STE WILLIAMS

AMD dials 911, emits DMCA takedowns after miscreant steals a load of GPU hardware blueprints, leaks on GitHub

On Wednesday, AMD confirmed intellectual property related to its graphics processors was stolen last year, though insisted the leaked files will not damage its business nor compromise product security.

“In December 2019, we were contacted by someone who claimed to have test files related to a subset of our current and future graphics products, some of which were recently posted online, but have since been taken down,” the Radeon and Ryzen designer said in a statement.

Two days ago, AMD issued two Digital Millennium Copyright Act (DMCA) takedown notices to GitHub, directing the Microsoft-owned code storage biz to remove five repositories – an original repo and four copies – that contained confidential internal hardware source code for its Navi family of GPUs.

AMD Verilog code stolen and leaked on GitHub

Screenshot of some of the leaked AMD Verilog code … Click to enlarge

The stolen blueprints, seemingly written in Verilog, appear to have been uploaded to GitHub over the past weekend. File directory listings of the repositories, posted to Pastebin.com recently, have also been taken down. The filenames suggest the code implemented test cases among other things.

AMD bloodbath

AMD, boffins clash over chip data-leak claims: New side-channel holes in decades of cores, CPU maker disagrees

READ MORE

“While we are aware the perpetrator has additional files that have not been made public, we believe the stolen graphics IP is not core to the competitiveness or security of our graphics products,” AMD said. “We are not aware of the perpetrator possessing any other AMD IP.”

AMD said it’s working with law enforcement officials as part of a criminal investigation. A company spokesperson declined to provide further details.

According to TorrentFreak, an unidentified individual obtained and leaked hardware design source code – the human-friendly-ish language used to describe a chip’s workings – related to the Navi 10 and Navi 21 GPUs in AMD’s Radeon RX 5000 series, as well as AMD’s unreleased Arden GPU, which is expected to be part of Microsoft’s upcoming Xbox Series X console.

The miscreant claimed they “found AMD Navi GPU hardware source codes in a hacked computer” in November last year, adding: “I haven’t spoken to AMD about it because I am pretty sure that instead of accepting their mistake and moving on, they will try to sue me. So why not just leak it to everyone?”

The Register reached out to the email address listed on the primary removed repository, and we’ve not heard back. The account included a Bitcoin address seeking donations because there’s “wayyy more stuff awaiting to be leaked.” ®

Sponsored:
Webcast: Why you need managed detection and response

Article source: https://go.theregister.co.uk/feed/www.theregister.co.uk/2020/03/26/amd_code_shutdown/

Tupperware Hit by Card Skimmer Attack

Malicious code was found hidden inside graphics files on the storage container maker’s e-commerce website.

Tupperware famously locks in food’s freshness, but hackers could not be locked out of the company’s e-commerce site. The primary Tupperware site, along with several localized versions, were compromised by digital credit card skimmer disguised inside an image file.

Researchers at Malwarebytes Labs discovered the malicious code when they noticed an anomaly in an iframe container. While the researchers say they don’t know what the infection vector was, the malicious campaign is ongoing and, at press time, still active.

The researchers note several details in the malicious code that indicate attackers less polished in their craft than other well-known criminal gangs are involved.

“This does indeed sound like the work of a new cybergang that has not scaled operations yet,” Mounir Hahad, head of Juniper Threat Labs at Juniper Networks, told Dark Reading. “The domain name they chose to register was not customized to blend into their target victim’s normal website operations, and based on DNS resolution telemetry, it does not seem to have reached any meaningful scale. Nonetheless, this may be the blueprint of future similar attacks on other websites.”

Read more here.

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s featured story: “What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/attacks-breaches/tupperware-hit-by-card-skimmer-attack/d/d-id/1337409?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

3 Mobile Security Problems That Most Security Teams Haven’t Fixed Yet

Mobility must be included in the security operations workflow so that company data is protected regardless of where remote workers are located.

Workplaces continue to expand beyond the walls of the traditional office building and out into unsecured environments, increasingly relying on mobile devices. But as mobile usage increases, so do the security risks. According to the “Verizon 2020 Mobile Security Indes Report,” 67% of organizations say they are less confident in their security than their other IT assets, and 33% admit to having suffered a compromise involving a mobile device.

