Archive for the ‘Biz & IT’ Category

Google’s Project Zero discloses Windows 0day that’s been under active exploit

October 30th, 2020
A stylized skull and crossbones made out of ones and zeroes.

Enlarge (credit: Getty Images)

Google’s project zero says that hackers have been actively exploiting a Windows zeroday that isn’t likely to be patched until almost two weeks from now.

In keeping with long-standing policy, Google’s vulnerability research group gave Microsoft a seven-day deadline to fix the security flaw because it’s under active exploit. Normally, Project Zero discloses vulnerabilities after 90 days or when a patch becomes available, whichever comes first.

CVE-2020-117087, as the vulnerability is tracked, allows attackers to escalate system privileges. Attackers were combining an exploit for it with a separate one targeting a recently fixed flaw in Chrome. The former allowed the latter to escape a security sandbox so the latter could execute code on vulnerable machines.

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, exploits, google, microsoft, Project Zero, vulnerabilities, Windows | Comments (0)

Solve coding challenges at Runcode.ninja online competition, Nov. 6-9

October 30th, 2020
Shozoku and ninjato are encouraged, but not strictly required, in order to compete.

Enlarge / Shozoku and ninjato are encouraged, but not strictly required, in order to compete. (credit: RunCode)

Annual programming competition Runcode.ninja is back again in its fourth year, beginning Friday, November 6. RunCode is a nonprofit organization staffed by volunteers working in their spare time and focused on providing educational opportunities for coders and infosec folks. The online event allows programmers of all experience levels to tackle a wide array of challenges, using any of 14 supported programming languages.

This year, the competition theme is "all things web"—which means that most challenges will have something to do with websites; although the "something" can vary pretty drastically, from user interaction to server log analysis. The event will have more than 30 available challenges, grouped into easy, intermediate, and hard, for competitors to find and upload solutions for.

For each challenge, competitors will be given a problem description, a sample data set, and an expected output to make the desired order and formatting clear. Competitors are expected to generate more test data of their own and thoroughly verify the correctness of their code against all the corner cases they can think of; solutions tested against only the sample data provided will likely fail the challenge. Uploaded code is run in a sandboxed Docker container and its output tested for correctness.

Read 1 remaining paragraphs | Comments

Posted in Biz & IT, challenge, coding, Competition, contest, Programming, runcode, Tech | Comments (0)

Hackers are on the hunt for Oracle servers vulnerable to potent exploit

October 29th, 2020
Photograph of computer server.

Enlarge (credit: Victorgrigas)

Hackers are scanning the Internet for machines that have yet to patch a recently disclosed flaw that force Oracle’s WebLogic server to execute malicious code, a researcher warned Wednesday night.

Johannes Ullrich, dean of research at the SANS Technology Institute, said his organization’s honeypots had detected Internetwide scans that probe for vulnerable servers. CVE-2020-14882, as the vulnerability is tracked, has a severity rating of 9.8 out of 10 on the CVSS scale. Oracle’s October advisory accompanying a patch said exploits are low in complexity and require low privileges and no user interaction.

“At this point, we are seeing the scans slow down a bit,” Ullrich wrote in a post. “But they have reached ‘saturation’ meaning that all IPv4 addresses have been scanned for this vulnerability. If you find a vulnerable server in your network: Assume it has been compromised.”

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, cve-2020-14882, exploits, oracle, vulnerabilities, WebLogic | Comments (0)

US government warns of imminent ransomware attacks against hospitals

October 29th, 2020
US government warns of imminent ransomware attacks against hospitals

Enlarge (credit: Getty Images)

Russian hackers are targeting hundreds of US hospitals and healthcare providers just as the Corona Virus is making a comeback and the US presidential election is in its final stretch, officials from three government agencies and the private sector are warning.

The hackers typically use the TrickBot network of infected computers to penetrate the organizations and after further burrowing into their networks deploy Ryuk, a particularly aggressive piece of ransomware, a joint advisory published by the FBI, Health and Human Services, and the Cybersecurity & Infrastructure Security agency said.

“CISA, FBI, and HHS have credible information of an increased and imminent cybercrime threat to US hospitals and healthcare providers,” Wednesday evening’s advisory stated. “CISA, FBI, and HHS are sharing this information to provide warning to healthcare providers to ensure that they take timely and reasonable precautions to protect their networks from these threats.”

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, CISA, FBI, HHS, hospitals, Policy, ransomware, TrickBot | Comments (0)

In a first, researchers extract secret key used to encrypt Intel CPU code

October 28th, 2020
Promotional close-up photo of computer component.

Enlarge (credit: Intel)

Researchers have extracted the secret key that encrypts updates to an assortment of Intel CPUs, a feat that could have wide-ranging consequences for the way the chips are used and, possibly, the way they’re secured.

The key makes it possible to decrypt the microcode updates Intel provides to fix security vulnerabilities and other types of bugs. Having a decrypted copy of an update may allow hackers to reverse engineer it and learn precisely how to exploit the hole it’s patching. The key may also allow parties other than Intel—say a malicious hacker or a hobbyist—to update chips with their own microcode, although that customized version wouldn’t survive a reboot.

“At the moment, it is quite difficult to assess the security impact,” independent researcher Maxim Goryachy said in a direct message. “But in any case, this is the first time in the history of Intel processors when you can execute your microcode inside and analyze the updates.” Goryachy and two other researchers—Dmitry Sklyarov and Mark Ermolov, both with security firm Positive Technologies—worked jointly on the project.

