Tech News

Here’s what we know about a mysterious launch from Florida this week

Security - Posted On:2023-09-05 19:15:00 Source: arstechnica

Airspace and maritime navigation warnings released to pilots and mariners suggest the US military might launch a hypersonic missile this week on a test flight from Cape Canaveral, Florida.

This test could be one of the final milestones before the US Army fields the nation's first ground-based hypersonic weapon, which is more maneuverable and more difficult for an enemy to track and destroy than a conventional ballistic missile. Russia has used hypersonic in combat against Ukraine, and US defense officials have labeled China as the world's leader in emerging hypersonic missile technology.

That has left the US military playing catch-up, and the Army is on the cusp of having its first ground-based hypersonic missiles ready for active duty. If informed speculation is correct, the test launch from Cape Canaveral Space Force Station this week—performed in partnership between the Army and the Navy—could be a full-scale test of the new solid-fueled hypersonic missile to propel a hypersonic glide vehicle to high speeds over the Atlantic Ocean.

Read More

Renegade certificate removed from Windows. Then it returns. Microsoft stays silent.

Security - Posted On:2023-08-25 21:00:00 Source: arstechnica

For three days, system administrators have been troubleshooting errors that have prevented Windows users from running applications such as QuickBooks and Avatax. We now know the cause: an unannounced move or glitch by Microsoft that removed a once-widely used digital certificate in Windows.

The removed credential is known as a root certificate, meaning it anchors the trust of hundreds or thousands of intermediate and individual certificates downstream. The root certificate—with the serial number 18dad19e267de8bb4a2158cdcc6b3b4a and the SHA1 fingerprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5—was no longer trusted in Windows. Because that root was tied to certificates that certify their authenticity and trust, people trying to use or install the app received the error.

Just minutes before this post was scheduled to go live, researchers learned that the certificate had been restored in Windows. It’s unclear how or why that occurred. The certificate immediately below this paragraph shows the certificate's status on Thursday. The one below that shows the status as of Friday.

Read More

How a cloud flaw gave Chinese spies a key to Microsoft’s kingdom

Security - Posted On:2023-07-13 16:45:01 Source: arstechnica

For most IT professionals, the move to the cloud has been a godsend. Instead of protecting your data yourself, let the security experts at Google or Microsoft protect it instead. But when a single stolen key can let hackers access cloud data from dozens of organizations, that trade-off starts to sound far more risky.

Late Tuesday evening, Microsoft revealed that a China-based hacker group, dubbed Storm-0558, had done exactly that. The group, which is focused on espionage against Western European governments, had accessed the cloud-based Outlook email systems of 25 organizations, including multiple government agencies.

Those targets encompass US government agencies including the State Department, according to CNN, though US officials are still working to determine the full scope and fallout of the breaches. An advisory from the US Cybersecurity and Infrastructure Security Agency says the breach, which was detected in mid-June by a US government agency, stole unclassified email data “from a small number of accounts.”

Read More

Microsoft 365 adds 'External' email tags for increased security

Security - Posted On:2021-03-08 16:30:00 Source: bleepingcomputer

Microsoft is working on boosting Exchange Online phishing protection capabilities by adding support for external email message tags to its cloud-based email service. [...]

Read More

New Sarbloh ransomware supports Indian farmers' protest

Security - Posted On:2021-03-08 16:30:00 Source: bleepingcomputer

A new ransomware known as Sarbloh encrypts your files while at the same time delivering a message supporting the protests of Indian farmers. [...]

Read More

Hackers hiding Supernova malware in SolarWinds Orion linked to China

Security - Posted On:2021-03-08 15:15:00 Source: bleepingcomputer

Intrusion activity related to the Supernova malware planted on compromised SolarWinds Orion installations exposed on the public internet points to an espionage threat actor based in China. [...]

Read More

Google Chrome to block port 554 to stop NAT Slipstreaming attacks

Security - Posted On:2021-03-08 13:30:00 Source: bleepingcomputer

Google Chrome will block the browser's access to TCP port 554 to protect against attacks using the NAT Slipstreaming 2.0 vulnerability. [...]

