Hackers sponsored by Russia and North Korea are targeting COVID-19 researchers

Enlarge (credit: Getty Images)

Hackers sponsored by the Russian and North Korean governments have been targeting companies directly involved in researching vaccines and treatments for COVID-19, and in some cases, the attacks have succeeded, Microsoft said on Friday.

In all, there are seven prominent companies that have been targeted, Microsoft Corporate VP for Customer Security & Trust Tom Burt said. They include vaccine makers with COVID-19 vaccines in various clinical trial stages, a clinical research organization involved in trials, and a developer of a COVID-19 test. Also targeted were organizations with contracts with or investments from governmental agencies around the world for COVID-19-related work. The targets are located in the US, Canada, France, India, and South Korea.

“Microsoft is calling on the world’s leaders to affirm that international law protects health care facilities and to take action to enforce the law,” Burt wrote in a blog post. “We believe the law should be enforced not just when attacks originate from government agencies but also when they originate from criminal groups that governments enable to operate—or even facilitate—within their borders. This is criminal activity that cannot be tolerated.”

Read 6 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2H38aHy
via A.I .Kung Fu

Feds say active exploits of critical Zerologon bug threaten elections orgs

Enlarge (credit: Getty Images)

The FBI and the cybersecurity arm of the Department of Homeland Security said they have detected hackers exploiting a critical Windows vulnerability against state and local governments and that in some cases the attacks are being used to breach networks used to support elections.

Members of unspecific APTs—the abbreviation for advanced persistent threats—are exploiting the Windows vulnerability dubbed Zerologon. It gives attackers who already have a toehold on a vulnerable network access to the all-powerful domain controllers that administrators use to allocate new accounts and manage existing ones.

To gain initial access, the attackers are exploiting separate vulnerabilities in firewalls, VPNs, and other products from companies including Juniper, Pulse Secure, Citrix NetScaler, and Palo Alto Networks. All of the vulnerabilities—Zerologon included—have received patches, but as evidenced by Friday’s warning from the DHS and FBI, not everyone has installed them. The inaction is putting governments and elections systems at all levels at risk.

Read 3 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/3nAWeNC
via A.I .Kung Fu

Apple pays $288,000 to white-hat hackers who had run of company’s network

Enlarge (credit: Nick Wright. Used by permission.)

For months, Apple’s corporate network was at risk of hacks that could have stolen sensitive data from potentially millions of its customers and executed malicious code on their phones and computers, a security researcher said on Thursday.

Sam Curry, a 20-year-old researcher who specializes in website security, said that, in total, he and his team found 55 vulnerabilities. He rated 11 of them critical because they allowed him to take control of core Apple infrastructure and from there steal private emails, iCloud data, and other private information.

The 11 critical bugs were:

Read 16 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/3jHHTMU
via A.I .Kung Fu

Boom! Hacked page on mobile phone website is stealing customers’ card data

Enlarge / Computer hacker character stealing money online. Vector flat cartoon illustration (credit: GettyImages)

If you’re in the market for a new mobile phone plan, it’s best to avoid turning to Boom! Mobile. That is, unless you don’t mind your sensitive payment card data being sent to criminals in an attack that remained ongoing in the last few hours.

According to researchers from security firm Malwarebytes, Boom! Mobile’s boom.us website is infected with a malicious script that skims payment card data and sends it to a server under the control of a criminal group researchers have dubbed Fullz House. The malicious script is called by a single line that comprises mostly nonsense characters when viewed with the human eye.

(credit: Malwarebytes)

When decoded from Base64 format, the line translates to: paypal-debit[.]com/cdn/ga.js. The JavaScript code ga.js masquerades as a Google Analytics script at one of the many fraudulent domains operated by Fullz House members.

Read 5 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2GCo6jx
via A.I .Kung Fu

AI ruined chess. Now it’s making the game beautiful again

Enlarge (credit: Dimitri Otis | Getty Images)

Chess has a reputation for cold logic, but Vladimir Kramnik loves the game for its beauty.

“It’s a kind of creation,” he says. His passion for the artistry of minds clashing over the board, trading complex but elegant provocations and counters, helped him dethrone Garry Kasparov in 2000 and spend several years as world champion.

Yet Kramnik, who retired from competitive chess last year, also believes his beloved game has grown less creative. He partly blames computers, whose soulless calculations have produced a vast library of openings and defenses that top-flight players know by rote. “For quite a number of games on the highest level, half of the game—sometimes a full game—is played out of memory,” Kramnik says. “You don’t even play your own preparation; you play your computer’s preparation.”

Read 18 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/32s4mYm
via A.I .Kung Fu

The FBI botched its DNC hack warning in 2016—but says it won’t next time

Enlarge / By notifying hacking victims sooner and at higher levels, the FBI hopes to avert another high-impact communications breakdown. (credit: Drew Angerer | Getty Images)

On April 28, 2016, an IT tech staffer for the Democratic National Committee named Yared Tamene made a sickening discovery: A notorious Russian hacker group known as Fancy Bear had penetrated a DNC server "at the heart of the network," as he would later tell the US Senate's Select Committee on Intelligence. By this point the intruders already had the ability, he said, to delete, alter, or steal data from the network at will. And somehow this breach had come as a terrible surprise—despite an FBI agent's warning to Tamene of potential Russian hacking over a series of phone calls that had begun fully nine months earlier.

