Connect with us

Internet

Cisco, IBM, More Major Tech Companies Struggle to Plug Hole in Logging Software Vulnerability

Published

on

By Reuters | Updated: 17 December 2021

Some of the world’s largest technology companies are still struggling to make their products safe from a gaping vulnerability in common logging software a week after hackers began trying to exploit it.

Cisco Systems, IBM, VMware, and Splunk were among the companies with multiple pieces of flawed software being used by customers on Thursday without available patches for the Log4j vulnerability, according to a running tally published by the US Cybersecurity and Infrastructure Security Agency.

Logging software is ubiquitous software that tracks activity such as site visits, clicks, and chats.

The company efforts underscore the wide reach of the flaw found inside open-source software, described by officials and researchers as the worst flaw they have seen in years.

A researcher for Chinese tech company Alibaba warned the nonprofit Apache Software Foundation early this month that Log4j would not just keep track of chats or clicks, but also follow links to outside sites, which could let a hacker take control of the server.

Apache rushed out a fix for the programme. But thousands of other programs use the free logger, and those responsible for them must prepare and distribute their own patches to prevent takeovers. That includes other free software, which is maintained by volunteers, as well as programs from companies big and small, some of which have engineers working around the clock.

“Lots of vendors are without security patches for this vulnerability,” said security threat analyst Kevin Beaumont, who is helping compile the list for CISA. “Software vendors need to have better, and public, inventories around open-source software usage so it is easier to assess risk – both for themselves and their customers.”

Some companies, including Cisco, are updating guidance multiple times daily with confirmation of vulnerabilities, available patches or strategies for mitigating or detecting intrusions when they occur.

As of Thursday, the CISA list included about 20 Cisco products that were vulnerable to attack without a patch available, including Cisco WebEx Meetings Server and Cisco Umbrella, a cloud security product.

But many more were listed as “under investigation” to see if they were vulnerable as well.

“Cisco has investigated over 200 products and approximately 130 are not vulnerable,” a company spokesperson said. “Many affected products have dates available for software patches.”

VMware is steadily updating an advisory on its site with dozens of impacted products, many with critical vulnerabilities and “patch pending.” Some of those without a patch have workarounds to mitigate the holes.

Splunk has a similar list, along with tips for hunting for hackers trying to abuse the flaw.

IBM listed nonvulnerable products but said it “does not confirm or otherwise disclose vulnerabilities externally, even to individual customers, until a fix or remediation is available.”

Though Microsoft, Mandiant, and CrowdStrike have all said they see nation-state attackers from better-equipped US adversaries probing for the Log4j flaw, CISA officials said Wednesday they had not confirmed any successful government-backed attacks or any intrusions inside US government equipment.

© Thomson Reuters 2021

Internet

Ukraine Suspects Belarus Intelligence-Linked UNC1151 Group Over Cyberattack

Published

on

By Reuters | Updated: 17 January 2022

Kyiv believes a hacker group linked to Belarusian intelligence carried out a cyberattack that hit Ukrainian government websites this week and used malware similar to that used by a group tied to Russian intelligence, a senior Ukrainian security official said.

Serhiy Demedyuk, deputy secretary of the national security and defence council, told Reuters that Ukraine blamed Friday’s attack – which defaced government websites with threatening messages – on a group known as UNC1151 and that it was cover for more destructive actions behind the scenes.

“We believe preliminarily that the group UNC1151 may be involved in this attack,” he said.

His comments offer the first detailed analysis by Kyiv on the suspected culprits behind the cyberattack on dozens of websites. Officials on Friday said Russia was probably involved but gave no details. Belarus is a close ally of Russia.

The cyberattack splashed websites with a warning to “be afraid and expect the worst” at a time when Russia has massed troops near Ukraine’s borders, and Kyiv and Washington fear Moscow is planning a new military assault on Ukraine.

Russia has dismissed such fears as “unfounded”.

The office of Belarusian President Alexander Lukashenko did not immediately respond to a request for comment about Demedyuk’s remarks.

Russia’s foreign ministry also did not immediately respond to a request for comment on his remarks. It has previously denied involvement in cyberattacks, including against Ukraine.

“The defacement of the sites was just a cover for more destructive actions that were taking place behind the scenes and the consequences of which we will feel in the near future,” Demedyuk said in written comments.

