Cyber-ketju: verkkovakoilu,kännyköiden ja wlanien seuranta, hakkerointi, virukset, DoS etc

ctg

Greatest Leader
Microsoft has warned of yet another vulnerability that’s been discovered in its Windows Print Spooler that can allow attackers to elevate privilege to gain full user rights to a system. The advisory comes on the heels of patching two other remote code-execution (RCE) bugs found in the print service that collectively became known as PrintNightmare.

The company released the advisory late Thursday for the latest bug, a Windows Print Spooler elevation-of-privilege vulnerability tracked as CVE-2021-34481. Microsoft credited Dragos vulnerability researcher Jacob Baines for identifying the issue.

The vulnerability “exists when the Windows Print Spooler service improperly performs privileged file operations,” according to Microsoft.

MS Spooler. Ongelmat sen kanssa vain jatkuu vaikka ne on olleet olemassa lähes kolme vuosikymmentä. Ehkä se vaatii kokonaan uudelleen kirjoittamisen, sillä verkko spooler on yksi porteista jotka on automaagisesti skannaus listalla. Hardening tip niille jotka eivät tiedä, disable MS spooler service listalta jos teillä ei ole printteriä. Jos tarvetta tulee niin sen voi kääntää takaisin päälle.
 
Viimeksi muokattu:

ctg

Greatest Leader
The US government blamed the Chinese government on Monday for attacks on thousands of Microsoft Exchange servers.

China's Ministry of State Security (MSS) "has fostered an ecosystem of criminal contract hackers who carry out both state-sponsored activities and cybercrime for their own financial gain," US Secretary of State Antony Blinken said in a statement that blamed the MSS for the Microsoft Exchange hacks. The US government and its allies "formally confirmed that cyber actors affiliated with the MSS exploited vulnerabilities in Microsoft Exchange Server in a massive cyber espionage operation that indiscriminately compromised thousands of computers and networks, mostly belonging to private sector victims," Blinken said.

Blinken's statement was released alongside a Justice Department announcement that three MSS officers and one other Chinese national were indicted by a federal grand jury on charges related to a different series of hacks into the "computer systems of dozens of victim companies, universities, and government entities in the United States and abroad between 2011 and 2018." Blinken said that the US "and countries around the world are holding the People's Republic of China (PRC) accountable for its pattern of irresponsible, disruptive, and destabilizing behavior in cyberspace, which poses a major threat to our economic and national security."

The US did not announce any new sanctions against China, but Blinken said the indictment is evidence that "the United States will impose consequences on PRC malicious cyber actors for their irresponsible behavior in cyberspace."
 

magitsu

Greatest Leader
Suomi on ollut NSO:n myyntitoimenpiteiden kohteena. Lyhennelmä sivun 199 Suomi-annista.
199.JPG
 

ctg

Greatest Leader
China state hackers are compromising large numbers of home and office routers for use in a vast and ongoing attack against organizations in France, authorities from that county said.

The hacking group—known in security circles as APT31, Zirconium, Panda, and other names—has historically conducted espionage campaigns targeting government, financial, aerospace and defense organizations as well as businesses in the technology, construction, engineering, telecommunications, media, and insurance industries, security firm FireEye has said. APT31 is also one of three hacker groups sponsored by the Chinese government that participated in a recent hacking spree of Microsoft Exchange servers, the UK’s National Cyber Security Center said on Monday.
 

ctg

Greatest Leader
The software company at the center of a huge ransomware attack this month has obtained a universal key to unlock files of the hundreds of businesses and public organizations crippled by the hack.

Nineteen days after the initial attack over the Fourth of July weekend, the Florida-based IT management provider, Kaseya, has received the universal key that can unlock the scrambled data of all the attack’s victims, bringing the worst of the fallout to a close.

The so-called supply-chain attack on Kaseya is being labeled the worst ransomware attack to date because it spread through software that companies, known as managed service providers, use to administer multiple customer networks, delivering software updates and security patches.

It affected 800 to 2,000 businesses and organizations – including supermarkets in Sweden and schools in New Zealand whose systems were frozen for days.

News of the key comes after the Russia-linked criminal syndicate that supplied the malware, REvil, disappeared from the internet on 13 July.

The group had asked for $50m to $70m for a master key that would unlock all infections. It is not clear how many victims may have paid ransoms before REvil went dark.

A Kaseya spokesperson, Dana Liedholm, would not say on Thursday how the key had been obtained or whether a ransom had been paid. She said only that it had come from a “trusted third party” and that Kaseya was distributing it to all victims. The cybersecurity firm Emsisoft confirmed that the key worked and was providing support.
 

ctg

Greatest Leader
In the paper, the authors lay out a playbook for how a hacker might design a malware-loaded machine learning model and have it spread in the wild:

"First, the attacker needs to design the neural network. To ensure more malware can be embedded, the attacker can introduce more neurons. Then the attacker needs to train the network with the prepared dataset to get a well-performed model. If there are suitable well-trained models, the attacker can choose to use the existing models. After that, the attacker selects the best layer and embeds the malware. After embedding malware, the attacker needs to evaluate the model’s performance to ensure the loss is acceptable. If the loss on the model is beyond an acceptable range, the attacker needs to retrain the model with the dataset to gain higher performance. Once the model is prepared, the attacker can publish it on public repositories or other places using methods like supply chain pollution, etc."
 

ctg

Greatest Leader
The investigation has been based on forensic analysis of phones and analysis of a leaked database of 50,000 numbers, including that of Macron and those of heads of state and senior government, diplomatic and military officials, in 34 countries.

In multiple statements, NSO said the fact a number appeared on the leaked list was in no way indicative of whether it was selected for surveillance using Pegasus. “The list is not a list of Pegasus targets or potential targets,” the company said. “The numbers in the list are not related to NSO Group in any way.”

But the list is believed to provide insights into those identified as persons of interest by NSO’s clients. It includes people whose phones showed traces of NSO’s signature phone-hacking spyware, Pegasus, according to forensic analysis of their devices. The analysis was conducted by Amnesty International’s security lab, which discovered traces of Pegasus-related activity on 37 out of 67 phones that it analysed.

Selkeesti NSO on valinnut linjansa, "Kukaan ei tehnyt mitään ja jos teki niin he eivät tehneet sitä meidän ohjauksessa. Se oli ne isot pojat. Ne pakotti. Oikeesti."
 
Top