All posts in “hacking”

macOS High Sierra has a password-security problem

Apple’s latest and greatest operating system, macOS High Sierra, hit the digital airwaves on September 25 — promising a free upgrade to Macs around the world with at least 2GB of memory. And while the OS is chock-full of exciting new features, it’s the vulnerabilities that have at least one security researcher excited. 

That’s because it turns out that, with just a little bit of effort, hackers can steal all your passwords off a computer running High Sierra. Which, frankly, is not a good look for Apple. 

According to security researcher Patrick Wardle, he was able to run an unsigned app on the new OS that could steal plaintext passwords. He posted evidence of his proof of concept to Twitter, and included a link to a video demonstrating an app he dubbed “keychainStealer.” 

“I discovered a flaw where malicious non-privileged code (or apps) could programmatically access the keychain and dump all this data …. including your plain text passwords,” he explained on Patreon. “This is not something that is supposed to happen!”

Importantly, he noted that while he has only tested High Sierra, it appears that El Capitan is vulnerable as well. But the news isn’t all bad, as Wardle emphasized that for this to work your computer would first have to be infected with malware. 

“As this is a local attack, this means a hacker or piece of malware must first infect your your Mac,” Wardle reassured concerned readers. “Typical ways to accomplish this include emails (with malicious attachments), fake web popups (“your Flash player needs updating”), or sometimes legitimate application websites are hacked (e.g. Transmission, Handbrake, etc).”

[embedded content]

Apple, for its part, isn’t that impressed with the exploit — although a spokesperson confirmed they are looking into it.  

“macOS is designed to be secure by default, and [Apple security feature] Gatekeeper warns users against installing unsigned apps, like the one shown in this proof of concept, and prevents them from launching the app without explicit approval,” the spokesperson told Mashable via email. “We encourage users to download software only from trusted sources like the Mac App Store, and to pay careful attention to security dialogs that macOS presents.”

Wardle, meanwhile, is thankfully not looking to steal all your passwords. Instead, he contacted Apple about the exploit before going public and believes the company’s engineers are in the process of patching the High Sierra holes. 

“As my discovery of this bug and report (in early September) was ‘shortly’ before High Sierra’s release, this did not give Apple enough time to release a patch on time,” he wrote. “However, my understanding is a patch will be forthcoming!”

Essentially, it all boils down to this: Don’t download sketchy apps, and make sure you always update your OS to the latest version in order to receive any and all patches. And, regardless of the specific threat posed by Wardle’s findings, that’s some basic security advice to live by. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f81786%2f94829af0 dc65 4120 8c9c c58fd618e081

Turns out Russia went after Wisconsin’s voter registration system

It's official.
It’s official.

Image: Janie Osborne /Getty Images

Another piece of the messed-up puzzle that was the 2016 U.S. presidential election fell into place today, as the Department of Homeland Security confirmed that “Russian government cyber actors” targeted the voter registration system of a key battleground state. 

While U.S. officials had already claimed that the Russian government went after 21 states’ voter registration systems, this is the first time that names have been publicly named. And, sorry to say it Wisconsin, you have the dubious distinction of being the state in the spotlight. 

According to Reuters, the Department of Homeland Security notified all 21 states on Sept. 22, with Wisconsin Elections Commission Administrator Michael Haas quickly identifying his specific state as being affected soon after.

The news agency reports Haas saying that the Russian government “scanned internet-connected election infrastructure likely seeking specific vulnerabilities such as access to voter registration databases, but the attempt to exploit vulnerabilities was unsuccessful.”

NPR reports that officials from Washington and Connecticut also copped to the fact that their states’ voter registration systems were targeted by Russian government hackers. 

Importantly, the voter registration system is not the same as the actual machines used to cast votes — and Matt Tait of cybersecurity firm Capital Alpha Security issued a warning to everyone currently freaking out. 

That sentiment, combined with the fact that DHS officials told Congress in June that it had no proof of actual successful vote tampering by the Russian government, suggests that while this is a big story, it’s not a “Russia stole the election” story. 

Still, the fact stands that Wisconsin was a key battleground state in last year’s election, and with today’s revelation we now know that Russian officials were at least up to no good there. 

As more officials come out and identify their states as also being targeted, which they are sure to do, we’re likely to get a better picture — piece by hacked piece — of just what went down last year. 

