Category : cybersecurity

Hotfix applied to XG Firewall v17.5 for Exim vulnerability

Screen Shot 2019-06-14 at 12.56.45 PM

Some of you may be aware that security researchers recently discovered a security vulnerability in a popular email server, Exim. Exim is used by XG Firewall v17.5, specifically if a customer has enabled Email Protection. There is no need to worry, Sophos has you covered.
On Friday 7 June 2019, Sophos released and automatically applied an over the air hotfix to all XG Firewalls with auto-updates enabled to address this issue. If your XG Firewall does not have auto-updates enabled, please review KB134199 and contact Sophos Support.

Exim mail servers patching: https://nakedsecurity.sophos.com/2019/06/07/action-required-exim-mail-servers-need-urgent-patching

US Government Bitcoin Ransomware Attack

5224

More than 20 municipalities in the US have been hit by ransomware attacks this year alone, the software has grown rapidly by an internet worm that spreads copies of itself by hacking into other computers on a network. These attacks can be expensive, costing not only the company, but the public time.  Especially if those targeted say they won’t pay. In 2018 hackers demanded the City of Atlanta to pay about $50,000 in bitcoin in ransomware, the city refused and the attack actually ended up costing the city about $17 million to fix the damages. These ransomware attacks have not only recently been in Atlanta but other local governments across the US demonstrate that as these attacks spread more common targets will include schools and hospitals. Can you imagine not being able to graduate or not being able to have your MRI results because all your patient files are being held by these attackers? That’s exactly what happened in Baltimore, May 7th 2019 hackers targeted and digitally seized 10,000 government computers and are demanding around $100,000 in Bitcoins to free them back up. Not only are government employees locked out and are un able to have access to their computers, files and emails, the cities public residents are effected. Services that are utilized for paying water bills are not able to be accessed, paying parking tickets, or property tax payments. Last year Baltimore’s 911 Operating System was down for about a day from a separate ransomware attack.
“Ransomware” attack, where hackers deploy malicious software to block access to or take over a computer system. The basic idea behind ransomware is simple: A criminal hacks into your computer, scrambles your files with unbreakable encryption, and then demands that you pay for the encryption key needed to unscramble the files until it forces the owner of that system to pay a ransom to get their own files back. If you have files that are very important on your computer, you might be willing to pay a lot or succumb to the demands to avoid losing them. The most effective way you can protect your computer from these ransomware attacks is to do regular backups, the malware can only encrypt and delete files that are on your computer. If you are implementing a regular backup of your files, either to an external hard drive or using an online service  and your computer is targeted then you can wipe your infected computer clean. Once clean simply reinstall its software and then restore your files from the backup copy you have. The unfortunate difficulty is most people don’t keep adequate and routine backups so they are more likely to be impacted by these attacks so negatively.
5151

Significant Security Flaws

Big name companies have made public this week some major security flaws in their devices. While it is not uncommon for companies to disclose information on potential vulnerabilities, this week the sheer number growing rapidly seems shocking.

Microsoft is trying to prevent the outbreak of a computer system bug. A serious flaw in Windows 7, Windows XP, and Windows Server 2003 and 2008 systems. Which can be exploited to create malware that is capable of automatically spreading from one vulnerable machine to another. Microsoft is urging those running older Windows systems to patch their machines. However, Windows 8 and Windows 10 are immune from the threat.

Intel found a susceptibility in every chip manufactured since 2011, which using 4 different bugs would steal data from victims processor. Cisco’s 1001-X router can be compromised using 2 different bugs, which would gain access to the router, then to administrative privileges on the device. This poses some wide range implications with just how marketed both commercial and residential Cisco products are.  WhatsApp, an encrypted messenger service owned by Facebook has its own vulnerabilities by hackers implanting spyware onto a victims phone via Voice Call (even without you answering the call).

Luckily, these companies let it be known that they will be releasing patches, or make sure you download the latest version for your peace of mind.

