• chevron_right

      Why the US government’s overreliance on Microsoft is a big problem

      news.movim.eu / ArsTechnica · 13:55

    Windows logo

    Enlarge (credit: Joan Cros via Getty )

    When Microsoft revealed in January that foreign government hackers had once again breached its systems , the news prompted another round of recriminations about the security posture of the world’s largest tech company.

    Despite the angst among policymakers, security experts, and competitors, Microsoft faced no consequences for its latest embarrassing failure. The United States government kept buying and using Microsoft products, and senior officials refused to publicly rebuke the tech giant. It was another reminder of how insulated Microsoft has become from virtually any government accountability, even as the Biden administration vows to make powerful tech firms take more responsibility for America’s cyber defense.

    Read 55 remaining paragraphs | Comments

    • Sl chevron_right

      Contact publication

      pubsub.blastersklan.com / slashdot · 01:53 edit · 1 minute

    T-Mobile employees from around the country are reportedly receiving text messages offering them cash in exchange for swapping SIMs. SIM swapping is when cybercriminals trick a cellular service provider into switching a victim's service to a SIM card that they control, essentially hijacking the victim's phone number and gaining access to two-factor authentication codes. From the Mobile Report: The texts offer the employee $300 per SIM swap, and asks the worker to contact them on telegram. The texts all come from a variety of different numbers across multiple area codes, making it more difficult to block. The text also claims they acquired the employee's number "from the T-Mo employee directory." If true, it could mean T-Mobile's employee directory, with contact numbers, has somehow been accessed. It's also possible the bad actor has live/current access to this data, though we consider that less likely due to the fact that some impacted people are former employees who have not worked at the company in months. Still, the biggest issue here is how this person (or multiple people) obtained the employee phone numbers. We're not sure yet which employees are impacted, but based on comments online it seems at least a few third-party employees are affected, and we've independently confirmed current corporate employees have also received the message. Though we can't say for certain, this likely means the information is not the same data as what was leaked during the Connectivity Source breach [from September]. We can't, however, eliminate that possibility. As mentioned, there are reports that some of the contacted people are former employees, and haven't been employed at T-Mobile for months, so the information being acted upon is likely a few months old at the very least. That being said, we're pretty confident based on corporate employees being included that this is a different source of data being used.

    Read more of this story at Slashdot.

    T-Mobile Employees Across The Country Receive Cash Offers To Illegally Swap SIMs: Report
    • wifi_tethering open_in_new

      This post is public

      it.slashdot.org /story/24/04/16/008241/t-mobile-employees-across-the-country-receive-cash-offers-to-illegally-swap-sims-report

    • Sl chevron_right

      Contact publication

      pubsub.blastersklan.com / slashdot · Yesterday - 22:58 edit · 1 minute

    Roku has made two-factor authentication (2FA) mandatory for all users following two credential stuffing attacks that compromised approximately 591,000 customer accounts and led to unauthorized purchases in fewer than 400 cases. The Register reports: Credential stuffing and password spraying are both fairly similar types of brute force attacks, but the former uses known pairs of credentials (usernames and passwords). The latter simply spams common passwords at known usernames in the hope one of them leads to an authenticated session. "There is no indication that Roku was the source of the account credentials used in these attacks or that Roku's systems were compromised in either incident," it said in an update to customers. "Rather, it is likely that login credentials used in these attacks were taken from another source, like another online account, where the affected users may have used the same credentials." All accounts now require 2FA to be implemented, whether they were affected by the wave of compromises or not. Roku has more than 80 million active accounts, so only a minority were affected, and these have all been issued mandatory password resets. Compromised or not, all users are encouraged to create a strong, unique password for their accounts, consisting of at least eight characters, including a mix of numbers, symbols, and letter cases. [...] Roku also asked users to remain vigilant to suspicious activity regarding its service, such as phishing emails or clicking on dodgy links to rest passwords -- the usual stuff. "In closing, we sincerely regret that these incidents occurred and any disruption they may have caused," it said. "Your account security is a top priority, and we are committed to protecting your Roku account."

