Show Posts

This section allows you to view all posts made by this member. Note that you can only see posts made in areas you currently have access to.


Topics - Hardhead

Pages: [1] 2 3 ... 5
1
5/6/2019
05:10 PM
Robert Lemos

Quote
Armed with stolen credentials from another breach or from a misconfigured file, attackers delete developers' repositories on GitHub, Bitbucket, and GitLab, leaving behind ransom notes.

Atlassian's Bitbucket, GitHub, and GitLab notified hundreds of developers over the weekend that their accounts on those repository services were breached and their code deleted by attackers using credentials harvested from another site or misconfigured files.

The accounts of more than an estimated 1,000 developers were impacted by the attack on the three services. In each case, the attackers deleted the victim's code repository and left behind a ransom note demanding a tenth of a bitcoin — about $570 — to restore the data.

Atlassian, which declined to say how many of the users of its Bitbucket service were affected, notified developers whose accounts were impacted and blamed password reuse for the attackers' ability to compromise the service.

"During this attack, a third party accessed your repository by using the correct username and password for one of the users with permission to access your repository," the company stated in a notification to affected users. "We believe that these credentials may have been leaked through another service, as other git hosting services are experiencing a similar attack."

The attack highlights the dangers of mishandling passwords. Reportedly, 392 GitHub users were impacted by the attack, although only 320 users' repositories are currently showing signs of the ransom note. Bitbucket appears to have blocked search results for affected users, while GitLab does not have facilities for searching through repositories.

Reusing the same password on different services is a problematic habit of online users that can undermine security. In addition, developers often unwittingly leave passwords in files that are published to public repositories. None of the services hosting affected developers' repositories found signs of a compromise. Instead, attackers logged onto them from an unrecognized Internet address using valid credentials and then deleted the victim's code.

"GitHub has been thoroughly investigating these reports, together with the security teams of other affected companies, and has found no evidence GitHub.com or its authentication systems have been compromised," the company said. "At this time, it appears that account credentials of some of our users have been compromised as a result of unknown third-party exposures. We are working with the affected users to secure and restore their accounts."

GitLab started investigating the issue on Sunday, after one developer reported that its code had been deleted. The organization concluded that the breach may have occurred when developers mistakenly published passwords stored in another repository.

"We have identified affected user accounts, and all of those users have been notified," a GitLab spokesperson said. "As a result of our investigation, we have strong evidence that the compromised accounts have account passwords being stored in plaintext on a deployment of a related repository."

Atlassian also urged users to not leave passwords in files that may be replicated into public repositories.

https://www.darkreading.com/attacks-breaches/password-reuse-misconfiguration-blamed-for-repository-compromises/d/d-id/1334624

2
 Zeljka Zorz, Managing EditorMay 6, 2019

Quote
Flaw in pre-installed software opens Dell computers to remote hijack

Dell computer owners should update the Dell SupportAssist software as soon as possible to close a high-risk remote code execution vulnerability.

Dell pre-installed software vulnerability
What is Dell SupportAssist?

SupportAssist is software that comes pre-installed on most Dell laptops and computers running Windows.

It has administrator-level access to the operating system and uses it to identify issues, run diagnostics, driver-update scans, and install drivers.
About the vulnerability (CVE-2019-3719)

CVE-2019-3719 is not deemed to be critical as it can’t be exploited by attackers who are not on the same local network as the victim.

Still, instances where that can happen are far from rare. For example, it’s enough for the attacker to be connected to the same public wireless network or enterprise network the potential victim is.

To successfully pull off the attack, the attacker must trick the target into visiting a website booby-trapped with the exploit – no other user interaction is required.

https://www.helpnetsecurity.com/2019/05/06/dell-pre-installed-software-vulnerability/

3
 Help Net SecurityMay 7, 2019

Quote
A new computer processor architecture that could usher in a future where computers proactively defend against threats, rendering the current electronic security model of bugs and patches obsolete, has been developed at the University of Michigan.

Called MORPHEUS, the chip blocks potential attacks by encrypting and randomly reshuffling key bits of its own code and data 20 times per second–infinitely faster than a human hacker can work and thousands of times faster than even the fastest electronic hacking techniques.

“Today’s approach of eliminating security bugs one by one is a losing game,” said Todd Austin, U-M professor of computer science and engineering and a developer of the system. “People are constantly writing code, and as long as there is new code, there will be new bugs and security vulnerabilities.

“With MORPHEUS, even if a hacker finds a bug, the information needed to exploit it vanishes 50 milliseconds later. It’s perhaps the closest thing to a future-proof secure system.”

https://www.helpnetsecurity.com/2019/05/07/unhackable-chip/

4
 By Mayank Parmar

    May 6, 2019 01:32 PM
Quote
At Build 2019 developer conference, Microsoft announced a bunch of new features for its new Chromium-based Microsoft Edge browser. The company also shared how the brand-new Microsoft Edge will simplify development and improve the productivity of consumers, developers, and enterprises.

Below we have outlined some of the new features coming to Microsoft Edge.
Collections

Microsoft announced a new feature called 'Collections' for Edge that would allow users to group content such as photos and text into a central hub that can be accessed from the right pane. After adding items to your collection, you can export the content to apps like Word and Excel.

https://www.bleepingcomputer.com/news/microsoft/upcoming-microsoft-edge-features-announced-at-build-2019/

5
 By Lawrence Abrams

    May 6, 2019 05:23 PM
Quote
Microsoft will begin to ship an in-house custom built Linux kernel starting with the Windows 10 Insider builds this summer. This kernel is to become the backbone for the new Windows Subsystem for Linux 2.0 or WSL2.