In a reference to UNC1151, he said: “This is a cyber-espionage group affiliated with the special services of the Republic of Belarus.”

‘Track record’

Demedyuk, who used to be the head of Ukraine’s cyber police, said the group had a track record of targeting Lithuania, Latvia, Poland and Ukraine and had spread narratives decrying the NATO alliance’s presence in Europe.

“The malicious software used to encrypt some government servers is very similar in its characteristics to that used by the ATP-29 group,” he said, referring to a group suspected of involvement in hacking the Democratic National Committee before the 2016 US presidential election.

“The group specialises in cyber espionage, which is associated with the Russian special services (Foreign Intelligence Service of the Russian Federation) and which, for its attacks, resorts to recruiting or undercover work of its insiders in the right company,” Demedyuk said.

The messages left on the Ukrainian websites on Friday were in three languages: Ukrainian, Russian, and Polish. They referred to Volhynia and Eastern Galicia, where mass killings were carried out in Nazi German-occupied Poland by the Ukrainian Insurgent Army (UPA). The episode remains a point of contention between Poland and Ukraine.

Demedyuk suggested the hackers had used Google Translate for the Polish translation.

“It is obvious that they did not succeed in misleading anyone with this primitive method, but still this is evidence that the attackers ‘played’ on the Polish-Ukrainian relations (which are only getting stronger every day),” he said.

© Thomson Reuters 2022

Continue Reading

Internet

REvil Ransomware Group Dismantled by Russia at US Request

Published

on

By Reuters | Updated: 17 January 2022

Apple said on Saturday it would allow developers of dating apps in the Netherlands to offer non-Apple payment options to their users, complying with an order from the country’s market regulator to do so by January 15 or face fines.

The country’s Authority for Consumers and Markets found in a decision published on December 24 that Apple had abused its market position by requiring dating app developers, including Tinder owner Match Group, to exclusively use Apple’s in-app payment system.

Apple’s practice of requiring developers to use its system and pay commissions of 15-30 percent on digital goods purchases has come under scrutiny from regulators and lawmakers around the world, but the Dutch ruling applies only in the Netherlands and only for dating apps.

Russia has dismantled ransomware crime group REvil at the request of the United States in an operation in which it detained and charged the group’s members, the FSB domestic intelligence service said on Friday.

The arrests were a rare apparent demonstration of US-Russian collaboration at a time of high tensions between the two over Ukraine. The announcement came as Ukraine was responding to a massive cyber attack that shut down government websites, though there was no indication the incidents were related.

The United States welcomed the arrests, according to a senior administration official, adding “we understand that one of the individuals who was arrested today was responsible for attack against Colonial Pipeline last spring.”

A May cyberattack on the Colonial Pipeline that led to widespread gas shortages on the US East Coast used encryption software called DarkSide, which was developed by REvil associates.

A police and FSB operation searched 25 addresses, detaining 14 people, the FSB said, listing assets it had seized including 426 million (roughly Rs. 40 crore), $600,000 (roughly Rs. 4 crore), 500,000, computer equipment and 20 luxury cars.

A Moscow court identified two of the men as Roman Muromsky and Andrei Bessonov and remanded them in custody for two months. Muromsky could not be reached for comment and his phone was off. Reuters could not immediately reach Bessonov.

Two Muscovites told Reuters Muromsky was a web developer who had helped them with websites for their businesses.

Russia told Washington directly of the moves it had taken against the group, the FSB said. The US Embassy in Moscow said it could not immediately comment.

“The investigative measures were based on a request from the … United States,” the FSB said. “… The organised criminal association has ceased to exist and the information infrastructure used for criminal purposes was neutralised.”

The REN TV channel aired footage of agents raiding homes and arresting people, pinning them to the floor, and seizing large piles of dollars and Russian roubles.

The group members have been charged and could face up to seven years in prison, the FSB said.

A source familiar with the case told Interfax the group’s members with Russian citizenship would not be handed over to the United States.

The United States said in November it was offering a reward of up to $10 million (roughly Rs. 75 crore) for information leading to the identification or location of anyone holding a key position in the REvil group.

The United States has been hit by a string of high-profile hacks by ransom-seeking cybercriminals. A source with direct knowledge of the matter told Reuters in June that REvil was suspected of being the group behind a ransomware attack on the world’s biggest meat packing company, JBS SA.