Even as enterprises begin to allow more and more access to sensitive information via mobile devices, there remain three mobile security problems that most security teams have yet to fix.

  1. Allowing malware to be a distraction, when the real threat is mobile phishing: When it comes to modern cybersecurity threats, the conversation has largely been dominated by malware. The deluge of headlines warning of increased attacks across industries with catastrophic consequences serve as a distraction when it comes to mobile security. Wandera’s “Mobile Threat Landscape 2020” report found that just 13% of all organizations have experienced a malware incident on a mobile device, compared with the 57% of organizations that have experienced a mobile phishing incident.

    And phishing threats continue to evolve, with 81% of attacks now taking place outside of email. Instead, attackers are targeting victims via messaging apps or social media, where they have a better chance of luring users into fake profiles, promotions, and notifications. These tactics make it easier for bad actors to extract personal data and account credentials discreetly, leaving the user oblivious to the breach. Don’t be fooled by the constant malware headlines — organizations must remain vigilant when it comes to mobile phishing, as the threat posed by malware pales in comparison.

  1. Misunderstanding application security: Even as the availability of apps for enterprises has increased, the emphasis on mobile app security has not kept pace. While mobile has the potential to make organizations more efficient, it presents a whole new set of challenges by expanding the footprint that IT needs to manage and secure, and the risks go far beyond simple malware.

    Currently, there are three areas that mobile businesses are struggling to tackle. First, persistent data leaks, such as the ones British Airways experienced in 2019 due to unencrypted check-in links across mobile platforms. Second, policies that allow apps with excessive permissions, which often lead to users unknowingly expose personal data. As we’ve learned on numerous occasions with WhatsApp, what’s secure today might be vulnerable tomorrow, and apps with excessive permissions require continuous monitoring. Finally, organizations need to set clear policies for governing and monitoring apps, specifically those that are used without direct approval from the IT department. For example, physicians who store sensitive patient data on personal tablets run the risk of exposing that information when they are introduced to untrusted software.

    One solution to this issue would be for organizations to consider vetting applications over time, rather than just one initial screening process at the onset. Continuous vetting is a proven method to address all three challenges and ensure your organization stays ahead of vulnerabilities and avoids catastrophe.

  1. Trusting your mobile operating systems: The past year has taught us that even the most current operating systems aren’t necessarily the most secure. There is a common misconception that iPhones and Android devices are secure without requiring security software; and yet, both Apple and Google have demonstrated time and again that they are not immune to vulnerabilities. Earlier this year, Apple accidentally reopened a security flaw that introduced jailbreak risks, just weeks after discovering that hackers could remotely retrieve files from an iOS device by exploiting a vulnerability in iMessage.

    Similarly, Android device manufacturers are no strangers to controversy, as researchers discover new Android vulnerabilities on a regular basis, even on brand-new devices. Both of these examples prove again that mobile operating systems simply aren’t bulletproof. It’s time for organizations to implement a layered system of defense in order to mitigate attacks, should they slip through a hole in that organization’s mobile operating system of choice.

Mobile deployments represent a new set of security challenges for which organizations haven’t yet accounted. Few have policies in place to ensure that effective adoption of mobile devices doesn’t compromise the security of the corporate data used on these devices. Moving forward, organizations must establish formal documentation guiding employees on how to securely work remotely. Additionally, they should incorporate mobility into the security operations workflow so company data is protected no matter where workers are physically located. The NIST Guidelines for Managing the Security of Mobile Devices in the Enterprise is a step in the right direction, but we still have a long way to go, and now is the time to get started.

Related Content:

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s featured story: “Security Lessons We’ve Learned (So Far) from COVID-19.

