Category Archive: Uncategorized

Google selects Coinbase to take cloud payments with cryptocurrencies and will use its custody tool

Google said that it will rely on Coinbase to start letting some customers pay for cloud services with cryptocurrencies early in 2023, while Coinbase said it would draw on Google’s cloud infrastructure.

Coinbase shares rose as much as 8.4% in trading session, although the stock is still down over 70% for the year.

The deal, announced at Google’s Cloud Next conference, might succeed in luring cutting-edge companies to Google in a fierce, fast-growing market, where Google’s top competitors do not currently permit clients to pay with digital currencies. The cloud business helps diversify Google parent Alphabet away from advertising, and it now accounts for 9% of revenue, up from less than 6% three years ago, as it is expanding more quickly than Alphabet as a whole.

Coinbase, which generates a majority of its revenue from retail transactions, will move data-related applications to Google from the market-leading Amazon Web Services cloud, which Coinbase has relied on for years, said Jim Migdal, Coinbase’s vice president of business development.

The Google Cloud Platform infrastructure service will initially accept cryptocurrency payments from a handful of customers in the Web3 world who want to pay with cryptocurrency, thanks to an integration with the Coinbase Commerce service, said Amit Zavery, vice president and general manager and head of platform at Google Cloud, in an interview with CNBC. Web3 is a buzzword that has come to stand for decentralized and distributed internet services that can’t be controlled by big internet outfits such as Facebook or Google.

Over time, Google will allow many more customers to make payments with cryptocurrency, Zavery said. Coinbase Commerce supports 10 currencies, including Bitcoin, Bitcoin Cash, Dogecoin, Ethereum and Litecoin. Bitcoin, Dogecoin and Ethereum prices have all declined over 60% in the past year.

Terms of the deal weren’t disclosed. But like other Coinbase Commerce arrangements, Coinbase will earn a percentage of transactions that go through it, Migdal said.

It wasn’t a guarantee that Google would go with Coinbase for the payments portion of the deal. PayPal, for one, offers businesses a way to take payments with digital currencies. “We did look at other companies for the cryptocurrency side of it,” Zavery said. Ultimately, he said, Coinbase had the greatest capability.

Google is also exploring how it can use Coinbase Prime, a service that securely stores organizations’ cryptocurrencies and allows them to execute trades. Zavery said Google will experiment and “see how we can participate” with managing cryptocurrency assets. Block (the payments company formerly known as Square), Coinbase, MicroStrategy and Tesla are among the companies that have added digital currencies to their balance sheets. That can be a risky endeavor. Coinbase announced a $377 million impairment charge tied to a decline in the value of its cryptocurrency holdings in August.

Google had previously indicated in May that it was exploring the possibility of adding support for payments with digital currencies. Migdal said Coinbase had been in discussion with Google for months, with conversations about supporting commerce transactions, cloud usage and the Prime service all happening in parallel. “We decided to bring them together,” he said.

Blockchain technologies such as nonfungible tokens, or NFTs, have become a bigger focus for Google’s cloud division. Previously, Google’s cloud chief, Thomas Kurian, has pushed for growth in major industries such as media and retail. This year it announced the formation of teams to drum up blockchain business and build tools that third-party developers can draw on to run blockchain applications.


via:  cnbc


Save pagePDF pageEmail pagePrint page

Alert! Hackers Exploiting GitLab Unauthenticated RCE Flaw in the Wild

A now-patched critical remote code execution (RCE) vulnerability in GitLab’s web interface has been detected as actively exploited in the wild, cybersecurity researchers warn, rendering a large number of internet-facing GitLab instances susceptible to attacks.

Tracked as CVE-2021-22205, the issue relates to an improper validation of user-provided images that results in arbitrary code execution. The vulnerability, which affects all versions starting from 11.9, has since been addressed by GitLab on April 14, 2021 in versions 13.8.8, 13.9.6, and 13.10.3.

In one of the real-world attacks detailed by HN Security last month, two user accounts with admin privileges were registered on a publicly-accessible GitLab server belonging to an unnamed customer by exploiting the aforementioned flaw to upload a malicious payload “image,” leading to remote execution of commands that granted the rogue accounts elevated permissions.

