Signal is experiencing technical difficulties

Update #1

Update #2

Update #3

Update #4

Update #5

Update #6

Update #7

FBI warns of Egregor ransomware extorting businesses worldwide

Bleeping Computer

The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.

The FBI says in a TLP:WHITE Private Industry Notification (PIN) shared on Wednesday that Egregor claims to have already hit and compromised more than over 150 victims since the agency first observed this malicious activity in September 2020.

“Because of the large number of actors involved in deploying Egregor, the tactics, techniques, and procedures (TTPs) used in its deployment can vary widely, creating significant challenges for defense and mitigation,” the US intelligence and security service says.

“Egregor ransomware utilizes multiple mechanisms to compromise business networks, including targeting business network and employee personal accounts that share access with business networks or devices.”

Phishing emails with malicious attachments and insecure Remote Desktop Protocol(RDP) or Virtual Private Networks are some of the attack vectors used by Egregor actors to gain access and to move laterally within their victims’ networks.

Egregor uses Cobalt Strike, Qakbot/Qbot, Advanced IP Scanner, and AdFind for privilege escalation and lateral network movement.

Full article

You should install antivirus on your Android smartphone, but which one?

ZDNet

Yesterday’s piece on “What should you do with an old Android smartphone” generated a lot of comments. Because I recommended installing a security app, one of the most popular questions was, predictably, which one?

That’s a tough question.

It’s tough because testing security apps means throwing existing vulnerabilities at it, which doesn’t tell you how well it will handle future vulnerabilities. Another issue is that it’s impossible to gauge what kind of performance hit that the app will have across the myriad of devices out there.

Full article

Hackers start exploiting the new backdoor in Zyxel devices

Bleeping Computer

Threat actors are actively scanning the Internet for open SSH devices and trying to login to them using a new recently patched Zyxel hardcoded credential backdoor.

Last month, Niels Teusink of Dutch cybersecurity firm EYE disclosed a secret hardcoded backdoor account in Zyxel firewalls and AP controllers. This secret ‘zyfwp’ account allowed users to login via SSH and the web interface to gain administrator privileges.

In an advisory, Zyxel states that they used the secret account to deliver firmware updates via FTP automatically.

This backdoor is a significant risk as it could allow threat actors to create VPN accounts to gain access to internal networks or port forward Internal services to make them remotely accessible and exploitable.

Full article

Thoughts about Best Cyber Monday VPN offers

We at Privacy Now 2.0 finds a lot of articles about Best Cyber Monday VPN deals.

Disclosure: BleepingComputer has partnered with this vendor to promote special offers and discounts to our visitors. If a visitor purchases a product through a link in this article, BleepingComputer.com will earn a commission.

Bleeping Computer

Our conclusion

Please remember that all those articles are paid for by the VPN providers. Why does providers have to pay to get attention? Because they are not “best”? Yest, because they are not best!

Our recommendation

We recommend mullvad.net a VPN provider!

Video: The production of Nitrokeys – A look behind the scenes

Nitrokey

In 2015, when we transferred our hobby project Crypto Stick to the professional company Nitrokey, it was clear to us from the beginning that we would carry out the serial production of Nitrokeys in Germany. Of course we also buy components on the world market. But the final production of all Nitrokeys takes place in Germany. So we can ensure that the production meets our safety requirements. In addition, production remains flexible, so that we can produce customer-specific firmware and logos on request, even for relatively small quantities.

For us as a small company, it is a special challenge to produce manageable quantities in a high-priced country while keeping production costs competitive. We have successfully mastered this challenge through a high degree of automation. Instead of using high-priced or unsuitable industrial robots, we have developed tailor-made automation systems ourselves.

A self-developed three-axis automatic machine programs and tests up to 250 nitrokeys sequentially and fully automatically. Compared to manual work, only four minutes of working time are required instead of four hours. Thus we can produce up to 8000 Nitrokeys in one day.

Initializing the encrypted mass storage of the Nitrokey storage with random numbers is a lengthy process that takes up to 1.5 hours per Nitrokey. A sequential processing would take several weeks. Therefore we have developed a system that initializes 49 Nitrokeys in parallel and can be easily enlarged if necessary.

Full article

WordPress 5.4.2 released

It is time to update WordPress to version 5.4.2 released on June 10th, 2020.

Five security issues are fixed in the new version together with twenty-two bug and regression fixes.

The security issues affect WordPress versions 5.4 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.