Unlike WSL1, which used a Linux-compatible kernel, WSL2 will use a genuine open-source kernel compiled from the stable 4.19 version release of Linux at Kernel.org.

While Microsoft will be providing the Linux kernel, they will not provide any Linux binaries to go with it. Instead, users will still need to download their favorite Linux distribution from the Microsoft Store or by creating a custom distribution package.

https://www.bleepingcomputer.com/news/microsoft/microsoft-to-ship-a-true-linux-kernel-with-windows-10-wsl/

6
 By Sergiu Gatlan

    May 6, 2019 07:04 PM 

Quote
Amazon to Disable S3 Path-Style Access Used to Bypass Censorship

Amazon announced in a post on the Amazon Simple Storage Service (S3) forum that the company will deprecate path-style API requests (used by many to circumvent censorship) starting with September 30, only keeping support for the virtual-hosted style request format.

While the path-style URI requests (aka V1) include the bucket name in the URIs and are of the "//s3.amazonaws.com/[bucketname]/key" form, the virtual-hosted style URI requests (aka V2) feature the bucket name within the domain name and have a "//[bucketname].s3.amazonaws.com/key" structure.

"In our effort to continuously improve customer experience, the path-style naming convention is being retired in favor of virtual-hosted style request format," says Amazon.

Amazon recommends customers to start using V2 S3 API requests before V1 will be disabled on September 30:

https://www.bleepingcomputer.com/news/security/amazon-to-disable-s3-path-style-access-used-to-bypass-censorship/

7
Thanks Ron for the heads up.
There are hot fixes for the issues but if it was up to me I would wait until Firefox comes out with a new version before doing anything. That’s only my thoughts. Read more about the issues below:

https://forums.malwarebytes.com/topic/246969-your-firefox-extensions-are-all-disabled/


8
 By Sergiu Gatlan

    April 25, 2019 01:56 AM 0

Quote
The TA505 hacking group ran a spear phishing campaign targeting a financial institution during April with the help of a signed version of the ServHelper backdoor and a number of LOLBins designed to help the operation evade detection.

TA505 is a threat group known to have been active since at least Q3 2014 [1, 2] and to have attacked a multiple financial institutions and retail companies using large sized malicious spam campaigns driven with the help of the Necurs botnet and dropping the Dridex and Trick banking Trojans, as well as the Locky and Jaff ransomware strains on their targets computers. [1, 2, 3]

During November 2018, TA505 started distributing new malicious tools as discovered by Proofpoint, the ServHelper backdoor and the FlawedGrace remote access Trojan (RAT) as part of multiple malware campaigns focused on banks, retail businesses, and restaurants.

https://www.bleepingcomputer.com/news/security/ta505-spear-phishing-campaign-uses-lolbins-to-avoid-detection/

9
Quote
An exploit has been discovered that could allow ad blocking filter list maintainers for the Adblock Plus, AdBlock, and uBlocker browser extensions to create filters that inject remote scripts into web sites.

With ad blockers having a a user base of over 10 million installs, if malicious scripts were injected it would have a huge impact as they could perform unwanted activity such as stealing cookies, login credentials, causing page redirects, or other unwanted behavior.
The $rewrite filter option

For those who are unfamiliar with how ad blockers work, they utilize lists of URLs related to advertisements and malicious behavior and are typically maintained by a small team of people or even a single person. When these lists are loaded by an ad blocking extension, like Adblock Plus, the extension will prevent the browser from connecting to the listed URLs and thus advertisements or malicious scripts are unable to load.

For example, below is the filter list for the popular ad blocking list called EasyList.

https://www.bleepingcomputer.com/news/security/adblock-plus-filters-can-be-exploited-to-run-malicious-code/

10
VoodooShield / Choosen Toggle on and off idea 💡
« on: January 24, 2019, 04:46:45 am »
Hello Dan,
I have an idea to alert toggle VS from on to off when using a third party uninstaller like Revo, Ccleaner, etc. Allowing the user to choose and given them other options than the MS uninstaller.
What do you think?

Anybody else like this idea?
Please reply if you do!

12
General Software / Privazer v3.0.56
« on: November 06, 2018, 03:29:43 am »
Privazer v3.0.56

v3.0.56 (02 November 2018)
 - Improved support of W10
 - Improved UTF8 support
 - Improved support of Russian language
 - Added support for EazyFix
 - Improved UI

Product Info: Privazer

Download: Privazer

Changelog: Privazer

13
Updates Talk / Topic: Voice Phishing Scams Are Getting More Clever
« on: October 02, 2018, 05:09:06 am »
https://calendarofupdates.org/index.php?topic=3340.msg8778#msg8778

This is an awesome read and might I add that the same thing happened to my mother and it was a spoofed call using a Microsoft store telephone number. I reported the number to Microsoft. Be very careful and never give out any information unless you call the bank or store, etc.

14
News & Announcements / Post editing pictures and SLL
« on: September 03, 2018, 04:32:09 am »
« on: November 04, 2017, 06:55:00 pm »


Since we changed to SLL we have had to edit some posts in the forum.
If you hotlink an image please use a secure image web site and copy and paste https.
Example: https://imgur.com/

15
Security Software / Emsisoft Emergency Kit
« on: September 01, 2018, 04:09:19 am »
Emsisoft Emergency Kit
Programs that can be used without installation to scan and clean infected computers

 boxarrow Release Imformation:
Version 2018.6.0.8742 — Released: 07/02/2018
For Windows 7/8.1/10, 32 & 64 bit, Server 2008 R2/2012/2012 R2/2016
Download https://www.emsisoft.com/en/software/eek/download/

Pages: [1] 2 3 ... 5