Although the flaw was initially deemed to be a case of authenticated RCE and assigned a CVSS score of 9.9, the severity rating was revised to 10.0 on September 21, 2021 owing to the fact that it can be triggered by unauthenticated threat actors as well.

“Despite the tiny move in CVSS score, a change from authenticated to unauthenticated has big implications for defenders,” cybersecurity firm Rapid7 said in an alert published Monday.

Despite the public availability of the patches for more than six months, of the 60,000 internet-facing GitLab installations, only 21% of the instances are said to be fully patched against the issue, with another 50% still vulnerable to RCE attacks.

In the light of the unauthenticated nature of this vulnerability, exploitation activity is expected to increase, making it critical that GitLab users update to the latest version as soon as possible. “In addition, ideally, GitLab should not be an internet facing service,” the researchers said. “If you need to access your GitLab from the internet, consider placing it behind a VPN.”

Additional technical analysis related to the vulnerability can be accessed here.


via:  thehackernews


Save pagePDF pageEmail pagePrint page

A Major Internet Outage Appears To Have Knocked Down Amazon And Dozens Of Other Sites

Banks, brokerages, PSN, the Steam Store, Amazon, UPS, Southwest Airlines, Fidelity, FedEx, UPS, AirBNB, Home Depot, Disney and  more went down in massive internet outage.

A widespread internet outage caused several major websites to shut down Thursday afternoon, including Amazon, Delta, Capital One and Costco.

It’s still unclear what caused the outage, but Akamai, a content distribution network that helps with the spread of data around the internet, posted online there was an “emerging issue” with their Edge DNS service. A DNS, or domain name service, helps match a website’s name to its IP address. If the DNS fails, it becomes impossible to search and connect to a website by name.

By approximately 1:13pm ET, the site read “all systems operational.”

When reached by NPR, Akamai said, “We have implemented a fix for this issue, and based on current observations, the service is resuming normal operations.”

Akamai also confirmed that the outage was not due to a cyber attack.

A similar widespread outage occurred in June when another content delivery network, Fastly, experienced a software bug. Websites like CNN, The New York Times, Twitch and Reddit were down for nearly an hour.

The outages, while temporary, are raising concerns about the number of websites that rely on just a few content delivery networks like Fastly and Akamai, creating a more fragile internet ecosystem.

via:  northernpublicradio, theverge, fox59


Save pagePDF pageEmail pagePrint page

Understanding the system requirements and the security benefits of Windows 11

Security is a big part of Windows 11, but so is delivering productivity and a good experience with all the security features turned on.

The hardware requirements for Windows 11 have been causing some confusion and controversy. The minimum specification is about getting the right trade-offs between security, reliability, compatibility and performance to deliver a good Windows experience, and many enterprises will be ready for Windows 11.

The minimum system requirements of 1GHz or faster dual-core processors, 4GB of RAM, and 64GB of storage are what Microsoft Office and Teams already specify.

TPM 2.0 has been a requirement for all new Windows PCs since 28 July 2016 (2018 in China), with the only exceptions being special-purpose commercial systems and custom orders. Although it’s usually just thought of as storage for BitLocker (and the Device Encryption equivalent on Windows Home) keys, the Trusted Platform Module services a wide range of Windows security features: storing other keys and the PINs for Windows Hello biometrics and Credential Guard; blocking brute-force dictionary attacks so that even shorter PINs and passwords are more secure; powering virtual smart cards; acting as the hardware root of trust for secure boot and measured boot; attesting to PC health after boot with Windows Defender System Guard; and enabling ‘white glove’ and self-service Autopilot deployments.

While the official documentation suggests that a TPM is optional for some of those features, “to be honest, I would not recommend it being optional,” David Weston, partner director of enterprise and OS security at Microsoft, told TechRepublic. “Without a TPM, you’re not going to have segmentation, which is what we want”.

In fact, the reaction to the Windows 11 requirements suggest that many PCs have TPMs that haven’t been enabled, so even a protection mandated five years ago may not be in place. Admins expecting to upgrade to a new version of Windows Server may want to take this as an opportunity to audit their server hardware, because TPMs have been recommended since Windows Server 2016 and will be required for Windows Server 2022, but aren’t always present.

