Backdoor.Win32.Augudor.b / Remote File Write Code Execution

Read Time:21 Second

Posted by malvuln on Sep 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/94ccd337cbdd4efbbcc0a6c888abb87d.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Augudor.b
Vulnerability: Remote File Write Code Execution
Description: The malware drops an empty file named “zy.exe” and listens on
TCP port 810. Third-party adversaries who can reach the infected host can…

Read More

Backdoor.Win32.Psychward.b / Weak Hardcoded Credentials

Read Time:19 Second

Posted by malvuln on Sep 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/0b8cf90ab9820cb3fcb7f1d1b45e4e57.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Psychward.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware listens on TCP port 8888 and requires
authentication. However, the password “4174” is weak and hardcoded in
cleartext within the PE…

Read More

Backdoor.Win32.Bingle.b / Weak Hardcoded Credentials

Read Time:20 Second

Posted by malvuln on Sep 27

Discovery / credits: Malvuln (John Page aka hyp3rlinx) (c) 2022
Original source:
https://malvuln.com/advisory/eacaa12336f50f1c395663fba92a4d32.txt
Contact: malvuln13 () gmail com
Media: twitter.com/malvuln

Threat: Backdoor.Win32.Bingle.b
Vulnerability: Weak Hardcoded Credentials
Description: The malware is packed using ASPack 2.11, listens on TCP port
22 and requires authentication. However, the password “let me in” is weak
and…

Read More

SEC Consult SA-20220923-0 :: Multiple Memory Corruption Vulnerabilities in COVESA (Connected Vehicle Systems Alliance) DLT daemon

Read Time:16 Second

Posted by SEC Consult Vulnerability Lab, Research via Fulldisclosure on Sep 27

SEC Consult Vulnerability Lab Security Advisory < 20220923-0 >
=======================================================================
title: Multiple Memory Corruption Vulnerabilities
product: COVESA DLT daemon (Diagnostic Log and Trace)
Connected Vehicle Systems Alliance (COVESA), formerly GENIVI
vulnerable version: <= 2.18.8
fixed version: current master branch commit…

Read More

New Report on IoT Security

Read Time:1 Minute, 28 Second

The Atlantic Council has published a report on securing the Internet of Things: “Security in the Billions: Toward a Multinational Strategy to Better Secure the IoT Ecosystem.” The report examines the regulatory approaches taken by four countries—the US, the UK, Australia, and Singapore—to secure home, medical, and networking/telecommunications devices. The report recommends that regulators should 1) enforce minimum security standards for manufacturers of IoT devices, 2) incentivize higher levels of security through public contracting, and 3) try to align IoT standards internationally (for example, international guidance on handling connected devices that stop receiving security updates).

This report looks to existing security initiatives as much as possible—both to leverage existing work and to avoid counterproductively suggesting an entirely new approach to IoT security—while recommending changes and introducing more cohesion and coordination to regulatory approaches to IoT cybersecurity. It walks through the current state of risk in the ecosystem, analyzes challenges with the current policy model, and describes a synthesized IoT security framework. The report then lays out nine recommendations for government and industry actors to enhance IoT security, broken into three recommendation sets: setting a baseline of minimally acceptable security (or “Tier 1”), incentivizing above the baseline (or “Tier 2” and above), and pursuing international alignment on standards and implementation across the entire IoT product lifecycle (from design to sunsetting). It also includes implementation guidance for the United States, Australia, UK, and Singapore, providing a clearer roadmap for countries to operationalize the recommendations in their specific jurisdictions—and push towards a stronger, more cohesive multinational approach to securing the IoT worldwide.

Note: One of the authors of this report was a student of mine at Harvard Kennedy School, and did this work with the Atlantic Council under my supervision.

Read More

All-New Ransomware Coverage Opens Up the Path to Recovery

Read Time:5 Minute, 41 Second

Our all-new ransomware coverage is now available, ready to help just in case—all backed by expert advice to help you find the quickest and best possible path to recovery. 

Ransomware coverage from McAfee can reimburse you up to $25,0000 for losses resulting from a ransomware threat, including financial losses and ransom fees. You’ll find this ransomware coverage included with our McAfee+ Ultimate plan. 

As well as eligibility for ransomware reimbursement, our team of experts can help you: 

Determine the severity of a ransomware attack. 
Learn what immediate action steps you can take. 
Determine if a ransom should be paid or if alternative options exist. 
Facilitate the ransom payment when, and if, necessary. 

However, it’s important to realize that ransomware is unlike any other attack. When ransomware locks someone out of their device or encrypts their data and files so they can’t use them, a demand is usually made for money. Sometimes, paying the ransom results in the device being made accessible again or the files being decrypted. Yet like any ransom case, this result is not always guaranteed. There are plenty of cases where people pay the ransom but never get their data or access to their devices back. 

Again, our coverage includes guidance from our expert advisers to help walk you through your options should the worst happen to you. You won’t be in it alone—particularly as you look to recover from what can be a complicated attack. 

What is ransomware? 

