Atlanta mayor Keisha Bottoms said on Thursday , March 22 , that hackers attacked Attack.Ransom the city ’ s network system and encrypted data . The details are somewhat slim for now , but hackers reportedly used the SamSam ransomware and demand Attack.Ransom around $ 51,000 in Bitcoin to unlock the city ’ s seized computers . Atlanta is currently working with the Department of Homeland Security , the FBI , Microsoft , and Cisco cybersecurity officials to determine the scope of the damage and regain control of the data held hostage . “ Our Atlanta Information Management team is working diligently with support from Microsoft to resolve the issue , ” the city ’ s official Twitter account states . “ We are confident that our team of technology professionals will be able to restore applications soon . Our city website , Atlantaga.gov , remains accessible and we will provide updates as we receive them. ” As of Thursday afternoon , the city said it faced outages on various “ internal and customer facing applications , ” such as means for accessing court-related information and paying bills . But the city itself isn ’ t exactly under siege : Airport , public safety , and water operations remain unaffected by the attack , and the city payroll wasn ’ t touched . The only bone Atlanta is throwing the public is that the attack affects “ various city systems. ” According to Atlanta ’ s newly appointed chief operating officer , Richard Cox , Atlanta Information Management officials were made aware of problems with internal and customer-facing applications at 5:40 a.m. Thursday . At the time , he acknowledged that the city fell prey to ransomware , but given the investigation is still ongoing , he couldn ’ t provide the extent of the damage . “ The ongoing investigation will determine whether personal information , financial , or employee data has been compromised Attack.Databreach , ” he said during a press briefing . “ As a precaution , we are asking that all employees take the appropriate measures to ensure their data is not compromised Attack.Databreach . The city advises employees to monitor and protect personal information and in the coming days we will offer employees additional resources if needed. ” What the city didn ’ t officially disclose was the ransomware note discovered in the investigation . A screenshot reveals the hackers ’ demands Attack.Ransom : 0.8 Bitcoins for each seized computer , or six bitcoins to unlock all computers held hostage , equaling to around $ 51,000 in real cash . Once Atlanta sends the Bitcoins to a digital wallet , the city is to leave a message containing the host name on a specific website . The hackers will then provide decryption software to release the computers from captivity . The SamSam malware doesn ’ t take the typical route of installing itself on computers when unsuspecting owners click a link within an email . Instead , hackers find Vulnerability-related.DiscoverVulnerability unpatched vulnerabilities in network servers and manually unleash SamSam to seize key data systems and cause maximum damage to the company ’ s infrastructure . SamSam is one of many in a family of ransomware targeting government and healthcare organizations . It was first observed in 2015 and encrypts various file types using the Advanced Encryption Standard ( aka Rijndael ) . It then encrypts that key with RSA 2048-bit encryption to make the files utterly unrecoverable . As of Friday morning , Atlanta ’ s main website and its affiliated portals remained unaffected by the ransomware attack Attack.Ransom .

A vulnerability in some versions of the Oracle Solaris enterprise OS could allow attackers to edit code in the memory and exploit Vulnerability-related.DiscoverVulnerability it to gain full root control over a machine . The privilege escalation vulnerability -- now patched Vulnerability-related.PatchVulnerability -- is present in Vulnerability-related.DiscoverVulnerability current versions of Oracle Solaris 10 and 11 running Sun StorageTek Availability Suite ( AVS ) for the filesystem and could be used to access to a low-level user or service account and , from there , gain complete root access to the system . The memory corruption bug has been uncovered and detailed Vulnerability-related.DiscoverVulnerability by researchers at Trustwave -- and its origins go all the way back to 2007 . The original issue was disclosed Vulnerability-related.DiscoverVulnerability in 2009 and apparently fixed Vulnerability-related.PatchVulnerability , but researchers revisited Vulnerability-related.DiscoverVulnerability the code this year only to find Vulnerability-related.DiscoverVulnerability the fix was partial and loopholes still allowed the execution of malicious code . The origins of the exploit , CVE-2018-2892 , lie in Vulnerability-related.DiscoverVulnerability one small fragment of code which contains a number of separate vulnerabilities around the dereferencing pointer , the means of getting values stored in a specific memory location . `` Attackers can exploit Vulnerability-related.DiscoverVulnerability this vulnerability to take access to a low-level user or service account and gain complete root access to the entire system , '' Neil Kettle , application security principal consultant at SpiderLabs at Trustwave , told Vulnerability-related.DiscoverVulnerability ZDNet . An attacker exploiting this vulnerability would need direct access to a user or service account . `` This can be obtained by targeting users with social engineering attacks or by exploiting vulnerabilities in existing services . Once the attacker has access to any account , this vulnerability can be very easily exploited Vulnerability-related.DiscoverVulnerability to gain complete root control over the system , '' said Vulnerability-related.DiscoverVulnerability Kettle . While the original 2007 vulnerability has probably been used in the wild , there 's no confirmation that the new exploit has been used to conduct an attack . Nonetheless , Trustwave disclosed the discovery Vulnerability-related.DiscoverVulnerability to Oracle , which has delivered Vulnerability-related.PatchVulnerability a patch to fix Vulnerability-related.PatchVulnerability the loophole .