To run Windows 11, CPUs need to have the hardware virtualization features to enable virtual secure mode for Virtualization-Based Security and the Hypervisor-Protected Code Integrity that underlies a range of protections that Microsoft has been building since Windows 8, like Application Guard, Control Flow Guard, Credential Guard, Device Guard and System Guard. Now they’ll be on by default for all PCs, not just specially selected devices. 

They also need to have drivers based on the new Windows Drivers model; earlier this year, Microsoft announced that drivers for what was then called Windows 10X would need to be certified through the Windows Hardware Compatibility Program and be componentised, written for isolation and use an approved subset of Windows APIs, to make them more stable and easier to update. 

The breadth and variety of the PC ecosystem makes the specification more complicated than you might think. Intel 8th generation CPUs, AMD Zen 2 and Qualcomm 7 and 8 Series have the right hardware features for security, reliability and performance; they also have full support. While 7th generation and AMD Zen CPUs have the hardware features, they have what Microsoft described to us as ‘limited support’, so one of the things the Windows Insider releases of Windows 11 will show is exactly which of those earlier processors will deliver a good enough experience to be supported. And the Snapdragon 835 that powered the very first Windows on Arm devices isn’t supported at all.

No more guards

Security isn’t its only raison d’etre, but Windows 11 is intended to “raise the security baseline”, taking advantage of the various ‘guard’ features that are already in Windows but rarely turned on.

The goal is to make security easy, to make sure it doesn’t impact performance or battery life, and to make it easy for organizations to move to passwordless, ‘zero trust’ approaches, Weston told TechRepublic. 

“I tell my team ‘no more guards’; we really want to focus not on building new security tech, but in turning on the security tech we have, which I think is already pretty substantial.” 

“Virtualization Based Security is on by default. Obviously the TPM is there, so that’s going to give us the ability to do BitLocker in Windows Hello in more default scenarios. Those are going to allow commercial enterprises to do zero trust and take advantage of things like System Guard. There’s a lot of out-of-the-box security value. I want people to flip their laptop open and feel they are much better protected, and we know that they will be, based on looking at threat intelligence versus the default we changed.”

“If you look at the major attacks out there, whether that’s ransomware or phishing, we’ve struck directly at mitigating those, or at least making them much, much better protected on Windows 11,” Weston claimed.

“For the folks who are tasked with managing, you need to make their deployment as simple as possible. And I think we’ve done that by saying the things that are most critical are just there and enabled by default. Many of the security professionals in organizations are stuck in between detecting and responding, and then modifying and working with the configuration management folks to turn on more security. If we could make that job a little easier I think we’d see more secure commercial enterprises, and that’s a big theme for Windows 11.”

Windows Hello for Business replaces the familiar username and password with strong user authentication using asymmetric cryptographic key pairs (stored in the TPM) and Windows 11 improves the way the key trust relationship works with Active Directory and Azure AD. “Folks who were using certificates or smart cards, which are pretty substantial, can very quickly transition to Windows Hello for Business, which means they can really quickly get to a nice passwordless strategy,” Weston said. “That was one of the bigger blockers for passwordless adoption in corporations; we’ve got that.”

Zero trust isn’t always clearly defined, and Weston is keen to simplify the idea for organisations, pointing out that it’s an approach many are already taking, like moving from Group Policy to MDM for devices (and Windows 11 adds many new MDM policies to help them move away from legacy device management).

“I think what most of our customers are looking for is a combination of additional identity proofs and some information about the risk of the device and combining those to make an educated decision about the cloud,” said Weston. “What Windows 11 does for that style of zero trust is, if you have an MDM — of course we love Intune and conditional access — you can collect, from the hardware, very high-integrity information about the risk of the device and you can combine that with identity information from your identity provider — of course we like Azure Active Directory for that. And those two signals give you a lot of additional security over the traditional perimeter approach. You’re getting the right information to make the right decision, and you’re making sure that that information can be trusted, so it’s captured from the hardware, because otherwise you’re gathering information that might be tampered [with] by an attacker.”

Windows 11 will have other security improvements that Microsoft isn’t ready to talk about yet, which might include the application containers originally promised for 10X. “We have some really interesting ideas on how to do better app security for mainline apps,” said Weston.

But beyond security, one of the features Weston is most excited about is the way Windows Updates are 40-50% faster to install (thanks to only delivering file deltas and even more aggressive compression than previous update models. “As someone who takes a daily build [of Windows], every day I’m smiling and saying ‘that was so fast’ — it’s really noticeable.”

