#Ciberseguridad - Roban más de 36 millones de Contraseñas de Juegos y Servicios de IA por Infostealers

Los expertos de Kaspersky Digital Footprint Intelligence han descubierto una cantidad sorprendente de contraseñas de inicio de sesión robadas mientras realizaban un análisis de cara al Mobile World Congress 2024. Los especialistas en ciberseguridad investigaron el mercado de la dark web y descubrieron que, en los últimos tres años, se han robado 34,000,000 de datos de acceso a Roblox. Además, en…

View On WordPress

IBM X-Force Drops Ransomware, InfoStealers, AI Threats Rise

IBM Report: 2024 X-Force Threat Intelligence Index

IBM today unveiled the 2024 X-Force Threat Intelligence Index, which underscores a growing global identity crisis as cybercriminals intensify their efforts to compromise businesses globally by using user identities. In 2023, cybercriminals saw more opportunities to “log in” rather than hack into corporate networks through legitimate accounts, making this approach a preferred weapon of choice for threat actors, according to IBM X-Force, IBM Consulting’s offensive and defensive security services arm.

Based on observations and insights from tracking more than 150 billion security events daily across more than 130 countries, the X-Force Threat Intelligence Index was created. Furthermore, information is collected and examined from various IBM sources, such as IBM Managed Security Services, Incident Response, X-Force Red, IBM X-Force Threat Intelligence, and data from Red Hat Insights and Intezer, which were included in the 2024 report.

Among the principal points of emphasis are:

Critical infrastructure attacks expose industry “faux pas.” Patching, multi-factor authentication, and least-privilege principles could have prevented compromise in nearly 85% of attacks on critical sectors. This suggests that achieving what the security industry has historically referred to as “basic security” may be more difficult than previously thought.

Groups that use ransomware change to a more economical strategy. Enterprise ransomware attacks decreased by almost 12% in the previous year as larger organizations chose to rebuild their infrastructure rather than pay and decrypt the ransomware. Groups that had previously focused on ransomware were seen to shift to info stealers, as this increasing backlash is expected to affect adversaries’ revenue expectations from encryption-based extortion.

Attacks against generative AI don’t yet yield a return. According to X-Force analysis, at-scale attacks against these platforms may occur when a single generative AI technology approaches 50% of the market or when the market consolidates into three or fewer technologies.

Charles Henderson, Global Managing Partner, IBM Consulting, and Head of IBM X-Force, stated, “While security fundamentals’ doesn’t get as many head turns as ‘AI-engineered attacks,’ it remains that enterprises’ biggest security problem boils down to the basic and known – not the novel and unknown.” “Identity is being used against enterprises time and time again, a problem that will worsen as adversaries invest in AI to optimize the tactic.”

IBM X-force threat intelligence

Cybercriminals now find it easiest to exploit legitimate accounts because there are billions of compromised credentials available on the Dark Web. According to X-Force, info stealing malware increased 266% in 2023 as actors sought user identities. From social media and messaging apps, this malware steals emails, banking information, cryptocurrency wallet data, and credentials.

Because it is more difficult to identify, this “easy entry” for attackers prompts an expensive response from businesses. X-Force reports that major incidents resulting from attackers using legitimate accounts required security teams to implement nearly 200% more complex response measures than the average incident. This was because defenders had to discern between malicious and legitimate user activity on the network. According to IBM’s 2023 Cost of a Data Breach Report, breaches resulting from compromised or stolen credentials took an average of 11 months to identify and resolve, making it the infection vector with the longest response lifecycle.

This extensive surveillance of users’ online behavior was made clear when the FBI and European law enforcement took down a global cybercrime forum in April 2023, gathering the login credentials of over 80 million accounts. Threats based on identity will probably keep increasing as long as enemies use generative AI to make their attacks more effective. X-Force has already seen over 800,000 posts on GPT and AI in Dark Web forums in 2023, confirming that cybercriminals are interested in and aware of these developments.

Attackers “Log into” Networks of Critical Infrastructure

Critical infrastructure organizations were the target of nearly 70% of attacks that X-Force responded to globally. This is a concerning finding that shows that cybercriminals are betting on these high-value targets’ need for uptime to achieve their goals.

