Uber Technologies said on Wednesday it would focus on delivering profits this year, after rounding off 2022 with blowout earnings as a surge in demand for airport and office rides helped the company rebound from pandemic lows. The rideshare market is benefiting from a return to normal and a rise in car ownership costs, which is pushing many to opt for cab rides. At t...
A relatively obscure ransomware variant called Clop may stay that way for a bit longer, after it was discovered to have a Linux version that had a rather embarassing flaw.
The Linux version of the ransomware was first spotted in December 2022 by a SentinelLabs researcher named Antonis Terefos. His analysis determined that the Linux variant is almost identical to the Windows one, but with a few small (albeit crucial) differences.
Namely, Linux users were able to quietly decrypt all of the affected files and reclaim their endpoints - without having to pay the criminals anything.
Retrieving the master key
Among those differences is the fact that the Linux version “did not encrypt the RC4 keys used for file encryption with the RSA-based asymmetric algorithm used in the Windows variant.
Unlike the Windows version, the Linux one uses a hardcoded RC4 “master key” which generates encrypting keys, and then uses the same one to encrypt and store files, locally. When SentinelLabs figured it out, they used the flaw to freely retrieve the keys and reverse the encryption. The team has now built a Python script to help automate the process, which can be found on GitHub.
But that’s not the only major flaw this ransomware has. Apparently, the malware also writes extra data to the encrypted file, such as its size and encryption time. Usually, this type of data is obfuscated as it can help forensic analysts identify important documents. In this case, it wasn’t hidden at all.
All of this prompted the researchers to conclude that the Clop ransomware, at least in its current form, is unlikely to take off as a major threat. Now that the cat is out of the bag, it’s safe to assume that a new version is in the works and that it could be released soon.
Still, news like this is always good, especially for the victims:
"We shared our findings early with relevant law enforcement and intelligence partners and will continue to collaborate with the relevant organizations to affect the economics of the ransomware space in favor of defenders," SentinelLabs told BleepingComputer.
Five more banks will join the pilot on the central bank digital currency or e-rupee for retail customers and the project will be extended to nine additional cities, the Reserve Bank said on Wednesday. The Reserve Bank of India, which began piloting the central bank digital currency or e-rupee for retail customers in early December with eight banks in five cities, stre...
The latest Canalys data for global PC shipments is alarming, if not expected, with the final quarter of 2022 seeing a 21% decrease.
In 2022, the world’s tech companies shifted 434.5 million PCs, a figure that includes laptops, desktops, and tablets. This is down 13% from the 499.4 million that were sold in 2021, however there’s a positive figure lurking deep beneath the surface that’s especially interesting.
In a time where many of us are economizing, we’re becoming more reliant on our smartphones for on-the-go tasks, relying on a dedicated PC for when the work gets tough.
Tablet sales
Despite a large-scale slowdown, tablet sales grew in Q4 2022 (albeit just 1% year-on-year), and this is after three consecutive months of decline.
Apple continues to dominate this sector, accounting for 46% of tablet shipments. Its latest M-series iPad models are likely a key driver behind its recent success.
Other popular companies in the tablet sector included Samsung, Amazon, Lenovo, and Huawei, though I have a sneaking suspicion that Google may rank somewhere in the top five this time next year, once its rumored Pixel Tablet hits the shelves.
Canalys analyst, Himani Mukka, said: “Despite the decline from 2021, tablet shipment volumes in 2022 were well above pre-pandemic levels and opportunities for future growth remain intact”.
This could be thanks in part to the huge drive for digitalization in the education sector, especially in developing markets, which may favor the more affordable price points of tablets.
More broadly, Apple maintained its position as the number one seller of PCs globally, accounting for one in five devices sold. Meanwhile, Lenovo, HP, and Dell have all witnessed significant drops in sales, leading them and many other companies to consider cost-cutting measures like layoffs.
Ensuring cyber resilience is tricky enough at the best of times.
These are far from the best of times.
Against a backdrop of economic decline and geopolitical unrest, cybersecurity threats are growing in frequency and sophistication. 2022 saw a global increase in malware attacks for the first time in more than three years, with 2.3 billion attacks¹. Ransomware, now a billion-dollar industry, is also on the rise.