Understanding the ‘CPU floor’

Just turning on the existing hardware-based security features reduces malware infections by 60%, but compatibility and performance worries have meant only a few PCs have shipped with them on by default.

“This is really, really important fundamental stuff. If you don’t have that foundation to build on, you’re going to be in reactive mode for the rest of existence,” Weston pointed out. “Windows 11 is starting with an incredibly strong foundation.”

While only new PCs shipping later this year will come with the Microsoft-designed Pluton security processor, Tiger Lake CPUs have Control-flow Enforcement Technology to help Control Flow Guard block ROP attacks (and there’s an AMD equivalent). 

Eighth-generation processors also already include functionality that improves the performance of HVCI: Intel’s Mode-based execute control for EPT (MBEC), AMD’s Guest-mode execute trap for NPT (GMET), and ARM’s Translation table stage 2 Unprivileged Execute-never (TTS2UXN). Older processors have to rely on slower, less power-frugal Restricted User Mode emulation, which is one of the reasons for the CPU requirements in Windows 11.

“Many of the architectural changes in the CPU have allowed software to get out of being the middle person between the hypervisor and the hardware,” Weston explained. “Things that used to take longer because the operating system would have to say, ‘I have to walk this over to the hardware’ — we got out of the way. So you see substantial performance increases with virtualization in Windows 11, because of the hardware ‘floor’, and you see substantial battery life extension as a result. It’s a much better experience with virtualization.”

That’s important for features like Windows Defender Application Guard, the Windows Sandbox, WSL 2 and the way Hyper-V now works with third-party virtualisation software. It will also be what powers the virtualised Android apps that will run on Windows 11.

That mix of security, performance and battery life explains what might otherwise look like arbitrary CPU choices, Weston explained. 

“We looked at a median that we thought was right in the target range of folks who are going to adopt Windows 11, and then we looked at performance and reliability and what features are available — the virtualisation necessary for Android apps, what drivers are available, security features and having efficient security…that was all factored into the decision.”

“This was a focus on making sure that Windows 11 met expectations. This is a new rejuvenated Windows — the experience is awesome. And that’s why you saw a little bit of bump in the RAM, a little bit of bump in the SSD, a little bit of bump in the CPU, because all of those things take advantage of what our silicon ecosystem has been producing for the last five years, which is pretty fantastic. And when you’ve got competition who’s really raising the bar, you want to make sure you know that our experience in the PC ecosystem can meet any other ecosystem.”

Microsoft used a lot of telemetry, but also talked to commercial customers about their PC hardware and upgrade plans, where the four to five years of PC hardware that Windows 11 will run on is a typical refresh cycle.

“We spent a lot of time with enterprises in different categories and the feedback we got is, for the vast majority of enterprises we talked to, this is going to work just fine. The other reality is, despite security being the top driver for Windows 10 and the Windows 7 to 10 transition happening relatively quickly, there’s going to be some folks who just aren’t going to make that move quickly. And so we think this is a good balance between the folks who are ready to go to Windows 11 and the folks who need more time but want to stay secure and supported.”

Common enterprise security initiatives like the passwordless and zero trust approaches that Windows 11 supports natively will appeal to many enterprises, Weston expects; for others the Windows 10 support lifecycle matches the timescale for buying new PCs.

“Folks who have the hardware available and want these substantial security increases — we think they’re going to move to Windows 11 even faster than the 7 to 10 transition, because security is even more important now. And there will certainly be another set of folks who need more time to do hardware refresh or just get prepared. And we’re going to continue to ship updates and ship new and interesting things down to Windows 10 to keep them secure and viable.”

For those disappointed by the hardware requirements, Weston points out that it’s delivering a good Windows experience. “It’s not like we’re trying to make it hard for people who are on an unsupported configuration. The goal is to say, ‘let’s be very clear about where the best experience is and where Microsoft suggests you really go to have a good experience’.”

The breadth of the PC ecosystem allows for a wide range of devices. “We’re open enough to allow people to really do what they want to do. At the same time we need to be clear and say ‘this is what we intended’, and those two things are not mutually exclusive.”