As the name implies, ransomware is a type of malware that holds your device or information for ransom. It may lock your computer or smartphone entirely or it may you out of your files by encrypting them so that you can’t access them. Whether it’s a hacker or a cybercrime organization behind the attack, the bad actor involved holds the key to unlock those files—and promises to do so. For a price. And as mentioned above, sometimes that doesn’t happen, even if you pay. 

Ransomware can infect your devices several different ways: 

Malware sites, where bad actors direct you to the site with the aim of having you download the malware package or by uploading it to you through your browser without your knowledge. 
Phishing attacks, whether via an email, direct message, text, or any other form of electronic message, bad actors will embed either links or attachments that can lead to ransomware ending up on your device. 
Network or device compromise, which may include a bad actor taking advantage of a security loophole or simply accessing the network or device with a stolen or hacked password. 

A brief history of ransomware 

Ransomware has seen quite the evolution over the years. Its origins date back to the late 1980s, where malware-loaded floppy disks were sent to users who installed them under false pretenses. There the malware would lie in wait until the user rebooted their computer for the 90th time and presented with a digital ransom note. 

Early example of ransomware – Source, Wikipedia

From there, ransomware attacks on individuals became more sophisticated, and more lucrative, with the advent of the internet and the millions of everyday users who flocked to it. Using phishing emails, malware downloads from phony sites, and compromised software and networks, hackers rapidly expanded their ransomware reach.  

However, yet more lucrative for hackers and organized cybercriminals were public and private organizations. Shifting their attacks to so-called “big game” targets, hackers and organized cybercriminals have used ransomware to extort money from hospitals, city governments, financial institutions, and key energy infrastructure companies, to name just a few. Seeing further opportunity, ransomware attackers then began targeting smaller and mid-sized businesses as well. While the ransom demands account for lower amounts, these organizations often lack dedicated cybersecurity teams and the protections that come along with them, making these organizations easier to victimize. 

Meanwhile, the body of malicious code and attack packages used to launch ransomware attacks has only grown. As a result, small-time hackers and hacking groups can find the tools they need to conduct an attack for sale or for lease as a service (Ransomware as a Service, or RaaS). In effect, these bad actors can simply access a dark web marketplace and figuratively pull a ready-to-deploy attack off the shelf. 

As a result, ransomware remains a concern for individuals, even as businesses and governmental bodies of all sizes deal with its threat. 

Protecting yourself from ransomware attacks 

What makes ransomware so damaging is just how much effort it can take to undo. Setting aside the sophisticated attacks on businesses and governments for a moment, even those “off-the-shelf” attacks that some hackers will launch against individuals go beyond the average user’s ability to undo. For example, there are some known attacks with known methods of decrypting the data, however, that requires knowing specifically which attack was used. Attempting to undo the encryption with the wrong solution can potentially encrypt that data even more. 

So without question, the best defense against ransomware is prevention. Comprehensive online protection software gives you the tools you need to help avoid becoming a ransomware victim. A few include: 

Safe surfing features that steer you clear of malicious downloads, attachments, and websites. 
Strong antivirus that detects and neutralizes the latest malware threats with the latest virus definitions. 
Vulnerability scanners that help keep your device and its apps up to date with the latest security measures.   
A firewall that helps prevent intruders from accessing the devices on your home network—and the files on them. 

Moreover, you can protect yourself further by backing up your files and data. A cloud storage solution,121cwdv 1765ujb n4yh that’s secured with a strong and unique password, offers one path. Likewise, you can back up your files on an external disk or drive, making sure to keep it disconnected from your network and stored in a safe place. 

Also as mentioned in the bullets above, keep your operating system and apps current with the latest updates. Beyond making improvements in your operating system and apps, updates often also address security issues that hackers often use to compromise devices and apps. 

Lastly, stay alert. Keep an eye out for sketchy links, attachments, websites, and messages. Bad actors will pull all kinds of phishing tricks to lure you their way, places where they try to compromise you, your devices, and data. 

Taken together, the combination of online protection software and a few preventative steps can greatly reduce the chance that you’ll fall victim to ransomware. From there, you also have the assurance of our ransomware coverage, ready to get on the path to recovery, just in case. 

The post All-New Ransomware Coverage Opens Up the Path to Recovery appeared first on McAfee Blog.

Read More

Centralized Privacy Center: The key to meeting data privacy obligations

Read Time:5 Minute, 3 Second

This blog was written by an independent guest blogger.

Website owners generally have privacy policies and terms of service since they are necessary for compliance and ensuring website visitors get a personalized experience. As digital needs transform and data privacy laws evolve in nature, website owners that collect data are required to have a Privacy Center.

Hundreds of millions of users share their personal information on websites, enabling websites to effectively interact with their users, innovate and grow their business. Businesses must ensure that websites maintain their customers’ trust in handling their data, which gives shape to functions like a Privacy Center.

What is a Privacy Center?

