Octopus Overlords

For several hours on Wednesday, and again early Thursday morning, the site was maliciously manipulated again, this time to deliver fraudulent Adobe Flash updates, which when clicked, infected visitors' computers with adware that was detected by only three of 65 antivirus providers.

stessier wrote:Reading the whole article, it looks like a 3rd party adserver was the source, rather than a direct hack of Equifax.

stessier wrote:Reading the whole article, it looks like a 3rd party adserver was the source, rather than a direct hack of Equifax.

Blackhawk wrote:

stessier wrote:Reading the whole article, it looks like a 3rd party adserver was the source, rather than a direct hack of Equifax.

Again, this is the reason why even if I trust your website, I will not whitelist you in my ad blocker.

The company did not disclose the extent of the attack to the public or its customers after its discovery in 2013, but the five former employees described it to Reuters in separate interviews. Microsoft declined to discuss the incident.

The database contained descriptions of critical and unfixed vulnerabilities in some of the most widely used software in the world, including the Windows operating system. Spies for governments around the globe and other hackers covet such information because it shows them how to create tools for electronic break-ins.

The Microsoft flaws were fixed likely within months of the hack, according to the former employees. Yet speaking out for the first time, these former employees as well as U.S. officials informed of the breach by Reuters said it alarmed them because the hackers could have used the data at the time to mount attacks elsewhere, spreading their reach into government and corporate networks.

The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed via email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.

The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.

The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets, the report said.

U.S. authorities have been monitoring the activity for months, which they initially detailed in a confidential June report first reported by Reuters. That document, which was privately distributed to firms at risk of attacks, described a narrower set of activity focusing on the nuclear, energy and critical manufacturing sectors.

SECURITY RESEARCHERS HAVE raised the alarm for years about the Intel remote administration feature known as the Management Engine. The platform has a lot of useful features for IT managers, but it requires deep system access that offers a tempting target for attackers; compromising the Management Engine could lead to full control of a given computer. Now, after several research groups have uncovered ME bugs, Intel has confirmed that those worst-case fears may be possible.

On Monday, the chipmaker released a security advisory that lists new vulnerabilities in ME, as well as bugs in the remote server management tool Server Platform Services, and Intel’s hardware authentication tool Trusted Execution Engine. Intel found the vulnerabilities after conducting a security audit spurred by recent research. It has also published a Detection Tool so Windows and Linux administrators can check their systems to see if they're exposed.

Zaxxon wrote: ↑Tue Nov 21, 2017 2:05 pm TPM was last month.

No, really.

Traffic sent to and from Google, Facebook, Apple, and Microsoft was briefly routed through a previously unknown Russian Internet provider Wednesday under circumstances researchers said was suspicious and intentional.

The unexplained incident involving the Internet's Border Gateway Protocol is the latest to raise troubling questions about the trust and reliability of communications sent over the global network. BGP routes large-scale amounts of traffic among Internet backbones, ISPs, and other large networks. But despite the sensitivity and amount of data it controls, BGP's security is often based on trust and word of mouth. Wednesday's event comes eight months after large chunks of network traffic belonging to MasterCard, Visa, and more than two dozen other financial services were briefly routed through a Russian government-controlled telecom, also under suspicious circumstances.

According to a blog post published Wednesday by Internet monitoring service BGPMon, the hijack lasted a total of six minutes and affected 80 separate address blocks. It started at 4:43 UTC and continued for three minutes. A second hijacking occurred at 7:07 UTC and also lasted three minutes. Meanwhile, a second monitoring service, Qrator Labs, said the event lasted for two hours, although the number of hijacked address blocks varied from 40 to 80 during that time.

Last year, Google’s Project Zero team discovered serious security flaws caused by “speculative execution,” a technique used by most modern processors (CPUs) to optimize performance.

The Project Zero researcher, Jann Horn, demonstrated that malicious actors could take advantage of speculative execution to read system memory that should have been inaccessible. For example, an unauthorized party may read sensitive information in the system’s memory such as passwords, encryption keys, or sensitive information open in applications. Testing also showed that an attack running on one virtual machine was able to access the physical memory of the host machine, and through that, gain read-access to the memory of a different virtual machine on the same host.

These vulnerabilities affect many CPUs, including those from AMD, ARM, and Intel, as well as the devices and operating systems running on them.

tiny ogre wrote: ↑Thu Jan 04, 2018 10:51 amI don’t believe Firefox or any other browser is immune, but if you want to be extra careful, you should use the least popular browser you can find.

tiny ogre wrote: ↑Thu Jan 04, 2018 10:51 am Yes and no. They have patched it. Linux kernels have been patched as well. But these are mitigations, not fixes. It’s not yet clear that it’s even possible to completely fix Spectre in software. It may need whole new CPU architectures, which will take years.

It’s not just the OS you need to worry about! Chrome is vulnerable to malicious websites stealing data and has not been patched yet. I don’t believe Firefox or any other browser is immune, but if you want to be extra careful, you should use the least popular browser you can find.

Jaymann wrote: ↑Thu Jan 04, 2018 12:39 pm

tiny ogre wrote: ↑Thu Jan 04, 2018 10:51 am Yes and no. They have patched it. Linux kernels have been patched as well. But these are mitigations, not fixes. It’s not yet clear that it’s even possible to completely fix Spectre in software. It may need whole new CPU architectures, which will take years.

It’s not just the OS you need to worry about! Chrome is vulnerable to malicious websites stealing data and has not been patched yet. I don’t believe Firefox or any other browser is immune, but if you want to be extra careful, you should use the least popular browser you can find.

Which is the least popular? Vivaldi? Maxthon? UC Browser?

Moliere wrote: ↑Thu Jan 04, 2018 1:04 pm Implement Chrome's site isolation.

Carpet_pissr wrote: ↑Thu Jan 04, 2018 1:10 pm

Moliere wrote: ↑Thu Jan 04, 2018 1:04 pm Implement Chrome's site isolation.

Ooof!
"Site isolation will increase Chrome's memory use by approximately 10–20%"

Moliere wrote: ↑Thu Jan 04, 2018 1:15 pm

Carpet_pissr wrote: ↑Thu Jan 04, 2018 1:10 pm

Moliere wrote: ↑Thu Jan 04, 2018 1:04 pm Implement Chrome's site isolation.

Ooof!
"Site isolation will increase Chrome's memory use by approximately 10–20%"

Security ain't free.

New zero-day vulnerability: In addition to rowhammer, it turns out lots of servers are vulnerable to regular hammers, too.