All the discussion about TPMs and CPU capabilities is just a reminder of how much interest there is in Windows, Weston pointed out. “I’m actually excited by how many people are just asking about Windows 11 and seeing the level of energy. People are passionate, they want it, and they want it the way in which they enjoy it, and I’m super-supportive of that.”

via:  techrepublic.


Save pagePDF pageEmail pagePrint page

Amazon devices will soon automatically share your Internet with neighbors

WHAT COULD POSSIBLY GO WRONG?

Amazon’s experiment wireless mesh networking turns users into guinea pigs.

If you use Alexa, Echo, or any other Amazon device, you have only 10 days to opt out of an experiment that leaves your personal privacy and security hanging in the balance.

On June 8, the merchant, Web host, and entertainment behemoth will automatically enroll the devices in Amazon Sidewalk. The new wireless mesh service will share a small slice of your Internet bandwidth with nearby neighbors who don’t have connectivity and help you to their bandwidth when you don’t have a connection.

By default, Amazon devices including Alexa, Echo, Ring, security cams, outdoor lights, motion sensors, and Tile trackers will enroll in the system. And since only a tiny fraction of people take the time to change default settings, that means millions of people will be co-opted into the program whether they know anything about it or not. The Amazon webpage linked above says Sidewalk “is currently only available in the US.”

The webpage also states:

What is Amazon Sidewalk?

Amazon Sidewalk is a shared network that helps devices work better. Operated by Amazon at no charge to customers, Sidewalk can help simplify new device setup, extend the low-bandwidth working range of devices to help find pets or valuables with Tile trackers, and help devices stay online even if they are outside the range of their home wifi. In the future, Sidewalk will support a range of experiences from using Sidewalk-enabled devices, such as smart security and lighting and diagnostics for appliances and tools.

How will Amazon Sidewalk impact my personal wireless bandwidth and data usage?

The maximum bandwidth of a Sidewalk Bridge to the Sidewalk server is 80Kbps, which is about 1/40th of the bandwidth used to stream a typical high definition video. Today, when you share your Bridge’s connection with Sidewalk, total monthly data used by Sidewalk, per account, is capped at 500MB, which is equivalent to streaming about 10 minutes of high definition video.

Why should I participate in Amazon Sidewalk?

Amazon Sidewalk helps your devices get connected and stay connected. For example, if your Echo device loses its wifi connection, Sidewalk can simplify reconnecting to your router. For select Ring devices, you can continue to receive motion alerts from your Ring Security Cams and customer support can still troubleshoot problems even if your devices lose their wifi connection. Sidewalk can also extend the working range for your Sidewalk-enabled devices, such as Ring smart lights, pet locators or smart locks, so they can stay connected and continue to work over longer distances. Amazon does not charge any fees to join Sidewalk.

Amazon has published a white paper detailing the technical underpinnings and service terms that it says will protect the privacy and security of this bold undertaking. To be fair, the paper is fairly comprehensive, and so far no one has pointed out specific flaws that undermine the encryption or other safeguards being put in place. But there are enough theoretical risks to give users pause.

Wireless technologies like Wi-Fi and Bluetooth have a history of being insecure. Remember WEP, the encryption scheme that protected Wi-Fi traffic from being monitored by nearby parties? It was widely used for four years before researchers exposed flaws that made decrypting data relatively easy for attackers. WPA, the technology that replaced WEP, is much more robust, but it also has a checkered history.

Bluetooth has had its share of similar vulnerabilities over the years, too, either in the Bluetooth standard or in the way it’s implemented in various products.

If industry-standard wireless technologies have such a poor track record, why are we to believe a proprietary wireless scheme will have one that’s any better?

The omnipotent juggernaut

Next, consider the wealth of intimate details Amazon devices are privy to. They see who knocks on our doors, and in some homes they peer into our living rooms. They hear the conversations we’re having with friends and family. They control locks and other security systems in our home.

Extending the reach of all this encrypted data to the sidewalk and living rooms of neighbors requires a level of confidence that’s not warranted for a technology that’s never seen widespread testing.

Last, let’s not forget who’s providing this new way for everyone to share and share alike. As independent privacy researcher Ashkan Soltani puts it: “In addition to capturing everyone’s shopping habits (from amazon.com) and their internet activity (as AWS is one of the most dominant web hosting services)… now they are also effectively becoming a global ISP with a flick of a switch, all without even having to lay a single foot of fiber.”