From a user perspective, a Privacy Center makes it simple for users to maintain control over their personal information that has been shared with a website. For a business, a Privacy Center provides all the information users require about privacy policies, cookie policies, data subject access requests, do not track or sell, and much more in one accessible spot.

Data privacy laws such as the European Union’s General Data Protection Regulations (GDPR) and the United States’ California Privacy Rights Act (CPRA)/California Consumer Privacy Act (CCPA) impose strict obligations on businesses regarding data processing activities, the usage of privacy policies, and transparent privacy practices.

Consequently, businesses are increasingly coming to terms with the significance of Privacy Centers and how they can improve their compliance processes to avoid non-compliance penalties and make it easy to publish or update relevant policies from a single platform.

What does a Privacy Center address?

Data privacy laws regulate how companies manage users’ personal data, and users’ awareness of their digital rights only escalates the need for a privacy center to address the following main concerns:

What private information of a user can a business access?
How does the business handle personal data of users?
What is the purpose of collecting this personal data?
Does the business sell or share the personal data with third parties?
How long does a company retain the personal data of users?
Is there an option of opt-out or unsubscribing from receiving personalized services?

Businesses can efficiently address these issues and others from a single platform on their website, such as Securiti’s Privacy Center. The tool is designed to address:

Privacy Policy
Terms of Service
Cookie Policy
Consent & Third Party
Data Subject Requests
Do Not Sell or Track

When and why should a business have a Privacy Center?

A Privacy Center, instead of separate policies for cookies, privacy policies, and others, is a user-friendly approach to disclosing data collection and processing activities.

 Large volumes of data collected

If a business collects troves of data, a Privacy Center will enable the business to be transparent regarding data collection, processing, and sharing activities without overwhelming users. Looking for a single piece of information through a lengthy Privacy Policy page can be confusing and nerve-racking.

A Privacy Center is an ideal platform for revealing various information in an understandable format. It is also simple for a user to locate relevant information without sifting through mountains of text.

 Sensitive data collection

A Privacy Center can make it simple for businesses to communicate their policies regarding managing sensitive data, primarily if they deal with financial or medical records.

Significance of a Privacy Center for businesses

 Privacy Notice

Businesses can make transparency simple with a Privacy Center by doing some easy and quick steps:

Embedding the Privacy Notice link to the Privacy Center page.
Regularly updating privacy notifications.
Issuing the date and time of the latest update.
Make use of a global template of Privacy Policies (GDPR, CCPA, LGPD, etc.).
Issue dynamic updates to the privacy notice.

By doing so, businesses can significantly minimize privacy issues and efficiently address users of how a business gathers, uses, discloses, and manages their data.

 Cookie & third-party consent

When third-party tracking technologies are used on a website, a business can inform its visitors about them and provide them the option to opt-in or opt-out in a way that complies with local laws in the country from where the user is visiting the website.

The tool that you choose should be able to scan a website, streamline and automate the privacy function by detecting and tracking all the tracking cookies on a website and categorizing them.

 First party consent management

Customers can choose to provide or withdraw consent for using their personal information for marketing and other reasons. Businesses should be able to provide opt-in and opt-out options and organize consent collection and revocation when retaining users’ data from any collection points.

 Data subject requests

Give customers a user-friendly way to exercise their right to privacy and take control of their data by programmatically handling data subject requests for data access, erasure, or correction. Additionally, businesses can automate identity verification and use built-in regulatory guidance to stay ahead of evolving regulatory requirements.

 Do Not Sell

Companies are required by some state laws to prominently display a link that says, “Do Not Sell My Personal Information,” along with instructions on how customers can choose not to have their data sold or opt-out. Businesses can detect and honor Do Not Sell requests with the help of an intuitive Privacy Center.

 Do Not Track

A robust Privacy Center enables businesses to use the Do Not Track and respect the consumer’s right to opt-out directly from the browser. This is a positive step as it supports the industry’s evolving compliance framework and builds consumer trust. If you wish to stay anonymous, you can use a VPN or proxy server.

Conclusion

It’s crucial to understand the evolving privacy risks businesses face, such as cyber threats, cyberattacks, and data breaches, and how their policies and programs might reduce them.

As data quantities keep increasing, regulatory requirements become even more strict, and customer scrutiny grows, businesses must utilize tools such as the Privacy Center to steer clear of non-compliance penalties, address user concerns effectively and stay ahead of the competition.

Read More

What are the new Windows 11 22H2 security features?

Read Time:42 Second

Windows 11 2022 (22H2 release) is now out, and Microsoft has once again placed a heavy emphasis on security. The good news for this release is that even Windows Home versions can receive some of the key security features with no additional Windows or Microsoft 365 licensing. Review the Windows 11 22H2 security baseline documents and begin to test these features.

Windows 11 release cadence

First, a reminder: With Windows 11 feature releases now only come out once a year. Major security changes occurred in the first release of Windows 11 (21H2) as well as this release of 22H2. Between each major feature release will be small incremental changes called “moment” releases. For example, expected future moment updates will be features such as tabs and a new sidebar to File Explorer.

To read this article in full, please click here

Read More