The leaked data included names, usernames, email addresses, follower counts and creation dates
Daily Archives: January 5, 2023
CVE-2014-125041
A vulnerability classified as critical was found in Miccighel PR-CWT. This vulnerability affects unknown code. The manipulation leads to sql injection. The name of the patch is e412127d07004668e5a213932c94807d87067a1f. It is recommended to apply a patch to fix this issue. VDB-217486 is the identifier assigned to this vulnerability.
CVE-2014-125040
A vulnerability was found in stevejagodzinski DevNewsAggregator. It has been rated as critical. Affected by this issue is the function getByName of the file php/data_access/RemoteHtmlContentDataAccess.php. The manipulation of the argument name leads to sql injection. The name of the patch is b9de907e7a8c9ca9d75295da675e58c5bf06b172. It is recommended to apply a patch to fix this issue. The identifier of this vulnerability is VDB-217484.
USN-5782-2: Firefox regressions
USN-5782-1 fixed vulnerabilities in Firefox. The update introduced
several minor regressions. This update fixes the problem.
We apologize for the inconvenience.
Original advisory details:
It was discovered that Firefox was using an out-of-date libusrsctp library.
An attacker could possibly use this library to perform a reentrancy issue
on Firefox. (CVE-2022-46871)
Nika Layzell discovered that Firefox was not performing a check on paste
received from cross-processes. An attacker could potentially exploit this
to obtain sensitive information. (CVE-2022-46872)
Pete Freitag discovered that Firefox did not implement the unsafe-hashes
CSP directive. An attacker who was able to inject markup into a page
otherwise protected by a Content Security Policy may have been able to
inject an executable script. (CVE-2022-46873)
Matthias Zoellner discovered that Firefox was not keeping the filename
ending intact when using the drag-and-drop event. An attacker could
possibly use this issue to add a file with a malicious extension, leading
to execute arbitrary code. (CVE-2022-46874)
Hafiizh discovered that Firefox was not handling fullscreen notifications
when the browser window goes into fullscreen mode. An attacker could
possibly use this issue to spoof the user and obtain sensitive information.
(CVE-2022-46877)
Multiple security issues were discovered in Firefox. If a user were
tricked into opening a specially crafted website, an attacker could
potentially exploit these to cause a denial of service, obtain sensitive
information across domains, or execute arbitrary code. (CVE-2022-46878,
CVE-2022-46879)
USN-5787-1: Libksba vulnerability
It was discovered that Libksba incorrectly handled parsing CRL signatures.
A remote attacker could use this issue to cause Libksba to crash, resulting
in a denial of service, or possibly execute arbitrary code.
USN-5786-1: GNOME Files vulnerability
It was discovered that GNOME Files incorrectly handled certain filenames.
An attacker could possibly use this issue to cause GNOME Files to crash,
leading to a denial of service.
CVE-2007-10001
A vulnerability classified as problematic has been found in web-cyradm. This affects an unknown part of the file search.php. The manipulation of the argument searchstring leads to sql injection. It is recommended to apply a patch to fix this issue. The identifier VDB-217449 was assigned to this vulnerability.
NATO tests AI’s ability to protect critical infrastructure against cyberattacks
Autonomous intelligence, artificial intelligence (AI) that can act without human intervention, can help identify critical infrastructure cyberattack patterns and network activity, and detect malware to enable enhanced decision-making about defensive responses. That’s according to the preliminary findings of an international experiment of AI’s ability to secure and defend systems, power grids and other critical assets by cyber experts at the North Atlantic Treaty Organization’s (NATO) Cyber Coalition 2022 event late last year.
The simulated experiment saw six teams of cyber defenders from NATO allies tasked with setting up computer-based systems and power grids at an imaginary military base and keeping them running during a cyberattack. If hackers interfered with system operations or the power went down for more than 10 minutes, critical systems could go offline. The differentiator was that three of the teams had access to a novel Autonomous Intelligence Cyberdefense Agent (AICA) prototype developed by the US Department of Energy’s (DOE) Argonne National Laboratory, while the other three teams did not.
The dos and don’ts of ransomware negotiations
The content of this post is solely the responsibility of the author. AT&T does not adopt or endorse any of the views, positions, or information provided by the author in this article.
Has your organization suddenly been attacked by a ransomware virus? Take a deep breath and try to remain composed. It can be easy to panic or become overwhelmed in the face of an attack, but it is vital to remain calm and focused in order to make the best decisions for your organization.
The initial actions to take in the event of a ransomware attack
Disconnect the affected devices from the network as soon as possible. This can help to prevent the ransomware from spreading to other computers or devices.
Determine what data has been affected and assess the extent of the damage.
Determine the specific type of ransomware virus that has infected your devices to understand how this malware operates and what steps you need to take to remove it.
It is important to notify all employees about the ransomware attack and instruct them not to click on any suspicious links or open any suspicious attachments.
Consider reporting the attack. This can help to increase awareness of the attack and may also help to prevent future attacks. Please note that in some regions, business owners are required by law to report an attack.
Do not rush into a decision. Take the time to carefully evaluate your options and the potential consequences of each of them before deciding whether to pay the ransom or explore other solutions.
Paying the ransom is not the only option. Consider exploring other solutions, such as restoring your data from backups. If you do not have backups, cybersecurity experts may be able to help you recover your data since many ransomware strains were decrypted and keys are publicly available.
Strategies cybercrooks employ to obtain funds from victims swiftly
Cyber extortionists use various tactics beyond just encrypting data. They also use post-exploitation blackmail methods to coerce victims into paying them. Very often, cybercriminals use several extortion tactics simultaneously. Some examples of these tactics include:
Steal and disclose
Cyber extortionists not only encrypt victims’ data but also often steal it. If the ransom is not paid, the stolen files may be made publicly available on special leak websites, which can cause severe damage to the victim’s reputation and make them more likely to give in to the attackers’ demands.