Washington has repeatedly accused the Russian state in the past of malicious activity on the internet, which Moscow denies.

REvil has not been associated with any major attacks for months.

John Shier, a threat researcher at the UK-based Sophos cybersecurity company, said there was no independent confirmation the self-identified leaders of the “defunct” group had been arrested.

“If nothing else, it serves as a warning to other criminals that operating out of Russia might not be the safe harbor they thought it was,” he said.

‘Normal programmer’

A former client of Muromsky who only gave the name Sergei described him as a regular worker who did not appear wealthy.

Sergei runs a shop called Motohansa selling motorcycle spare parts. Muromsky created its website and supported it for some time charging him around RUB 15,000 (roughly Rs. 14,700) per month, he said.

“He is a smart person and I can imagine that if he wanted to do it (hacking) he could, but he charged very little money for his services. Several years ago he had a Rover car. That’s not an expensive car at all,” Sergei said.

Muromsky is in his thirties and was born in Anapa in Russia’s south, he said. “He worked as a normal programmer.”

Another client, Adam Guzuyev, described Muromsky as “a regular normal worker” who proved unable to install all the features Guzuyev wanted on his website.

“He earned no more than RUB 60,000 (roughly Rs. 60,000). I can’t say he has genius abilities,” he said, adding Muromsky spent three months working on his website.

© Thomson Reuters 2022

Continue Reading

Internet

Ukraine Says Russia Behind Cyberattack in ‘Hybrid War’ Move

Published

on

By Associated Press | Updated: 17 January 2022

Ukraine said Sunday that Russia was behind a cyberattack that defaced its government websites and alleged that Russia is engaged in an increasing “hybrid war” against its neighbor.

The statement from the Ministry of Digital Development came a day after Microsoft said dozens of computer systems at an unspecified number of Ukrainian government agencies had been infected with destructive malware disguised as ransomware. That disclosure suggested the attention-grabbing defacement attack on official websites last week was a diversion.

“All evidence indicates that Russia is behind the cyberattack. Moscow continues to wage a hybrid war and is actively building up its forces in the information and cyberspaces,” the ministry statement said.

The attack comes as the threat of a Russian invasion of Ukraine looms and diplomatic talks to resolve the tense standoff appear stalled.

Microsoft said in a short blog post Saturday that it first detected the malware on Thursday. That would coincide with the attack that simultaneously took some 70 Ukrainian government websites temporarily offline.

Microsoft said in a different, technical post that the affected systems “span multiple government, non-profit, and information technology organisations.” It said it did not know how many more organisations in Ukraine or elsewhere might be affected but said it expected to learn of more infections.

On Sunday, US national security adviser Jake Sullivan said US and private-sector companies were still working to determine the source of the attacks. He said the United States has warned for months about the possibility of cyberattacks from Russia and has been working with Ukraine to improve that country’s defenses.

“This is part of the Russian playbook,” he said on CBS television’s “Face the Nation” programme.

A top private sector cybersecurity executive in Kyiv, Oleh Derevianko, told The Associated Press that the intruders penetrated the government networks through a shared software supplier in a supply-chain attack like the 2020 SolarWinds Russian cyberespionage campaign that targeted the US government.

In 2017, Russia targeted Ukraine with one of the most damaging cyberattacks on record with the NotPetya virus, causing more than $10 billion (roughly Rs. 74,150 crore) in damage globally. That virus, also disguised as ransomware, was a so-called “wiper” that erased entire networks.

In Friday’s mass web defacement, a message left by the attackers claimed they had destroyed data and placed it online, which Ukrainian authorities said had not happened.

The message told Ukrainians to “be afraid and expect the worst.”

Continue Reading

Internet

Google Mandates Weekly COVID-19 Tests for People Entering US Offices

Published

on

By Reuters | Updated: 15 January 2022

Alphabet’s Google is temporarily mandating weekly COVID-19 tests for any person entering Google offices or facilities in the United States, the tech giant said on Friday.

Anyone who comes into Google’s US work sites will require a negative test and be required to wear surgical-grade masks while at the office, the company said.

“To help prevent the further spread of COVID-19 during this period of heightened risk, we’re implementing new temporary health and safety measures for anyone accessing our sites in the US,” a Google spokesperson said.