Phishing emails, the use of legitimate accounts, and the exploitation of public-facing applications were the causes of nearly 85% of the attacks that X-Force responded to in this sector.  With DHS CISA reporting that most successful attacks on government agencies, critical infrastructure organizations, and state-level government bodies in 2022 involved the use of legitimate accounts, the latter presents a higher risk to the industry. This emphasizes how important it is for these companies to create incident response plans and regularly stress test their environments for possible exposures.

Generative AI: The Next Great Development in Secure

Cybercriminals need to target technologies that are widely used by most organizations globally to see a return on investment from their campaigns. Similar to how previous technological advancements, such as ransomware, Windows Server dominance, BEC scams, Microsoft 365 dominance, cryptojacking, and the consolidation of the Infrastructure-as-a-Service market, encouraged cybercriminal activity, this pattern is expected to continue with artificial intelligence.

According to X-Force, the establishment of generative AI market dominance, which occurs when a single technology approaches 50% of the market or when the market consolidates into three or fewer technologies, could lead to the maturation of AI as an attack surface and encourage cybercriminals to invest more in new tools.

While generative AI is still in its pre-mass market phase, businesses must safeguard their AI models before cybercriminals ramp up their operations. Businesses should understand that their current underlying infrastructure serves as a gateway to their AI models and can be targeted by attackers without the need for creative attacks. This emphasizes the need for an all-encompassing security strategy in the generative AI era, as described in the IBM Framework for Securing Generative AI.

Further discoveries:

Europe is the favored target of adversaries. Europe was the target of almost one in three attacks seen globally; the continent also saw the highest number of ransomware attacks (26% worldwide).

What happened to all the phish? Although phishing attacks are still the most common vector of infection, their volume has decreased by 44% since 2022. However, since AI has the potential to enhance this attack and X-Force research shows that AI can accelerate attacks by almost two days, cybercriminals will still favor the infection vector.

Everyone is at risk. According to Red Hat Insights, 82% of clients had at least one CVE with known exploits that was left unfixed in their environment when the scan was conducted, and 80% of the top ten vulnerabilities found in systems in 2023 received a base severity score of ‘High’ or ‘Critical’ on the CVSS.

“Kerberoasting” pays off: According to X-Force, there has been a 100% rise in “kerberoasting” attacks, in which hackers pretend to be users in order to abuse Microsoft Active Directory tickets and escalate privileges.

Misconfigured security X-Force Red penetration testing engagements show that security misconfigurations made up 30% of all exposures found, with over 140 different ways for attackers to take advantage of misconfigurations.

Read more on Govindhtech.com

ديجيتال توك بودكاست : رابط البودكاست على منصة #أبل

لمتابعة المحتوى يمكن الاشتراك على مختلف منصات البودكاست ،مع تحيات #نايلةالصليبي

Predator AI ChatGPT Integration Poses Risk to Cloud Services

Cybersecurity researchers at SentinelLabs have uncovered a new Python-based infostealer and hack tool named “Predator AI.” The malicious tool is specifically designed to target cloud services and integrates artificial intelligence (AI) technology, specifically a ChatGPT-driven class implemented into the Python script.  The inclusion of the GPTj class adds a chat-like text-processing interface to…

