From therecord.media
A security researcher has discovered a major vulnerability in the Windows 10 operating system that can allow threat actors to gain access to elevated privileges and user accounts passwords.
Discovered by Jonas Lyk over the weekend, the vulnerability resides in how Windows 10 grants access to some OS configuration files.
In particular, the vulnerability, nicknamed SeriousSAM, refers to how Windows 10 controls who can access folders like SAM, SECURITY, and SYSTEM.
From bleepingcomputer.com
Windows 10 and Windows 11 are vulnerable to a local elevation of privilege vulnerability after discovering that users with low privileges can access sensitive Registry database files.
The Windows Registry acts as the configuration repository for the Windows operating system and contains hashed passwords, user customizations, configuration options for applications, system decryption keys, and more.
The database files associated with the Windows Registry are stored under the C:\Windows\system32\config folder and are broken up into different files such as SYSTEM, SECURITY, SAM, DEFAULT, and SOFTWARE.
From cybersecuritynews.com
Recently, in a serious investigation, several security experts from the Guardian and The Washington Post along with Amnesty International and Forbidden Stories have detected traces of Pegasus spyware in journalists’ cellphones, that was being produced by the Israeli company NSO Group.
After the investigation, the experts have found that the Pegasus spyware has generated a Leaked list of 50,000 smartphones of high-profile targets.
From tripwire.com
On May 12th, the President of the USA, Joe Biden, signed an Executive Order (EO) that would bolster the cyber defences of the USA. The EO is intended to protect against “increasingly sophisticated malicious cyber campaigns that threaten the public sector, the private sector, and ultimately the American people’s security and privacy.”
An EO is a written, signed, and published directive from the President that manages operations of the federal government, and although some EO’s require legislative approval, they effectively become law. It comes on the back of several high profile incidents involving Microsoft (Exchange), SolarWinds and the recent Colonial Pipeline incident. It is seen as a much-needed step to modernise and protect federal networks and improve information sharing between the private and US government.
The EO covers a range of topics, and not only are the UK Government considering something similar, but I believe these are key initiatives that we all should carefully consider and implement appropriately.
From securityboulevard.com
A number of mobile apps give anyone with a smartphone and a few minutes of time on their hands the ability to create and distribute a deepfake video. All it takes is a picture of, say, yourself that you’d swap with an actor in a movie or a television show. The apps do the hard part by recognizing the facial structure of the actor, so when your image is added to the movie or show, it is a pretty seamless recreation.
Chances are no one will actually mistake you for Brad Pitt or Reese Witherspoon, but what these apps—downloadable from the Apple App Store or Google Play—do is show how simple it is for the average person to make a fake image look legitimate. And while these apps are meant for entertainment purposes, deepfakes are becoming a new category of cybercrime that are not just a problem for networks and data, but could also have a life-or-death impact.
The potential for deepfakes in cybercrime is dire enough that the FBI released a warning in March 2021, stating “Foreign actors are currently using synthetic content in their influence campaigns, and the FBI anticipates it will be increasingly used by foreign and criminal cyber actors for spearphishing and social engineering in an evolution of cyber operational tradecraft.”
From ehackingnews.com
Juniper Networks’ Steel-Belted Radius (SBR) Carrier Edition has a severe remote code-execution vulnerability that leaves wireless carrier and fixed operator networks vulnerable to tampering. By centralizing user authentication, giving the proper level of access, and verifying compliance with security standards, telecom carriers utilize the SBR Carrier server to manage policies for how subscribers use their networks. It enables carriers to distinguish service tiers, diversify revenue models, and manage network resources.
Juniper Networks, Inc. is a multinational technology company based in Sunnyvale, California. Routers, switches, network management software, network security solutions, and software-defined networking technology are among the networking products developed and sold by the company. Pradeep Sindhu started the company in 1996, with Scott Kriens serving as the original CEO until September 2008. Juniper Networks began by specializing in core routers, which are used by internet service providers (ISPs) to execute IP address lookups and route internet traffic.
From securityboulevard.com
A growing number of cybercriminals are developing malware to conduct attacks on virtualized environments, and some are aggressively trying to exploit vulnerabilities already found in software for deploying virtual infrastructure, according to a report from Positive Technologies.
Overall, the number of cyberattacks increased by 17% in 2021 compared to the first quarter of 2020, with 77% being targeted attacks, according to the report. The most popular vulnerabilities for attackers to exploit this quarter were breaches in the Microsoft Exchange Server software (ProxyLogon) and the outdated file sharing program Accellion FTA.
The share of ransomware operators in attacks on governmental institutions also is increasing; they were found in 70% of malware attacks. In addition to ransomware, attackers also used banking Trojans (18% of malware attacks), RATs (13%) and spyware (8%).
Popular cloud services that facilitate interaction and simplify companies’ IT infrastructure also became a favorite target for attackers.