Amazon’s decision to make Sidewalk an opt-out service rather than an opt-in one is also telling. The company knows the only chance of the service gaining critical mass is to turn it on by default, so that’s what it’s doing. Fortunately, turning Sidewalk off is relatively painless. It involves:

  1. Opening the Alexa app
  2. Opening More and selecting Settings
  3. Selecting Account Settings
  4. Selecting Amazon Sidewalk
  5. Turning Amazon Sidewalk Off

No doubt, the benefits of Sidewalk for some people will outweigh the risks. But for the many, if not the vast majority of users, there’s little upside and plenty of downside. Amazon representatives didn’t respond to a request for comment.

via:  arstechnica


Save pagePDF pageEmail pagePrint page

Tulsa Cybersecurity Attack Similar to Pipeline Attack

A cybersecurity attack on the city of Tulsa’s computer system was similar to an attack on the Colonial Pipeline and that the hacker is known, officials said.


“I can’t share anything other than we know who did it,” Mayor G.T. Bynum said, adding that the city did not pay the hackers. “They wanted to talk with us about what (a ransom) would be for them not to announce (the attack) and we never engaged them.”

Bynum said Tulsa’s computer security system identified the attack and shut down the system before it was infiltrated.

The attack, discovered earlier this month, was similar to the ransomware attack that shut down the Colonial Pipeline for days, according to Tulsa Chief Information Officer Michael Dellinger.

Colonial Pipeline eventually paid a $4.4 million ransom, the Georgia-based company said.

Tulsa’s computer system remains shut down while each of the city’s computers and servers are examined and cleaned, Dellinger said. There has been no indication any data was breached, he added.

Dellinger said an investigation is underway to determine how the attacker infiltrated the system.

Bynum said city utility services, such as water, will not be disconnected until five days after the system is back online and electronic payments are possible.

Police and fire responses continue, but issues such as uploading police body cameras are slowed because of the computer shutdown.

via:  securityweek


Save pagePDF pageEmail pagePrint page

Colonial Pipeline CEO Explains $4.4M Ransomware Payment

Colonial Pipeline chief executive Joseph Blount has confirmed the company shelled out $4.4 million to purchase a decryption key to recover from the disruptive ransomware attack that caused gasoline shortages in parts of the U.S.


A Wall Street Journal (WSJ) report said Colonial Pipeline made the $4.4 million payment on the evening of May 7 in the form of bitcoin. The company did receive a decryption tool to retrieve the locked data but white the tool was somewhat useful, it was ultimately not enough to immediately restore the pipeline’s systems, the newspaper said.

While the pipline operator did not confirm the amount of the payment, it did confirm to SecurityWeek that it had paid the ransom.

“Colonial Pipeline is critical to the economic and national security of our nation,” a company spokesperson told SecurityWeek. “When we were attacked on May 7, a decision was quickly made to take our entire system offline. We needed to do everything in our power to restart the system quickly and safely. The decision was made to pay the ransom. This decision was not made lightly, however, one that had to be made. Tens of millions of Americans rely on Colonial – hospitals, emergency medical services, law enforcement agencies, fire departments, airports, truck drivers and the traveling public. Our focus remains on continued operations to safely deliver refined products to communities we serve.”

The Colonial Pipeline CEO told the WSJ that making the ransom payment was “the right thing to do for the country.”

“I didn’t make it lightly. I will admit that I wasn’t comfortable seeing money go out the door to people like this,” Blount said, noting that the multi-million payment to the ransomware-as-a-service group was a “highly controversial decision.”


[ READ: Colonial Pipeline Paid $5 Million to Ransomware Gang ]


The ransomware attack has already led to ‘state of emergency’ declarations, temporary lines at gas pumps and rising gas prices.

The U.S. Federal Bureau of Investigation (FBI) and law enforcement agencies typically advise against ransom payments to cybercriminals, especially since some payments may be subject to international sanctions violations.

Additionally, there are no guarantees the data decryption key will work to retrieve encrypted data and no way to be sure the data wasn’t stolen and resold on darkweb marketplaces.

