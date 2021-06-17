Proprietary Software Leftovers
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
At 4:30 p.m. UTC, all within the same second, the compromised servers woke up and ran a command script that disabled a variety of security controls and sent malicious payloads to every system managed by those servers, according to an analysis conducted by Huntress Labs. While security firms are still sifting through the data, reverse engineering has revealed that the attack — from the first packets exploiting dozens of VSA servers, to the deployment of ransomware on the endpoints of hundreds to thousands of MSP customers — took less than two hours.
The speed of automation gave managed service providers and their customers only a very narrow window in which to detect attacks and block them, says John Hammond, a senior threat researcher for Huntress Labs. Companies would have to run frequent monitoring and alerts to have caught the changes, he says.
"Unfortunately, this form of hyperactive logging and detection is rare — managed service providers often don't have the resources, let alone the personnel to frequently monitor massive components of their software and stack," Hammond says. "With that said, the efficacy and potential for human-powered threat hunters is never something to be left out of the equation."
The quick turnaround of the attack underscores the compressed timeline for defenders to respond to automated attacks. The REvil group and its affiliates, who are thought responsible for the attack, scanned for Internet-connected VSA servers and, when found, sent the initial exploit, which chained three vulnerabilities.
Ransomware attack hits Swiss consumer outlet Comparis
Swiss online consumer outlet Comparis has filed a criminal complaint over a ransomware attack on Wednesday that blocked some of its information technology systems, it said on Friday.
Microsoft Office Users Warned on New Malware-Protection Bypass
Word and Excel documents are enlisted to disable Office macro warnings, so the Zloader banking malware can be downloaded onto systems without security tools flagging it.
Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details
Few people, if any, seem to grasp the breadth and cost of the scourge, as there are no legal requirements for victims to disclose when they pay hackers to unlock their network. That, combined with the suspicious that most victims don’t, report their digital extortion payments, makes it harder for law enforcement and security firms to combat attacks, or even understand how to fight them.
That’s the impetus behind a project that Stanford University student and security researcher Jack Cable launched on Thursday, dubbed “Ransomwhere,” a plan to track payments to bitcoin addresses associated with known ransomware gangs.
Hancitor tries XLL as initial malware file
XLL files are Excel add-in files. They're DLL files specifically designed to be run by Microsoft Excel. Think of an XLL file as an "Excel DLL."
DoD ends $10 billion deal with Microsoft for new cloud contract
The statement did not directly mention that the Pentagon faced extended legal challenges by Amazon to the original $1 million contract awarded to Microsoft. Amazon argued that the Microsoft award was tainted by politics, particularly then-President Donald Trump’s antagonism toward Amazon founder, Jeff Bezos, who stepped down Monday as the company’s chief executive officer. Mr. Bezos owns The Washington Post, a newspaper often criticized by Mr. Trump.
The Pentagon’s chief information officer, John Sherman, told reporters Tuesday that during the lengthy legal fight with Amazon, “the landscape has evolved” with new possibilities for large-scale cloud computing services. Thus it was decided, he said, to start over and seek multiple vendors.
With ransomware attacks multiplying, US moves to bolster defenses
As the U.S. private sector scrambles to fend off a growing number of ransomware attacks, the federal government is stepping up its efforts as well. Last month, the Senate approved Chris Inglis, a former deputy director of the National Security Agency, as the nation’s first-ever national cyber director, tasked with coordinating the government’s cyber portfolio and digital defense strategy. A second key post, director of the primary domestic cybersecurity agency, is expected to be filled shortly.
Officials are making clear they will seek not just to hold cybercriminals to account – but also companies whose inadequate cybersecurity measures have put them and their customers at risk.
TenFourFox and Chromium Monoculture
Audiocasts/Shows: GNU World Order, This Week in Linux, Gentoo Is No Harder Than Arch Linux??
Explore waterways with this open source nautical navigation tool
If you're traveling by boat down your local waterway or sailing around the world, you can bring great navigation software with you and maintain your commitment to open source software. OpenCPN is free and open source software developed by sailors. It serves as the primary navigation interface for vessels with full-time helm-visible navigational suites. The software is written in C and released under a GPLv2 license.
Improving Our Commitment to Tux Machines ReadersTux Machines is now self-hosting IRC
#tuxmachines channel in this new network. It has a two-way bridge set up with Freenode, so either network would be valid for following our updates.
We've accordingly updated the IRC page and the corresponding archives. We welcome people to join us in IRC. It's a substitute to RSS feeds or social (control) media. It's now hosted by us, so from a privacy perspective the readers are far better off. It's definitely an upgrade, a well overdue one. █
