Fortinet VPN with Default Settings Leave 200,000 Businesses Open to Hackers

As the pandemic continues to accelerate the shift towards working from home, a slew of digital threats have capitalized on the health concern to exploit weaknesses in the remote work infrastructure and carry out malicious attacks. Now according to network security platform provider SAM Seamless Network, over 200,000 businesses that have deployed the Fortigate VPN solution—with default configuration—to enable employees to connect remotely are vulnerable to man-in-the-middle (MitM) attacks, allowing attackers to present a valid SSL certificate and fraudulently take over a connection. “We quickly found that under default configuration the SSL…

Read More

A New Hacking Group Hitting Russian Companies With Ransomware

As ransomware attacks against critical infrastructure continue to spike in recent months, cybersecurity researchers have uncovered a new entrant that has been actively trying to conduct multistage attacks on large corporate networks of medical labs, banks, manufacturers, and software developers in Russia. The ransomware gang, codenamed “OldGremlin” and believed to be a Russian-speaking threat actor, has been linked to a series of campaigns at least since March, including a successful attack against a clinical diagnostics laboratory that occurred last month on August 11. “The group has targeted only Russian companies so…

Read More

Detecting and Preventing Critical ZeroLogon Windows Server Vulnerability

If you’re administrating Windows Server, make sure it’s up to date with all recent patches issued by Microsoft, especially the one that fixes a recently patched critical vulnerability that could allow unauthenticated attackers to compromise the domain controller. Dubbed ‘Zerologon’ (CVE-2020-1472) and discovered by Tom Tervoort of Secura, the privilege escalation vulnerability exists due to the insecure usage of AES-CFB8 encryption for Netlogon sessions, allowing remote attackers to establish a connection to the targeted domain controller over Netlogon Remote Protocol (MS-NRPC). “The attack utilizes flaws in an authentication protocol that validates…

Read More

Unsecured Microsoft Bing Server Exposed Users’ Search Queries and Location

A back-end server associated with Microsoft Bing exposed sensitive data of the search engine’s mobile application users, including search queries, device details, and GPS coordinates, among others. The logging database, however, doesn’t include any personal details such as names or addresses. The data leak, discovered by Ata Hakcil of WizCase on September 12, is a massive 6.5TB cache of log files that was left for anyone to access without any password, potentially allowing cybercriminals to leverage the information for carrying out extortion and phishing scams. According to WizCase, the Elastic server is…

Read More

What’s in Vogue? Experts Point to Ransomware Attacks

The financial impact of ransomware attacks is huge. Since the coronavirus pandemic set in full force, threat actors have been launching brutal ransomware attacks on businesses worldwide.  Some statistics your way Over the first six months of the year, ransomware attacks were at the root of 41% of cyber insurance claims filed, according to a report by Coalition. According to the 2020 Verizon Business Data Breach Investigations Report, among all the malware incidents, ransomware attacks accounted for 27%. Meanwhile, the average cost of a ransomware attack is over $84,000, according to Coveware.…

Read More

U.S. Treasury Sanctions Hacking Group Backed by Iranian Intelligence

The U.S. government on Thursday imposed sweeping sanctions against an Iranian threat actor backed by the country’s Ministry of Intelligence and Security (MOIS) for carrying out malware campaigns targeting Iranian dissidents, journalists, and international companies in the telecom and travel sectors. According to the U.S. Treasury and the Federal Bureau of Investigation (FBI), the sanctions target Rana Intelligence Computing Company (or Rana), which the agencies said operated as a front for the threat group APT39 (aka Chafer or Remix Kitten), Iranian cyber espionage hacking collective active since 2014 known for its attacks on companies…

Read More

Hacker Profile: Michael Howard

Michael Howard is infectious. He’s a great educator, an energetic speaker, and after nearly 20 years is as passionate about his computer security specialty, secure code, as he was in the beginning. It’s hard to be around him more than a few minutes without you wanting to help make the world more secure one line of code at a time. He first gained worldwide notice for coauthoring Writing Secure Code along with David LeBlanc and for being a significant part of the reason why Microsoft is hugely dedicated to writing…

Read More

Iranian Hackers Found Way Into Encrypted Apps, Researchers Say

Reports reveal that hackers have been secretly gathering intelligence on opponents of the Iranian regime, breaking into cellphones and computers and outsmarting apps like Telegram. Iranian hackers, most likely employees or affiliates of the government, have been running a vast cyberespionage operation equipped with surveillance tools that can outsmart encrypted messaging systems — a capability Iran was not previously known to possess, according to two digital security reports released Friday. The operation not only targets domestic dissidents, religious and ethnic minorities and antigovernment activists abroad, but can also be used…

Read More

FBI adds 5 Chinese APT41 hackers to its Cyber’s Most Wanted List

The United States government today announced charges against 5 alleged members of a Chinese state-sponsored hacking group and 2 Malaysian hackers that are responsible for hacking more than 100 companies throughout the world. Named as APT41 and also known as ‘Barium,’ ‘Winnti, ‘Wicked Panda,’ and ‘Wicked Spider,’ the cyber-espionage group has been operating since at least 2012 and is not just involved in strategic intelligence collection from valuable targets in many sectors, but also behind financially motivated attacks against online gaming industry. According to a press release published by the…

Read More

Chinese and Malaysian hackers charged by US over attacks

The US Department of Justice (DoJ) has charged five Chinese and two Malaysian men with hacking more than 100 companies.The two Malaysian businessman “conspired” with two of the Chinese hackers to target the video games industry in particular, the DoJ said.They would obtain in-game items and currencies by fraud, hacking or other means, and sell on the digital items for real money, it added.Both Malaysian men have been arrested.The five Chinese men were “fugitives” in China, the DoJ added. The US does not have an extradition treaty with China.The other…

Read More