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, Tech | Comments (0)

Trump’s website defaced with claim that Trump admin created coronavirus

October 28th, 2020
Screenshot of the Trump campaign's website while it was defaced by hackers. The defacement message says

Enlarge / President Trump's campaign website during its brief defacement. (credit: Gabriel Lorenzo Greschler)

President Trump's website last night was briefly defaced by hackers who pitched a cryptocurrency scam and claimed that Trump has "criminal involvement" with election manipulation and that his administration was involved in creating the coronavirus.

Donaldjtrump.com is back to normal now, seeking donations and urging Trump supporters to register to vote. The defacement reportedly lasted less than 30 minutes on Tuesday evening. Trump-campaign spokesperson Tim Murtaugh issued a statement saying the campaign is "working with law enforcement authorities to investigate the source of the attack. There was no exposure to sensitive data because none of it is actually stored on the site. The website has been restored."

The website during its defacement had Department of Justice and FBI logos above a typo-filled message that said:

Read 5 remaining paragraphs | Comments

Posted in Biz & IT, cryptocurrency, Policy, Trump, trump campaign, website defacement | Comments (0)

SpaceX Starlink public beta begins: It’s $99 a month plus $500 up front

October 27th, 2020
A SpaceX Starlink user terminal, also known as a satellite dish, seen against a city's skyline.

Enlarge / A SpaceX Starlink user terminal/satellite dish. (credit: SpaceX)

SpaceX has begun sending email invitations to Starlink's public beta and will charge beta users $99 per month plus a one-time fee of $499 for the user terminal, mounting tripod, and router. The emails are being sent to people who previously registered interest in the service on the Starlink website. One person in Washington state who got the email posted it on Reddit. Another person who lives in Wisconsin got the Starlink public-beta invitation and passed the details along to Ars via email.

SpaceX is calling it the "Better Than Nothing" beta, perhaps partly because the Starlink satellite service will be most useful to people who cannot get cable or fiber broadband. But the email also says, "As you can tell from the title, we are trying to lower your initial expectations."

The rest of the email reads as follows:

Read 7 remaining paragraphs | Comments

Posted in Biz & IT, satellite broadband, spacex, starlink | Comments (0)

Study shows which messengers leak your data, drain your battery, and more

October 26th, 2020
Stock photo of man using smartphone.

Enlarge (credit: Getty Images)

Link previews are a ubiquitous feature found in just about every chat and messaging app, and with good reason. They make online conversations easier by providing images and text associated with the file that’s being linked.

Unfortunately, they can also leak our sensitive data, consume our limited bandwidth, drain our batteries, and, in one case, expose links in chats that are supposed to be end-to-end encrypted. Among the worst offenders, according to research published on Monday, were messengers from Facebook, Instagram, LinkedIn, and Line. More about that shortly. First a brief discussion of previews.

When a sender includes a link in a message, the app will display the conversation along with text (usually a headline) and images that accompany the link. It usually looks something like this:

Read 9 remaining paragraphs | Comments

Posted in Biz & IT, Facebook, Instagram, instant message, Messenger, Policy, Privacy, security | Comments (0)

SpaceX Starlink to go South for first time with planned deployment in Texas

October 26th, 2020
Starlink logo imposed on stylized image of the Earth.

Enlarge / Starlink logo imposed on stylized image of the Earth. (credit: Starlink)

SpaceX has agreed to provide Internet service to 45 families in a Texas school district in early 2021 and to an additional 90 families later on, the school district announced last week. The announcement by Ector County Independent School District (ECISD) in Odessa said it will be the "first school district to utilize SpaceX satellites to provide Internet for students."

"The project will initially provide free Internet service to 45 families in the Pleasant Farms area of south Ector County," the district said. "As the network capabilities continue to grow, it will expand to serve an additional 90 Ector County families."

The Texas location is notable because the ongoing, limited Starlink beta exists only in the northern US, and SpaceX CEO Elon Musk has said an upcoming public beta will only be for the northern US and "hopefully" southern Canada. SpaceX has over 700 Starlink satellites in orbit, and will be able to expand the service area as it deploys more of the nearly 12,000 it has been authorized to launch. In Washington state, Starlink has been deployed to rural homes, a remote tribe, and emergency responders and families in wildfire-stricken areas.

Read 10 remaining paragraphs | Comments

Posted in Biz & IT, satellite broadband, spacex, starlink | Comments (0)

Hackers behind life-threatening attack on chemical maker are sanctioned

October 23rd, 2020
Oil and gas industry and sunrise at a refinery in Fujian

Enlarge / Oil and gas industry and sunrise at a refinery in Fujian (credit: Getty Images)

Russian state nationals accused of wielding life-threatening malware specifically designed to tamper with critical safety mechanisms at a petrochemical plant are now under sanction by the US Treasury Department.

The attack drew considerable concern because it’s the first known time hackers have used malware designed to cause death or injury, a prospect that may have actually happened had it not been for a lucky series of events. The hackers—who have been linked to a Moscow-based research lab owned by the Russian government—have also targeted a second facility and been caught scanning US power grids.

Now the Treasury Department is sanctioning the group, which is known as the State Research Center of the Russian Federation FGUP Central Scientific Research Institute of Chemistry and Mechanics or its Russian abbreviation TsNIIKhM. Under a provision in the Countering America’s Adversaries Through Sanctions Act, or CAATSA, the US is designating the center for “knowingly engaging in significant activities undermining cybersecurity against any person, including a democratic institution, or government on behalf of the Government of the Russian Federation.”

Read 8 remaining paragraphs | Comments

Posted in Biz & IT, Policy | Comments (0)