Dangerous USB Cable – Hacker Tool

Screen Shot 2019-02-24 at 11.50.44 AM

Some hackers are getting creative in getting into people’s system by leveraging USB cables that have a Wifi Card in them which hallway the hacker the ability to access remotely and be in your local system.  Once in the hacker can browse the network and servers at their leisure to capture any intellectual property without anyone knowing.  The only left over signature would be the local device the USB cable is plugged into.  It’s important to be mindful of the USB devices your are leveraging in your business community to ensure a better degree of security.  There are also system tools that can be installed on all systems to notify your local admin when a device of this nature is within the network.

 

Screen Shot 2019-02-24 at 11.35.50 AM

Law enforcement has dismantled the Andromeda malware family

[caption id="attachment_6822" align="alignnone" width="347"]This malware family refers to variants consisting of backdoors that are tied to the ANDROMEDA botnet. The botnet was first spotted in late 2011. This malware family refers to variants consisting of backdoors that are tied to the ANDROMEDA botnet. The botnet was first spotted in late 2011.[/caption]

Law enforcement has dismantled the Andromeda malware family, which has been infecting computers since 2011. With the help of partners—including the FBI, Microsoft, and others—Europol intercepted the internet traffic between Andromeda-infected computers and the command servers to which the malware was communicating. All that traffic was then “sinkholed” and redirected to servers under the investigators’ control, giving law enforcement a detailed view of the malware’s activities. “According to Microsoft, during 48 hours of sinkholing, approximately 2 million unique Andromeda victim IP addresses from 223 countries were captured,” Europol said.

Andromeda infections happened through attachments from spam email campaigns, tainted downloads from bootleg media websites, and through exploit kits running over hacked websites, according to security firm Avast. Once a computer was infected, Andromeda also acted as a keylogger or a form grabber to steal user IDs and passwords. In addition, it could remotely take control over a PC.

“Andromeda was also sometimes used to download up to 80 other malware families onto infected victim computers,” according to The Shadowserver Foundation, a group of security experts that also helped dismantle the Andromeda botnet.

The main targets of the malware include North America, Asia, and Romania, among others.

Security firm ESET has a free tool that anyone can use to check if they have Andromeda (also known as Wauchos) secretly running on their computer. Systems found infected with Andromeda tend to contain other malware, according to security researchers.

ESET also noted that Andromeda was sold to cyber criminals in underground internet forums. “There is always a possibility that someone will reuse the Andromeda kit to build a new botnet,” the company said in an email.

_______________________________________________________________________

For the original content, please visit:

Andromeda Botnet Shut Down

McAfee to buy Campbell cybersecurity company last valued at about $400M

security

 

Today McAfee announced that it has agreed to acquire Skyhigh Networks Inc., however, the amount has not yet been disclosed for the cybersecurity business.

Campbell-based Skyhigh had raised more than $106 million in venture funding and was valued at about $400 million after its last round in 2016, according to PitchBook Data. Its investors include Thomvest Ventures, Sequoia Capital, Greylock Partners and Salesforce Ventures.

The move came about roughly eight months after McAfee was spun out of Intel Corp. Intel got $3.1 billion but kept a 49 percent stake in the new company.

“Skyhigh Networks had the foresight five years ago to realize that cybersecurity for cloud environments could not be an impediment to, or afterthought of, cloud adoption,” Young said in the deal’s announcement. “They pioneered an entirely new product category called cloud access security broker (CASB) that analysts describe as one of the fastest growing areas of information security investments of the last five years – where Skyhigh continues to innovate and lead.”

Gupta said of the deal: “McAfee will provide global scale to further accelerate Skyhigh’s growth, with the combined company providing leading technologies and solutions across cloud and endpoint security – categories Skyhigh and McAfee respectively helped create, and the two architectural control points for enterprise security.”

___________________________________________________________________________________

For the original content, please visit: https://www.bizjournals.com/sanjose/news/2017/11/27/mcafee-to-buy-skyhigh-networks.html?ana=e_me_set1&s=newsletter&ed=2017-11-27&u=J%2BnMUGqJ76RaytOwAEIZRA05b0c11e&t=1511810588&j=79241841