By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy

Security researchers have discovered an ongoing cryptojacking campaign which infects unpatched computers of businesses from all over the world with XMRig Monero miners using Equation group's leaked exploit toolkit. The cybercriminals behind this cryptomining campaign use the NSA-developed EternalBlue and EternalChampion SMB exploits to compromise vulnerable Windows computers, exploits which were leaked by the Shadow Brokers hacker group in April 2017. While Microsoft patched the security flaws these tools abused to break into Windows machines there are still a lot of exposed computers because they haven't been updated to newer OS versions not being impacted by these very dangerous vulnerabilities. "The campaign seems to be widespread, with targets located in all regions of the world. Countries with large populations such as China and India also had the most number of organizations being targeted," said Trend Micro's researchers, the ones who unearthed this ongoing cryptojacking campaign targeting companies from all over the world. In addition, "businesses across a wide range of industries, including education, communication, and media, banking, manufacturing, and technology" are being targeted in these attacks, with the bad actors focusing on victims who use "obsolete or unpatched software." An auto-spreading EternalBlue-based backdoor and a variant of the Vools Trojan is used as the main tool to deploy roughly 80 variants of the XMRig cryptocurrency miners on infected computers, using five different mining configurations with similar usernames and identical passwords. Complete details can be found on OUR FORUM.

The U.S. Federal Bureau of Investigation (FBI) issued a public service announcement regarding TLS-secured websites being actively used by malicious actors in phishing campaigns. Internet users are accustomed by now to always look at the padlock next to the web browser's address bar to check if the current page is served by a website secured using a TLS certificate. Users also look for after landing on a website is the "https" protocol designation in front of the hostname which is another hint of a domain being "secure" and the web traffic is encrypted. However, this exposes them to phishing campaigns designed by threat actors to use TLS-secure landing pages which exploit the users' trust to deceive them into trusting attacker-controlled sites and handing over sensitive personal information. "They are more frequently incorporating website certificates—third-party verification that a site is secure—when they send potential victims emails that imitate trustworthy companies or email contacts, " as the FBI says in the PSA. "These phishing schemes are used to acquire sensitive logins or other information by luring them to a malicious website that looks secure." While in a lot of cases bad actors will get their own SSL certificates to secure pages used in their campaigns to try and trick their targets, there is also a lot of them who just abuse pages hosted on cloud services which automatically inherit the certificates. For instance, during the last two months, crooks have been observed while hosting malware and command-and-control servers on Microsoft’s Azure cloud services as well as websites used to deliver tech support scams. Get better informed by visiting OUR FORUM.

VLC Media Player 3.0.7 was released on Friday and contained the most security updates ever in one release of the program. The president of the VideoLan non-profit organization states that this was due to their inclusion in the EU-FOSSA bug bounty program. Last year, the European Commission announced that they were expanding their Free and Open Source Software Audit (FOSSA) project to support bug bounty programs for free and open source programs that they use. As VLC Media Player is one of the products used by the EU Commission, it was added to a bug bounty program at HackerOne where they are sponsored by EU-FOSSA. Jean-Baptiste Kempf, the President of VideoLan and one of the lead developers of the VLC Media Player, says that VLC 3.0.7 has the most security fixes than any other version of their program. "We just released VLC 3.0.7, a minor update of VLC branch 3.0.x," Kempf stated in a blog post. "This release is a bit special because it has more security issues fixed than any other version of VLC." As VideoLan is a non-profit organization offering free software, being able to afford a bug bounty program that can attract security experts is not an easy task.  Being sponsored, though, by EU-FOSSA who will pay up to €60,000 in bounties for reported VLC vulnerabilities appears to have created a much greater for security researchers to analyze the program. We have more posted on OUR FORUM.

One would be forgiven for thinking Microsoft just announced a $6000 computer and $1000 stand, as the company’s share price has surged 7% in the last 5 sessions according to Bloomberg, hitting its higher ever valuation in intra-day trades, and closing at above a $1 trillion valuation for the second time ever. Over the same period, Alphabet fell 3.5% and Facebook lost 2.9%.  While Apple rose 9%, this was 18.2% below their Oct. 3, 2018, record high. Microsoft is now worth more than $100 billion more than their nearest rival. As has become common, the results are speculated to be due to Microsoft’s limited involvement in the current hostile regulatory environment surrounding large tech companies and also their heavy involvement with enterprise services, which are less liable to be affected by economic downturns. “Management noted Microsoft is better positioned than ever to maintain wallet share of customers through an economic downturn, given the broader budget exposure beyond IT,” Piper Jaffray analyst Alex J. Zukin wrote in a June 5 note. “However, they indicated they were not seeing any signs of an economic slowdown nor any weakness in the economy.” Currently, 36 analysts have a buy rating for Microsoft with an average price target of $143 (7% up from the current close of $131.40), while one rate as hold and 2 recommend selling. “We continue to have a ‘buy it and forget it’ mentality on the stock right now as the company appears to be in midst of secular fundamental growth,” Zukin wrote. Continue following this by visiting OUR FORUM on a regular basis.

US officials and Microsoft executives say older versions of the programs may be vulnerable to malware. In the advisory, NSA officials said a flaw known as "BlueKeep" exists in past editions of Microsoft Windows. Last week Microsoft warned that "some older versions of Windows" could be vulnerable to cyber-attacks. "All customers on affected operating systems [Windows 7 and earlier] should update as soon as possible," said Microsoft. US officials said the "BlueKeep" flaw could leave computers vulnerable to infection by viruses through automated attacks or by the downloading of malicious attachments. They said ransomware can often be installed quickly, holding files hostage and demanding payment from individuals. The vulnerability in the older versions of Microsoft Windows wrote the International Computer Science Institute's Nicholas Weaver, means that bad actors could "gain complete control of the remote system". Updating systems, as the Microsoft executives explained, helps to protect computer users from these kinds of cyber-attacks. Recently a ransomware attack on the city of Baltimore disrupted municipal services, knocking city workers offline and making it harder for people to pay their traffic tickets and water bills. The New York Times has reported that the NSA knew about the system flaw, EternalBlue, but kept it secret for years. EternalBlue has been implicated in a range of cyber-attacks over the past three years, including the WannaCry assault that disrupted the UK's NHS. A senior NSA adviser, Rob Joyce, tweeted on his own account that some computer users could face a "significant risk" because of the vulnerabilities in the older versions of Microsoft Windows, but that they would be protected by updates. Read more of this warning on OUR FORUM.

The U.S. Justice Department has jurisdiction for a potential probe of Apple Inc as part of a broader review of whether technology giants are using their size to act in an anti-competitive manner, two sources told Reuters. The Justice Department’s Antitrust Division and the Federal Trade Commission (FTC) met in recent weeks and agreed to give the Justice Department the jurisdiction to undertake potential antitrust probes of Apple and Google, owned by Alphabet Inc, the sources said. The FTC was given jurisdiction to look at Inc and Facebook Inc, the sources said. The sources did not say what the government’s potential concern might be regarding Apple. Streaming music leader Spotify Technology SA and others have criticized the iPhone maker’s practices, describing the company as anti-competitive in a complaint to the European Union’s antitrust regulators. Central to Spotify’s complaint is a 30% fee Apple charges content-based service providers to use Apple’s in-app purchase system. Apple did not immediately respond to a request for comment. The company has defended its practices in the past, saying it only collects a commission if a good or service is sold through an app. “Our users trust Apple - and that trust is critical to how we operate a fair, competitive store for developer app distribution,” it has said previously. Stay abreast of these developments by visiting OUR FORUM on a regular basis.