Select Page
Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

Malware Can Use This Trick to Bypass Ransomware Defense in Antivirus Solutions

Researchers have disclosed significant security weaknesses in popular software applications that could be abused to deactivate their protections and take control of allow-listed applications to perform nefarious operations on behalf of the malware to defeat anti-ransomware defenses.

The twin attacks, detailed by academics from the University of Luxembourg and the University of London, are aimed at circumventing the protected folder feature offered by antivirus programs to encrypt files (aka “Cut-and-Mouse”) and disabling their real-time protection by simulating mouse “click” events (aka “Ghost Control”).

“Antivirus software providers always offer high levels of security, and they are an essential element in the everyday struggle against criminals,” said Prof. Gabriele Lenzini, chief scientist at the Interdisciplinary Center for Security, Reliability, and Trust at the University of Luxembourg. “But they are competing with criminals which now have more and more resources, power, and dedication.”

Put differently, shortcomings in malware mitigation software could not just permit unauthorized code to turn off their protection features, design flaws in Protected Folders solution provided by antivirus vendors could be abused by, say, ransomware to change the contents of files using an app that’s provisioned write access to the folder and encrypt user data, or a wipeware to irrevocably destroy personal files of victims.

Protected Folders allow users to specify folders that require an additional layer of protection against destructive software, thereby potentially blocking any unsafe access to the protected folders.

images from Hacker News

Report: Danish Secret Service Helped NSA Spy On European Politicians

Report: Danish Secret Service Helped NSA Spy On European Politicians

The U.S. National Security Agency (NSA) used a partnership with Denmark’s foreign and military intelligence service to eavesdrop on top politicians and high-ranking officials in Germany, Sweden, Norway, and France by tapping into Danish underwater internet cables between 2012 and 2014.

Details of the covert wiretapping were broken by Copenhagen-based public broadcaster DR over the weekend based on interviews with nine unnamed sources, all of whom are said to have access to classified information held by the Danish Defence Intelligence Service (Forsvarets Efterretningstjeneste or FE).

German Chancellor Angela Merkel, the then-German Foreign Minister Frank-Walter Steinmeier, and the opposition leader at the time, Peer Steinbrück, are said to have been targeted through the Danish-American pact.

Using the telephone numbers of politicians as search parameters, the report alleged that the NSA “intercepted everything from text messages to phone calls that passed through the cables on their way to and from the phones of politicians and officials.”

The spying operation involved deploying a special technical software called XKeyscore in a data center located at Sandagergårdan in the city of Dragoør to search and analyze data streams flowing in and out of the internet cables. XKeyScore is a data-retrieval system that enables unlimited surveillance of people anywhere in the world, allowing the intelligence agency to track individuals, read emails, and listen in on their telephone calls and browsing histories.

images from Hacker News

Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors

Your Amazon Devices to Automatically Share Your Wi-Fi With Neighbors

Starting June 8, Amazon will automatically enable a feature on its family of hardware devices, including Echo speakers, Ring Video Doorbells, Ring Floodlight Cams, and Ring Spotlight Cams, that will share a small part of your Internet bandwidth with nearby neighbors — unless you choose to opt-out.

To that effect, the company intends to register all compatible devices that are operational in the U.S. into an ambitious location-tracking system called Sidewalk as it prepares to roll out the shared mesh network in the country.

Originally announced in September 2019, Sidewalk is part of Amazon’s efforts to build a long-range wireless network that leverages a combination of Bluetooth and 900 MHz spectrum (FSK) to help Echo, Ring, Tile trackers, and other Sidewalk-enabled devices communicate over the internet without Wi-Fi.

Sidewalk is designed to extend the working range of low-bandwidth devices, and help devices stay connected even if they are outside the range of a user’s home Wi-Fi network. It achieves this by pooling together a small sliver of internet bandwidth from the participating devices to create what’s a shared network.

The mechanism that undergirds Sidewalk is conceptually analogous to how Apple leverages its huge installed base of Apple devices to help locate lost devices using its Find My network. But Sidewalk also extends beyond location tracking for virtually any kind of short-range two-way communication. Besides utilizing Bluetooth Low Energy (BLE), Sidewalk also makes use of long-range wireless technology known as LoRa to help devices stay connected and continue to work over longer distances.

images from Hacker News

Can Your Business Email Be Spoofed? Check Your Domain Security Now!

Can Your Business Email Be Spoofed? Check Your Domain Security Now!

Are you aware of how secure your domain is? In most organizations, there is an assumption that their domains are secure and within a few months, but the truth soon dawns on them that it isn’t.

Spotting someone spoofing your domain name is one way to determine if your security is unsatisfactory – this means that someone is impersonating you (or confusing some of your recipients) and releasing false information. You may ask, “But why should I care?” Because these spoofing activities can potentially endanger your reputation.

With so many companies being targeted by domain impersonators, email domain spoofing shouldn’t be taken lightly. By doing so, they could put themselves, as well as their clients, at risk.

Your domain’s security rating can make a huge difference in whether or not you get targeted by phishers looking to make money quickly or to use your domain and brand to spread ransomware without you knowing it!

Check your domain’s security rating with this Free DMARC Lookup tool. You may be surprised by what you learn!

images from Hacker News

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

A New Bug in Siemens PLCs Could Let Hackers Run Malicious Code Remotely

Siemens on Friday shipped firmware updates to address a severe vulnerability in SIMATIC S7-1200 and S7-1500 programmable logic controllers (PLCs) that could be exploited by a malicious actor to remotely gain access to protected areas of the memory and achieve unrestricted and undetected code execution, in what the researchers describe as an attacker’s “holy grail.”

The memory protection bypass vulnerability, tracked as CVE-2020-15782 (CVSS score: 8.1), was discovered by operational technology security company Claroty by reverse-engineering the MC7 / MC7+ bytecode language used to execute PLC programs in the microprocessor. There’s no evidence that the weakness was abused in the wild.

In an advisory issued by Siemens, the German industrial automation firm said an unauthenticated, remote attacker with network access to TCP port 102 could potentially write arbitrary data and code to protected memory areas or read sensitive data to launch further attacks.

“Achieving native code execution on an industrial control system such as a programmable logic controller is an end-goal relatively few advanced attackers have achieved,” Claroty researcher Tal Keren said. “These complex systems have numerous in-memory protections that would have to be hurdled in order for an attacker to not only run code of their choice, but also remain undetected.”

 

images from Hacker News