Ever wonder how those "free" browser extensions that promise to save you money actually work? We dive deep into the controversial world of Honey, the coupon-finding tool owned by PayPal, and uncover a scheme that might be leaving you with less savings and your favorite YouTubers with empty pockets.
Plus, we take a look at Kagi, the search engine you pay not to show you adverts, and discuss what you should do with your old, no-longer-wanted technology.
All this and more is discussed in the latest edition of the award-winning "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault.
Category: Windows
A malware campaign uses the unusual method of locking users in their browser’s kiosk mode to annoy them into entering their Google credentials, which are then stolen by information-stealing malware.
Specifically, the malware “locks” the user’s browser on Google’s login page with no obvious way to close the window, as the malware also blocks the “ESC” and “F11” keyboard keys. The goal is to frustrate the user enough that they enter and save their Google credentials in the browser to “unlock” the computer.
Once credentials are saved, the StealC information-stealing malware steals them from the credential store and sends them back to the attacker.
I’m sure this works often enough to be a useful ploy.
The press is reporting a critical Windows vulnerability affecting IPv6.
As Microsoft explained in its Tuesday advisory, unauthenticated attackers can exploit the flaw remotely in low-complexity attacks by repeatedly sending IPv6 packets that include specially crafted packets.
Microsoft also shared its exploitability assessment for this critical vulnerability, tagging it with an “exploitation more likely” label, which means that threat actors could create exploit code to “consistently exploit the flaw in attacks.”
Details are being withheld at the moment. Microsoft strongly recommends patching now.
Computers blue-screen-of-death around the world! The Paris Olympics is at risk of attack! And the FBI pull off the biggest sting operation in history by running a secret end-to-end encrypted messaging app! All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by industry veterans Graham Cluley and … Continue reading "Smashing Security podcast #382: CrowdStrike, Dark Wire, and the Paris Olympics"
Indian Prime Minister Narendra Modi has offered a valuable tip to enhance cybersecurity for home PCs and laptops: consistently logging out of Microsoft Windows sessions. This advice applies universally across Windows 10 and Windows 11 operating systems.
Highlighting this cybersecurity principle, Prime Minister Modi emphasized its critical application in both private and public sectors. He suggested assigning responsibility for logging out at the end of each day in IT environments.
From a technical standpoint, regularly logging out clears session caches accumulated since initial login, reducing network interception opportunities. This measure mitigates risks such as malware interception upon visiting malicious websites, which can exploit vulnerabilities through open browsers.
By logging out, all active programs are closed, effectively severing remote desktop connections and bolstering security by safeguarding files, apps, and settings from unauthorized access.
Additionally, covering laptop cameras and microphones is recommended to prevent potential eavesdropping and unauthorized video or audio capture, a practice endorsed by figures like Facebook’s Mark Zuckerberg, reportedly influenced by advice from Windows OS founder Bill Gates.
These proactive steps advocated by Prime Minister Modi and supported by industry leaders contribute to bolstering cybersecurity hygiene and protecting sensitive information from unauthorized access.
The post Indian PM Narender Modi asks to Log Off of each Microsoft Windows Sessions appeared first on Cybersecurity Insiders.
Millions of PCs running Windows 10 and 11 Operating Systems have been experiencing a widespread issue identified as the Blue Screen of Death (BSOD) over the past few hours. This technical problem has resulted in significant disruptions across various sectors, including government agencies, transit hubs such as airports, private companies, and municipalities.
Initially, speculation pointed towards a potential cyber attack originating from foreign entities like China or Russia. Certain Reddit groups even suggested state-sponsored hackers aimed at infiltrating servers belonging to Microsoft, led by CEO Satya Nadella, potentially causing billions in losses.
However, Microsoft quickly attributed the outage to a third-party error and issued an apology. The impact was severe, affecting IT systems in critical sectors like airports and healthcare, including England’s NHS, due to this technical glitch.
George Kurtz, CEO of CrowdStrike, a prominent cybersecurity firm based in Texas, refuted the cyber attack theories. He stated that the disruption stemmed from a technical glitch resulting from an improper software update rollout, effectively dispelling any notions of malicious intent as speculated in some media reports.
Interestingly, the glitch exclusively affected systems running Microsoft Windows, sparing those using Mac and Linux operating systems.
Meanwhile, sources from Telegram cited a Crowdstrike Falcon software update as the root cause of the disruption on Windows 10 and 11 systems. They provided guidance, including a screenshot, on resolving the issue through safe mode boot procedures.
In summary, this incident has been described as one of the most severe technological nightmares in recent history, incapacitating numerous networked computers. Comparisons were drawn to the 2017 WannaCry Ransomware attack, with industry experts noting this current disruption as having a more significant impact.