However, even U.S. government organizations have been known to pay significant amounts of money to cybercriminals following ransomware attacks.

via:  securityweek


Save pagePDF pageEmail pagePrint page

Scans for Vulnerable Exchange Servers Started 5 Minutes After Disclosure of Flaws

Adversaries are typically quick to take advantage of newly disclosed vulnerabilities, and they started scanning for vulnerable Microsoft Exchange Servers within five minutes after Microsoft’s announcement, Palo Alto Networks reveals in a new report.


Between January and March, threat actors started scanning for vulnerable systems roughly 15 minutes after new security holes were publicly disclosed, and they were three times faster when Microsoft disclosed four new bugs in Exchange Server on March 2.

For comparison, global enterprises need roughly 12 hours to identify vulnerable systems within their environments, provided that they are aware of all of their assets, Palo Alto Networks explains in their 2021 Cortex Xpanse Attack Surface Threat Report.

Adversaries are at work around the clock to identify vulnerable systems that could provide them with access to enterprise networks, the cybersecurity company says. The monitoring of 50 million IP addresses associated with 50 global enterprises (1% of the global IPv4 space) revealed that, on a typical day, such scans are performed each hour.

Ranging from insecure remote access, zero-day security issues, flaws in products such as Exchange Servers and F5 load balancers, and exposed database servers, new serious vulnerabilities are identified in global enterprise networks twice a day.

“Experiencing one issue every 12 hours highlights the ephemeral nature of today’s IT infrastructure, where not only infrastructure changes but so does the vulnerability footprint. Tracking an ever-changing landscape is an impossible task for humans and requires an automated approach,” Palo Alto Networks says.

The top security issue, the report reveals, is related to the remote desktop protocol (RDP), which accounted for approximately one third (32%) of the identified weaknesses. Expired certificates, database misconfigurations, high-profile zero-days, and insecure remote access through various protocols were also top issues during the first three months of the year.

The report also shows that the majority of the most critical security flaws identified in global enterprises were associated with cloud infrastructure (79%, compared to 21% for on-premises). Although easy to deploy, cloud is more difficult to manage, and the COVID-19 pandemic has accelerated cloud adoption, the report points out.

via:  securityweek


Save pagePDF pageEmail pagePrint page

How Cybercriminals Can Leverage Your Vaccination Card Selfie

Gotta do it for the ‘Gram (Instagram), as the kids might say. After a year in quarantine, you just got your first shot or final shot of the COVID-19 vaccine. In your exuberance, you post a shot of your freshly minted vaccination card online. At this point, most of us have seen this play out at least once or twice on social media. The vaccination card post for many celebrating that small victory to return to a feeling of pre-2020 normal in postings similar to the below photos. I completely empathize with the sentiment because we’ve all experienced a lot of adjustment and pain throughout this last year. We’re trying to find the small things—like getting vaccinated! The problem is sometimes the wrong people are watching, people who can potentially weaponize and or monetize the personal identifiable information (PII) you just posted.


In a previous blog, it showed many  found examples of criminals pivoting into forging vaccine documents, and recently there have already been several cases of people traveling with forged documents or law enforcement breaking up criminal rings exclusively trading in vaccine proof.


(Images from public Internet posts)

(Images from public Internet posts)


We’ll take you on a quick look about why you should think twice about what you share online and how cybercriminals can potentially leverage your vaccine card selfie for financial gain.

PROOF OF NAME AND D.O.B.FOR FRAUDULENT ACTIVITIES

In the case of criminals serving up personal data in dark web markets, it may be just the name and birthday that make a difference. This information may help create a persona for sale, or give attackers the puzzle pieces to help validate other data they may already have. Considering consumer information and profiles can be sold for pennies and small dollar amounts online, having your name and birthday in a public post may allow scammers access to a variety of opportunities. This is due in some part to birthdays often serving as an additional identification factor for many services, such as with banking, utility, or phone accounts. This also dangerously lowers the barrier of entry to your personal data, and when used with other information, such as an address or other similarly available data, criminals may attempt to take over accounts.


OSINT (Open Source Intelligence) can be incredibly effective in the hands of an expert, or even a novice. From the information included on a standard US CDC vaccination card, one can glean information such as: name, date of birth, administering location, date of immunization, type of immunization, and lot number of the vaccine. Depending on the photo, OSINT researchers can go even further to possibly pinpoint where exactly the photo was taken, what time of day, the type of camera, or find other revealing clues about the person.