View On WordPress

https://bit.ly/47rZAsw - 🖥️ In a recent malvertising campaign, a threat actor replicated the legitimate Windows news portal https://bit.ly/47sScNi to distribute a malicious installer for CPU-Z. This method targets enthusiasts and system administrators who frequent such sites for computer reviews and software downloads. The fake site deceives users into downloading malware, highlighting the sophistication of modern cyber threats. #Malvertising #CyberSecurity #InfoStealer 🕵️‍♂️ Google ads are being exploited in this campaign, with threat actors using cloaking techniques to evade detection. Unsuspecting victims are presented with seemingly legitimate ads, leading to malicious websites when clicked. This practice underscores the ongoing challenge of detecting and preventing malvertising. #GoogleAds #OnlineSafety #DigitalThreats 🔗 Upon clicking the ad, users are redirected to a domain that mimics the Windows news site, complete with a download page for CPU-Z. However, the URL in the address bar reveals it's not the authentic site. This tactic is part of a broader strategy targeting other utilities like Notepad++, Citrix, and VNC Viewer. #Phishing #CyberFraud #InternetSafety 🔏 The payload from this campaign is a digitally signed MSIX installer containing a malicious PowerShell script and a loader known as FakeBat. This approach increases the likelihood of the malware appearing legitimate to the operating system and antivirus software. Malwarebytes is actively blocking these malvertising domains and has detected the final infostealer payload. #MalwareProtection #DigitalSecurity #FakeBat 🚨 The choice of mimicking a popular software download portal like Windows Report indicates a strategic move by threat actors to exploit the trust users place in such sites. In an enterprise environment, it's recommended to verify file checksums and compare SHA256 hash sums with those on the vendor's official website to ensure software integrity.

New 'RisePro' Infostealer Increasingly Popular Among Cybercriminals

New ‘RisePro’ Infostealer Increasingly Popular Among Cybercriminals

Home › Virus & Threats New ‘RisePro’ Infostealer Increasingly Popular Among Cybercriminals By Ionut Arghire on December 20, 2022 Tweet A recently identified information stealer named ‘RisePro’ is being distributed by pay-per-install malware downloader service ‘PrivateLoader’, cyberthreat firm Flashpoint reports. Written in C++, RisePro harvests potentially sensitive information from the…

View On WordPress

Snowflake isn’t an outlier, it’s the canary in the coal mine

Source: https://blog.talosintelligence.com/infostealer-landscape-facilitates-breaches/

Authentication Company's Credential Leak Exposes TikTok and Uber Users

An Israeli-based authentication company, AU10TIX, which serves high-profile clients such as Uber, TikTok, X (formerly Twitter), Fiverr, Coinbase, LinkedIn, and Saxo Bank, has inadvertently exposed a set of administration credentials online for over a year. This security lapse potentially allowed unauthorized access to sensitive user identity documents, including driving licenses.

The Growing Importance of User Authentication

As legislation increasingly requires websites and platforms—particularly gambling services, social networks, and adult content sites—to verify users' ages, the demand for authentication services has risen significantly. AU10TIX specializes in verifying user identities through the upload of official document photos.

Details of the Data Leak

A researcher discovered the exposed credentials and provided evidence to 404 Media. The compromised credentials granted access to a logging platform containing data about individuals who had uploaded documents to prove their identity. This information included: - Names - Dates of birth - Nationalities - Identification numbers - Types of uploaded documents (e.g., driver's licenses) - Links to images of the identity documents

Potential Source of the Breach

Investigations suggest that the likely source of the credential leak was an infostealer infecting a computer belonging to a Network Operations Center Manager at AU10TIX. This incident highlights the ongoing threat of stolen credentials, which have been implicated in recent high-profile breaches, such as those affecting Snowflake.

The Broader Implications of Data Breaches

The AU10TIX incident underscores several critical issues in cybersecurity: - The persistent threat of stolen credentials - The potential for breached data to be traded and sold multiple times - The role of data brokers in the information ecosystem The California Privacy Protection Agency (CPPA) defines data brokers as businesses that indirectly buy and sell consumer information. With approximately 480 registered data brokers—and potentially many more operating under the radar—the scale of data trading is significant.

AU10TIX's Response

In a statement to 404 Media, AU10TIX acknowledged the incident: "While PII data was potentially accessible, based on our current findings, we see no evidence that such data has been exploited. Our customers' security is of the utmost importance, and they have been notified." The company also stated that it is no longer using the compromised system.

