More stories

  • in

    How to encrypt your email and why you should

    Data privacy has become absolutely crucial for businesses. And some businesses go to great lengths to protect their data, files, and communications. But consumers and smaller businesses seem to think that adding extra security isn’t worth the extra work required. The problem with this take is anyone who refuses to take the extra steps might find themselves on the wrong end of a data breach.
    ZDNet Recommends
    You might have sent some sensitive information in an innocent email, only to find some bad actor intercepted the message and was able to easily read the content of that email and extract the information. You don’t want that. Even if it does require an extra bit of work on your part, being safe is much better than being sorry. So what do you do? You encrypt your email (or the email containing sensitive information).  What is email encryption? More

  • in

    Google is adding these IT security integrations to Chrome

    Shutterstock Google on Thursday announced it’s adding a collection of plug-and-play integrations into Chrome with popular IT security tools. This will make it easier for IT teams to keep workers safer — on the Chrome browser and using Chrome OS devices — with the security products they already use.  The new Chrome Enterprise Connectors Framework […] More

  • in

    Some QCT servers vulnerable to 'Pantsdown' flaw say security researchers

    Researchers have disclosed the existence of the critical “Pantsdown” vulnerability in some Quanta Cloud Technology (QCT) server models. On Thursday, cybersecurity firm Eclypsium said that several servers belonging to the data center solutions provider were still vulnerable to the bug, which has been publicly known for years now. The vulnerability, tracked as CVE-2019-6260, was first discovered in January 2019. At the time one security researcher described it as “the nature of feeling that we feel that we’ve caught chunks of the industry with their….” CVE-2019-6260, issued a CVSS severity score of 9.8, or critical, is a vulnerability in ASPEED Baseband Management Controller (BMC) hardware & firmware. AHB bridges, in particular, can be exploited for arbitrary read/write access, leading to information leaks, code execution, data tampering or theft, or denial-of-service (DoS) attacks.  At the time of disclosure, Pantsdown impacted multiple firmware BMC stacks including AMI, SuperMicro, and OpenBMC (up to v.2.6). Exploits exist in the wild that harness the Pantsdown bug, potentially placing enterprise servers at risk.  According to Eclypsium, some QCT server models are still vulnerable to CVE-2019-6260. The team tested a QuantaGrid D52B rackmount server containing update package version 1.12 — with a release date of 2019.04.23 — and BIOS version 3B13, as well as BMC version 4.55.00. “This same firmware package names support for D52BQ-2U, D52BQ-2U 3UPI, and D52BV-2U models of the server,” the team noted. “On inspection, we found that the server contained an Aspeed 2500 BMC (AST2500(A2)) and was running a version of AMI-based BMC software vulnerable to Pantsdown.”During tests, the researchers were able to patch the web server code while it was running in memory on the BMC by exploiting CVE-2019-6260, granting themselves read/write access to memory. Furthermore, they could replace it with their own crafted code to trigger a reverse shell whenever a user attempted to connect to the server or refresh its linked webpage. Eclypsium created proof-of-concept (PoC) code that they say “demonstrates how even an unsophisticated attacker with remote access to the operating system could leverage this vulnerability to gain code execution within the BMC of QCT servers.” The presence of the vulnerability in Quanta servers was disclosed on October 7, 2021. According to Eclypsium, QCT has now patched the vulnerability and new firmware was made available privately to customers.  Eclypsium VP of Technology, John Loucaides, told ZDNet:”Unfortunately, we cannot be sure just how many server models are vulnerable. Some of our partners have run our tests on other models and found the same issue. Given that even some major manufacturers did not run comprehensive tests for this, no one is likely to have a complete list.”ZDNet has reached out to Quanta and we will update when we hear back.  Previous and related coverage Have a tip? Get in touch securely via WhatsApp | Signal at +447713 025 499, or over at Keybase: charlie0 More

  • in

    Time to update: Google Chrome 102 arrives with 32 security fixes, one critical

    Image: Shutterstock Google has released stable Chrome version 102 with 32 security fixes for browser on Windows, Mac and Linux.  Chrome 102 for the desktop includes 32 security fixes reported to Google by external researchers. There’s one critical flaw, while eight are high severity, nine are medium severity, and seven are low severity. Google also […] More

  • in

    Microsoft: Here's how to defend Windows against these new privilege escalation attacks

    Image: Getty Images/iStockphoto Microsoft has detailed how Windows customers can defend themselves from automated ‘Kerberos Relay’ attacks that can give an attacker System privileges on a Windows machine.  Microsoft has responded to the April release of KrbRelayUp, a tool that streamlines several earlier public tools to escalate privileges from a low-privileged Windows domain user to […] More

