Tag Archive for: Manual

Two Microsoft Windows bugs under attack, one in Secure Boot with a manual fix • The Register

/in


Patch Tuesday May’s Patch Tuesday brings some good and some bad news, and if you’re a glass-half-full type, you’d lead off with Microsoft’s relatively low number of security fixes: a mere 38.

Your humble vulture, however, is a glass-half-empty-and-who-the-hell-drank-my-whiskey kind of bird, so instead of looking on the bright side, we’re looking at the two Microsoft bugs that have already been found and exploited by miscreants. Plus a third vulnerability, which has been publicly disclosed. We’d suggest patching these three stat.

Six of the 38 vulnerabilities are deemed “critical” because they allow remote code execution.

The two that are under active exploit, at least according to Microsoft, are CVE-2023-29336, a Win32k elevation of privilege vulnerability; and CVE-2023-24932, a Secure Boot security feature bypass vulnerability, which was exploited by the BlackLotus bootkit to infect Windows machines. Interestingly enough, BlackLotus abused CVE-2023-24932 to defeat a patch Microsoft issued last year that closed another bypass vulnerability in Secure Boot. Thus Redmond fixed a hole in Secure Boot, and this malware abused a second bug, CVE-2023-24932, to get around that.

CVE-2023-29336 is a 7.8-out-of-10 rated flaw in the Win32k kernel-mode driver that can be exploited to gain system privileges on Windows PCs. 

“This type of privilege escalation is usually combined with a code execution bug to spread malware,” Zero Dan Initiative’s Dustin Childs said. “Considering this was reported by an AV company, that seems the likely scenario here.” 

Redmond credited Avast bug hunters Jan Vojtešek, Milánek, and Luigino Camastra with finding and disclosing the bug.

Time to boot out a threat

Meanwhile, CVE-2023-24932 received its own separate Microsoft Security Response Center (MSRC) advisory and configuration guidance, which Redmond says is necessary to “fully protect against this vulnerability.”

“This vulnerability allows an attacker to execute self-signed code at the Unified Extensible Firmware Interface (UEFI) level while Secure Boot is enabled,” MSRC warned. “This is used by threat actors primarily as a persistence and defense evasion mechanism.”

If also noted, however,…

Source…

AIIMS server down: Chinese hackers suspected; services moved to manual mode and other details

/in


All India Institute of Medical Sciences (AIIMS) has been hit by a massive ransomware attack. The digital services at the country’s premier healthcare institution have been down since 7am on Wednesday (November 23). Delhi Police has filed an FIR for cyber terrorism and extortion.The FIR has been registered under 66F (cyber terrorism) and 66 (computer related fraud) of the Information Technology Act and section 385 (extortion) at IFSO, special cell.
‘Chinese connection’ likely
“Prima facie, it appears that a weak firewall and outdated systems apart from lack of cloud-based servers made the bid, most probably by Chinese hackers possible,” say officials. Information on whether any significant research or health data has been stolen is not yet available.
AIIMS officials have confirmed that this was a ransomware attack – a type of cyber hacking in which a cyberattacker deployed ransomware or malicious software in the victim’s systems that encrypts the data. The attacker then asks for a “ransom” to restore access for the victim.
Citing sources, a media report said that the extortion amount has not been disclosed by the hackers yet. Furthemore, the cyberattackers have reportedly given a protonmail address for the authorities to connect with them to recover system data and decrypt files. They have reportedly modified the extensions of infected files.
NIC, Cert-In helping to restore services
AIIMS reported the massive cyber attack on Wednesday (November 23) and said that all patient care services have been badly impacted since 7 am. The hospital authorities confirmed that the server for National Informatics Centre‘s eHospital being used is down. National Information Centre (NIC), along with CERT-In, are helping in the restoration of services.
Also Read: AIIMS hit by ransomware attack: What does ransomware mean, how dangerous it is and other details
Basic services hit
The cyberattack has affected basic daily operations such as appointments, patient registrations and admissions and billing systems, at one of the biggest state-owned hospitals. “With the server being down, the outpatient and inpatient digital hospital services, including smart lab, billing, report generation and…

Source…

Book review: “The Cyber Attack Survival Manual”

/in


 From PCI to HIPAA and more, security awareness is part and parcel of computer security. But for far too many organizations, they simply go through the motions of security awareness, but the end users are not necessarily better for it. Such awareness programs meet the regulatory requirements for awareness, and companies are then able to check the audit box, but that is about it. 

Ransomware creators and social engineers are fond of firms who take an approach like that, as it makes their jobs much more straightforward. But an ounce of information security awareness cure can save an organization from Bitcoins of ransom later.

In The Cyber Attack Survival Manual, authors Nick Selby and Heather Vescent have written an awareness guide that is both informative and interesting. The book provides a high-level introduction to the core areas of information security.

The book makes excellent use of infographics, key terms, stories and more. As an awareness tool, this is a book that you can give to every user and have them read at their leisure. It is engaging and immensely readable, so there is no doubt they will read it rather than have it gather dust. 

I have this book on my list of The Best Information Security Books of 2020; this is an excellent read and should also be on your reading list. 

Source…

Ransomware attack on Baltimore government computers forces city ‘to revert back to manual’ – Baltimore Sun

/in

Ransomware attack on Baltimore government computers forces city ‘to revert back to manual’  Baltimore Sun

Baltimore Mayor Bernard C. “Jack” Young said as the city works to recover from a ransomware attack, it’s had go to “manual.” That was clear at the Abel Wolman …

“computer security news” – read more