CVE-2020-36521

Read Time:19 Second

An out-of-bounds read was addressed with improved input validation. This issue is fixed in iCloud for Windows 11.4, iOS 14.0 and iPadOS 14.0, watchOS 7.0, tvOS 14.0, iCloud for Windows 7.21, iTunes for Windows 12.10.9. Processing a maliciously crafted tiff file may lead to a denial-of-service or potentially disclose memory contents.

Read More

Accused Russian RSOCKS Botmaster Arrested, Requests Extradition to U.S.

Read Time:3 Minute, 35 Second

A 36-year-old Russian man recently identified by KrebsOnSecurity as the likely proprietor of the massive RSOCKS botnet has been arrested in Bulgaria at the request of U.S. authorities. At a court hearing in Bulgaria this month, the accused hacker requested and was granted extradition to the United States, reportedly telling the judge, “America is looking for me because I have enormous information and they need it.”

A copy of the passport for Denis Kloster, as posted to his Vkontakte page in 2019.

On June 22, KrebsOnSecurity published Meet the Administrators of the RSOCKS Proxy Botnet, which identified Denis Kloster, a.k.a. Denis Emelyantsev, as the apparent owner of RSOCKS, a collection of millions of hacked devices that were sold as “proxies” to cybercriminals looking for ways to route their malicious traffic through someone else’s computer.

A native of Omsk, Russia, Kloster came into focus after KrebsOnSecurity followed clues from the RSOCKS botnet master’s identity on the cybercrime forums to Kloster’s personal blog, which featured musings on the challenges of running a company that sells “security and anonymity services to customers around the world.” Kloster’s blog even included a group photo of RSOCKS employees.

“Thanks to you, we are now developing in the field of information security and anonymity!,” Kloster’s blog enthused. “We make products that are used by thousands of people around the world, and this is very cool! And this is just the beginning!!! We don’t just work together and we’re not just friends, we’re Family.”

The Bulgarian news outlet 24Chasa.bg reports that Kloster was arrested in June at a co-working space in the southwestern ski resort town of Bansko, and that the accused asked to be handed over to the American authorities.

“I have hired a lawyer there and I want you to send me as quickly as possible to clear these baseless charges,” Kloster reportedly told the Bulgarian court this week. “I am not a criminal and I will prove it in an American court.”

Launched in 2013, RSOCKS was shut down in June 2022 as part of an international investigation into the cybercrime service. The Justice Department’s June 2022 statement about that takedown cited a search warrant from the U.S. Attorney’s Office for the Southern District of California, which also was named by Bulgarian news outlets this month as the source of Kloster’s arrest warrant.

When asked about the existence of an arrest warrant or criminal charges against Kloster, a spokesperson for the Southern District said, “no comment.”

The employees who kept things running for RSOCKS, circa 2016. Notice that nobody seems to be wearing shoes.

24Chasa said the defendant’s surname is Emelyantsev and that he only recently adopted the last name Kloster, which is his mother’s maiden name.

As KrebsOnSecurity reported in June, Kloster also appears to be a major player in the Russian email spam industry. In several private exchanges cybercrime forums, the RSOCKS administrator claimed ownership of the RUSdot spam forum. RUSdot is the successor forum to Spamdot, a far more secretive and restricted forum where most of the world’s top spammers, virus writers and cybercriminals collaborated for years before the community’s implosion in 2010.

Email spam — and in particular malicious email sent via compromised computers — is still one of the biggest sources of malware infections that lead to data breaches and ransomware attacks. So it stands to reason that as administrator of Russia’s most well-known forum for spammers, the defendant in this case probably knows quite a bit about other top players in the botnet spam and malware community.

A Google-translated version of the Rusdot spam forum.

Despite maintaining his innocence, Kloster reportedly told the Bulgarian judge that he could be useful to American investigators.

“America is looking for me because I have enormous information and they need it,” Kloster told the court, according to 24Chasa. “That’s why they want me.”

The Bulgarian court agreed, and granted his extradition. Kloster’s fiancee also attended the extradition hearing, and reportedly wept in the hall outside the entire time.

Kloster turned 36 while awaiting his extradition hearing, and may soon be facing charges that carry punishments of up to 20 years in prison.

Read More

Oxford teen arrested in UK on suspicion of hacking

Read Time:17 Second

The boy, who has not been named, was arrested as part of an investigation by the National Crime Agency (NCA). He remains in police custody.

Although at the time of writing no more details have been shared, there is speculation online that the arrest is in relation to the recent hacks of Uber and Rockstar Games.

Read More

CVE-2021-45035

Read Time:13 Second

Velneo vClient on its 28.1.3 version, does not correctly check the certificate of authenticity by default. This could allow an attacker that has access to the network to perform a MITM attack in order to obtain the user´s credentials.

Read More

CVE-2021-3782

Read Time:37 Second

An internal reference count is held on the buffer pool, incremented every time a new buffer is created from the pool. The reference count is maintained as an int; on LP64 systems this can cause the reference count to overflow if the client creates a large number of wl_shm buffer objects, or if it can coerce the server to create a large number of external references to the buffer storage. With the reference count overflowing, a use-after-free can be constructed on the wl_shm_pool tracking structure, where values may be incremented or decremented; it may also be possible to construct a limited oracle to leak 4 bytes of server-side memory to the attacking client at a time.

Read More

How Often Should You Change Your Passwords?

Read Time:6 Minute, 43 Second

When it comes to passwords, most of us would love nothing more than to set it and forget it. But that’s exactly what hackers are hoping for — in fact, it makes their job a lot easier. This means the best line of defense is frequent password changes 

But how often should you create new passwords? Cybersecurity experts recommend changing your password every three months. There may even be situations where you should change your password immediately, especially if a cybercriminal has access to your account.  