Michael J. Covington, Ph.D., is a seasoned technologist and the Vice President of Product Strategy for Wandera, a leading provider of mobile security. Michael is a hands-on innovator with broad experience across the entire product life cycle, from planning and RD to … View Full Bio

Article source: https://www.darkreading.com/mobile/3-mobile-security-problems-that-most-security-teams-havent-fixed-yet/a/d-id/1337339?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Security Not a Priority for SAP Projects, Users Report

Nearly 70% of SAP users surveyed believe organizations lacked focus on IT security during previous SAP implementations.

A vast majority (68.8%) of SAP users believe their business placed inadequate focus on IT security during SAP implementations, researchers report in a new study on SAP security. More than half (53.4%) said it was “very common” to find SAP security flaws in the audit process. 

Turnkey Consulting researchers polled more than 100 SAP customers, all of whom were at the managerial level or above, across the UK, Europe, Asia, and the US. Their goal was to learn the cost and effects of SAP security remediation; to do this, they asked about participants’ current security position, perceived costs to fix it, and plans for security in future SAP implementations.

Respondents expect SAP audit findings for at least 80% of companies, indicating a broad belief that auditors will focus on SAP as a business-critical system. But they are not confident in their SAP environments: one-fifth of SAP customers don’t have the skills and tools to effectively protect their SAP applications and environments; 64.5% said they have “some” skills and tools.

Taking a closer look at specific areas of concern, 93.2% believe it’s likely an SAP audit would reveal access management problems. Most (86.4%) think it’s “common” or “very common” to have audit findings related to privileged or emergency access. This may indicate a broad lack of effective controls for privileged access management, or low confidence in current controls.

Overall, it seems these concerns are driving a stronger focus on security. Nearly 75% of respondents anticipate IT security will be a higher priority in future SAP deployments; 89.6% say security specialists should be recruited to support SAP S/4 HANA transformation initiatives.

Read the full report here.

Check out The Edge, Dark Reading’s new section for features, threat data, and in-depth perspectives. Today’s featured story: “What Should I Do If Someone Is Impersonating My Company in a Phishing Campaign?

Dark Reading’s Quick Hits delivers a brief synopsis and summary of the significance of breaking news events. For more information from the original source of the news item, please follow the link provided in this article. View Full Bio

Article source: https://www.darkreading.com/risk/security-not-a-priority-for-sap-projects-users-report/d/d-id/1337419?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

10 Security Services Options for SMBs

Outsourcing security remains one of the best ways for small to midsize businesses to protect themselves from cyberthreats. PreviousNext

Image Source: Adobe Stock: Wladimir1804

Image Source: Adobe Stock: Wladimir1804

 

For small and midsize businesses, cyberattacks can hurt in a big way – and if they lead to data breaches, the pain can be devastating.

 

A landmark survey of more than 1,000 SMBs last fall by the National Cyber Security Alliance found that while 88% believe they are “somewhat likely” a target for cybercriminals, nearly 30% already experienced a data breach in the past year. And of the group that was breached, 37% suffered a financial loss, 25% filed for bankruptcy, and 10% went out of business.

 

SMBs today have a wide range of security outsourcing options to choose from to tighten up their security defenses. While it remains unclear just how much the rapidly changing economic impact of the COVID-19 pandemic will affect small (less than 100 employees) and midsize (100 to 999 employees) business in the long term, cybercriminals aren’t slowing down their activity, either.

 

Here is a look at some providers of security services for SMBs. This list draws from reports and research on managed security service providers (MSSPs) published in the past year by analysts including Gartner, Forrester, and IDC. Through extensive interviews with the vendors, only the companies that actually have programs for SMBs made the list.

 

This is not a comprehensive list of all security services out there for SMBs, so feel free to add others in our Comments section below.

 

 

 

Steve Zurier has more than 30 years of journalism and publishing experience, most of the last 24 of which were spent covering networking and security technology. Steve is based in Columbia, Md. View Full BioPreviousNext

Article source: https://www.darkreading.com/cloud/10-security-services-options-for-smbs--------------/d/d-id/1337354?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

How Zoom, Netflix, and Dropbox are Staying Online During the Pandemic

But cloud platforms of some of the most popular internet services the quarantined world is now heavily leaning on for work, socializing, and entertainment – Zoom, Dropbox, and Netflix – have so far had no major trouble absorbing the massive surge in usage.

