Subterms
A new security update for Microsoft Windows addresses an issue that prevents users of Windows Arm-based devices from signing into Microsoft 365 and Azure Active Directory (AAD). The June 20, 2022 out-of-band (OOB) updates for Windows 11 (BKB5016138) and Windows 10 (KB5016139) fix an issue that emerged with Arm devices after the June 2022 Patch […] More
Image: Steven Puetzer/Getty Images Magecart attacks are decreasing in number but are becoming more stealthy, with researchers highlighting potential server-side blindspots in tracking them. It’s not too often you hear about Magecart attacks. In the past few years, cybersecurity incidents that hit the headlines tended to involve attacks on core utilities and critical services, state-sponsored […] More
For those who prefer a single email account, the answer is … aliases. Getty Images Welcome to the latest installment of Ask ZDNet, where we know that the answer to every question isn’t “Have you tried turning it off and back on again?” In the mailbag this week: What’s the best way to filter out marketing […] More
Image: Shutterstock/stockfour Flagstar Bank has disclosed a security incident that led to the exposure of personal data belonging to up to 1.5 million customers. As reported by Bleeping Computer, the data breach occurred between December 3 and December 4, 2021. The US financial organization is headquartered in Michigan and operates over 150 branches in areas […] More
The US Department of Justice (DoJ) has dismantled the infrastructure of what it described as a Russian botnet consisting of millions of hacked Internet of Things (IoT) devices. According to the DoJ, RSOCKS was operating as a proxy service, but instead of offering customers IP addresses legitimately leased from internet service providers (ISPs), the firm was offering IP addresses that had been assigned to hacked devices. The DoJ said that together with law enforcement partners in Germany, the Netherlands and the UK it has “dismantled” the infrastructure of RSOCKS “which hacked millions of computers and other electronic devices around the world”.The service was available for cybercriminals to use to conceal the source of their activity, which included credential attacks on login web pages. “It is believed that the users of this type of proxy service were conducting large scale attacks against authentication services, also known as credential stuffing, and anonymizing themselves when accessing compromised social media accounts, or sending malicious email, such as phishing messages,” the DOJ said. RSOCKS’s website advertising its services and prices has now been replaced with a message that it has been seized by the FBI, but previously customers could buy access to a pool of RSOCKS proxies from $30 a day for 2,000 proxies to $200 per day for 9,000 proxies, according to the DoJ.Once purchased, the customer could download a list of IP addresses and ports associated with one or more of the botnet’s backend servers. The customer could then route malicious internet traffic through the compromised victim devices to mask the true source of the traffic, the DOJ said.RSOCKS operators allegedly built the proxy service by brute forcing passwords for IoT devices, many of which are put into service with default passwords or are protected by weak passwords. The operators initially targeted IoT devices to build the botnet but later expanded to compromising Android devices and computers. Victims of the botnet included a university, hotel, a television studio, and an electronics manufacturers. Other victims were home businesses and individuals. The DOJ revealed it had dismantled the botnet as it unsealed a search warrant affidavit in the Southern District of California. “This operation disrupted a highly sophisticated Russia-based cybercrime organization that conducted cyber intrusions in the United States and abroad,” said FBI Special Agent in Charge Stacey Moy. “Our fight against cybercriminal platforms is a critical component in ensuring cybersecurity and safety in the United States. The actions we are announcing today are a testament to the FBI’s ongoing commitment to pursuing foreign threat actors in collaboration with our international and private sector partners.”The DoJ in April announced it had disrupted a botnet controlled by the Russian Federation’s Main Intelligence Directorate (GRU) that consisted of thousands of infected WatchGuard and Asus firewall devices. More
Image: Getty Images/iStockphoto A nasty Android banking trojan that is best known for wiping smartphones to cover its tracks has gained several new features to improve its ability at phishing online-banking credentials, intercepting SMS two-factor authentication codes, and more. The BRATA or the ‘Brazilian Remote Access Tool, Android’ has been circulating since at least […] More
Data theft and extortion has become a common – and unfortunately effective – part of ransomware attacks, where in addition to encrypting data and demanding a ransom payment for the decryption key, gangs steal information and threaten to publish it if a payment isn’t received. These so-called double extortion attacks have become an effective tool in […] More
Image: Getty Images/iStockphoto Windows 11 is getting a similar feature to iOS’s App Privacy Report called ‘Privacy Auditing’, which shows a history of each application’s access to sensitive devices like your microphone or information about your location. Under ‘Privacy & security’ within the Windows 11 Settings app, Windows 11 will soon start showing recent activity […] More