Destroy keys if a negotiation company intervenes
Some ransomware authors have threatened to delete the private keys necessary for decrypting victims’ data if they seek the help of a professional third party to negotiate on their behalf.
Launch a DDoS attack
Ransomware attackers often threaten to flood the victim’s website with a large volume of traffic in an effort to put it down and intimidate the targeted company into paying the ransom faster.
Cause printers to behave abnormally
Some hackers were able to take control of the printers and print ransom notes directly in front of partners and customers. This provides a high level of visibility for the attack, as it is difficult for people to ignore the ransom notes being printed.
Use Facebook ads for malicious purposes
Criminals have been known to use advertising to gain attention for their attacks. In one instance, ransomware developers used Facebook ads to shame their victim by highlighting the organization’s weak defenses.
Stir up anxiety among customers
Ransomware authors may send intimidating emails to the customers of major companies whose data was compromised. The emails threaten to leak the recipients’ data unless the affected organization pays the ransom. The attackers encourage the recipients to pressure the affected companies to make the payment quickly.
Do not try to handle the situation on your own
Although ransomware is a trend in the world of cyber-attacks, hackers are not always successful in obtaining the ransom. They constantly have to develop new methods to replenish their arsenal of extortion techniques.
To make life as difficult as possible for hackers, the main thing to do is not to try to act alone. There are well-established mechanisms to counter extortionists.
Do seek professional assistance from others, even if it means losing some or all of your data. There are plenty of organizations and resources that can provide professional assistance and guidance. Some potential options include:
Cybersecurity experts: These professionals can provide specialized expertise and assistance with recovering your data, as well as advice on how to prevent future attacks.
Computer emergency response teams: Many countries and regions have organizations known as CERTs that assist with responding to and recovering from cyber incidents, including ransomware attacks.
Ransomware recovery services: Some companies specialize in helping organizations recover from ransomware attacks and can provide a range of services, including data recovery, threat assessment, and ransomware negotiation.
Law enforcement: In many cases, it may be appropriate to involve law enforcement agencies. They can help with investigations, help recover data, identify and prosecute the attackers.
It is essential to carefully research and evaluate any resources or services you consider using. Seek advice from multiple sources to find the best way out.
Before negotiations
It is generally not recommended to negotiate with ransomware attackers or pay the ransom. Doing so can encourage further ransomware attacks. Paying the ransom not only supports the attackers’ criminal activity but also puts your organization at risk of being targeted again.
Keep in mind that there is no guarantee that the attackers will actually provide the decryption key – even if you do pay the ransom. Therefore, it is important to weigh the risks and potential consequences carefully before deciding to pay.
Ransomware attacks and payments are often carried out anonymously, using encrypted communication channels and cryptocurrency. Hackers usually provide an encrypted chat or email service for communication. Try to negotiate additional channels and means of communication with the adversary. Try to establish a line of communication with the attackers that involves mutual trust (as much as possible in this situation.)
If you decide to negotiate with the attackers and pay the ransom, it is important to keep a record of all communications, including any instructions for paying the ransom. This information may be helpful for law enforcement and cybersecurity experts who are investigating the attack.
Ask the attackers to demonstrate the decryption key and show that it actually works by decrypting several random files. This can help you ensure that you are dealing with the actual attackers and not a third party.
Research the attackers and their past behavior. If the attackers have been known to negotiate or provide the decryption key after receiving payment in the past, this may help to increase your confidence in the negotiation and may also give you leverage to negotiate a lower amount.
Tips for negotiating with the attackers
If you have exhausted all other options and have determined that paying the ransom is the only way to recover your data, here are a few tips for negotiating with the hackers:
The attackers may try to pressure you by threatening to destroy or leak data, but it is important not to let this influence your decision. Do not show any signs of desperation or urgency. Remain calm and composed all the time.
Do not reveal whether or not you have cyber insurance.
Do not offer to pay the entire ransom upfront. Instead, consider offering to pay a small portion of the ransom upfront, with the remainder to be paid after the decryption key has been provided and you have successfully decrypted all data.
Consider offering to pay the ransom in a cryptocurrency that you already have and is less commonly used or even less easily traced. This can make it more difficult for the attackers to convert the ransom into actual money and may make them more willing to negotiate a lower amount.
Consider offering to publicize the attack and the ransom negotiation in order to put pressure on the attackers. This can make it more difficult for the attackers to extort other victims in the future and may make them more willing to negotiate a lower ransom amount.
If the attackers have already agreed to negotiate the ransom amount and have lowered the price, you may try to push for a further reduction by continuing to negotiate and offering a lower amount. However, keep in mind that the attackers are likely to have a minimum amount that they are willing to accept, and it may not be possible to push them to lower the price further.
Be prepared to walk away from the negotiation if the attackers are unwilling to compromise or if the terms they offer are unacceptable, even if it entails losing your data.
How to prevent ransomware attacks
It is always good to focus on preventative measures to avoid falling victim to ransomware in the first place. Here are some tips in this regard:
Implement a robust cybersecurity policy that includes regular software updates and the use of security software.
Educate your employees about the risks of ransomware and how to protect against it, such as not opening attachments or clicking on links from unfamiliar sources.
Take care of backups and implement a disaster recovery plan to ensure that you can restore your data if it becomes encrypted.
Use strong, unique passwords and employ MFA where possible.
Consider purchasing cybersecurity insurance to protect your company against financial losses resulting from a ransomware attack.