While headline news stories mainly focus on attacks against large enterprises, it is small and midsize businesses (SMBs) that are most vulnerable. A Ransomware Task Force report cites businesses with fewer than 500 employees were hit by 70% of the attacks in 2021. SMBs are a prime target for cybercriminals because they typically lack sufficient cybersecurity resources, both technology and security expertise, to thwart an attack.
(Image credit: OpenText)
SMB fears becoming reality
An OpenText Cybersecurity Global SMB Ransomware Survey reveals an overwhelming majority (88%) of SMBs are concerned or extremely concerned about cyber attacks. These concerns have already become a reality for some, with nearly half (46%) of respondents reporting they have experienced a ransomware attack. Meanwhile, 66% of SMBs are not confident or only somewhat confident that they can fend off a ransomware attack. Budget constraints and small security teams were cited as the primary roadblocks.
(Image credit: OpenText)
Adversaries have become increasingly sophisticated and relentless in their efforts to subvert both security controls and humans. Expanding attack vectors make it even more difficult for security teams to stop adversaries which presents a huge risk to businesses of every size. Fortunately, there are some immediate steps organizations can take to keep data secure and protected, even when under a cyber attack.
1. Know your threat vectors: Identify vulnerabilities inside your organization. Pay particular attention to access control which is the biggest business vulnerability for most companies. Limit access to only employees who need it. With controlled access, if an employee falls for a phishing attempt and is compromised, it will not impact the entire company.
2. Train and protect against social engineering: Social engineering tactics like phishing are the number one cause of cybersecurity breaches. When it comes to cybersecurity, your first line of defense, employees, can also be your weakest link. Ensuring employees follow basic online safety protocols and deploying email security are obvious starting points. But as malware attacks grow more sophisticated and more advanced, ongoing education and awareness of new attack vectors and social engineering campaigns are key. Quarterly or monthly phishing simulations are a great way to keep users current and accountable.
3. Safeguard against backup encryption: Have a documented plan to detect, contain and respond to attacks. Planning and practice can greatly minimize the time required for recovery of critical data so businesses can maintain operations. Because even carefully built backup-and-recovery plans can be compromised in an attack, additional safeguards are important. Keep multiple copies of backups in different domains (e.g., local and cloud). Likewise, consider backup solutions that do not allow an attacker to rewrite, encrypt, or modify previous backups. Lastly, keep a history of restored points and backups that cannot be compromised, this will allow access and restore from a good copy of an earlier snapshot.
4. Deploy layered data protection: Because there is no one surefire way to prevent an attack, layered security is key to achieving cyber resilience. Email and endpoint security are great first-line defenses. Even greater protection is achieved when adding recurring security awareness training and DNS protection. Each layer provides a better chance of fending off attacks. In the event a compromise is successful, having tools in place to stop the lateral movement so that businesses can quickly recover from cyberattacks and accidental data loss is essential to achieve cyber resilience.
(Image credit: Getty Images)
With security risks escalating worldwide, compromises are inevitable. To ensure cyber resilience, organizations must deploy strong multi-layered security and data protection policies and technologies to prevent, detect and respond, and quickly backup and recover from threats. OpenText Cybersecurity provides a powerhouse SMB platform that helps customers achieve cyber resilience by providing a one stop shop for addressing end-to-end customer priorities: threat prevention, detection and response, recovery, and compliance.
New research has revealed that cloud spending continued to grow throughout 2022 in spite of the growing economic pressures affecting companies around the world.
In its latest analysis, Synergy Research Group found the cloud market seems to have been less affected than many other sectors as we head into 2023.
It found that Q4 2022 growth in cloud spend stood at 27% in the US market, compared with an average growth rate of 31% in the previous four quarters.
Biggest cloud vendors
While things may be slowing down, the sector is still accelerating at a respectable rate, the report says, with some of the usual suspects continuing to peform strongly.
Amazon Web Services, the long-time holder of the number one position, remained reasonably stable. Over the last five or so years, it has accounted for around 32-34% of the market, and this share remains unchanged as we head into 2023.