That’s according to infrastructure leads for each of the three companies, who spoke as candidly as they could about the situation in a webinar Wednesday. Conducted over Zoom, the virtual event was organized by Kentik, developer of network monitoring tools which some of the speakers’ companies use.

Read the full article here on Data Center Knowledge.

Article source: https://www.darkreading.com/operations/how-zoom-netflix-and-dropbox-are-staying-online-during-the-pandemic/d/d-id/1337422?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

How to Evict Attackers Living Off Your Land

As cyber defenses improve, adversaries are shifting to stealthy “living-off-the-land” attacks that use targets’ own tools against them. Here are some tips to defend your turf.

(Image: lovelyday12 via Adobe Stock)

Why invest in top-shelf malware just to have it be turned away by antivirus tools again and again? Why launch a cyberattack like that when your target is already full of perfectly good attack tools, just waiting for you?

More and more threat actors are coming to that conclusion. As cyber defenses improve, adversaries are shifting to stealthy “living-off-the-land” (LotL) attacks that defy many automated security measures. 

Here are some ways to begin countering the threat.    

What Is LotL?
The term “living off the land” refers to fileless, malware-less attacks that turn a system’s own native tools against them. Bad actors use perfectly legitimate programs and processes to perform malicious activities, thereby blending into a network and hiding among the legitimate processes to pull off a stealthy exploit.

“Traditionally, attackers have exploited a target environment and then pushed their own tools onto target machines, including backdoors, rootkits, harvesting tools, and more,” says Ed Skoudis, a security veteran and instructor with the SANS Institute. “With living-off-the-land techniques, the attacker uses the compromised machine itself, and components of its operating system, to attack that system further and to spread to other machines in the environment. So the compromised machine’s operating system becomes, in essence, the attacker’s toolkit. The attacker uses its resources and place on the network to undermine the entire targeting environment.”

In other words, criminals have realized that the most subtle and effective way to wield control over a system is to use the exact same operating system components and methods used by system administrators, Skoudis says.  

Some of the tools commonly exploited for LotL attacks include PowerShell scripts, VB scripts, WMI, Mimikatz, and PsExec. These are administrative and troubleshooting tools that are already in the environment and won’t set off alarm bells when an attacker uses them.

A well-known example of an attack that utilized LotL techniques was the 2017 to 2018 outbreak of the Petya/NotPetya ransomware, which used a software supply chain attack as the initial vector to compromise an update process in a software accounting program.

Good Defenses Make LotL Attacks Likelier
LotL attacks aren’t new. Chester Wisniewski, principal research scientist at Sophos, says they’re the result of even better defenses in security. In other words, security teams are a victim of their own success.

“These tactics have been around for decades but in recent years have become mainstream,” Wisniewski says.

In fact, in 2019 most attacks in CrowdStrike’s research and incident reporting were “malware-free” for the first time

“Security defenses and patching have improved dramatically in the last five years,” Wisniewski says, “making it harder to run malicious code on any given system. System tools are often whitelisted and can be the only process allowed to run on a secured system, making them obvious targets for an attacker. These changes in tactics are driving security tools to focus more on behaviors and less on specific file samples.”

Adds Skoudis: “With application whitelisting, attackers often find that their own tools simply won’t run on the target operating system. But the operating system components themselves will still run, so attackers use those. It’s quite pernicious — the operating system is a treasure trove of programs and scripts the attacker can abuse.”

Every type of environment is susceptible to this kind of attack, the researchers say. But attackers are more likely to use LotL techniques in environments that are particularly locked down or well-monitored.

“If the environment is weak or badly instrumented, attackers do not have to resort to live-off-the-land attacks. But in especially secure networks, attackers have this option for being even [stealthier and more] effective,” Skoudis says.

Once they have managed to find ways to co-opt admin tools for their own purposes, Wisniewski says attacks can range widely: ransomware operators using software deployment tools to deliver the ransomware code, for example, or nation-state actors using Mac and Linux PCs as a place to hide while they handcraft attack tools using built-in scripting languages like Perl, Python, or even C++. 