The post Microsoft outage Windows not a cyber attack says Crowdstrike appeared first on Cybersecurity Insiders.
Microsoft today released updates to fix more than 50 security vulnerabilities in Windows and related software, a relatively light Patch Tuesday this month for Windows users. The software giant also responded to a torrent of negative feedback on a new feature of Redmond’s flagship operating system that constantly takes screenshots of whatever users are doing on their computers, saying the feature would no longer be enabled by default.
Last month, Microsoft debuted Copilot+ PCs, an AI-enabled version of Windows. Copilot+ ships with a feature nobody asked for that Redmond has aptly dubbed Recall, which constantly takes screenshots of what the user is doing on their PC. Security experts roundly trashed Recall as a fancy keylogger, noting that it would be a gold mine of information for attackers if the user’s PC was compromised with malware.
Microsoft countered that Recall snapshots never leave the user’s system, and that even if attackers managed to hack a Copilot+ PC they would not be able to exfiltrate on-device Recall data. But that claim rang hollow after former Microsoft threat analyst Kevin Beaumont detailed on his blog how any user on the system (even a non-administrator) can export Recall data, which is just stored in an SQLite database locally.
“I’m not being hyperbolic when I say this is the dumbest cybersecurity move in a decade,” Beaumont said on Mastodon.
In a recent Risky Business podcast, host Patrick Gray noted that the screenshots created and indexed by Recall would be a boon to any attacker who suddenly finds himself in an unfamiliar environment.
“The first thing you want to do when you get on a machine if you’re up to no good is to figure out how someone did their job,” Gray said. “We saw that in the case of the SWIFT attacks against central banks years ago. Attackers had to do screen recordings to figure out how transfers work. And this could speed up that sort of discovery process.”
Responding to the withering criticism of Recall, Microsoft said last week that it will no longer be enabled by default on Copilot+ PCs.
Only one of the patches released today — CVE-2004-30080 — earned Microsoft’s most urgent “critical” rating, meaning malware or malcontents could exploit the vulnerability to remotely seize control over a user’s system, without any user interaction.
CVE-2024-30080 is a flaw in the Microsoft Message Queuing (MSMQ) service that can allow attackers to execute code of their choosing. Microsoft says exploitation of this weakness is likely, enough to encourage users to disable the vulnerable component if updating isn’t possible in the short run. CVE-2024-30080 has been assigned a CVSS vulnerability score of 9.8 (10 is the worst).
Kevin Breen, senior director of threat research at Immersive Labs, said a saving grace is that MSMQ is not a default service on Windows.
“A Shodan search for MSMQ reveals there are a few thousand potentially internet-facing MSSQ servers that could be vulnerable to zero-day attacks if not patched quickly,” Breen said.
CVE-2024-30078 is a remote code execution weakness in the Windows WiFi Driver, which also has a CVSS score of 9.8. According to Microsoft, an unauthenticated attacker could exploit this bug by sending a malicious data packet to anyone else on the same network — meaning this flaw assumes the attacker has access to the local network.
Microsoft also fixed a number of serious security issues with its Office applications, including at least two remote-code execution flaws, said Adam Barnett, lead software engineer at Rapid7.
“CVE-2024-30101 is a vulnerability in Outlook; although the Preview Pane is a vector, the user must subsequently perform unspecified specific actions to trigger the vulnerability and the attacker must win a race condition,” Barnett said. “CVE-2024-30104 does not have the Preview Pane as a vector, but nevertheless ends up with a slightly higher CVSS base score of 7.8, since exploitation relies solely on the user opening a malicious file.”
Separately, Adobe released security updates for Acrobat, ColdFusion, and Photoshop, among others.
As usual, the SANS Internet Storm Center has the skinny on the individual patches released today, indexed by severity, exploitability and urgency. Windows admins should also keep an eye on AskWoody.com, which often publishes early reports of any Windows patches gone awry.
Microsoft gets itself into a pickle with a privacy-popping new feature on its CoPilot+ PCs, the FTC warns of impersonated companies, and is your company hiring North Korean IT workers?
All this and much much more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault, joined this week by author, journalist, and podcaster Geoff White.
There's a Bing ding dong, after Microsoft (over?) enthusiastically encourages Chrome users to stop using Google, and silence hits the British Library as it shares its story of a ransomware attack.
All this and more is discussed in the latest edition of the “Smashing Security” podcast by cybersecurity veterans Graham Cluley and Carole Theriault.
Plus: Don't miss our featured interview with Kolide founder Jason Meller about his firm's acquisition by 1Password.
Chinese mini PC manufacturer ACEMAGIC has made life a bit more interesting for its customers, by admitting that it has also been throwing in free malware with its products.