Tag Archive for: Ghost

Is There a New Ghost in Our Machine?


more gentlemanly times, when fliers fired pistols at each other during dogfights in Sopwith Camels and Albatros fighters
More gentlemanly times, when fliers fired pistols at each other during dogfights in Sopwith Camels and Albatros fighters
David Aitken

I’m told by those who know — one of the best ways to learn — that there is a device in computer circles called a “weird machine.”  I was somewhat alarmed at the idea of computer security geeks running around in circles acting weirdly, until I read my latest bank statement, after which nothing could alarm me further.

A weird machine is ‘an artefact with additional code execution’.  It operates, as you might expect, on “weird instructions,” whereby ‘an exploit is based on crafted outside input.’  No, I didn’t understand it either, but the words ‘execution outside’ gave me even more to be alarmed about.

By the time I was being informed — by those in the know, no less — that a classical attack takes advantage of a ‘stack buffer overflow’, I had to lie down with a damp artefact on my fevered brow.

The ghost in the machine usually refers to our mind as opposed to our body, and my own mind began to be haunted at an early age, when I first read about a machine that could fire bullets through the propeller blades of an aircraft in motion.  That must have made some older pilots hanker after more gentlemanly times, when fliers fired pistols at each other during dogfights in Sopwith Camels and Albatros fighters.  (If those actual creatures ever fought, which one would win, I wonder?)  The creator of Biggles, Captain W.E. Johns, shot his own propeller off twice, something Biggles never did.

More gentlemanly times, when fliers fired pistols at each other during dogfights in Sopwith Camels and Albatros fighters

Machines are useful when they do our bidding obediently, but with the emergence of weird machines it increasingly looks as if they can now do anything they happen to feel like, by adding their own ‘code executions’ without executing our wishes.  And (so far) not us either.

Older machines still serve us well, of course, and I don’t just mean drink dispensers.  My elderly chicken-shaped egg boiler still functions, as does my ice cream cone producer and Rubik Cube Solver, time savers…

Source…

Russia – Ukraine war live updates: Kyiv artillery attacks, EU sanctions Putin, Ghost of Kiev, Chernobyl, additional NATO troops


Selected Russian banks to be cut off from SWIFT

European Commission, France, Germany, Italy, the UK, Canada and the US have decided to remove certain Russian banks from the SWIFT international payment system. 

Their joint statement reads as follows: 

We, the leaders of the European Commission, France, Germany, Italy, the United Kingdom, Canada, and the United States condemn Putin’s war of choice and attacks on the sovereign nation and people of Ukraine. We stand with the Ukrainian government and the Ukrainian people in their heroic efforts to resist Russia’s invasion. Russia’s war represents an assault on fundamental international rules and norms that have prevailed since the Second World War, which we are committed to defending. We will hold Russia to account and collectively ensure that this war is a strategic failure for Putin.

This past week, alongside our diplomatic efforts and collective work to defend our own borders and to assist the Ukrainian government and people in their fight, we, as well as our other allies and partners around the world, imposed severe measures on key Russian institutions and banks, and on the architects of this war, including Russian President Vladimir Putin.

As Russian forces unleash their assault on Kyiv and other Ukrainian cities, we are resolved to continue imposing costs on Russia that will further isolate Russia from the international financial system and our economies. We will implement these measures within the coming days.

Specifically, we commit to undertake the following measures:

First, we commit to ensuring that selected Russian banks are removed from the SWIFT messaging system. This will ensure that these banks are disconnected from the international financial system and harm their ability to operate globally.

Second, we commit to imposing restrictive measures that will prevent the Russian Central Bank from deploying its international reserves in ways that undermine the impact of our sanctions.

Third, we commit to acting against the people and entities who facilitate the war in Ukraine and the harmful activities of the Russian government. Specifically, we commit to taking measures to limit the sale of citizenship—so called golden…

Source…

How ghost accounts could leave your organization vulnerable to ransomware


Active accounts for people who have left your organization are ripe for exploitation, according to Sophos.

computer-ghost.jpg

Michael Borgers, Getty Images/iStockphoto

Cybercriminals can choose a variety of ways to infiltrate and compromise an organization as a prelude to ransomware. One tried and true method is to exploit an admin account. And if it’s an account that’s no longer being used by an employee but is still available, so much the better. A report released Tuesday by security provider Sophos explains how one of its customers was hit by ransomware due to a ghost account.

SEE: Ransomware: What IT pros need to know (free PDF) (TechRepublic)

The attack

An unidentified Sophos customer contacted the company after a ransomware attack affected more than 100 of its systems. Using the Nefilim (aka Nemty) ransomware, the attackers had compromised a high-level admin account a month before the actual attack, according to the Sophos Rapid Response team.

After gaining access to the account, the attackers spent the month poking around the network where they ended up stealing the credentials for a domain admin account. Upon finding the files they could hold as hostage, they were able to exfiltrate hundreds of gigabytes of data and then carry out the attack.

“Ransomware is the final payload in a longer attack,” Peter Mackenzie, manager for Sophos Rapid Response, said in the report. “It is the attacker telling you they already have control of your network and have finished the bulk of the attack. It is the attacker declaring victory.”

Sophos said that the Rapid Response team knew that criminals who use the Nefilim ransomware typically gain network access through vulnerable versions of Citrix or Microsoft’s Remote Desktop Protocol. In this case, the attackers exploited Citrix software to compromise the admin account and then used the Mimikatz password extraction tool to steal the credentials for the domain admin account.

But the real point of the story lies in the…

Source…

Android “Ghost Click” Apps, New Apple Siri Privacy Protections, Credit Card Spying – Security Boulevard

Android “Ghost Click” Apps, New Apple Siri Privacy Protections, Credit Card Spying  Security Boulevard

You’re listening to the Shared Security Podcast, exploring the trust you put in people, apps, and technology…with your host, Tom Eston. In episode 84 for …

“android security news” – read more