The work from home hackers from Team Fluoroacetate certainly succeeded, winning the Master of Pwn title once again, along with that $130,000 bounty. While the full details of how they exploited Windows 10 and Adobe Reader will not be made public for 90 days to allow the vendors to produce security patches, I can tell you what they did in broad terms.
Two attacks against Windows 10 itself, leveraging two different UAF vulnerabilities, the master hackers managed to escalate permissions to SYSTEM on both occasions, winning another $40,000 (£34,000) for each.
In case you are keeping track:
Coronavirus Sets the Stage for Hacking Mayhem | WIRED
More people than ever are working from home , often with fewer security defenses on their home networks than they would have in the office. Even in critical infrastructure and other high-sensitivity environments where it would be impossible to securely work from home , skeleton crews at the office and general distraction can create windows of vulnerability. And in times of stress or distraction, people are more likely to fall for malicious scams and tricks.
And then there are the nation state hackers, who know full well that home networks simply aren't as secure as those in offices. Remote connections in particular make it more difficult, if not impossible, for most threat detection tools to differentiate legitimate work from something suspicious.
Hackers hit NutriBullet website with credit card-stealing malware – TechCrunch
According to new research by security firm RiskIQ, hackers broke into the blender maker’s website several times over the past two months, injected malicious credit card-skimming malware on its payment pages and siphoned off the credit card numbers and other personal data — like names, billing addresses, expiry dates and card verification values — of unsuspecting blender buyers.
The data was scraped and sent to a third-party server operated by the attackers. The stolen credit card data is then sold to buyers on dark web marketplaces.
Putin's Secret Intelligence Agency Hacked: Dangerous New 'Cyber Weapons' Now Exposed
" Why is our own government spying on us through the IoT?" the hackers ask on Twitter. "In fact, spies on the whole world. How do they do it?" In an earlier tweet, they say "we can prove Kremlin henchmen crack our computers and spy on us."
The intent of the program is not to access the owners of those devices, but rather to herd them together into a botnet that can be used to attack much larger targets—think major U.S. and European internet platforms, or the infrastructure within entire countries, such as those bordering Russia.
Not to change the topic here:
As coronavirus crisis worsens, hacking is increasing, security experts say - CNET
You can also help prevent malware from damaging your devices by keeping your software updated at all times. That helps patch up known vulnerabilities that hackers often try to exploit.
"They're going to come out in droves," Velazquez said of scammers, "because they see an opportunity."
How at avoid internet hackers and scammers when working from home.
As COVID-19 takes the world by storm, employers and institutions are urging their workers to stay home. Social distance has proven to reduce the number of infections. In the era of Slack, FaceTime, and G-Suite, telecommuting is a viable alternative.
The pandemic won't stop online crime. Hackers, thieves, and scammers are still out in full force. Large organizations routinely train their team members in cybersecurity tactics, and company laptops and software may have built-in firewalls, VPNs, and two-factor authentication. At home, you may end up being the IT department so, be on top of your game.
More teleworking means more hackers, how to protect yourself
BIRMINGHAM, Ala. (WBRC) - With more people working from home because of the coronavirus, experts say it can be a hacker's dream. Cybersecurity experts say hackers are working harder than ever to get your information and your company's information.
They know many companies had to move quickly to make the transition to teleworking for employees, so most didn't have time to make sure all security measures were in place. They also know many people are using their personal computers to log into their company's network and most personal devices don't have enhanced security measures.
Hackers breach FSB contractor and leak details about IoT hacking project | ZDNet
Today's security threats have expanded in scope and seriousness. There can now be millions -- or even billions -- of dollars at risk when information security isn't handled properly.
Russian hacker group Digital Revolution claims to have breached a contractor for the FSB -- Russia's national intelligence service -- and discovered details about a project intended for hacking Internet of Things (IoT) devices.
The group published this week 12 technical documents, diagrams, and code fragments for a project called "Fronton."
Happening on Twitter
[BREAKING] Coronavirus: Work from home, Fayemi tells Ekiti civil servants https://t.co/WeuobEVYHs MobilePunch (from Lagos, Nigeria) Fri Mar 20 17:57:26 +0000 2020
BREAKING: I just signed legislation prohibiting ANY employer from terminating an employee who has/may have #COVID19… https://t.co/o2jeOwHyXl GovMurphy (from New Jersey, USA) Sat Mar 21 00:11:39 +0000 2020
Things that happen when you work from home with pets ❤️ https://t.co/faOQQCgDPm dodo (from New York, NY) Fri Mar 20 19:30:00 +0000 2020
No comments:
Post a Comment