Every major OS maker misread Intel’s docs. Now their kernels can be hijacked or crashed

OS, FreeBSD, and some implementations of Xen have a design flaw that could allow attackers to, at best, crash Intel and AMD-powered computers.

At worst, miscreants can, potentially, “gain access to sensitive memory information or control low-level operating system functions,” which is a fancy way of saying peek at kernel memory, or hijack the critical code running the machine.

Complete Article

That $10,000 Facebook bug

A security researcher found a way to delete any picture on Facebook, irrespective of whether it’s public or private, by cunning use of polls.

Pouya Daribi was digging around in the software used by Facebook users to set up quick opinion polls on their profile pages. When creating these informal surveys, the social media addicts can select photos to appear alongside the questions, and the ID codes for these pictures are embedded in the HTML form submitted to Facebook’s servers.

Complete article

More data lost or stolen in first half of 2017 than the whole of last year

More data records were leaked or stolen by miscreants during the first half of 2017 (1.9 billion) than all of 2016 (1.37 billion).

Digital security company Gemalto’s Breach Level Index (PDF), published Wednesday, found that an average of 10.4 million records are exposed or swiped every day.

During the first half of 2017 there were 918 reported data breaches worldwide, compared with 815 in the last six months of 2016, an increase of 13 per cent. A total 22 breaches in Q1 2017 included the compromise, theft or loss of more than a million records.

Complete article

Feelin’ safe and snug on Linux while the Windows world burns? Stop that

The ransomware problems reported by The Reg over the past few weeks are enough to make you, er, wanna cry. Yet all that’s happened is that known issues with Windows machines – desktop and server – have now come to everyone’s attention and the bandwidth out of Microsoft’s Windows Update servers has likely increased a bit relative to the previous few weeks.

But there’s more to life than Windows XP and the day-to-day computing landscape consists of a rich sediment of accumulated and inherited non-Windows operating systems. And my fiver says that only a tiny minority of you have leapt into action and rushed to update these particular systems in the wake of WannaCry.

What exactly are we talking about? According to netmarketshare.com the non-Windows market share is about 10 per cent – 2 per cent of which is Linux and 3.6 per cent macOS. In the server world the story’s not dissimilar: looking this time at some data from Spiceworks, about 12 per cent of servers run non-Windows OSs, with RHEL at 1.2 per cent and various other Linuxes making up 10.5 per cent. The core server Linuxes aside from RHEL are Ubuntu, SUSE, CentOS, Debian and Oracle Linux.

Complete article

FTC Releases Alert on Identity Theft

The Federal Trade Commission (FTC) has released an alert about how quickly criminals begin using your personal information once it is posted to a hacker site by an identity thief. FTC researchers found that it can take as few as 9 minutes for crooks to access stolen personal information posted to hacker sites. To prevent identity theft, a user should follow password security best practices, such as multi-factor authentication, which requires a user to simultaneously present multiple pieces of information to verify their identity.

US-CERT encourages users to refer to the FTC alert and the US-CERT Tips on Preventing and Responding to Identity Theft, Choosing and Protecting Passwords, and Supplementing Passwords for more information.

Source

Security Shield Slingers Are Loving Prez Trump’s Cybersecurity Order

US President Donald Trump’s cybersecurity executive order, signed on Thursday after a series of delays, will make federal agency heads accountable for protecting their networks.

On the other side of the fence, computer security product makers have broadly welcomed the policy, which also calls on government and industry to reduce the threat from automated attacks on the internet.

The delayed cybersecurity executive order aims to bolster the government’s information security while protecting the nation’s critical infrastructure from cyberattacks. The order is important because it sets the direction for US infosec policy in government and beyond. Unlike many of President Trump’s other policy initiatives, the order is largely uncontroversial and might (whisper this gently) be seen largely as a continuation of measures former President Barrack Obama was putting into place.

Complete article

IBM Report Details 2017 Tax Scams as IRS Filing Deadline Nears

As the Tax Day 2017 filing deadline of Tuesday April 18 nears, IBM is warning of an increase in tax-related spam and scams.

It’s that time of year again, when Americans rush to file income taxes with the U.S Internal Revenue Service (IRS) and hackers fill inboxes with tax-related spam and phishing email attacks. As the Tax Day 2017 filing deadline of Tuesday April 18 nears, IBM Security is warning of a spike in tax-related spam email and related fraud scams that aim to exploit unsuspecting tax filers.

IBM is out with a new report today titled, ‘Cybercrime Riding Tax Season Tides: Trending Spam and Dark Web Findings’  that details how attackers are ramping up their efforts ahead of Tax Day 2017. According to the report, IBM X-Force security researchers have tracked a 6,000 percent increase in tax-related spam emails from December 2016 to February 2017. A year ago ahead of Tax Day 2016, the IRS issued a warning of its own, about a 400 percent increase in phishing and malware incidents during that year’s tax season.

Sean Michael Kerner

Complete article

Microsoft tool exploit DoubleAgent can turn antivirus software into your worst enemy

Researchers from Israeli zero-day security firm Cybellum have discovered a 15-year-old code injection vulnerability and exploit technique that could allow attackers to maliciously take over antivirus programs and other software by abusing Microsoft’s Windows Application Verifier debugging tool.

The zero-day exploit, dubbed DoubleAgent, only works if the attacked computer has already been previously compromised. Still, the technique can seriously escalate the severity of a previous breach, Cybellum claims, allowing an adversary to further elevate privileges and perform virtually any attack imaginable. Moreover, DoubleAgent continues injecting code even after reboot, allowing actors to establish silent persistence on a machine.

Complete article