Posts

Microsoft tries to stem its self-made collaboration-tool confusion

Image
  Microsoft is using this week's Ignite conference to try to help clarify its collaboration-tool strategy. Here's how SharePoint, Teams and Yammer figure in the mix. Choice is good. But too much choice, especially when it comes to collaboration tools, has been a problem for Microsoft. This isn't news to customers, partners or Microsoft execs themselves. But at the company's Ignite IT Pro conference in Orlando this week, Microsoft execs took a step to try to clarify the company's strategy and messaging in this area. Microsoft Office 365 Marketing chief Ron Markezich kicked off the conference this week with a slide entitled "Microsoft 365 Teamwork: Where to Start a Conversation." That slide attempts to do what  Microsoft initially attempted with a 60-plus-page whitepaper : Clarify which collaboration tools customers should use when. The slide, which features SharePoint -- and its files, sites and content storage at the center -- is broken down into the ...

Almost four million Quidd users have credentials exposed

Image
  The credentials of almost four million users of the collectible-trading website Quidd have been discovered on a deep-web hacking forum, according to Risk Based Security (RBS). A threat actor going by the name ‘ProTag’ originally posted the compromised data on March 12 this year, after which they were removed. They were reposted by a different user, however, on March 29. Another threat actor responded to this post stating they had decrypted nearly a million password hashes, says RBS. A RBS researcher confirmed the claim after affirming the creditability of the poster. RBS says the leaked data sets include email addresses, usernames, and bcrypt hashed passwords of 3,954,416 users. RBS also revealed that the data leak contains email addressed belonging to many well-known organisations, including Microsoft, Accenture, Virgin Media, Target and AIG. This development vastly increases the potential for attackers with access to this data to launch effective phishing campaigns. A cybersecu...

Email provider got hacked, data of 600,000 users now sold on the dark web

Image
  Italian email provider Email.it confirms security breach. The data of more than 600,000  Email.it  users is currently being sold on the dark web "Unfortunately, we must confirm that we have suffered a hacker attack," the Italian email service provider said in a statement FAILED EXTORTION ATTEMPT The Email.it hack came to light on Sunday, when the hackers went on Twitter to promote a website on the dark web where they were selling the company's data. The hackers -- going by the name of NN (No Name) Hacking Group -- claim the actual intrusion took place more than two years ago, in January 2018. We cite from their website: We breached Email.it Datacenter more than 2 years ago and we plant ourself like an APT. We took any possible sensitive data from their server and after we choosen to give them a chance to patch their holes asking for a little bounty. They refused to talk with us and continued to trick their users/customers. They didn't contacted their users/customers...

Docker servers targeted by new Kinsing malware campaign

Image
  For the past few months, a malware operation has been scanning the internet for Docker servers running API ports exposed on the internet without a password. Hackers are then breaking into unprotected hosts and installing a new crypto-mining malware strain named Kinsing. Attacks began last year and are still ongoing, according to cloud security firm Aqua Security, which  detailed the campaign in a blog post on Friday . These attacks are just the last in a long list of malware campaigns that have targeted Docker instances — systems that, when compromised, provide hacker groups with unfettered access to vast computational resources. According to Gal Singer, a security researcher at Aqua, once the hackers find a Docker instance with an exposed API port, they use the access provided by this port to spin up an Ubuntu container, where they download and install the Kinsing malware. The malware’s primary purpose is to mine cryptocurrency on the hacked Docker instance, but it also com...

COVID-19 slams tech outfits and startups in India

Image
  Most vulnerable are wage-earners working for rideshare companies or manufacturing plants who have no safety net. With COVID-19 cutting a devastating swath throughout the world, what everyone wants to know about India is how bad the situation really is. In a country with a large but mostly poor population of 1.3 billion and a per capita of around just $2,000, a virus such as this can spread like wildfire and cause devastation of no one has expected.  So far, India has seen  612 cases  and twelve deaths, but this is easily a questionable number considering the lack of testing kits, testers, and the country's massive population. China shut Wuhan down almost instantly and still suffered. India, like China, could also be deeply affected, especially if it has under-reported its figures. Realising this, the Indian government has done the smart thing by implementing a 21-day lockdown -- or de-facto "house arrest" -- along with an international and domestic flight...