“We also see malware abusing the Windows operating system’s built-in features like a hostile, mutant MacGyver variant, dominating the machine using only its wits and the tools it can fashion out of local materials,” he says.

Defending Against LotL Attacks
Because LotL attacks take advantage of commonly used tools, obviously that makes them very difficult to detect. But Skoudis recommends “purple teaming” — having red teamers apply LotL tactics in an exercise to ensure that blue teamers and SOC personnel can detect and thwart these techniques. He also suggests whitelisting practices with this in mind.

“Application whitelisting does go a long way in blocking attackers, provided that it is tuned to prevent execution of various unusual programs in the operating system that are often abused in these attacks,” he says.

Skoudis directs security teams to the LotL project page on GitHub for a list of binaries, scripts, and libraries that are often abused in LotL attacks — like bash, cmdkey, shell32, rundll32, and over 100 others.  

Most rank-and-file users have no need to run many of those programs, and organizations can configure their application whitelisting tools to prevent execution of the most suspicious of them, he says.

Wisniewski recommends a blend of behavioral-based detection and monitoring strategies to try and stay on top of LotL-based attacks.

“Since living-off-the-land attacks take advantage of existing system tools that are often whitelisted or overlooked by security tools that rely on static detection techniques, implementing tools that take behavior into consideration is essential,” he says.

Also important, Wisniewski says, “is raising alerts for humans to investigate when these tools are used outside of planned maintenance windows. By employing proactive security with 24/7 monitoring by both automated software and threat hunting experts, organizations can more quickly and effectively identify, investigate, and mitigate anomalous behavior. Combining the best tools with the brightest minds to neutralize active threats with speed and precision, while limiting recurrence, is the best approach for defending against these attacks.”

Related Content:

 

Joan Goodchild is a veteran journalist, editor, and writer who has been covering security for more than a decade. She has written for several publications and previously served as editor-in-chief for CSO Online. View Full Bio

Article source: https://www.darkreading.com/edge/theedge/how-to-evict-attackers-living-off-your-land/b/d-id/1337420?_mc=rss_x_drr_edt_aud_dr_x_x-rss-simple

Apple iOS 13.4 offers fixes for 30 vulnerabilities

Apple has just announced its latest something for everyone security and feature updates for iOS, iPadOS, macOS, watchOS, and tvOS.

In terms of security, the attention grabber is iOS/iPad 13.4, which fixes 30 CVEs. Apple doesn’t rate the severity of vulnerabilities in its advisories, but we can pick out a few highlights from their descriptions.

The following apply to supported devices, namely the iPhone 6s and later, iPad Air 2 and later, iPad mini 4 and later, and iPod touch 7th generation.

Kernel bugs

The standout here is CVE-2020-9785, through which a rogue application could execute with kernel privileges, mirroring CVE-2020-3919, an identical-sounding issue connected to the IOHIDFamily.

A third kernel flaw fixed is CVE-2020-3914, information disclosure by reading restricted memory.

WebKit

As usual, WebKit browser engine and Safari gave Apple plenty to fix, all bar one of which were found by sources outside the company, including an arbitrary code execution flaw, CVE-2020-3899, credited to Google’s open source fuzzing tool, OSS-Fuzz.

Of the 10 CVEs in WebKit, another four allow arbitrary code execution, including CVE-2020-3901 and CVE-2020-9783, which could be exploited through maliciously crafted web content. The same goes for CVE-2020-3902, in which maliciously crafted content could make possible a cross-site scripting attack.

The Safari vulnerabilities, CVE-2020-9775 and CVE-2020-9781, are both relatively minor but unusual, the first causing a user’s private browsing history to be saved in the Screen Time parental control app, the second causing a user to “grant website permissions to a site they didn’t intend to.”

The WebKit fixes are mirrored in the desktop version of Safari.

Bluetooth

Bluetooth is another interface that often causes problems. This time it’s CVE-2020-9770, through which an attacker with authenticated network access could intercept Bluetooth traffic from another iOS device.

