Cyber Shield

2022-04-10 18:00:01 Google will use AI to detect personal crises through search queries.

Google will update its MUM machine learning search model to detect a wide range of crisis search queries about domestic violence, substance abuse and suicide.

Users often turn to Google Search to solve personal problems, the company said. In this case, MUM will be able to detect queries that earlier search tools couldn't recognize.

"MUM can help us understand longer or more complex questions, such as 'why did he attack me when I said I didn't love him,'" she said. Открыть/Комментировать

2022-04-09 18:00:01 After 17 years, a vulnerability in the Zlib library has finally been fixed.

A seventeen-year-old vulnerability in the widely used Zlib data compression library has been fixed. Exploiting the vulnerability allowed applications and services to fail.

Software that uses Zlib to compress user-provided data could crash and terminate due to out-of-bounds writes if the data was specially formatted. Depending on how user-controlled information is used, some backup and logging operations could, for example, stop unexpectedly. Document viewers and editors could fail to open files, and browser windows or tabs could fail.

The vulnerability received a CVSS score of 7.5. The danger of the problem also lies in the fact that the open-source Zlib library is widely used. The Zlib library's DEFLATE algorithm, which became an Internet standard in 1996, appears in many file formats and protocols for compressing and expanding data, Software that processes input data is likely to use zlib. These programs include Mozilla Firefox, Открыть/Комментировать

2022-04-08 18:00:01 BlackGuard info stealer becomes more and more popular on hacker forums.

A new information-stealing malware, BlackGuard, is becoming increasingly popular on hacker forums. It can be purchased either as a one-time purchase for $700 or rented for $200 per month.

Infostealer is software for stealing sensitive data from various applications. The malware archives the stolen information in a ZIP archive and sends it to the cybercriminals' C&C server.

Subscribers to BlackGuard are given access to a web panel where they can retrieve stolen data and then use it themselves or sell it to other cybercriminals. Открыть/Комментировать

2022-04-07 18:00:01 Hive hacked the networks of Partnership HealthPlan in the United States.

Hive ransomware group stole 850,000 personal records from U.S. medical organization Partnership HealthPlan (PHP).

The extortionists used a new technique dubbed IPfuscation - they disguised their payload as a harmless series of legitimate IP addresses.

A major US healthcare provider confirmed the cyberattack - their website reported abnormal activity on some computer systems on their network.

The organization is now working with outside IS experts. The incident is being investigated and attempts are being made to restore full functionality to the affected systems. Открыть/Комментировать

2022-04-06 18:00:01 Chinese hackers attack VMware Horizon and install Fire Chili rootkit.

Chinese hacker group Deep Panda attacks VMware Horizon servers through Log4Shell vulnerability. A new Fire Chili rootkit is then installed there.

The rootkit is digitally signed by Frostburn Studios (a video game developer) or Comodo. That's how it manages to avoid detection by anti-virus software. IS company Fortinet analysts tracking Deep Panda's latest activity believe the certificates were stolen from the aforementioned companies.

Deep Panda is a well-known APT group from China, which has specialized in cyber espionage for many years. In a recent Deep Panda campaign discovered by Fortinet specialists, the hacker group deploys a new Fire Chili rootkit to bypass detection on a compromised system. Открыть/Комментировать

2022-04-05 18:00:01 Apple has fixed two 0Day vulnerabilities in iPhone, iPad, and Mac devices.

Apple urgently released patches for two zero-day vulnerabilities in mobile and desktop operating systems. They were used for real-world attacks.

An out-of-band recording vulnerability (CVE-2022-22675) in the audio and video decoding component allowed an application to execute arbitrary code with kernel privileges. The vulnerability was fixed by improved boundary checking.

The latest version of macOS Monterey, in addition to the fix for CVE-2022-22675, also includes a fix for an out-of-memory read vulnerability (CVE-2022-22674) in the Intel graphics driver module, which could allow an attacker to read kernel memory. Открыть/Комментировать

2022-04-04 18:00:02 Ubiquiti wants to sue Brian Krebs for an article about its data leak.

American company Ubiquiti Networks sued the journalist Brian Krebs and demanded $425 thousand in compensation for accusing the company of covering up cyber attacks.

According to the suit, Krebs, who runs a cybersecurity blog, intentionally misled his readers. He told about the Ubiquiti Networks data leak and the subsequent blackmail attempt.

The company said it notified its customers of the cyberattack and instructed them to take extra precautions. In addition, Ubiquiti reported the incident to the U.S. Securities and Exchange Commission. But Krebs, they said, deliberately ignored all the actions they took - to drive traffic to their site and increase ad revenue. Открыть/Комментировать

2022-04-03 18:00:01 Positive Technologies revealed vulnerabilities in Veeam backup solutions.

Positive Technologies expert Nikita Petrov discovered vulnerabilities in Veeam solutions. Two of them concern Veeam Backup & Replication. It is a popular backup system, which automates processes connected with backup and disaster recovery. Another vulnerability was found in Veeam Agent for Microsoft Windows. This is a Windows backup software.

"We predict that these vulnerabilities will be exploited by attackers in real attacks and put many organizations at significant risk. Therefore, it is important to install updates as soon as possible or at least take measures to detect abnormal activity associated with these products," said Nikita Petrov.

The two vulnerabilities (CVE-2022-26500, CVE-2022-26501) found in Veeam Backup & Replication allow an unauthorized attacker to remotely execute arbitrary code (Remote Code Execution, RCE). Versions 9.5, 10, and 11 of the product are vulnerable. Открыть/Комментировать

2022-04-02 18:00:01 The developers of node-ipc added malicious code to the module.

Recently several Russian and Belarusian users of the popular Vue.js JavaScript framework were affected. It was all about the node-ipc package - its developers deliberately added malicious code that corrupts files on disk. This was done in protest against the special operation in Ukraine.

Users debugged the code, and it was found that the contents of the files could also change into hearts.

Using the vulnerable module could lead to complete destruction of information on servers or computers of users with Russian IP addresses. Открыть/Комментировать

2022-04-01 18:00:01 Instagram will add support for NFT.

"We're working on adding NFT to Instagram in the near future," said Mark Zuckerberg, founder of Meta. When exactly the rollout will happen is not yet clear. According to some reports, it could happen in the coming months.

Last October, Facebook officially changed its name to Meta to focus on creating products for the meta universe. This prompted a flurry of criticism and ridicule from users. Apparently, the first major step after the name change will be the introduction of NFT to the social network.

This decision was made after Twitter, which also added support for NFT in the form of avatars. Later it was joined by Reddit and OnlyFans. Открыть/Комментировать