Protecting Yourself After a Data Breach

While users of affected brands await official statements, there are general steps individuals can take to protect themselves in the aftermath of a data breach: - Follow vendor-specific advice - Change passwords, using strong, unique combinations - Enable two-factor authentication (2FA), preferably using FIDO2-compliant hardware - Be cautious of phishing attempts impersonating the vendor - Avoid storing payment card details on websites - Consider setting up identity monitoring services Read the full article

Malicious PyPI Packages Slip WhiteSnake InfoStealer Malware onto Windows Machines

http://i.securitythinkingcap.com/T21W7l

"Searching Google for downloads of popular software has always come with risks, but over the past few months, it has been downright dangerous, according to researchers and a pseudorandom collection of queries.

“Threat researchers are used to seeing a moderate flow of malvertising via Google Ads,” volunteers at Spamhaus wrote on Thursday. “However, over the past few days, researchers have witnessed a massive spike affecting numerous famous brands, with multiple malware being utilized. This is not ‘the norm.’”

One of many new threats: MalVirt

The surge is coming from numerous malware families, including AuroraStealer, IcedID, Meta Stealer, RedLine Stealer, Vidar, Formbook, and XLoader. In the past, these families typically relied on phishing and malicious spam that attached Microsoft Word documents with booby-trapped macros. Over the past month, Google Ads has become the go-to place for criminals to spread their malicious wares that are disguised as legitimate downloads by impersonating brands such as Adobe Reader, Gimp, Microsoft Teams, OBS, Slack, Tor, and Thunderbird.

On the same day that Spamhaus published its report, researchers from security firm Sentinel One documented an advanced Google malvertising campaign pushing multiple malicious loaders implemented in .NET. Sentinel One has dubbed these loaders MalVirt. At the moment, the MalVirt loaders are being used to distribute malware most commonly known as XLoader, available for both Windows and macOS. XLoader is a successor to malware also known as Formbook. Threat actors use XLoader to steal contacts' data and other sensitive information from infected devices.

The MalVirt loaders use obfuscated virtualization to evade end-point protection and analysis. To disguise real C2 traffic and evade network detections, MalVirt beacons to decoy command and control servers hosted at providers including Azure, Tucows, Choopa, and Namecheap. Sentinel One researcher Tom Hegel wrote:

As a response to Microsoft blocking Office macros by default in documents from the Internet, threat actors have turned to alternative malware distribution methods—most recently, malvertising. The MalVirt loaders we observed demonstrate just how much effort threat actors are investing in evading detection and thwarting analysis.

Malware of the Formbook family is a highly capable infostealer that is deployed through the application of a significant amount of anti-analysis and anti-detection techniques by the MalVirt loaders. Traditionally distributed as an attachment to phishing emails, we assess that threat actors distributing this malware are likely joining the malvertising trend.

Given the massive size of the audience threat actors can reach through malvertising, we expect malware to continue being distributed using this method..."

Tüm Chrome kullanıcıları tehlikede! Kart bilgilerini çalıyor

Google Chrome, dünyanın en çok kullanılan tarayıcılarından biri olsa da, son dönemde Infostealer adı verilen kötü amaçlı bir yazılımın hedefi haline geldi. Bu zararlı yazılım, Chrome’un güçlü güvenlik duvarlarını aşarak kullanıcıların şifrelerini, kişisel bilgilerini ve hatta finansal verilerini ele geçirebiliyor. İnternet kullanıcılarının göz bebeği olan tarayıcı, ne yazık ki bu yeni tehdit…

View On WordPress

Nuevas amenazas a la seguridad de Chrome: el malware Infostealer vulnera las defensas Google ChromeChrome, conocido por s... https://ujjina.com/nuevas-amenazas-a-la-seguridad-de-chrome-el-malware-infostealer-vulnera-las-defensas/?feed_id=775209&_unique_id=66f403942543a

UNC5537: Extortion and Data Theft of Snowflake Customers

Targeting Snowflake Customer Instances for Extortion and Data Theft, UNC5537 Overview. Mandiant has discovered a threat campaign that targets Snowflake client database instances with the goal of extortion and data theft. This campaign has been discovered through Google incident response engagements and threat intelligence collections. The multi-Cloud data warehousing software Snowflake can store and analyze massive amounts of structured and unstructured data.

