5,000 hotels across 100 counties, with brands such as Holiday Inn, Holiday Inn Resort, Holiday Inn Express, Crowne Plaza, Hotel Indigo, InterContinental, Kimpton, Staybridge Suites and Candlewood Suites. Hackers managed to get malware into the front desk payment system at some IHG-branded franchise hotels in the United States and Puerto Rico and made off with payment card data.
Image by Thinkstock
Hackers, like the attacks they perpetrate, come in many forms, with motivations that range from monetary to political to ethical. Understanding the different types of hackers that exist and what motivates them can help you identify the attackers you are most susceptible to and properly defend yourself and your organization against cyberattacks. Travis Farral, director of security strategy at Anomali, outlines the top 10 types of hackers you should have on your radar.
A VPN is simply an encrypted connection between two computers, each side running VPN software. The two sides, however, are not equal.
The software that you, as the user of a VPN service deal with, is known as the VPN client. The software run by a VPN company is a VPN server. The encrypted connection always starteds with a VPN client making a request to a VPN server.
There are many different flavors of VPN connections, each with its own corresponding client and server software. The most popular flavors are probably L2TP/IPsec, OpenVPN, IKEv2 and PPTP.
Some VPN providers support only one flavor, others are much more flexible. Astrill, for example, supports OpenWeb, OpenVPN, PPTP, L2TP, Cisco IPSec, IKEv2, SSTP, StealthVPN and RouterPro VPN. At the other extreme, OVPN, as their name implies, only supports OpenVPN.
Digital privacy invasion is more than a theoretical or actual threat to our freedoms. It's also a huge distraction.
Take MIT genius Steven Smith. He's recently taken time away from his specialties of radar, sonar, and signal processing at MIT’s Lincoln Laboratory to automate the pollution of his family's web traffic with thousands of arbitrary searches and sites.
His code essentially lies about internet activity to whomever is listening.[ Further reading: Dead men may tell no tales, but IoT devices do ]
The software is an artful liar. According to a piece in The Atlantic, Smith's algorithm uses web activity-spoofing software called PhantomJS to conduct searches in a way and on a timeline that mimics normal human online behavior.
Microsoft this week began blocking Windows 7 and 8.1 PCs equipped with the very newest processors from receiving security updates, making good on a policy it announced but did not implement last year.
But the company also refused to provide security fixes to Windows 7 systems that were powered by AMD's "Carrizo" CPUs, an architecture that was supposed to continue receiving patches.
The decree that led to the update bans, whether allowable or not under Microsoft's new policy, was revealed in January 2016, when the company said making Windows 7 and Windows 8.1 run on the latest processors was "challenging." Microsoft then ruled that Windows 10 would be the only supported edition on seventh-generation and later CPUs and simultaneously dictated a substantial shortening of support of both editions.
Quantum computing may still sound like the stuff of science fiction, but within the next 10 years, it could be a reality.
"Systems are still pretty rudimentary," said Charles King, an analyst with Pund-IT. "Though they perform some specific kinds of calculations faster than traditional computers, they are defined by their limitations. When true, fully operable quantum systems come online, they will force the IT industry, public and private sector organizations and individuals to fundamentally rethink certain kinds of problems and all but abandon some conventional solutions."
Last month, we had the largest ever release of patches and updates from Microsoft.
This month, we see the biggest change to Patch Tuesday since the first updates were released on the second Tuesday in October 2003, starting with MS03-041. Security bulletins with easy to follow formats like MSyy-xxx are no longer published by Microsoft as of April 2017.
Now, we have the Microsoft Security Update Guide which is defined by Microsoft as the "authoritative source of information on our security updates." The MSUG is a searchable database of patches and updates that offers some basic queries and filtering. In addition to this database-driven approach, Microsoft has published summary release notes for April 2017 that can be found here. Helpfully, this summary outlines that the following technologies are updated for April:
Be it a lightning strike that destroys a home entertainment center or consistently fluctuating power that degrades the performance and shortens the life of your electronics – surges, lightning, and other power disturbances can have a devastating impact on the valuable electronics you rely on every day. The P11U2 from APC offers guaranteed surge protection. Connect and protect up to 11 electronics, and conveniently charge your mobile devices via 2 additional USB ports. Installation is convenient and easy with a 180-degree rotating power cord and right-angle plug. Lastly, three LED indicators inform you if there is any overload, unit, or wall wiring issues. The P11U2 averages 4.5 out of 5 stars from over 1,500 people on Amazon (read reviews), where its typical list price of $34.99 is discounted 14% to $29.99. See this deal on Amazon.
President Trump, as part of his plan to roll back regulations put in place by President Obama, just signed legislation that eliminates the prohibition against internet service providers selling customer data without their written consent. Although the original restriction had not yet taken effect, its elimination ignited a firestorm of controversy among privacy organizations, including the Electronic Privacy Information Center and the American Civil Liberties Union (which tried to no avail to get Trump to veto the legislation at the last minute).
Microsoft this week retired the security bulletins that for decades have described each month's slate of vulnerabilities and accompanying patches for customers -- especially administrators responsible for companies' IT operations.
One patch expert reported on the change for his team. "It was like trying to relearn how to walk, run and ride a bike, all at the same time," said Chris Goettl, product manager with patch management vendor Ivanti.[ Further reading: Fighting ransomware: A fresh look at Windows Server approaches ]
The move to a bulletin-less Patch Tuesday brought an end to months of Microsoft talk about killing the bulletins that included an aborted attempt to toss them.
What can a computer recycle program and a little shoulder-surfing get you? For inmates at Ohio’s Marion Correctional Institution, it got them a great deal, enough to build two PCs from the yanked parts and then hide them in the ceiling, use a former employee’s credentials obtained by looking over his shoulder, and then commit “possible identity fraud along with other possible cyber-crimes.”
The Ohio Inspector General’s 50-page report (pdf) includes a big list of fails for the Ohio Department of Rehabilitation and Correction. The report reads like a mini novel of intrigue, weaving lax security as well as players across the prison system and prisoners into the story.
When I served on a panel about data breaches at the ISACA Silicon Valley chapter conference recently, the moderator asked, “To prevent data breaches, which is more important: process, technology or people?”
My fellow panelists (three CISOs and two highly experienced consultants) all answered ahead of me: “People.” I was surprised. Here I was the only awareness specialist on the panel, yet my answer was process.
Without process, I explained, the people don’t know what to do. Without process, there is no right way to implement technology. Process is implemented through governance. As I discuss in Advanced Persistent Security, without governance your security program is an accident.