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f9%2fb26489ce ffa8 40e4%2fthumb%2f00001

Paying for antivirus software is mostly BS

You’re just an average consumer, trying to keep your expensive electronics free from malware. And so you, like many before you, decide to pony up and pay for some fancy antivirus software. But this isn’t the ’90s, and it turns out that you might just be being taken for a ride. 

Much has changed since the heyday of programs like Norton AntiVirus, and these days installing third-party software on your computer might actually do more harm than good. Figuring out the difference between vital protection and dangerous bloatware is a tricky task, but it’s not one you can afford to ignore.

There are, of course, still plenty of reasons to be concerned about malicious software. For example, on Sept. 18 we learned that hackers piggybacked malware onto a PC-optimizing software known as CCleaner — potentially affecting millions of computers in the process. However, a breach of that sort doesn’t automatically mean you should rush out and buy something like McAfee AntiVirus Plus. 

While many antivirus services offer legit tools to defend your PC, chances are you can get decent levels of protection for free. In the case of Windows machines, consumers can turn toward Windows Defender.

“Windows Defender is malware protection that is included with and built into Windows 8,” the company explains. “This software helps identify and remove viruses, spyware, and other malicious software.” 

In fact, according to Microsoft, if you’re using Windows Defender you shouldn’t use other antivirus software. “If you install two different kinds of antivirus software, they might conflict,” notes a product page. “If you want to use antivirus software from another provider, uninstall Windows Defender first.”

Macs, too, offer some form of built-in protection against malware. Notably, macOS includes something called “Gatekeeper” that limits what can and can’t be downloaded. 

“Developers can get a unique Developer ID from Apple and use it to digitally sign their apps,” explains an Apple security page. “The Developer ID allows Gatekeeper to block apps created by malware developers and to verify that apps haven’t been tampered with. If an app was developed by an unknown developer — one with no Developer ID — Gatekeeper can keep your Mac safe by blocking the app from being installed.”

Boxes everywhere.

Boxes everywhere.

Image: LightRocket/Getty Images

Now this is not to say that a computer protected by either Windows Defender or built-in Mac security measures is free from risk. Far from it. Enterprise users, for example, should definitely spend money ensuring their cybersecurity game is on point. However, for noncommercial users the state of affairs is vastly different from earlier times when you pretty much needed paid virus-scanning software in order to safely operate online. 

Users looking for extra protection can instead get decent stuff for free, but it’s a tricky proposition.  

One such free offer is Kaspersky Free, the makers of which claim “automatically blocks dangerous downloads – and automatically warns you about malicious websites.” That software, which, interestingly, The New York Times reports is in the process of being booted from U.S. government computers over alleged (and denied) ties to the Russian government, has received high scores from security professionals according to PC Magazine. That’s just one example of many. 

So why do people still pay for this stuff? Many may feel like they need to, which is a position that benefits the manufacturers of such software. Others find it pre-installed on their computers, and then fork over the cash because they don’t know any better. 

That lack of clarity around antivirus software is, perhaps ironically, manifesting these days itself as a security risk. People end up downloading junk software that either intentionally or unintentionally leaves their systems open to attack, all because they didn’t realize that built-in Windows and Mac tools (plus some common sense) will fight most of the battle for them.  

And that’s a misconception that antivirus software providers are likely in no rush to clear up. Which, well, is a shame. Because in the end, that might just do us all more harm than good. 

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f1618%2f8dd00ad1 7d71 4b39 b705 f525c9596668

Equifax was allegedly hacked months before the massive breach — by the same criminals

Jeez.
Jeez.

Image: RHONA WISE/EPA-EFE/REX/SHUTTERSTOCK

Equifax was hacked this past summer. You already know this. However, according to a new report, the company’s computer systems were also allegedly broken into in March. And here’s the kicker: The same crew might be responsible for both incidents. 

That’s right, the same culprits behind the theft of personal information on potentially 143 million Americans might have been poking around in Equifax’s databases months earlier. 

The news comes to us via Bloomberg, which notes that “three people familiar with the situation” told the publication about the alleged March intrusion. One of those three people claim “the breaches involve the same intruders.”

And it’s not like Equifax didn’t know about it at the time. As Bloomberg reports, the company hired a cybersecurity firm to investigate the March breach. But wait, it gets worse. 

That potentially the same hackers may have been able to return to Equifax’s systems to pilfer massive amounts of information is especially baffling considering the vulnerability the hackers reportedly used in the more recent breach was known in March, according to Bloomberg.  

However, the problem wasn’t fixed until the second hack was detected in July, the publication reports. That massive hack took place between May and July. 