    Read more of this story at Slashdot.

    Roku Makes 2FA Mandatory For All After Nearly 600K Accounts Pwned
    • wifi_tethering open_in_new

      This post is public

      it.slashdot.org /story/24/04/15/2052206/roku-makes-2fa-mandatory-for-all-after-nearly-600k-accounts-pwned

    • Sl chevron_right

      Contact publication

      pubsub.blastersklan.com / slashdot · Yesterday - 21:13 edit · 1 minute

    The U.S. government is warning that smart locks securing entry to an estimated 50,000 dwellings nationwide contain hard-coded credentials that can be used to remotely open any of the locks. Krebs on SecurityL: The lock's maker Chirp Systems remains unresponsive, even though it was first notified about the critical weakness in March 2021. Meanwhile, Chirp's parent company, RealPage, Inc., is being sued by multiple U.S. states for allegedly colluding with landlords to illegally raise rents. On March 7, 2024, the U.S. Cybersecurity & Infrastructure Security Agency (CISA) warned about a remotely exploitable vulnerability with "low attack complexity" in Chirp Systems smart locks. "Chirp Access improperly stores credentials within its source code, potentially exposing sensitive information to unauthorized access," CISA's alert warned, assigning the bug a CVSS (badness) rating of 9.1 (out of a possible 10). "Chirp Systems has not responded to requests to work with CISA to mitigate this vulnerability." Matt Brown, the researcher CISA credits with reporting the flaw, is a senior systems development engineer at Amazon Web Services. Brown said he discovered the weakness and reported it to Chirp in March 2021, after the company that manages his apartment building started using Chirp smart locks and told everyone to install Chirp's app to get in and out of their apartments.

    Read more of this story at Slashdot.

    Crickets From Chirp Systems in Smart Lock Key Leak
    • wifi_tethering open_in_new

      This post is public

      it.slashdot.org /story/24/04/15/1826215/crickets-from-chirp-systems-in-smart-lock-key-leak

    • chevron_right

      Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M

      news.movim.eu / ArsTechnica · Yesterday - 19:46

    Alleged cryptojacking scheme consumed $3.5M of stolen computing to make just $1M

    Enlarge (credit: Getty Images)

    Federal prosecutors indicted a Nebraska man on charges he perpetrated a cryptojacking scheme that defrauded two cloud providers—one based in Seattle and the other in Redmond, Washington—out of $3.5 million.

    The indictment , filed in US District Court for the Eastern District of New York and unsealed on Monday, charges Charles O. Parks III—45 of Omaha, Nebraska—with wire fraud, money laundering, and engaging in unlawful monetary transactions in connection with the scheme. Parks has yet to enter a plea and is scheduled to make an initial appearance in federal court in Omaha on Tuesday. Parks was arrested last Friday.

    Prosecutors allege that Parks defrauded “two well-known providers of cloud computing services” of more than $3.5 million in computing resources to mine cryptocurrency. The indictment says the activity was in furtherance of a cryptojacking scheme, a term for crimes that generate digital coin through the acquisition of computing resources and electricity of others through fraud, hacking, or other illegal means.

    Read 9 remaining paragraphs | Comments

    • Sl chevron_right

      Contact publication

      pubsub.blastersklan.com / slashdot · Yesterday - 17:43 edit

    An anonymous reader shares a report: Shakeeb Ahmed, a cybersecurity engineer convicted of stealing around $12 million in crypto, was sentenced on Friday to three years in prison. In a press release, the U.S. Attorney for the Southern District of New York announced the sentence. Ahmed was accused of hacking into two cryptocurrency exchanges, and stealing around $12 million in crypto, according to prosecutors. Adam Schwartz and Bradley Bondi, the lawyers representing Ahmed, did not immediately respond to a request for comment. When Ahmed was arrested last year, the authorities described him as "a senior security engineer for an international technology company." His LinkedIn profile said he previously worked at Amazon. But he wasn't working there at the time of his arrest, an Amazon spokesperson told TechCrunch. While the name of one of his victims was never disclosed, Ahmed reportedly hacked into Crema Finance, a Solana-based crypto exchange, in early July 2022.

