The US Federal Bureau of Investigation (FBI) has sent a security alert warning private sector companies that the Egregor ransomware operation is actively targeting and extorting businesses worldwide.
The FBI says in a TLP:WHITE Private Industry Notification (PIN) shared on Wednesday that Egregor claims to have already hit and compromised more than over 150 victims since the agency first observed this malicious activity in September 2020.
“Because of the large number of actors involved in deploying Egregor, the tactics, techniques, and procedures (TTPs) used in its deployment can vary widely, creating significant challenges for defense and mitigation,” the US intelligence and security service says.
“Egregor ransomware utilizes multiple mechanisms to compromise business networks, including targeting business network and employee personal accounts that share access with business networks or devices.”
Phishing emails with malicious attachments and insecure Remote Desktop Protocol(RDP) or Virtual Private Networks are some of the attack vectors used by Egregor actors to gain access and to move laterally within their victims’ networks.
Egregor uses Cobalt Strike, Qakbot/Qbot, Advanced IP Scanner, and AdFind for privilege escalation and lateral network movement.
Yesterday’s piece on “What should you do with an old Android smartphone” generated a lot of comments. Because I recommended installing a security app, one of the most popular questions was, predictably, which one?
That’s a tough question.
It’s tough because testing security apps means throwing existing vulnerabilities at it, which doesn’t tell you how well it will handle future vulnerabilities. Another issue is that it’s impossible to gauge what kind of performance hit that the app will have across the myriad of devices out there.
Threat actors are actively scanning the Internet for open SSH devices and trying to login to them using a new recently patched Zyxel hardcoded credential backdoor.
Last month, Niels Teusink of Dutch cybersecurity firm EYE disclosed a secret hardcoded backdoor account in Zyxel firewalls and AP controllers. This secret ‘zyfwp’ account allowed users to login via SSH and the web interface to gain administrator privileges.
In an advisory, Zyxel states that they used the secret account to deliver firmware updates via FTP automatically.
This backdoor is a significant risk as it could allow threat actors to create VPN accounts to gain access to internal networks or port forward Internal services to make them remotely accessible and exploitable.
We at Privacy Now 2.0 finds a lot of articles about Best Cyber Monday VPN deals.
Disclosure: BleepingComputer has partnered with this vendor to promote special offers and discounts to our visitors. If a visitor purchases a product through a link in this article, BleepingComputer.com will earn a commission.Bleeping Computer
Please remember that all those articles are paid for by the VPN providers. Why does providers have to pay to get attention? Because they are not “best”? Yest, because they are not best!
We recommend mullvad.net a VPN provider!
This is post #200 since the first post made on March 14th, 2020.
In 2015, when we transferred our hobby project Crypto Stick to the professional company Nitrokey, it was clear to us from the beginning that we would carry out the serial production of Nitrokeys in Germany. Of course we also buy components on the world market. But the final production of all Nitrokeys takes place in Germany. So we can ensure that the production meets our safety requirements. In addition, production remains flexible, so that we can produce customer-specific firmware and logos on request, even for relatively small quantities.
For us as a small company, it is a special challenge to produce manageable quantities in a high-priced country while keeping production costs competitive. We have successfully mastered this challenge through a high degree of automation. Instead of using high-priced or unsuitable industrial robots, we have developed tailor-made automation systems ourselves.
A self-developed three-axis automatic machine programs and tests up to 250 nitrokeys sequentially and fully automatically. Compared to manual work, only four minutes of working time are required instead of four hours. Thus we can produce up to 8000 Nitrokeys in one day.
Initializing the encrypted mass storage of the Nitrokey storage with random numbers is a lengthy process that takes up to 1.5 hours per Nitrokey. A sequential processing would take several weeks. Therefore we have developed a system that initializes 49 Nitrokeys in parallel and can be easily enlarged if necessary.
It is time to update WordPress to version 5.4.2 released on June 10th, 2020.
Five security issues are fixed in the new version together with twenty-two bug and regression fixes.
The security issues affect WordPress versions 5.4 and earlier; version 5.4.2 fixes them, so you’ll want to upgrade. If you haven’t yet updated to 5.4, there are also updated versions of 5.3 and earlier that fix the security issues.
The introduction today of passwordless authentication support in Nextcloud Hub is a big step forward for organizations that want to reduce or even eliminate the use of passwords. In addition to Windows Hello, Nextcloud Hub is the 2nd popular service (we are aware of) supporting passwordless logins. What does that look like, a password-less world with WebAuthn and Nitrokeys? Read on!
Let’s first, quickly, revisit the problem with passwords. XKCD’s take on password strength is probably overly familiar by now, but it still sums up what is wrong with many passwords. Passwords don’t scale with the large amount of accounts everybody possesses nowadays. Therefore passwords need to be “enhanced” by the usage of password managers and second factor authentication methods. But those can be complicated to use and therefore lack acceptance. How to do better?
Thunderbird version 68.7.0, first offered to channel users on April 8, 2020 is now available to Ubuntu users.
In the release notes we can read what is new, changed and fixed.
Below is the Ubuntu Security Notice USN-4328-1
A security issue affects these releases of Ubuntu and its derivatives: - Ubuntu 19.10 - Ubuntu 18.04 LTS Summary: Several security issues were fixed in Thunderbird. Software Description: - thunderbird: Mozilla Open Source mail and newsgroup client Details: It was discovered that Message ID calculation was based on uninitialized data. An attacker could potentially exploit this to obtain sensitive information. (CVE-2020-6792) Mutiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted message, an attacker could potentially exploit these to cause a denial of service, obtain sensitive information, or execute arbitrary code. (CVE-2020-6793, CVE-2020-6795, CVE-2020-6822) It was discovered that if a user saved passwords before Thunderbird 60 and then later set a master password, an unencrypted copy of these passwords would still be accessible. A local user could exploit this to obtain sensitive information. (CVE-2020-6794) Multiple security issues were discovered in Thunderbird. If a user were tricked in to opening a specially crafted website in a browsing context, an attacker could potentially exploit these to cause a denial of service, conduct cross-site scripting (XSS) attacks, obtain sensitive information, or execute arbitrary code. (CVE-2019-20503, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6825) It was discovered that the Devtools’ ‘Copy as cURL’ feature did not fully escape website-controlled data. If a user were tricked in to using the ‘Copy as cURL’ feature to copy and paste a command with specially crafted data in to a terminal, an attacker could potentially exploit this to execute arbitrary commands via command injection. (CVE-2020-6811) Update instructions: The problem can be corrected by updating your system to the followingpackage versions: Ubuntu 19.10: thunderbird 1:68.7.0+build1-0ubuntu0.19.10.1 Ubuntu 18.04 LTS: thunderbird 1:68.7.0+build1-0ubuntu0.18.04.1 After a standard system update you need to restart Thunderbird to make all the necessary changes. References: https://usn.ubuntu.com/4328-1 CVE-2019-20503, CVE-2020-6792, CVE-2020-6793, CVE-2020-6794, CVE-2020-6795, CVE-2020-6798, CVE-2020-6800, CVE-2020-6805, CVE-2020-6806, CVE-2020-6807, CVE-2020-6811, CVE-2020-6812, CVE-2020-6814, CVE-2020-6819, CVE-2020-6820, CVE-2020-6821, CVE-2020-6822, CVE-2020-6825 Package Information: 1:68.7.0+build1-0ubuntu0.19.10.1 1:68.7.0+build1-0ubuntu0.18.04.1