This article explores those exact situations and covers some of the best password practices you can use to help safeguard these important combinations of letters and numbers.  

Situations when you should immediately change your password

While 90 days is a generous amount of time between password changes, there are some situations where you’ll want to change your password immediately. 

Your account was hacked

If you think someone has hacked your account, it’s important to act fast and change your password. Did everyone in your address book get a strange email that looks like it’s from you? Change your email password. Are your Facebook friends getting a new friend request from you? Something’s not right, so you’ll want to change your password.  

This can help limit the amount of time a cybercriminal has access to your account.  

After a data breach

If there’s a password breach at work or within a company you do business with, you’ll want to change the password for any affected accounts. If you use that password for any other websites, you’ll definitely want to change your password to those accounts. If hackers get access to your password, they may try it on multiple websites to see what else they can steal. 

You used an unsecure network

As much as possible, try to avoid logging into your secure accounts on public Wi-Fi, such as at a library or cafe. Generally, an unsecure network means your online activity is public. If you need to use an unsecure network, change your password once you’re on a secure network.  

It can also be a good idea to look into a smart VPN like McAfee Secure VPN, which automatically turns on to protect your personal data and credit card information even if you need to use public Wi-Fi.  

You discover malware

Your personal information could be at risk if malware infects your computer. If you have quality antivirus software (like what’s included in McAfee Total Protection) and it detects malware, you’ll want to change your passwords from another device.  

You remove people from the account

If you no longer have contact with someone, there’s no need for them to remain on your Netflix or Amazon account. There’s also no need for an ex to share a bank account or have mobile app access. Create new passwords when you’re no longer sharing an account with someone. 

You no longer use certain accounts

You may have an account you haven’t used in a year, such as from an online retailer. Change old passwords for seldom-used accounts and close the account if you don’t intend to use it again. 

How to create a strong password

A good password can make it more difficult for hackers to access your accounts. But what exactly makes a strong password? Here are a few criteria. 

It’s used only for one account. While it can be easy to use similar passwords for multiple accounts, hackers might be able to get into your other online accounts if they access just one.  
It’s at least 12 characters long. To make it easy to remember, use a lyric from a song or poem (for example, “andtherocketsredglare”). Or make an abbreviation from the words in a sentence (changing “the quick brown fox jumped over the lazy dog in the backyard” to “tqbfjotlditb,” for instance).  
It’s a complex password. Include at least one capital letter, one number, and one symbol. A computer can guess a password with eight letters immediately. But a 12-character password with at least one uppercase and one lowercase letter, number, and a special character would take 34,000 years to crack. Some sites allow users to create a passphrase. That’s a string of words that can be up to 100 characters long. 
It’s hard to guess. Don’t use information that people who know you or look at your social media can guess. Avoid personal information like your nickname or initials, birthday, address or street name, or a child or pet’s name. 
It doesn’t use common words like “password” or “qwerty.” You’d be surprised how many people use “password123” or “123456” as a password. A cybercriminal would not. 

What are the most common ways passwords get hacked?

A cybercriminal may use a variety of strategies to access your passwords. Here are some of their most common tactics. 

Guesswork: This is why password security requires unique passwords that don’t include personal information. 
Buying passwords on the dark web: Search engines don’t index the dark web. A lot of dark web activity isn’t traceable, including the sale of passwords.  
Phishing: This is when a hacker sends an email that appears to be from a trusted source to trick the recipient into typing in their password. 
Malware: Cybercriminals may infect a device with malicious software that allows them to access personal data, including passwords. 
Shoulder surfing: This could happen in a coffee shop or office if you leave sticky notes showing your passwords on your desk. 
Spidering: These are bots that search the web looking for personal data. 
Brute force attack: A bot systematically tries thousands of passwords hoping to find the correct one. 

How can you keep your online passwords secure?

When it comes to keeping your data secure, password complexity is just the beginning. Here are a few additional tips for keeping your passwords safe. 

Do a password audit

Review the passwords for all of your accounts. Make sure you’re not using any for multiple websites. See if your passwords are guessable. Do they include personal information like birthdays or addresses? If you find passwords that are weak or repeated, change those first. 

Use multi-factor authentication

Set up multi-factor authentication for important accounts, such as with financial institutions. Logging into a website with two-factor authentication requires you to enter a code sent by text or email in addition to a username and password.  

Some accounts require multi-factor authentication with biometric factors for added security, such as a thumbprint or face scan. Using multi-factor authentication with long, complicated passwords can make an account more secure. 

Use a password manager

A password manager like McAfee True Key can help prevent unauthorized access to your online accounts by protecting your passwords with strong encryption. It also comes with a password generator to help you create complex passwords while storing them safely.  

If you have old or weak passwords or use them on multiple sites, a password manager can generate new ones. It’ll then keep track of them and sign you in to apps and websites — with you only having to remember one master password 

See how McAfee True Key makes managing passwords easy and secure

Let McAfee True Key help you defend your personal data. The password management software makes dealing with passwords secure and easy.  

McAfee True Key stores your passwords on your device using the strongest encryption available. Once you use a master password to log into True Key, it’ll auto-fill your passwords for any apps or websites you visit. For added convenience, True Key securely syncs your information across all of your devices so you can access it wherever you need it.  

While McAfee manages your secure passwords, you can continue enjoying the internet the way it was intended — free from hackers.  

The post How Often Should You Change Your Passwords? appeared first on McAfee Blog.

Read More