    Read more of this story at Slashdot.

    Security Engineer Jailed For 3 Years For $12M Crypto Hacks
    • wifi_tethering open_in_new

      This post is public

      it.slashdot.org /story/24/04/15/175242/security-engineer-jailed-for-3-years-for-12m-crypto-hacks

    • chevron_right

      Framework’s software and firmware have been a mess, but it’s working on them

      news.movim.eu / ArsTechnica · Yesterday - 11:00

    The Framework Laptop 13.

    Enlarge / The Framework Laptop 13. (credit: Andrew Cunningham)

    Since Framework showed off its first prototypes in February 2021 , we've generally been fans of the company's modular, repairable, upgradeable laptops.

    Not that the company's hardware releases to date have been perfect—each Framework Laptop 13 model has had quirks and flaws that range from minor to quite significant , and the Laptop 16's upsides struggle to balance its downsides. But the hardware mostly does a good job of functioning as a regular laptop while being much more tinkerer-friendly than your typical MacBook, XPS, or ThinkPad.

    But even as it builds new upgrades for its systems, expands sales of refurbished and B-stock hardware as budget options , and promotes the re-use of its products via external enclosures , Framework has struggled with the other side of computing longevity and sustainability: providing up-to-date software.

    Read 30 remaining paragraphs | Comments

    • chevron_right

      Change Healthcare faces another ransomware threat—and it looks credible

      news.movim.eu / ArsTechnica · 3 days ago - 18:25

    Medical Data Breach text write on keyboard isolated on laptop background

    Enlarge (credit: iStock / Getty Images Plus )

    For months, Change Healthcare has faced an immensely messy ransomware debacle that has left hundreds of pharmacies and medical practices across the United States unable to process claims. Now, thanks to an apparent dispute within the ransomware criminal ecosystem, it may have just become far messier still.

    In March, the ransomware group AlphV, which had claimed credit for encrypting Change Healthcare’s network and threatened to leak reams of the company’s sensitive health care data, received a $22 million payment —evidence, publicly captured on bitcoin’s blockchain, that Change Healthcare had very likely caved to its tormentors’ ransom demand, though the company has yet to confirm that it paid. But in a new definition of a worst-case ransomware, a different ransomware group claims to be holding Change Healthcare’s stolen data and is demanding a payment of their own.

    Read 6 remaining paragraphs | Comments

    • chevron_right

      “Highly capable” hackers root corporate networks by exploiting firewall 0-day

      news.movim.eu / ArsTechnica · 4 days ago - 20:48 · 1 minute

    The word ZERO-DAY is hidden amidst a screen filled with ones and zeroes.

    Enlarge (credit: Getty Images )

    Highly capable hackers are rooting multiple corporate networks by exploiting a maximum-severity zero-day vulnerability in a firewall product from Palo Alto Networks, researchers said Friday.

    The vulnerability, which has been under active exploitation for at least two weeks now, allows the hackers with no authentication to execute malicious code with root privileges, the highest possible level of system access, researchers said. The extent of the compromise, along with the ease of exploitation, has earned the CVE-2024-3400 vulnerability the maximum severity rating of 10.0. The ongoing attacks are the latest in a rash of attacks aimed at firewalls, VPNs, and file-transfer appliances, which are popular targets because of their wealth of vulnerabilities and direct pipeline into the most sensitive parts of a network.

    “Highly capable” UTA0218 likely to be joined by others

    The zero-day is present in PAN-OS 10.2, PAN-OS 11.0, and/or PAN-OS 11.1 firewalls when they are configured to use both the GlobalProtect gateway and device telemetry. Palo Alto Networks has yet to patch the vulnerability but is urging affected customers to follow the workaround and mitigation guidance provided here . The advice includes enabling Threat ID 95187 for those with subscriptions to the company’s Threat Prevention service and ensuring vulnerability protection has been applied to their GlobalProtect interface. When that’s not possible, customers should temporarily disable telemetry until a patch is available.

    Read 11 remaining paragraphs | Comments