Tag Archive for: disable

‘Disable iMessage ASAP’—‘High-Risk’ Alert Issued Over ‘Credible’ iPhone Dark Web Exploit

/in


Trust Wallet, a crypto wallet owned by the crypto exchange Binance, has issued a warning that hackers may be targeting iPhone’s iMessage.

Subscribe now to Forbes’ CryptoAsset & Blockchain Advisor and “uncover blockchain blockbusters poised for 1,000% plus gains” ahead of bitcoin’s looming halving earthquake!

The so-called “zero-day” exploit could allow attackers to steal users information, messages and cryptocurrency—though the exploit itself could be a scam.

Sign up now for the free CryptoCodexA daily five-minute newsletter for traders, investors and the crypto-curious that will get you up to date and keep you ahead of the bitcoin and crypto market bull run

MORE FROM FORBES‘It’s Going To Zero’-Legendary Billionaire Predicts ‘Rapid, Cataclysmic’ U.S. Dollar Collapse And A $5 Trillion Post-Halving Bitcoin Price BoomBy Billy Bambrough

“We have credible intel regarding a high-risk, zero-day exploit targeting iMessage on the dark web,” Trust Wallet’s X account posted. “This can infiltrate your iPhone without clicking any link. High-value targets are likely. Each use raises detection risk.”

So-called zero-day exploits mean the developer, in this case Apple, has no time to fix the vulnerability.

Trust Wallet recommended users take “action to guard against this iMessage exploit,” advising people to “disable iMessage ASAP until Apple patches this.”

However, the hacking software is being sold on a dark web site called CodeBreach Lab for $2 million worth of bitcoin. There is no evidence that it works or that anyone has bought it, as TechCrunch pointed out.

“Threat intel detected an iOS iMessage zero-day exploit for sale in the dark web,” Trust Wallet’s chief executive Eowyn Chen posted to X.

“It is a zero-click exploit to take over control of the phone via iMessages. Its asking price is $2 million. This would make sense for very high value individual targets, as more the zero-day is used, more likely it is caught in the wild by…

Source…

Ransomware Hackers Using AuKill Tool to Disable EDR Software Using BYOVD Attack

/in


Apr 24, 2023Ravie LakshmananEndpoint Security / BYOVD

Ransomware Hackers

Threat actors are employing a previously undocumented “defense evasion tool” dubbed AuKill that’s designed to disable endpoint detection and response (EDR) software by means of a Bring Your Own Vulnerable Driver (BYOVD) attack.

“The AuKill tool abuses an outdated version of the driver used by version 16.32 of the Microsoft utility, Process Explorer, to disable EDR processes before deploying either a backdoor or ransomware on the target system,” Sophos researcher Andreas Klopsch said in a report published last week.

Incidents analyzed by the cybersecurity firm show the use of AuKill since the start of 2023 to deploy various ransomware strains such as Medusa Locker and LockBit. Six different versions of the malware have been identified to date. The oldest AuKill sample features a November 2022 compilation timestamp.

The BYOVD technique relies on threat actors misusing a legitimate, but out-of-date and exploitable, driver signed by Microsoft (or using a stolen or leaked certificate) to gain elevated privileges and turn off security mechanisms.

By using legitimate, exploitable drivers, the idea is to bypass a key Windows safeguard known as Driver Signature Enforcement that ensures kernel-mode drivers have been signed by a valid code signing authority before they are allowed to run.

“The AuKill tool requires administrative privileges to work, but it cannot give the attacker those privileges,” Sophos researchers noted. “The threat actors using AuKill took advantage of existing privileges during the attacks, when they gained them through other means.”

This is not the first time the Microsoft-signed Process Explorer driver has been weaponized in attacks. In November 2022, Sophos also detailed LockBit affiliates’ use of an open source tool called Backstab that abused outdated versions of the driver to terminate protected anti-malware processes.

Then earlier this year, a malvertising campaign was spotted utilizing the same driver to distribute a .NET loader named MalVirt to deploy the FormBook information-stealing malware.

The development comes as the AhnLab Security Emergency response Center (ASEC) revealed that poorly managed…

Source…

QNAP urges customers to disable UPnP port forwarding on routers

/in


QNAP

Taiwanese hardware vendor QNAP urged customers on Monday to disable Universal Plug and Play (UPnP) port forwarding on their routers to prevent exposing their network-attached storage (NAS) devices to attacks from the Internet.

UPnP is a set of insecure network protocols with no encryption and authentication that comes with support for peer-to-peer communications between devices.

It also allows them to dynamically join and leave networks, obtain IP addresses, advertise their capabilities, and learn about other UPnP devices on the network and their capabilities.

UPnP Port Forwarding allows network devices to communicate seamlessly and create groups for easier data sharing.

“Hackers can abuse UPnP to attack through malicious files to infect your system and gain control. Despite its convenience, UPnP may expose your device to public networks and malicious attacks,” QNAP said today.

“It is recommended that your QNAP NAS stay behind your router and firewall without a public IP address. You should disable manual port forwarding and UPnP auto port forwarding for QNAP NAS in your router configuration.”

As options for those who need access to NAS devices without direct access to the Internet, QNAP recommends enabling the router’s VPN feature (if available), the myQNAPcloud Link service, and the VPN server on QNAP devices provided by the QVPN Service app or the QuWAN SD-WAN solution.

Internet-exposed NAS devices at risk

QNAP also warned customers in January to secure their NAS devices immediately from active ransomware and brute-force attacks.

The company asked users to check if their NAS is accessible over the Internet and take the following measures to defend them from incoming compromise attempts:

  • Disable the Port Forwarding function of the router: Go to the management interface of your router, check the Virtual Server, NAT, or Port Forwarding settings, and disable the port forwarding setting of NAS management service port (port 8080 and 433 by default).
  • Disable the UPnP function of the QNAP NAS: Go to myQNAPcloud on the QTS menu, click the “Auto Router Configuration,” and unselect “Enable UPnP Port forwarding.”

QNAP also provides step-by-step instructions on disabling SSH and Telnet…

Source…

How to Disable or Enable Firewall Kaspersky Internet Security Antivirus 2018

/in