Mandiant is tracking UNC5537, a financially motivated threat actor that stole several Snowflake customer details. UNC5537 is using stolen customer credentials to methodically compromise Snowflake client instances, post victim data for sale on cybercrime forums, and attempt to blackmail many of the victims.

Snowflake instance According to Mandiant’s analysis, there is no proof that a breach in Snowflake’s enterprise environment led to unauthorized access to consumer accounts. Rather, Mandiant was able to link all of the campaign-related incidents to hacked client credentials.

Threat intelligence about database records that were later found to have come from a victim’s Snowflake instance was obtained by Mandiant in April 2024. After informing the victim, Mandiant was hired by the victim to look into a possible data theft affecting their Snowflake instance. Mandiant discovered during this investigation that a threat actor had gained access to the company’s Snowflake instance by using credentials that had previously been obtained through info stealer malware.

Using these credentials that were taken, the threat actor gained access to the customer’s Snowflake instance and eventually stole important information. The account did not have multi-factor authentication (MFA) activated at the time of the intrusion.

Following further intelligence that revealed a wider campaign aimed at more Snowflake customer instances, Mandiant notified Snowflake and potential victims via their Victim Notification Programme on May 22, 2024.

Snowflakes Mandiant and Snowflake have notified about 165 possibly vulnerable organizations thus far. To guarantee the security of their accounts and data, these customers have been in direct contact with Snowflake’s Customer Support. Together with collaborating with pertinent law enforcement organizations, Mandiant and Snowflake have been undertaking a cooperative investigation into this continuing threat campaign. Snowflake released comprehensive detection and hardening guidelines for Snowflake clients on May 30, 2024.

Campaign Synopsis According to Google Cloud current investigations, UNC5537 used stolen customer credentials to gain access to Snowflake client instances for several different organizations. The main source of these credentials was many info stealer malware campaigns that compromised systems controlled by people other than Snowflake.

As a result, a sizable amount of customer data was exported from the corresponding Snowflake customer instances, giving the threat actor access to the impacted customer accounts. Subsequently, the threat actor started personally extorting several of the victims and is aggressively trying to sell the stolen consumer data on forums frequented by cybercriminals.

Mandiant Mandiant discovered that most of the login credentials utilized by UNC5537 came from infostealer infections that occurred in the past, some of which were from 2020. Three main causes have contributed to the multiple successful compromises that UNC5537’s threat campaign has produced:

Since multi-factor authentication was not enabled on the affected accounts, successful authentication just needed a working login and password. The credentials found in the output of the infostealer virus were not cycled or updated, and in certain cases, they remained valid years after they were stolen. There were no network allow lists set up on the affected Snowflake client instances to restrict access to reliable sources. Infostealer Mandiant found that the first infostealer malware penetration happened on contractor computers that were also used for personal purposes, such as downloading pirated software and playing games. This observation was made during multiple investigations related to Snowflake.

Customers that hire contractors to help them with Snowflake may use unmonitored laptops or personal computers, which worsen this initial entry vector. These devices pose a serious concern because they are frequently used to access the systems of several different organizations. A single contractor’s laptop can enable threat actors to access numerous organizations if it is infected with infostealer malware, frequently with administrator- and IT-level access.

Identifying The native web-based user interface (SnowFlake UI, also known as SnowSight) and/or command-line interface (CLI) tool (SnowSQL) on Windows Server 2022 were frequently used to get initial access to Snowflake customer instances. Using an attacker-named utility called “rapeflake,” which Mandiant records as FROSTBITE, Mandiant discovered more access.

Mandiant believes FROSTBITE is used to conduct reconnaissance against target Snowflake instances, despite the fact that Mandiant has not yet retrieved a complete sample of FROSTBITE. Mandiant saw the use of FROSTBITE in both Java and.NET versions. The Snowflake.NET driver communicates with the.NET version. The Snowflake JDBC driver is interfaced with by the Java version.

SQL recon actions by FROSTBITE have been discovered, including a listing of users, current roles, IP addresses, session IDs, and names of organizations. Mandiant also saw UNC5537 connect to many Snowflake instances and conduct queries using DBeaver Ultimate, a publicly accessible database management tool.