Microsoft Azure has experienced the most significant growth over the same period, though, which now occupies 23% of the market (up by around 10% compared with five years ago). Google Cloud continues its slightly less blistering growth, to the point that it now makes up 11% of the shares.
Based on the recent sweep of Q4 earnings announcements, Synergy expects quarterly cloud infrastructure service revenues to exceed $61 billion. While public IaaS and PaaS services account for the majority of the spend, Amazon, Microsoft, and Google all have individual consumers on their mind, too.
In the public cloud sector, Synergy reports that these three companies serve 73% of the market, even in a time when PC shipments suffered.
Moving forward, the research company expects the worldwide cloud market to continue to grow in all regions of the world.
Atlassian has revealed it has fixed a major flaw in their Service Management Server and Data Center products.
The vulnerability, tracked as CVE-2023-22501, allows threat actors to impersonate people and gain access to a Jira Service Management instance under certain circumstances. It has been given a severity score of 9.4, making it a critical flaw.
“With write access to a User Directory and outgoing email enabled on a Jira Service Management instance, an attacker could gain access to sign-up tokens sent to users with accounts that have never been logged into,” Atlassian noted in its description of the vulnerability.
Vulnerable versions
The company explained that a threat actor might be able to get the tokens by being included on Jira issues or requests with the users, or if they somehow obtain an email with the “View Request” link.
“Bot accounts are particularly susceptible to this scenario,” Atlassian further explained. “On instances with single sign-on, external customer accounts can be affected in projects where anyone can create their own account.”
These are the Jira versions vulnerable to the flaw: 5.3.0; 5.3.1; 5.3.2; 5.4.0; 5.4.1, and 5.5.0. To be on the safe side, make sure to bring your Jira up to versions 5.3.3; 5.4.2; 5.5.1, or 5.6.0.
Atlassian products seem to be a popular target among cybercriminals. In October last year, the US Cybersecurity and Infrastructure Agency (CISA) noted that a high-severity flaw found in two widely-used Atlassian Bitbucket tools - Server and Data Center, was being actively exploited in the wild.
Before that, in July, it was reported that Jira, Confluence, and Bamboo, were vulnerable to CVE-2022-26136, an arbitrary Servlet Filter bypass that allowed threat actors to bypass custom Servlet FIlters that third-party apps use for authentication. The flaw was deemed high-severity.
More than a thousand Redis servers were infected by custom-built malware called HeadCrab, researchers have reported.
The malware made the endpoints mine Monero, a privacy-oriented cryptocurrency, and a hacker favorite.
Cybersecurity from Aqua Security’s Nautilus discovered a botnet spanning 1,200 Redis servers, which were infected in the last year and a half. The servers were located in the US, the UK, Germany, India, Malaysia, China, and other countries, and besides being Redis servers, have no other links.
Authentication off by default
"The victims seem to have little in common, but the attacker seems to mainly target Redis servers and has a deep understanding and expertise in Redis modules and APIs as demonstrated by the malware," researchers Asaf Eitani and Nitzan Yaakov said.
As it turns out, open-source Redis database servers have authentication off by default, allowing threat actors to access them and execute code remotely, without needing to authenticate as a user. Apparently, many Redis users forgot to switch the authentication feature on, exposing their endpoints to attackers.
What’s more, Redis clusters use master and slave servers for data replication and synchronization, allowing the attackers to use the default SLAVEOF command and set the target endpoint as a slave to a Redis server they already control. That allows them to deploy the HeadCrab malware.
The researchers don’t know who hides behind the campaign, but looking at their cryptocurrency wallets, deduced that they bring in about $4,500 per infected device, a year.
"We have noticed that the attacker has gone to great lengths to ensure the stealth of their attack," the researchers added.
Monero is arguably the most popular cryptocurrency among hackers engaging in cryptojacking. Over the years there had been countless reports of criminals deploying XMRig, a popular Monero miner, to servers and data centers around the world, raking up huge electricity bills to the victims, all the while rendering their servers practically useless.