A final one to watch is CVE-2020-3891, which an attacker with physical access to a locked iOS device could reply to messages even when that function is disabled.

macOS update

The macOS update takes Catalina to version 10.15.4 (security update 2020-002 for Mojave and High Sierra), fixing 27 CVE-level flaws.

Several of these are the same flaws fixed separately in iOS, namely CVE-2020-9785 and CVE-2020-3914 affecting the kernel, and CVE-2020-3919 in the IOHIDFamily.

Others include CVE-2019-14615, a low-priority fix for an Intel graphics driver vulnerability dating back to January, and CVE-2019-19232, an issue with sudo in the terminal window which could allow an attacker to run commands as a non-existent user.

And it wouldn’t be an Apple update without at least one fix for FaceTime, CVE-2020-3881.

Safari reaches 13.1 with fixes for 11 CVE bugs, all but one of which are, predictably, the same WebKit flaws fixed separately in iOS 13.4.

What to do?

To check you’re up to date:

  • On an iPhone or iPad, go to Settings General Software Update.
  • On a Mac, go to the Apple menu, choose About This Mac and click Software Update.

If your device has already updated automatically, you will see this on the update screen. If not, it will let you know about the update and offer to install it for you.


Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/RQOKSZ9j-p4/

Hijacked Twitter accounts used to advertise face masks

As of Tuesday, hijacked Twitter accounts were spewing out hundreds of tweets hawking a dodgy looking face mask/toilet paper/digital forehead thermometer online store, according to Motherboard’s Vice.

When Vice’s Joseph Cox searched for the masks site on Tuesday, he found what he called a “heavy stream” of other accounts that posted a link to the site. Some at least appeared to have been hijacked, given that they were created years ago and posted what Cox called “relatively normal content” before tweeting out the link to the masks site.

As of Wednesday afternoon, two Twitter accounts were still advertising masksfast[.]us. One of the accounts, created in April 2012, had zero followers and had only ever created one post: the ad for masks that it posted on Tuesday. Another account advertising the (potentially scammy) site hadn’t previously posted anything since July 2019, has only retweeted and has never posted original content, all of which gives off the aroma of a bot network and/or having been hacked away from their rightful account owners.

I reported both accounts to Twitter.

Vice knows for sure that one of the accounts pumping out mask advertising was hijacked, given that the account belonged to one of its own: Motherboard’s Todd Feathers. On Tuesday, the journalist confirmed on Twitter that his account had been hijacked and used to send out direct messages, purportedly about face masks.

Vice found another hijacked account that posted tweets to a website called “Masks 2 U” and which included this message in broken English:

Wearing mask make you away from COVID-19

Motherboard’s Feathers told Vice that about 40 minutes before he logged into Twitter and realized that his account had been hacked, the platform had informed him that his account was last accessed by a computer in Virginia. That doesn’t mean much: whoever took over his account could have been located anywhere.

After the hijacker had control of Feathers’s account, they used it to send a tweet advertising the masks website. They also sent a link to the site, via DM, to a load of his followers, Feathers said.

They sent DMs to what looks like all (or at least a lot) of my followers with a link to masksfast [.] us and some variation of the message: ‘Masks save lives.’

As Cox notes, it’s not clear whether the barebones site is actually selling the products it lists or if it’s just a scam. I, for one, certainly wouldn’t hand over my credit card, given a number of oddities, including that a) clicking on its multiple social media logos merely sends you round-robin, returning you to the site’s home page, and b) the site refers to toilet paper as “paper towels,” which suggests that its creators aren’t fluent with the American English terminology for the quotidian product that’s grown so scarce, or with its British rendition (“toilet paper” or “toilet roll.”)

At any rate, as Cox reports, the records for the site show that it was created on Monday. Motherboard also found other, near-identical mas ks websites hosted on the same IP address as the site mentioned by the hacked accounts, some of which had been created just a few days earlier.

The timing of this coronavirus-related cyber assault jibes with what’s happening all over the internet. Over the past week or so, thousands of COVID-19 scam and malware sites have been pumped out on a daily basis. Cyber crooks have been going online to put up coronavirus scam sites or to sell counterfeit surgical masks; fake self-testing kits for HIV and glucose monitoring; and/or bogus antiviral meds, chloroquine (that’s fish-tank cleaner to me and you, and regardless of what you might have heard, please don’t take it – at least one man has already died), Vitamin C or other food supplements.