The FBI agent's warnings had "never used alarming language," Tamene would tell the Senate committee, and never reached higher than the DNC's IT director, who dismissed them after a cursory search of the network for signs of foul play. That miscommunication would result in the success of the Kremlin-sponsored hack-and-leak operation that would ultimately contribute to the election of Donald Trump.

Read 12 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/35cBNzD
via A.I .Kung Fu

Big tech companies want to help get you back in the office

Enlarge / Office staff respecting social distancing during a meeting. Group of business men and women having a meeting in office during corona virus pandemic. (credit: Getty Images)

Many things about Matt Bruinooge’s senior year at Brown are different from his previous college life. One is that he logs on to a website from tech giant Alphabet twice a week to schedule nasal swabs.

Brown is one of the first customers of a pandemic safety service from Alphabet subsidiary Verily Life Sciences called Healthy at Work, or Healthy at School at colleges. It offers a website and software for surveying workers or students for symptoms, scheduling coronavirus tests, and managing the results.

The site Bruinooge uses to schedule his tests has similar styling to Google’s office suite. When a test comes back negative, he sees a graphic of something like a COVID-era hall pass, with a big check mark in soothing green. “The testing process is streamlined,” Bruinooge says—although he wonders where his data may end up.

Read 24 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/3bIFkat
via A.I .Kung Fu

A single text is all it took to unleash code-execution worm in Cisco Jabber

Enlarge (credit: Cisco)

Until Wednesday, a single text message sent through Cisco’s Jabber collaboration application was all it took to touch off a self-replicating attack that would spread malware from one Windows user to another, researchers who developed the exploit said.

The wormable attack was the result of several flaws, which Cisco patched on Wednesday, in the Chromium Embedded Framework that forms the foundation of the Jabber client. A filter that’s designed to block potentially malicious content in incoming messages failed to scrutinize code that invoked a programming interface known as “onanimationstart.”

Jumping through hoops

But even then, the filter still blocked content that contained <style>, an HTML tag that had to be included in a malicious payload. To bypass that protection, the researchers used code that was tailored to a built-in animation component called spinner-grow. With that, the researchers were able to achieve a cross-site scripting exploit that injected a malicious payload directly into the internals of the browser built into Jabber.

Read 10 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/2F0XM1y
via A.I .Kung Fu

Hackers are exploiting a critical flaw affecting >350,000 WordPress sites

Enlarge (credit: StickerGiant / Flickr)

Hackers are actively exploiting a vulnerability that allows them to execute commands and malicious scripts on Websites running File Manager, a WordPress plugin with more than 700,000 active installations, researchers said on Tuesday. Word of the attacks came a few hours after the security flaw was patched.

Attackers are using the exploit to upload files that contain webshells that are hidden in an image. From there, they have a convenient interface that allows them to run commands in plugins/wp-file-manager/lib/files/, the directory where the File Manager plugin resides. While that restriction prevents hackers from executing commands on files outside of the directory, hackers may be able to exact more damage by uploading scripts that can carry out actions on other parts of a vulnerable site.

NinTechNet, a website security firm in Bangkok, Thailand, was among the first to report the in-the-wild attacks. The post said that a hacker was exploiting the vulnerability to upload a script titled hardfork.php and then using it to inject code into the WordPress scripts /wp-admin/admin-ajax.php and /wp-includes/user.php.

Read 8 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/32MdpSO
via A.I .Kung Fu

NSA and FBI warn that new Linux malware threatens national security

Enlarge (credit: Suse)

The FBI and NSA have issued a joint report warning that Russian state hackers are using a previously unknown piece of Linux malware to stealthily infiltrate sensitive networks, steal confidential information, and execute malicious commands.

In a report that’s unusual for the depth of technical detail from a government agency, officials said the Drovorub malware is a full-featured tool kit that was has gone undetected until recently. The malware connects to command and control servers operated by a hacking group that works for the GRU, Russia’s military intelligence agency that has been tied to more than a decade of brazen and advanced campaigns, many of which have inflicted serious damage to national security.

“Information in this Cybersecurity Advisory is being disclosed publicly to assist National Security System owners and the public to counter the capabilities of the GRU, an organization which continues to threaten the United States and U.S. allies as part of its rogue behavior, including their interference in the 2016 US Presidential Election as described in the 2017 Intelligence Community Assessment, Assessing Russian Activities and Intentions in Recent US Elections (Office of the Director of National Intelligence, 2017),” officials from the agencies wrote.

Read 13 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/3fWWZeX
via A.I .Kung Fu

More than 20GB of Intel source code and proprietary data dumped online

Enlarge (credit: Tillie Kottman)

Intel is investigating the purported leak of more than 20 gigabytes of its proprietary data and source code that a security researcher said came from a data breach earlier this year.

The data—which at the time this post went live was publicly available on BitTorrent feeds—contains data Intel makes available to partners and customers under NDA, a company spokeswoman said. Speaking on background, she said Intel officials don’t believe the data came from a network breach. She also said the company is still trying to determine how current the material is and that, so far, there is no signs the data includes any customer or personal information.

“We are investigating this situation,” company officials said in a statement. “The information appears to come from the Intel Resource and Design Center, which hosts information for use by our customers, partners and other external parties who have registered for access. We believe an individual with access downloaded and shared this data.”

Read 9 remaining paragraphs | Comments

from Biz & IT – Ars Technica https://ift.tt/3fF4mHv
via A.I .Kung Fu