Read More

European Banking Authority discloses Exchange server hack

Security - Posted On:2021-03-08 11:15:02 Source: bleepingcomputer

The European Banking Authority (EBA) took down all email systems after their Microsoft Exchange Servers were hacked as part of the ongoing attacks targeting organizations worldwide. [...]

Read More

Flagstar Bank hit by data breach exposing customer, employee data

Security - Posted On:2021-03-08 10:29:57 Source: bleepingcomputer

US bank and mortgage lender Flagstar has disclosed a data breach after the Clop ransomware gang hacked their Accellion file transfer server in January. [...]

Read More

CISA takes over .GOV top-level domain (TLD) administration

Security - Posted On:2021-03-08 09:59:57 Source: bleepingcomputer

The US Cybersecurity and Infrastructure Security Agency (CISA) is taking over the administration of the.gov top-level domain (TLD) as its new policy and management authority. [...]

Read More

Unpatched QNAP devices are being hacked to mine cryptocurrency

Security - Posted On:2021-03-08 08:59:57 Source: bleepingcomputer

Unpatched network-attached storage (NAS) devices are targeted in ongoing attacks where the attackers try to take them over and install cryptominer malware to mine for cryptocurrency. [...]

Read More

How to use Google's 'Chrome Labs' to test new browser features

Security - Posted On:2021-03-07 16:45:00 Source: bleepingcomputer

Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...]

Read More

Microsoft's MSERT tool now finds web shells from Exchange Server attacks

Security - Posted On:2021-03-07 16:30:00 Source: bleepingcomputer

Microsoft has pushed out a new update for their Microsoft Safety Scanner (MSERT) tool to detect web shells deployed in the recent Exchange Server attacks. [...]

Read More

Microsoft Office 365 gets protection against malicious XLM macros

Security - Posted On:2021-03-07 13:45:01 Source: bleepingcomputer

Microsoft has added XLM macro protection for Microsoft 365 customers by expanding the runtime defense provided by Office 365's integration with Antimalware Scan Interface (AMSI) to include Excel 4.0 (XLM) macro scanning. [...]

Read More

Google's Chrome Labs makes it easier to test new browser features

Security - Posted On:2021-03-07 13:45:01 Source: bleepingcomputer

Google has added a new feature to Google Chrome Canary that makes it easier for users to test new hidden features under development. [...]

Read More

How to customize your Windows 10 desktop with these free tools

Security - Posted On:2021-03-06 15:45:00 Source: bleepingcomputer

With Windows, you've got an almost limitless number of free, open-source and paid apps to customize the appearance of desktop. In this article, we're going to share a list of open-source and free tools to change the desktop wallpaper animation when you move your cursor, add support for widgets, and more. [...]

Read More

This new Microsoft tool checks Exchange Servers for ProxyLogon hacks

Security - Posted On:2021-03-06 14:15:00 Source: bleepingcomputer

Microsoft has released a PowerShell script that admins can use to check whether the recently disclosed ProxyLogon vulnerabilities have hacked a Microsoft Exchange server. [...]

Read More

Ransomware gang plans to call victim's business partners about attacks

Security - Posted On:2021-03-06 13:00:00 Source: bleepingcomputer

The REvil ransomware operation announced this week that they are using DDoS attacks and voice calls to journalists and victim's business partners to generate ransom payments. [...]

Read More

Samsung fixes critical Android bugs in March 2021 updates

Security - Posted On:2021-03-06 11:30:01 Source: bleepingcomputer

This week Samsung has started rolling out Android's March 2021 security updates to mobile devices to patch critical security vulnerabilities in the runtime, operating system, and related components. Users are advised to update their Android devices immediately to safeguard against these bugs. [...]

Read More

Microsoft is giving Windows admins full control over driver updates

Security - Posted On:2021-03-06 11:30:01 Source: bleepingcomputer

Microsoft has announced a new deployment service for drivers and firmware that will make it easier for IT admins to select the right drivers for devices on their enterprise network. [...]

Read More