Tag Archive for: Finger

Microsoft says it was hit by Chinese hackers, but Biden administration won’t point finger | Washington Examiner

/in


Microsoft and cybersecurity experts believe the massive hack against the Microsoft Exchange Server this year was conducted by a Chinese hacker group, but the Biden administration has yet to point the finger.

President Joe Biden signed a cybersecurity executive order earlier this month, naming three recent prominent cyberattacks — SolarWinds, Colonial Pipeline, and Microsoft — with a White House fact sheet saying those “recent cybersecurity incidents … are a sobering reminder that U.S. public and private sector entities increasingly face sophisticated malicious cyber activity from both nation-state actors and cyber criminals.” The United States has said Russian intelligence is behind the SolarWinds hack and that a Russian hacker gang is behind the Colonial Pipeline attack, but it has not publicly attributed the Microsoft hack to anyone.

The tech giant announced in March that it had detected “multiple zero-day exploits being used to attack on-premises versions of Microsoft Exchange Server in limited and targeted attacks” in March and said its Threat Intelligence Center attributed the cybercampaign with “high confidence” to a hacker group dubbed “Hafnium,” which “operates primarily from leased virtual private servers in the United States.” Microsoft said the hacker group was “state-sponsored” and operating out of China. Microsoft said the hackers had used vulnerabilities to access email accounts and install additional malware “to facilitate long-term access to victim environments.”

The Microsoft Exchange Server handles the company’s email, calendar, scheduling, contact, and collaboration services.

Tom Burt, the corporate vice president of customer security and trust at Microsoft, wrote in March that “Hafnium operates from China, and this is the first time we’re discussing its activity.” He called the Chinese hacker group “a highly skilled and sophisticated actor” that “primarily targets entities in the United States for the purpose of exfiltrating information from a number of industry sectors, including infectious disease researchers, law firms, higher education institutions, defense contractors, policy think tanks and NGOs.”

Jake Sullivan, Biden’s…

Source…

Windows Finger command abused by phishing to download malware

/in


Windows Finger

Attackers are using the normally harmless Windows Finger command to download and install a malicious backdoor on victims’ devices.

The ‘Finger’ command is a utility that originated in Linux/Unix operating systems that allows a local user to retrieve a list of users on a remote machine or information about a particular remote user. In addition to Linux, Windows includes a finger.exe command that performs the same functionality.

To execute the Finger command, a user would enter finger [user]@[remote_host]. For example, finger [email protected].

In September, we reported that security researchers discovered a way to use Finger as a LoLBin to download malware from a remote computer or exfiltrate data. LolBins are legitimate programs that can help attackers bypass security controls to fetch malware without triggering a security alert on the system.

Finger used in an active malware campaign

This week, security researcher Kirk Sayre found a phishing campaign utilizing the Finger command to download the MineBridge backdoor malware.

FireEye first reported on the MineBridge malware after discovering numerous phishing campaigns targeting South Korean organizations. These phishing emails contain malicious Word documents disguised as job applicant resumes that install the MineBridge malware.

MineBridge phishing email
MineBridge phishing email
Source: FireEye

Like the previous MineBridge campaigns seen by FireEye, the one discovered by Sayre also pretends to be a resume from a job applicant, as shown below.

Malicious MineBridge word document
Malicious MineBridge word document
Source: BleepingComputer

When a victim clicks on the ‘Enabled Editing’ or ‘Enable Content’ buttons, a password protected macro will be executed to download the MineBridge malware and run it.

BleepingComputer was able to bypass the password-protection on the Word macro, which is shown below in its obfuscated form.

Obfuscated malicious Word Macro
Obfuscated malicious Word Macro
Source: BleepingComputer

The deobfuscated command…

Source…

T-Mobile’s Legere ‘rescues’ volunteer fire department, sticks finger in Verizon’s eye

/in

Ever a social-media showman and tormenter of his competitors, T-Mobile CEO John Legere last night took to Twitter to lambaste Verizon’s decision to ding a volunteer fire company for $ 73,000 and offered to pick up that tab himself if necessary.

And we don’t even know if the ponies played a part.

Legere made his pledge on Twitter in response to yesterday’s Buzzblog post about a tiff between Verizon and the Chincoteague Volunteer Fire Company, which serves an island town of 3,000 in Virginia and is renowned for being caretakers of a herd of 150 wild horses, the Chincoteague Ponies, that has been the subject of a popular children’s book and movie. Legere’s tweet:

To read this article in full or to leave a comment, please click here

Network World Paul McNamara

Access granted: Mobile security at the touch of a finger – Engadget

/in

Engadget

Access granted: Mobile security at the touch of a finger
Engadget
Whether spurred by work regulations or the desire for personal data security, many of us spend more time than we'd like entering PIN codes and passwords to access our devices. Biometric authentication tools, specifically fingerprint sensors, can help

“mobile security” – read more