It was surprising to discover, he added, how easy and inexpensive it is to acquire extended validation certificates, along with all the documentation needed to create very credible shell companies without any verification information.
It was in November that Marriott realized hackers had been in the system since July 2014. And later that month, the firm found that customer data had indeed been breached. Sorenson descried how, on November 13, investigators discovered evidence that two compressed, encrypted files had been deleted from a device.
After six days, investigators managed to decrypt the files. Their contents: a table detailing passport information and another from the Starwood Guest Reservation Database containing guest data.
Marriott took a long time to reveal this breach: Despite the fact it was found in September, disclosure did not occur until nearly three months later. It also failed to protect valuable customer information and the firm is already the subject of class action lawsuits that could cost it hugely.
... vulnerability is tracked as CVE-2018-8174 and can be exploited through Internet Explorer. However, the flaw was patched by Microsoft in May 2018, so having an up-to-date operating system would have prevented the attack.
The most interesting aspect of the malware remains its use of popular services to communicate with attackers. The backdoor connects to a GitHub repository to download commands and then connects to a Slack private workspace set up by the attackers to posts the output of those commands, along with the name of the computer the output was collected from. Finally, the malware uploads any stolen files to the file.io cloud storage service.
They'll have to close it. I don't see how they can just leave things like that.
... its encryption algorithm has been modified so that it cannot be decrypted using current methods.
Once the encryption is done, things begin to get more interesting.
Yatron contains code to utilize the EternalBlue and DoublePulsar exploits to spread to Windows machines on the same network using SMBv1 vulnerabilities that should have been patched a long time ago.
... what’s up with the developers who fail to properly encrypt/salt/hash, who use outdated password storage methods, who copy-and-paste code they found online (vulnerabilities and all), who leave passwords sitting around in plain text, or who don’t understand the difference between encryption and hashing?
On Jan. 14, Microsoft will end its extended support for its popular Windows 7 operating system, which means automatic updates will cease. As a result, computers running Windows 7 could become vulnerable to security threats, putting their data at risk of theft, destruction or ransom.
This stands to be a problem for many computer users — and many businesses — since about 42 percent of all Windows computers are currently running Windows 7, according to Wyomissing-based Stratix Systems Inc.
“It's a huge issue,” ....
Just to be clear, many people did not update to Windows 10 because of the telemetry issues (Windows tracking). Also, Windows has already announced that it will continue support for some versions of 7 for a yearly fee, which will go up each year for 3 years and then terminate. 3 years of support would be some $300+, which is likely incentive enough to get people to switch operating systems or upgrade to 10. We run both Linux and Windows and may will switch to Linux as our online (connected) operating system. For those who don't know, Linux can also run Windows software and is a free operating system that doesn't track you and isn't SAAS (software as a service). It doesn't upgrade itself whether you want to upgrade or not. So, it remains more like Windows 7 than does Windows 10.
... use a dedicated file-erase program ....
Don’t Throw Out ANY Drive Until You Do That or grind it into powder.
Mining was an easy add on. Now we’re seeing a shift away from that towards banking trojans, credential stealers, pieces of malware which sit on machines.There’s continued ebb and flow of the malware we’re seeing and things like EternalBlue are out there and until we’re robustly patching, we’re going to continue to see threat actors trying to exploit that.
... With the rise of malware affecting more and more users, computer security and personal vigilance are more important than ever before.
It's a good article; however, using the link they suggested can be more than a bit off putting and especially for those who aren't very computer "nerdish." We recommend going the https://www.intel.com/content/www/us/en/support/detect.html route instead if you're dealing with just one or two computers. Large network admins already know what they're doing or are at least supposed to.
When you run the installed program, it will open your browser to report scanning in process and results. If you get an error, make sure you have your browser security extensions set to allow the intel.com site to run the scan. Extensions vary a great deal, so we're not going into detail here. After the scan and download (if any), you can always switch your extensions back to blocking whatever parts of intel.com were being blocked that the scan didn't run.
Before you download, click on the "Update available" and compare the Latest version: x.x.x.x.xxxx to the Installed Version: x.x.x.x.xxxx. They may be the same. That's an Intel hiccup. If they are the same, don't bother downloading and installing.
On the same browser page and after the download(s) is/are complete, click on install. The button will be in the same location as the download button was. If you click on it twice, you can download/install from there (if the site is working properly for you).
We don't use Google, but if you do, we recommend you take advantage of this: "Google Now Lets G Suite Admins Disable Insecure Phone 2FA"
A better than average article of its type: 5 essential router security settings you need to check now
A pretty good dive into what a free VNP is and isn't: Opera brings back free VPN service to its Android browser
... boot the target computer and figure out how to discover the encryption key (or Volume Master Key) as it travels from the TPM across something called the Low Pin Count (LPC) bus.
This one is really strange: "Facebook left millions of passwords readable by employees."