Finish the mission Mandiant saw UNC5537 staging and exfiltrating data by continuously running identical SQL statements on many client Snowflake systems. The following instructions for data staging and exfiltration were noted.

Generate (TEMP|TEMPORARY) STAGE UNC5537 used the CREATE STAGE command to generate temporary stages for data staging. The data files that are loaded and unloaded into database tables are stored in tables called stages. When a stage is created and designated as temporary, it is removed after the conclusion of the creator’s active Snowflake session.

UNC5537 Credit Since May 2024, Mandiant has been monitoring UNC5537, a threat actor with financial motivations, as a separate cluster. UNC5537 often extorts people for financial benefit, having targeted hundreds of organizations globally. Under numerous aliases, UNC5537 participates in cybercrime forums and Telegram channels. Mandiant has recognized individuals who are linked to other monitored groups. Mandiant interacts with one member in Turkey and rates the composition of UNC5537 as having a moderate degree of confidence among its members who are located in North America.

In order to gain access to victim Snowflake instances, Attacker Infrastructure UNC5537 mostly leveraged Mullvad or Private Internet Access (PIA) VPN IP addresses. Mandiant saw that VPS servers from Moldovan supplier ALEXHOST SRL (AS200019) were used for data exfiltration. It was discovered that UNC5537 was storing stolen victim data on other foreign VPS providers in addition to the cloud storage provider MEGA.

Prospects and Significance The campaign launched by UNC5537 against Snowflake client instances is not the product of a highly advanced or unique method, instrument, or process. The extensive reach of this campaign is a result of both the expanding infostealer market and the passing up of chances to further secure credentials:

UNC5537 most likely obtained credentials for Snowflake victim instances by gaining access to several infostealer log sources. There’s also a thriving black market for infostealerry, with huge lists of credentials that have been stolen available for purchase and distribution both inside and outside the dark web.

Infostealers Multi-factor authentication was not necessary for the impacted customer instances, and in many cases, the credentials had not been changed in up to four years. Additionally, access to trusted locations was not restricted using network allow lists.

This ad draws attention to the ramifications of a large number of credentials floating throughout the infostealer market and can be a sign of a targeted attack by threat actors on related SaaS services. Mandiant predicts that UNC5337 will carry on with similar intrusion pattern, soon focusing on more SaaS systems.

This campaign’s wide-ranging effects highlight the pressing necessity for credential monitoring, the ubiquitous application of MFA and secure authentication, traffic restriction to approved sites for royal jewels, and alerts regarding unusual access attempts. See Snowflake’s Hardening Guide for additional suggestions on how to fortify Snowflake environments.