Law enforcement agents have been trying to mop it all up: on Friday, the state of New York let it be known to domain registrars that it’s high time they cracked down on this health-threatening trend by making it tougher to register a domain that’s likely to be selling snake oil, inflicting malware or setting up whatever other trap the crooks have been rushing to put into place.

Europol on Saturday announced that a global operation to target trafficking in counterfeit medicines – named Operation Pangea – has resulted in the seizure of nearly 34,000 counterfeit surgical masks.

Involving 90 countries worldwide, the operation took place between 3 and 10 March and led to the seizure of €13 million (USD $14m, £11.9m) worth of potentially dangerous drugs. Law enforcement officers also coordinated by Interpol took down about 2,500 links to websites, social media, online marketplaces, and ads. Police also arrested 121 COVID-19 scam suspects and took down 37 organized crime groups.

Europol says that the operation, which is ongoing, revealed a “worrying increase” in unauthorized antiviral medications and the antimalarial chloroquine.

In short, the hijacked Twitter accounts being used to hype face mask sites are yet another wrinkle in what the World Health Organization (WHO) has dubbed the Infodemic – a virtual plague of misinformation and fraud that it’s fighting right alongside the viral pandemic.

Twitter reacts

Twitter told Motherboard that it had taken action against a number of accounts and URLs around the suspicious activity. The platform pointed to its policy banning malicious use of bots and inauthentic accounts. Its statement:

Currently, our team is not seeing large-scale coordinated platform manipulation surrounding the Covid-19 conversation. As is standard, we will remove any pockets of smaller coordinated attempts to distort or inorganically influence the conversation. Additionally, we’re continuing to review and require the removal of Tweets that do not follow the Twitter Rules – half of which we catch before they’re ever reported to us. If people see anything suspicious on our service, please report it to us. This is an evolving global conversation and we will remain vigilant.


Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/faof9I8OINQ/

Adobe issues emergency fix for file-munching bug

Adobe has released another security patch outside of its usual routine this month to deal with a strange bug that can allow attackers to delete victims’ files.

The file-deleting bug, CVE-2020-3808, stems from a time-of-check to time-of-use race condition vulnerability, which happens when two system operations try to access shared data at the same time. That allows an attacker to manipulate files on the victim’s system. The company warned:

Successful exploitation could lead to arbitrary file deletion.

To successfully exploit the flaw, an attacker would need to convince a victim to open a malicious file, Adobe has said.

Creative Cloud is a subscription-based service that lets users access its range of creative software products from Adobe online, and to use some cloud-based services that support them. Users get well-known Adobe titles like Acrobat, After Effects, Dreamweaver, Illustrator, InDesign, and Photoshop. It replaced Creative Suite, which was its perpetual license software.

The bug affects Creative Cloud version 5.0 and earlier on Windows platforms according to the company’s advisory, and it has a severity rating of critical. Adobe has issued a FIX and given it a priority rating of two. In other words, it isn’t the most urgent patch in history, but you should still hop on it, sharpish. The fact that the company issued an out-of-band patch to fix the vulnerability indicates how seriously it’s taking this.

The fix involves installing version 5.1 of the software.

This isn’t the only such patch this month. The company issued a gaggle of bug fixes on 17 March, which were late, as it normally aligns its patches with Microsoft’s Patch Tuesday releases. The 41 vulnerabilities appeared in Photoshop, Acrobat, and Reader, and more than half of them received a critical rating.

In its advisory this week, Adobe credited Jiadong Lu of South China University of Technology and Zhiniang Peng of Qihoo 360 Core Security with finding the file-munching bug.


Latest Naked Security podcast

LISTEN NOW

Click-and-drag on the soundwaves below to skip to any point in the podcast. You can also listen directly on Soundcloud.

Article source: http://feedproxy.google.com/~r/nakedsecurity/~3/XzUdSN6wckY/