News ADMIN News Lead image: Gernot Krautberger, Fotolia
Gernot Krautberger, Fotolia

News for Admins

Tech News

Hackers Threaten to Wipe More Than 300 Million Apple Devices Remotely

A group of hackers that call themselves the "Turkish Crime Family" claim that they have access to more than 300 million accounts of Apple users, including @icloud and @me domains. The group is demanding a ransom of $75,000 in Bitcoin or Ethereum or $100,000 in iTunes gift cards.

The news was first reported by Motherboard. In an email exchange with Motherboard, the hacker said, "I just want my money and thought this would be an interesting report that a lot of Apple customers would be interested in reading and hearing."

In a comment to Motherboard, an Apple spokesperson downplayed the attack, saying, "There have not been any breaches in any of Apple's systems including iCloud and Apple ID. The alleged list of email addresses and passwords appears to have been obtained from previously compromised third-party services."

The spokesperson added that the company is actively monitoring to prevent unauthorized access to user accounts and is working with law enforcement to identify the criminals involved.

At first, the claims did not seem credible because the ransom was so low, the number of stolen passwords seemed too high, and the hackers kept escalating their numbers (from 300 to 559 to 627 million accounts). Recent investigations with about 70,000 purported iCloud accounts released by the hackers to journalists for verification, however, indicate that a number of the stolen accounts are valid.

The best way to avoid falling prey to such cybercriminals is to use strong passwords and, when possible, two-factor authentication.

DoubleAgent: Unpatchable Windows Vulnerability Discovered

Researchers at Cybellum, an Israeli zero-day prevention firm, have discovered a vulnerability in Windows that allows attackers to take complete control of the system. Named DoubleAgent, the vulnerability affects all versions of Windows between Windows 10 and Windows XP.

According to Cybellum, "DoubleAgent gives the attacker the ability to inject any DLL into any process. The code injection occurs extremely early during the victim's process boot, giving the attacker full control over the process and no way for the process to protect itself. The code injection technique is so unique that it's not detected or blocked by any antivirus."

Cybellum said in its report that because DoubleAgent exploits a 15-year-old legitimate feature of Windows, it cannot be patched.

What makes things worse is that DoubleAgent continues to inject code after reboots, which enables it to survive reboots, updates, reinstalls, and patches. Cybellum said that once the attacker decides to inject a dynamic-link library (DLL) into a process, they are "forcefully bounded forever. Even if the victim would completely uninstall and reinstall its program, the attacker's DLL would still be injected every time the process executes."

Even antivirus programs can't prevent attacks because DoubleAgent takes complete control of any antivirus program by "injecting code into it while bypassing all of its self-protection mechanisms. The attack has been verified and works on all of the major antiviruses including but not limited to: Avast, AVG, Avira, Bitdefender, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Norton, Panda, Quick Heal and Trend Micro," said Cybellum.

Microsoft's Patch Tuesday Is Back

Microsoft missed the entire month of February, leaving Windows users exposed to attacks.

After missing Patch Tuesday in February, Microsoft has released security updates for March. The latest updates fix more than a dozen vulnerabilities.

According to Wccftech, "Among the patches, Microsoft has also fixed a 'critical' flaw, which was publicly disclosed earlier last month following Microsoft missing February's Patch Tuesday. The exploit code related to a Windows SMB bug was made available by Laurent Gaffie, but Microsoft hasn't credited Gaffie in the bulletin."

One of the most severe vulnerabilities was in Microsoft Windows SMB Server, which, according to the Microsoft security bulletin, "could allow remote code execution if an attacker sends specially crafted messages to a Microsoft Server Message Block 1.0 (SMBv1) server."

You can read more about all of the vulnerabilities that were patched in this update online.

What's still not clear is why Microsoft delayed February's patches, especially in times when government agencies and cybercriminals are rigorously finding and exploiting any such vulnerabilities. It's also unknown why Microsoft didn't patch many serious vulnerabilities for more than three months that were discovered by Google researchers.

FBI Refuses to Release the Tool Used to Hack Terrorist's iPhone

Feds believe that tools can still be used to unlock devices for investigations.

The FBI has refused to disclose information about the tool it used to hack into the iPhone of San Bernardino shooter Syed Farook.

Initially, the FBI asked Apple to create a backdoor so they could access the content of Farook's iPhone. Apple refused to create the backdoor, stating that once there, it can be used over and over.

Now it's clear that Apple's concerns were correct. According to ZDNet, "Justice Dept. officials say that details of a hacking tool used to access a terrorist's iPhone should not be released because it may still be 'useful' to federal investigators."

That contradicts the statement by FBI director James Comey where he tried to downplay the scope of the tool. Last year Comey said that the tool affects only the iPhone 5c running iOS 9. Despite initial considerations to share the vulnerability it exploited to unlock the iPhone with Apple, the FBI later refused to disclose any such information with the company.

The FBI reportedly wasted more than $1 million to crack the iPhone in question, even though they did not extract any valuable information from the device. Last year the FBI was sued by three news organizations to disclose more information about the hack.

On March 13, 2017, David Hardy, section chief of the FBI's records management division, said in a court filing, "Disclosure of this information could reasonably be expected to cause serious damage to national security as it would allow hostile entities to discover the current intelligence gathering methods used, as well as the capabilities and limitations of these methods."

The FBI's refusal to share the flaw with Apple and the public is a double-edged sword. It's not just government agencies exploiting such flaws; there are security organizations whose primary business it is to find such flaws and sell them to criminals and repressive governments. By not disclosing information about the tool, the FBI is apparently putting every iPhone 5c user out there at risk of being hacked.

Aleksey Mnogosmyslov, 123RF

Aleksey Mnogosmyslov, 123RF

$10 Raspberry Pi Zero Goes Wireless

To celebrate its fifth birthday, the Raspberry Pi Foundation has launched Raspberry Pi Zero W, a version of the ultra-low-cost Pi Zero series with WiFi and Bluetooth 4.0 capabilities. The Raspberry Pi Zero W is priced at just $10.

In addition to WiFi and Bluetooth, the Raspberry Pi Zero W comes with a 1GHz single-core CPU, 512MB of RAM, a mini-HDMI port, a micro-USB On-The-Go port and micro-USB power port. It has HAT-compatible 40-pin, composite video, and reset headers, along with a CSI camera connector.

The Raspberry Pi Foundation is working with Kinneir Dufort and T-Zero "to create an official injection-moulded case. This shares the same design language as the official case for the Raspberry Pi 3 and features three interchangeable lids," according to the official Raspberry Pi blog post.