  • in

    YouTube remains in Russia to be an independent news source: CEO

    YouTube has remained in Russia to serve as a source of independent news, according to CEO Susan Wojcicki who spoke at the Davos World Economic Forum on Tuesday where she also addressed the company’s decision to remove Russian state media from the platform.”As soon as the war broke out, we realised this was an incredibly important time for us to get it right with regard to our responsibility,” said Wojcicki.The CEO explained the company had updated its policies to remove Russian state media from its platform, as well as other content, in an effort to stem misinformation that sought to deny or trivialise the war in Ukraine. Read: YouTube moves to block Russian state-funded media globallyWojcicki added the YouTube platform had been used for “all kinds of humanitarian reasons” throughout the conflict, such as aiding medical professionals on the battlefield and educating children isolated from school as a result of the war.Further to this, the CEO detailed how Russia has been pushing citizens toward Rutube, a Russian video platform with similarities to YouTube, but added that she was not concerned by the emergence of the service.With regard to other social media and content services, Russian communications agency Roskomnadzor announced in March it was blocking access to Facebook, alleging the US social media giant had discriminated against Russian media and information resources, whilst Netflix chose to shut down its service in the country. TikTok also announced in March that it would suspend any livestreaming and new content on its video service.Meanwhile, in Davos on Tuesday, the dichotomy between innovation and health data protection was discussed by a panel of experts.Director and co-founder of Access Now Brett Solomon took a human-rights centric approach proclaiming that it’s proved to be “historically problematic” to leave human rights at the mercy of market forces, placing specific emphasis on the realm of health data.”It’s become very clear as a result of the pandemic, how important health data is to us as individuals, and we don’t know where all of that information is in terms of the contact tracing apps, in terms of where it’s being held by big pharma,” said Solomon.Wipro CTO Subha Tatavarti disagreed, pointing to the positives of retaining health data so that businesses can share information to allow for faster innovation of important medicine.On Wednesday, the Western Australian government committed AU$8 million towards data linkage reforms and public sector capabilities to address social, economic, and health issues.The funding would ensure better cybersecurity protection of sensitive health data, support health experts in conducting research, and streamline existing government services, Minister of Innovation and ICT Stephen Dawson said.”Improved linkage capabilities will enable decisions to be better informed by data and will aid researchers in their efforts to improve the health and wellbeing of all Western Australians,” said Dawson. Previously the Auditor-General of Western Australia had given state authorities a whack for security weaknesses in IT systems used in the state after a report on its contact tracing system was released earlier this month.
    Ukraine Crisis More

  • in

    Data on ransomware attacks is 'fragmented and incomplete' warns Senate report

    The government lacks comprehensive data on ransomware attacks and suffers from fragmented reporting, according to a new US Senate committee report. The 51-page report from the Senate Homeland Security and Governmental Affairs Committee calls on the government to swiftly implement new mandates for federal agencies and critical infrastructure organizations to report ransomware attacks and payments to attackers. The 10-month investigation, which focussed on the role of cryptocurrency in ransomware payments, found that reporting on attacks is “fragmented and incomplete”, in part because the FBI and Cybersecurity and Infrastructure Security Agency (CISA) both claim have the “one stop” website for reporting attacks — respectively, IC3.gov and StopRansomware.gov. Since the investigation began, the US has introduced several new laws to improve ransomware incident reporting and data collection, including the Cyber Incident Reporting Act of 2021, which passed the Senate in March, 2022 under the Strengthening American Cybersecurity Act. The new laws require critical infrastructure organizations to report cyberattacks to CISA within 72 hours and ransomware payments within 24 hours. CISA said in March it would immediately share incident reports with the FBI, but the investigation found shortcomings with this arrangement. “While the agencies state that they share data with each other, in discussions with committee staff, ransomware incident response firms questioned the effectiveness of such communication channels’ impact on assisting victims of an attack,” the report states. Beyond the dual reporting functions of the FBI and CISA, there are sector-specific reporting regimes under Treasury’s FinCEN, the Transport Security Administration, and the Security and Exchange Commission, as well as reporting through FBI field offices, and some state governments.”These agencies do not capture, categorize, or publicly share information uniformly,” the report notes. It notes that the FBI’s IC3 figures on ransomware are believe by experts to be a “subset of a subset” of data. The FBI admits its ransomware data in its annual IC3 report is “artificially low” as victims only voluntarily report incidents to the FBI. Meanwhile, FBI field offices that do collect ransomware victim reports lose contact with about 25% of victims during follow-up investigations.   FinCEN would like improved reporting of financial information related to ransomware attacks to give it better actionable data about the laundering of cryptocurrency ransoms, it notes. The lack of comprehensive data impedes US responses through sanctions, law enforcement and international partnerships, as well as private sector contributions to ransomware recovery, the report said. The report calls on federal agencies to immediately implement the requirements under the incident reporting acts to share all incident reports with CISA “to enable a consolidated view of incidents from across different sectors and reported under different regulatory regimes.”The report also stresses that ransomware data collection is also critical for US national security, especially in the context of Russia’s invasion of Ukraine. “As Russia’s invasion of Ukraine continues and Russia seeks to find ways around the international finance system, the need to address these shortfalls grows. Approximately 74 percent of global ransomware revenue in 2021 went to entities either likely located in Russia or controlled by the Russian government,” the report notes. “Further, CISA and other federal agencies have warned that Russia’s invasion of Ukraine could lead to additional malicious cyber activity, including ransomware attacks, in the United States. Therefore, as the report finds, prioritizing the collection of data on ransomware attacks and cryptocurrency payments is critical to addressing increased national security threats.”  More