Google provides free at-home and in-person testing options to its employees, their dependants and household members.

The temporary policy of weekly testing comes as cases of the highly contagious Omicron variant of the coronavirus surge in the country.

Last month, Google said it was delaying its return-to-office plan globally from January amid growing concerns over Omicron.

Google, which was one of the first companies to ask its employees to work from home during the pandemic, had told its employees they would lose pay and eventually be fired if they do not follow its COVID-19 vaccination rules, according to a CNBC report in December.

© Thomson Reuters 2022

Continue Reading

Internet

Ukraine Faces Hacking Attack, Government Websites Down

Published

on

By Associated Press | Updated: 14 January 2022

A number of government websites in Ukraine were down on Friday after a huge hacking attack, Ukrainian officials said.

While it was not immediately clear who was behind the attacks, they come amid heightened tensions with Russia and after talks between Moscow and the West failed to yield any significant progress this week.

“As a result of a massive hacking attack, the websites of the Ministry of Foreign Affairs and a number of other government agencies are temporarily down. Our specialists are already working on restoring the work of IT systems,” spokesman of Ukraine’s Foreign Ministry Oleg Nikolenko wrote on Facebook on Friday.

Nikolenko told The Associated Press it was too soon to tell who could have been behind the attacks. “It’s too early to draw conclusions as the investigation is ongoing, but there is a long record of Russian cyber assaults against Ukraine in the past,” he said.

Moscow had previously denied involvement in cyberattacks against Ukraine.

Websites of the country’s Cabinet, seven ministries, the Treasury, the National Emergency Service and the state services website, where Ukrainians’ electronic passports and vaccination certificates are stored, were unavailable Friday as the result of the hack.

The websites contained a message in Ukrainian, Russian, and Polish, saying that Ukrainians’ personal data has been leaked to the public domain. “Be afraid and expect the worst. This is for your past, present and future,” the message read, in part.

Ukraine’s State Service of Communication and Information Protection has said that no personal data has been leaked.

The US estimates Russia has massed about 100,000 troops near Ukraine, a buildup that has stoked fears of an invasion. Moscow says it has no plans to attack and rejects Washington’s demand to pull back its forces, saying it has the right to deploy them wherever necessary.

The Kremlin has demanded security guarantees from the West precluding NATO’s expansion eastwards.

Last month, Moscow submitted draft security documents demanding that NATO deny membership to Ukraine and other former Soviet countries and roll back the alliance’s military deployments in Central and Eastern Europe. Washington and its allies have refused to provide such pledges, but said they are ready for the talks.

High-stakes talks this week between Moscow and the US, followed by a meeting of Russia and NATO representatives and a meeting at the Organization for Security and Cooperation in Europe, failed to bring about any immediate progress.

Continue Reading

Internet

Google Shows Faith in Work-From-Office With $1-Billion London Deal

Published

on

By Reuters | Updated: 14 January 2022 

Tech giant Google has spent $1 billion (roughly Rs. 7,410 crore) to buy a central London building where it is currently a tenant, showing its confidence in the future of the office as a place to work, the company said on Friday.

Google, which employs 6,400 people in Britain, plans a multi-million pound refurbishment of its offices within the Central Saint Giles development it is buying, close to Covent Garden in central London.

“We have been privileged to operate in the UK for nearly 20 years, and our purchase of the Central Saint Giles development reflects our continued commitment to the country’s growth and success,” said Ruth Porat, CFO of Google’s parent company Alphabet.

Google plans to refit the building so it is adapted for in-person teamwork and has meeting rooms for hybrid working, as well as creating more space for individuals.

The new refurbishment will also feature outdoor covered working spaces to enable work in the fresh air, the company said.

Google said it would eventually have capacity for 10,000 workers at its UK sites, including one being developed in the nearby King’s Cross area of London.

“This investment in jobs from Google is a big vote of confidence in the UK as a world-leading tech hub,” finance minister Rishi Sunak said in a statement.

Google said last month that it was delaying its return-to-office plan globally amid growing concerns over the Omicron variant of the coronavirus.

The Central Saint Giles building had been owned by a joint venture between Legal & General Investment Management Real Assets and Mitsubishi Estate London Limited.

© Thomson Reuters 2022

Continue Reading

Trending