FORGERIES AND TAMPERING

All that from a vaccination card? Afraid so. There’s also more about posting cards that’s troubling. Outside of a few countries producing certified vaccination passports and similar documents, there doesn’t appear to be a lot to protect common vaccine cards, like anti-forgery or anti-tampering measures you might see with other official documents. We definitely haven’t seen any in use for vaccine cards in the US or Europe out of the samples we’ve seen. With many countries worldwide now looking at adding a so-called “vaccine passport” or other vaccine proof for travel, and possibly even for work, a document showing that the shot regimen is complete could become a boon for criminals.


In any case, with a high-enough resolution photograph and some decent graphic design skills, criminals could use portions of found images to produce realistic forgeries. There are already dozens of examples of vaccine cards posted online either via social media or in news stories, that it would seem fairly trivial to generate your own fake version.


What are you doing? I know the moments are exciting but try to rein in the posts that display so much of your personal information.


Instead, you can:

  • Share a picture of the vaccine sticker! 
  • Take a picture with the healthcare worker who gave you the shot! 
  • Get a great selfie in front of the clinic or hospital!
  • Use text and/or emojis instead of a picture to share your happiness!
  • Tell people instead of posting a photo!

But please, don’t use the card itself. Right now you should treat that card with the same attention and care as any other important identification document. Gently nudge people in your circle to be careful if you see it happening within your corner of the world, but also make sure you’re not being too cavalier with your information either. We’ve already talked about how bad people are with passwords and how a lot of your other information gets sold, just showing that there’s a market for anything in the cybercriminal underground.


But, I’m human ,and I want to belong! If you are an oversharer by nature, make your account as private as possible and keep the circle of followers close, as in no randos.. It’s wonderful to share all the joys with your friends and family. Really, it’s just about being safer out there, and making yourself a harder target. Take a cue from Generation Z and make a Finsta (fake Instagram) for just those moments and really close people.

Criminals have tons of opportunities, the methods and means, time, and financial motivation to steal, acquire, and buy all of the personal information floating out there, so why give them the easy ones for free? Be a harder target by giving those impulses a second thought, and maybe don’t post all of your information.

It’s not time to burn down all of your social media and retreat to a cave, but it’s good to understand what your risk is and take control of it.

via:  digitalshadows


Save pagePDF pageEmail pagePrint page

Crypo News

ADVANCE WARNING: The U.S. Department of the Treasury is calling for businesses that receive transfers of more than $10,000 in crypto to report them to the IRS. The policy is said to go into effect in 2023, though it may have contributed to market volatility.


EXPECT ACTION: SEC chief Gary Gensler said Thursday that federal financial regulators should “be ready to bring cases” against bad actors in crypto, cyber and fintech. While far from descriptive, the statement shows consumer financial protections may become a greater concern under the Biden administration.


CAPITAL ALLOCATION? Coinbase is in talks to acquire Osprey Funds, an asset management firm with a popular closed bitcoin fund and newly launched Polkadot fund. In other institutional product news: ETF provider Teucrium Trading filed an application with the SEC to launch an ETF, benchmarked by bitcoin futures rather than physical BTC. This product could have an edge in getting SEC approval.


GREENING BTC: Greenpeace USA has stopped accepting bitcoin donations, citing its carbon footprint and lack of use. Bitcoin companies are scrambling to deal with the increasingly heated energy debate. BitMEX said today it is committed to becoming carbon neutral – it’ll start buying carbon offsets. Separately, Chinese mining firm BTC.com invested $25 million in a new Texas facility, claiming its energy mix is 85% renewable.


BLOCKCHAIN BLOCKERS: On Tuesday, China issued a warning to institutions not to service crypto-related businesses, a restatement of existing policy that sent ripples through the market. The notice – though familiar – signals a sharpened focus on the financial industry. Separately, the Hong Kong government is moving to license virtual asset service providers and set up “necessary intervention powers” to restrict or prohibit some crypto services. Finally, Iran’s intelligence agency will begin cracking down on illegal crypto miners to reduce strain on the nation’s electricity grid.


Privacy Coin Monero Rises 30% After Biden Reveals Tax Plans for Crypto Transactions (Decrypt)

How Crypto Might Offer Haiti an Escape From Its Slavery Debt Legacy

via: coindesk


Save pagePDF pageEmail pagePrint page