“We know that criminals exploited a US website application vulnerability,” a company spokesperson wrote on September 15. “The vulnerability was Apache Struts CVE-2017-5638.”

Again, that Apache Struts vulnerability was reportedly known in March — meaning the company could very likely have prevented the incident later announced on September 7. The company was aware it had been breached and had the tools to fix a major problem with its site. And yet. 

In a statement to Bloomberg, however, Equifax claimed that the two hacks were unrelated. Meanwhile, The Wall Street Journal cites an unnamed source “familiar with the investigation” as saying that it looks like the hack was probably state-sponsored. No information was provided to back up that claim. 

This revelation will surely complicate matters for the Equifax executives who sold close to $2 million in stock before the public was alerted to the breach. The Senate Finance Committee is looking into the matter

Https%3a%2f%2fblueprint api production.s3.amazonaws.com%2fuploads%2fvideo uploaders%2fdistribution thumb%2fimage%2f1618%2f8dd00ad1 7d71 4b39 b705 f525c9596668

What to do if you downloaded the malware-infected CCleaner app

All you wanted was a faster computer. You thought that by downloading CCleaner, a popular and free app for optimizing PC performance, you’d sweep out those digital cobwebs and be zipping around your trusty Windows machine at lightening speeds in no time. 

But then CCleaner was compromised by hackers, and you learned that by installing it, you may have actually loaded malware onto your computer.

Thankfully for you, it’s easy to find out if your PC is potentially one of the likely millions affected by this breach. Also falling squarely in the “good news” category is the fact that if your device was infected, you can clean it right up. However, sorry to say, it’s going to be a pain. Oh, and some damage may have already been done. 

Checking your computer

First things first: How to determine if you’re at risk? According to Cisco Talos, the cybersecurity team that discovered CCLeaner was compromised, the malicious payload was delivered between August 15, 2017 and September 12, 2017. So if during that window of time you moseyed on over to Piriform’s (the company that makes CCLeaner) website and downloaded the software, you’re probably in trouble. 

Also, if you updated your CCleaner software during that almost month-long block of time, things are not looking good. Piriform issued a statement saying that versions 5.33.6162 and 1.07.3191 were impacted, so updating to either of those would have put you at risk. 

Check that version number.

Check that version number.

Image: Cisco Talos

To see what version of the software you’re running, open it up and look in the upper-left corner. The version number will display, and if it’s not one of the two listed above you’ve likely been spared. If it is one the two listed, you’re out of luck. 

What to do next

Regardless of what version you’re running, you should make sure your CCleaner is currently up to date. 

“Users of our cloud version have received an automated update,” the company said in its statement. “For all other users, if you have not already done so, we encourage you to update your CCleaner software to version 5.34 or higher, the latest version is available for download here.

However, if you want to be extra sure the malware isn’t hiding out on your computer, Cisco Talos suggests taking things a step further.   

“Affected systems need to be restored to a state before August 15, 2017 or reinstalled,” the company explains in a blog post. “Users should also update to the latest available version of CCleaner to avoid infection.”

That’s right: you need to restore your computer to a point over a month ago. And then, of course, double check to make sure that your CCleaner is up to date. 

How bad is this breach?

How scared you should be about this malware all depends on who you ask. Piriform, perhaps unsurprisingly, says everything is taken care of and you can just update and chill.

“Before delving into the technical details, let me say that the threat has now been resolved in the sense that the rogue server is down, other potential servers are out of the control of the attacker, and we’re moving all existing CCleaner v5.33.6162 users to the latest version,” VP of Products Paul Yung wrote in a company release. “Users of CCleaner Cloud version 1.07.3191 have received an automatic update. In other words, to the best of our knowledge, we were able to disarm the threat before it was able to do any harm.”

But wait, it may not be all good. 

“The impact of this attack could be severe given the extremely high number of systems possibly affected,” explained Talos. “CCleaner claims to have over 2 billion downloads worldwide as of November 2016 and is reportedly adding new users at a rate of 5 million a week. If even a small fraction of those systems were compromised an attacker could use them for any number of malicious purposes.”

In short, check if your version was compromised, restore and update as necessary, and hope for the best. Oh, and while you’re in the process of updating, maybe reconsider installing third-party software like CCleaner in the first place. 

Https%3a%2f%2fvdist.aws.mashable.com%2fcms%2f2017%2f9%2f4bcc541e bf65 5b83%2fthumb%2f00001