Microsoft Bing team launches COVID-19 tracker

Image
  Microsoft's COVID-19 tracker is located at bing.com/covid. The Microsoft Bing team launched today a web portal for tracking coronavirus (COVID-19) infections across the globe. "Lots of Bing folks worked (from home) this past week to create a mapping and authoritative news resource for COVID19 info," said Michael Schechter, General Manager for Bing Growth and Distribution at Microsoft. The website, accessible at  bing.com/covid , is a basic tracker. It shows up-to-date infection statistics for each country around the globe and all the US states. Data is aggregated from authoritative sources like the World Health Organization (WHO), the US Centers for Disease Control and Prevention (CDC), and the European Centre for Disease Prevention and Control (ECDC). Users can click countries or US states on the map and see the latest infection stats, along with the latest COVID-19 news coverage for that specific country or state. Microsoft announced the website tonight, two days afte...

Details about new SMB wormable bug leak in Microsoft Patch Tuesday snafu

Image
  SMB vulnerability is currently not patched, but now everyone knows it's there. Details about a new "wormable" vulnerability in the Microsoft Server Message Block ( SMB ) protocol have accidentally leaked online today during the preamble to Microsoft's regular Patch Tuesday update cycle. No technical details have been published, but short summaries describing the bug have been posted on the websites of two cyber-security firms, Cisco Talos and Fortinet. The security flaw, tracked as  CVE-2020-0796 , is not included with this month's March 2020 Patch Tuesday updates, and it's unclear when it will be patched. BUFFER OVERFLOW IN SMBV3 According to Fortinet , the bug was described as "a Buffer Overflow Vulnerability in Microsoft SMB Servers" and received a maximum severity rating. "The vulnerability is due to an error when the vulnerable software handles a maliciously crafted compressed data packet," Fortinet said. "A remote, unauthentica...

Intel CSME bug is worse than previously thought

Image
  Security researchers say that a bug in one of Intel’s CPU technologies that was patched last year is actually much worse than previously thought.”Most Intel chipsets released in the last five years contain the vulnerability in question,” said Positive Technologies in a report published today.Attacks are impossible to detect, and a firmware patch only partially… The actual vulnerability is tracked as CVE-2019-0090, and it impacts the Intel Converged Security and Management Engine (CSME), formerly called the Intel Management Engine BIOS Extension (Intel MEBx). The CSME is a security feature that’s included with all recent Intel CPUs. It is considered a “cryptographic basis” for all other Intel technologies and firmware running on Intel-based platforms. According to Mark Ermolov, Lead Specialist of OS and Hardware Security at Positive Technologies, the CSME is one of the first systems that start running and is responsible for cryptographically verifying and authenticating all firmwa...

Cisco rolls out new cloud software and hardware for mobile networks

Image
  The new offerings are aimed at helping service providers get the most out of their 5G infrastructure investments. Cisco on Tuesday announced a  series of new software and hardware products  aimed at helping service providers get the most out of their 5G infrastructure investments. The new offerings include new Cloud Services stacks for mobility, residential and content delivery. The introduction of 5G services puts pressure on service providers to prepare for significant increases in mobile traffic, Cisco noted. According to the Cisco Annual Internet Report, there will be nearly 30 billion connected devices by 2023, and nearly half of those will be mobile.  First, Cisco is introducing the Cisco Cloud Services Stack for Mobility, a cloud-based mobile packet core solution. Cisco claims it should speed up the implementation of 4G and 5G mobility services while reducing overall network complexity. It offers a carrier-grade NFVI (Network Functions Virtualization Infrast...

Bug in WordPress plugin can let hackers wipe up to 200,000 sites

Image
  WordPress site owners who use commercial themes provided by ThemeGrill are advised to update one of the plugins that come installed with these themes in order to patch a critical bug that can let attackers wipe their sites. The vulnerability resides in ThemeGrill Demo Importer, a plugin that ships with themes sold by ThemeGrill, a web development company that sells commercial WordPress themes. The plugin, which is installed on more than 200,000 sites, allows site owners to import demo content inside their ThemeGrill themes so they'll have examples and a starting point on which they can build their own sites. However, in a report published yesterday, WordPress security firm WebARX says that older versions of the ThemeGrill Demo Importer are vulnerable to remote attacks from unauthenticated attackers. Remote hackers can send a specially crafted payload to vulnerable sites and trigger a function inside the plugin.