  • Props to Sam Thomas (jazzy2fives) for finding an XSS issue where authenticated users with low privileges are able to add JavaScript to posts in the block editor
  • Props to Luigi – (gubello.me) for discovering an XSS issue where authenticated users with upload permissions are able to add JavaScript to media files.
  • Props to Ben Bidner of the WordPress Security Team for finding an open redirect issue in wp_validate_redirect().
  • Props to Nrimo Ing Pandum for finding an authenticated XSS issue via theme uploads
  • Props to Simon Scannell of RIPS Technologies for finding an issue where set-screen-option can be misused by plugins leading to privilege escalation
  • Props to Carolina Nymark for discovering an issue where comments from password-protected posts and pages could be displayed under certain conditions.

More info

What a Passwordless World Looks Like

Nitrokey

The introduction today of passwordless authentication support in Nextcloud Hub is a big step forward for organizations that want to reduce or even eliminate the use of passwords. In addition to Windows Hello, Nextcloud Hub is the 2nd popular service (we are aware of) supporting passwordless logins. What does that look like, a password-less world with WebAuthn and Nitrokeys? Read on!

What’s wrong with passwords?

Let’s first, quickly, revisit the problem with passwords. XKCD’s take on password strength is probably overly familiar by now, but it still sums up what is wrong with many passwords. Passwords don’t scale with the large amount of accounts everybody possesses nowadays. Therefore passwords need to be “enhanced” by the usage of password managers and second factor authentication methods. But those can be complicated to use and therefore lack acceptance. How to do better?

Full article

Thunderbird 68.7 is available!

Thunderbird version 68.7.0, first offered to channel users on April 8, 2020 is now available to Ubuntu users.

In the release notes we can read what is new, changed and fixed.

Below is the Ubuntu Security Notice USN-4328-1

A security issue affects these releases of Ubuntu and
its derivatives:

- Ubuntu 19.10
- Ubuntu 18.04 LTS

Summary:

Several security issues were fixed in Thunderbird.

Software Description:
- thunderbird: Mozilla Open Source mail and newsgroup
  client

Details:

It was discovered that Message ID calculation was
based on uninitialized data. An attacker could
potentially exploit this to obtain sensitive
information. (CVE-2020-6792)

Mutiple security issues were discovered in
Thunderbird. If a user were tricked in to opening
a specially crafted message, an attacker could
potentially exploit these to cause a denial of
service, obtain sensitive information, or execute
arbitrary code. (CVE-2020-6793, CVE-2020-6795,
CVE-2020-6822)

It was discovered that if a user saved passwords
before Thunderbird 60 and then later set a master
password, an unencrypted copy of these passwords
would still be accessible. A local user could
exploit this to obtain sensitive information.
(CVE-2020-6794)

Multiple security issues were discovered in
Thunderbird. If a user were tricked in to opening a
specially crafted website in a browsing context, an
attacker could potentially exploit these to cause a
denial of service, conduct cross-site scripting (XSS)
attacks, obtain sensitive information, or execute
arbitrary code. (CVE-2019-20503, CVE-2020-6798,
CVE-2020-6800, CVE-2020-6805, CVE-2020-6806,
CVE-2020-6807, CVE-2020-6812, CVE-2020-6814,
CVE-2020-6819, CVE-2020-6820, CVE-2020-6821,
CVE-2020-6825)

It was discovered that the Devtools’ ‘Copy as cURL’
feature did not fully escape website-controlled data.
If a user were tricked in to using the ‘Copy as cURL’
feature to copy and paste a command with specially
crafted data in to a terminal, an attacker could
potentially exploit this to execute arbitrary
commands via command injection. (CVE-2020-6811)

Update instructions:

The problem can be corrected by updating your system
to the followingpackage versions:

Ubuntu 19.10:
  thunderbird        1:68.7.0+build1-0ubuntu0.19.10.1

Ubuntu 18.04 LTS:
  thunderbird        1:68.7.0+build1-0ubuntu0.18.04.1

After a standard system update you need to restart
Thunderbird to make all the necessary changes.

References:
  https://usn.ubuntu.com/4328-1
  CVE-2019-20503, CVE-2020-6792, CVE-2020-6793,
  CVE-2020-6794, CVE-2020-6795, CVE-2020-6798,
  CVE-2020-6800, CVE-2020-6805, CVE-2020-6806,
  CVE-2020-6807, CVE-2020-6811, CVE-2020-6812,
  CVE-2020-6814, CVE-2020-6819, CVE-2020-6820,
  CVE-2020-6821, CVE-2020-6822, CVE-2020-6825

Package Information:

1:68.7.0+build1-0ubuntu0.19.10.1

1:68.7.0+build1-0ubuntu0.18.04.1