Read more on Govindhtech.com

Wenn Hersteller Schwachstellen nicht ernst nehmen 

Der Fall der kürzlich behobenen Windows MSHTML-Schwachstelle (CVE-2024-43461) zeigt, dass Microsoft trotz Hinweise zweier Hersteller (Trend Micro und CheckPoint) nicht ernsthaft reagiert hat, obwohl die Lücke bereits von Cyberangreifern ausgenutzt wurde. Ein Kommentar. Die Sicherheitslücke wurde zuerst im September 2024 als Teil des Patch Tuesday offengelegt, jedoch erst nachträglich als bereits ausgenutzt markiert. Sie wurde in Zero-Day-Angriffen der Hackergruppe Void Banshee verwendet, um schädliche Software wie den Atlantida-Infostealer zu installieren und sensible Daten zu stehlen. Dazu Richard Werner, Security Advisor bei Trend Micro: „Wir sollten uns bewusst sein, dass es in der IT-Branche Unternehmen gibt, von denen ganze Staaten abhängig sind. Diese Unternehmen werden versuchen, ihre Vorstellungen durchzusetzen – ob uns das gefällt oder nicht.“ Aufklärung zu Sicherheitslücken ist Pflicht Hersteller haben die Pflicht, ihre Kunden über die Gefahren von Sicherheitslücken aufzuklären. Denn dass ihre Kunden direkt verwundbar sind und daraus entstehende Probleme wieder auf den Hersteller zurückfallen, haben die meisten bereits verstanden. Die Bereitstellung dieser Informationen ist nicht einfach nur „nice to have“, sondern auch eine notwendige Maßnahme zum Selbstschutz. Doch das ist nur die Spitze des Eisbergs. Denn unter der Patch-Oberfläche brodelt es gewaltig. Wir werden dieses Jahr aller Voraussicht nach erstmalig die 30.000er-Marke für registrierte Sicherheitslücken knacken. Darüber hinaus wird aktuell im Schnitt alle drei Tage die Ausnutzung einer neuen Schwachstelle durch Kriminelle bekannt – ganze 150 waren es 2023. Oft stehen dieselben Software-Produkte im Fokus, weil Patches zu schnell, unsauber oder unzureichend entwickelt werden. Kriminelle müssen sich im Prinzip nur in der unmittelbaren Nähe bekannter Lücken umsehen, um neue Schwachstellen zu finden. Die meisten davon werden nicht von den Unternehmen selbst entdeckt, sondern von unabhängigen Forschern. Diese melden ihre Funde entweder den Herstellern oder verkaufen sie im Untergrund. Der Umgang eines Unternehmens mit ehrlichen Findern kann deshalb entscheidend sein. Damit ist in erster Linie die Kommunikation gemeint. Werden Finder ernst genommen? Wird das Problem verstanden? Wird nachvollzogen, was ein Forscher gemacht hat? Sicherheitsforscher sind von Herstellern enttäuscht Die Sicherheitsforscher kritisieren immer häufiger das Verhalten der Hersteller. Besonders ärgerlich ist es, wenn Vorschläge zur Einstufung der Kritikalität im CVSS (Common Vulnerability Scoring System) vom Hersteller ohne nachvollziehbare Begründung herabgestuft werden. Das erschwert es den Forschern, zu beurteilen, ob die Abstufung gerechtfertigt ist oder ob das Problem einfach nicht richtig verstanden wurde. Hinzu kommt, dass ehrliche Finder selbst einiges an Zeit und Aufwand investieren, um solche Lücken zu schließen. Es gibt deshalb ein gewisses Maß an Etikette, um auch künftig konstruktiv zusammenarbeiten zu können. Doch wenn immer wieder neue oder alte Probleme der eigenen Software vorgehalten werden, weil man sich vorher nicht ausreichend ausgetauscht hat, geht die Höflichkeit schon mal verloren – und das auf beiden Seiten. Diese Konflikte und Spannungen wären eigentlich vermeidbar. Doch ein Blick auf Social Media zeigt, dass solche Vorfälle fast täglich passieren. Die Nervosität in der Branche ist weit verbreitet und zeigt sich in vielen Details. Überarbeitung der Mitarbeiter aufgrund von verschlankten Prozessen zur Kosteneinsparung ist sicherlich eine der Ursachen. Alles soll schneller und effektiver werden, doch das führt nicht zwangsläufig zu besserer Qualität oder mehr Kundenzufriedenheit. Dieses Verhalten ist in der Softwarebranche keine Seltenheit. Es tritt besonders dort auf, wo ein Branchenriese genügend Marktmacht hat, um sich auch gegen äußere Widerstände durchzusetzen. Andere Unternehmen folgen diesem Beispiel oft widerwillig, weil sie keine andere Wahl haben. Wir sollten uns bewusst sein, dass es in der IT-Branche Unternehmen gibt, von denen ganze Staaten abhängig sind. Diese Unternehmen werden versuchen, ihre Vorstellungen durchzusetzen – ob uns das gefällt oder nicht.     Passende Artikel zum Thema Lesen Sie den ganzen Artikel

ExelaStealer: A New Info-stealer Gaining Traction on Dark Web | Cyware Hacker News

The info-stealer market is expanding rapidly as researchers uncovered a new malware named ExelaStealer. The malware first appeared in August and includes a variety of data-stealing capabilities from stealing sensitive data, such as passwords, credit card details, cookies, and session data to key logs, from Windows systems. More in detail According to Fortiguard Labs, ExelaStealer is written in…

View On WordPress