News for Admins
Tech News
Hackers Threaten to Wipe More Than 300 Million Apple Devices Remotely
A group of hackers that call themselves the "Turkish Crime Family" claim that they have access to more than 300 million accounts of Apple users, including @icloud and @me domains. The group is demanding a ransom of $75,000 in Bitcoin or Ethereum or $100,000 in iTunes gift cards.
The news was first reported by Motherboard. In an email exchange with Motherboard, the hacker said, "I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing."
In a comment to Motherboard, an Apple spokesperson downplayed the attack, saying, "There have not been any breaches in any of Apple's systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."
The spokesperson added that the company is actively monitoring to prevent unauthorized access to user accounts and is working with law enforcement to identify the criminals involved.
At first, the claims did not seem credible because the ransom was so low, the number of stolen passwords seemed too high, and the hackers kept escalating their numbers (from 300 to 559 to 627 million accounts). Recent investigations with about 70,000 purported iCloud accounts released by the hackers to journalists for verification, however, indicate that a number of the stolen accounts are valid.
The best way to avoid falling prey to such cybercriminals is to use strong passwords and, when possible, two-factor authentication.
DoubleAgent: Unpatchable Windows Vulnerability Discovered
Researchers at Cybellum, an Israeli zero-day prevention firm, have discovered a vulnerability in Windows that allows attackers to take complete control of the system. Named DoubleAgent, the vulnerability affects all versions of Windows between Windows 10 and Windows XP.
According to Cybellum, "DoubleAgent gives the attacker the ability to inject any DLL into any process. The code injection occurs extremely early during the victim's process boot, giving the attacker full control over the process and no way for the process to protect itself. The code injection technique is so unique that it's not detected or blocked by any antivirus."
Cybellum said in its report that because DoubleAgent exploits a 15-year-old legitimate feature of Windows, it cannot be patched.
What makes things worse is that DoubleAgent continues to inject code after reboots, which enables it to survive reboots, updates, reinstalls, and patches. Cybellum said that once the attacker decides to inject a dynamic-link library (DLL) into a process, they are "forcefully bounded forever. Even if the victim would completely uninstall and reinstall its program, the attacker's DLL would still be injected every time the process executes."
Even antivirus programs can't prevent attacks because DoubleAgent takes complete control of any antivirus program by "injecting code into it while bypassing all of its self-protection mechanisms. The attack has been verified and works on all of the major antiviruses including but not limited to: Avast, AVG, Avira, Bitdefender, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Norton, Panda, Quick Heal and Trend Micro," said Cybellum.
Microsoft's Patch Tuesday Is Back
Microsoft missed the entire month of February, leaving Windows users exposed to attacks.
After missing Patch Tuesday in February, Microsoft has released security updates for March. The latest updates fix more than a dozen vulnerabilities.
According to Wccftech, "Among the patches, Microsoft has also fixed a 'critical' flaw, which was publicly disclosed earlier last month following Microsoft missing February's Patch Tuesday. The exploit code related to a Windows SMB bug was made available by Laurent Gaffie, but Microsoft hasn't credited Gaffie in the bulletin."
One of the most severe vulnerabilities was in Microsoft Windows SMB Server, which, according to the Microsoft security bulletin, "could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server."
You can read more about all of the vulnerabilities that were patched in this update online.
What's still not clear is why Microsoft delayed February's patches, especially in times when government agencies and cybercriminals are rigorously finding and exploiting any such vulnerabilities. It's also unknown why Microsoft didn't patch many serious vulnerabilities for more than three months that were discovered by Google researchers.
Buy this article as PDF
(incl. VAT)