The city has spent the past two weeks restoring online services disrupted Attack.Ransom by ransomware that held encrypted data hostage . Soon after Atlanta City Auditor Amanda Noble logged onto her work computer the morning of March 22 , she knew something was wrong . The icons on her desktop looked different—in some cases replaced with black rectangles—and she noticed many of the files on her desktop had been renamed with “ weapologize ” or “ imsorry ” extensions . Noble called the city ’ s chief information security officer to report the problem and left a message . Next , she called the help desk and was put on hold for a while . “ At that point , I realized that I wasn ’ t the only one in the office with computer problems , ” Noble says . Those computer problems were part of a high-profile “ransomware” cyberattack Attack.Ransom on the City of Atlanta that has lasted nearly two weeks and has yet to be fully resolved . During that time the metropolis has struggled to recover encrypted data on employees ’ computers and restore services on the municipal Web site . The criminals initially gave the city seven days to pay Attack.Ransom about $ 51,000 in the cryptocurrency bitcoin to get the decryption key for their data . That deadline came and went last week , yet several services remain offline , suggesting the city likely did not pay the ransom Attack.Ransom . City officials would not comment on the matter when contacted by Scientific American . The Department of Watershed Management , for example , still can not accept online or telephone payments for water and sewage bills , nor can the Department of Finance issue business licenses through its Web page . The Atlanta Municipal Court has been unable to process ticket payments either online or in person due to the outage and has had to reschedule some of its hearings . The city took down two of its online services voluntarily as a security precaution : the Hartsfield–Jackson Atlanta International Airport wi-fi network and the ability to process service requests via the city ’ s 311 Web site portal , according to Anne Torres , Atlanta ’ s director of communications . Both are now back online , with airport wi-fi restored Tuesday morning . The ransomware used to attack Atlanta is called SamSam . Like most malicious software it typically enters computer networks through software whose security protections have not been updated . When attackers find Vulnerability-related.DiscoverVulnerability vulnerabilities in a network , they use the ransomware to encrypt files there and demand payment Attack.Ransom to unlock them . Earlier this year attackers used a derivative of SamSam to lock up files at Hancock Regional Hospital in Greenfield , Ind . The health care institution paid Attack.Ransom nearly $ 50,000 to retrieve patient data . “ The SamSam ransomware used to attack Attack.Ransom Atlanta is interesting because it gets into a network and spreads to multiple computers before locking them up , ” says Jake Williams , founder of computer security firm Rendition Infosec . “ The victim then has greater incentive to pay a larger ransom Attack.Ransom in order to regain control of that network of locked computers. ” The city ’ s technology department—Atlanta Information Management ( AIM ) —contacted local law enforcement , along with the FBI , Department of Homeland Security , Secret Service and independent forensic experts to help assess the damage and investigate the attack . The attackers set up Attack.Ransom an online payment portal for the city but soon took the site offline after a local television station published a screen shot of the ransom note , which included a link to the bitcoin wallet meant to collect the ransom Attack.Ransom . Several clues indicate Atlanta likely did not pay Attack.Ransom the attackers , Williams says . “ Ransomware gangs typically cut off communications once their victims get law enforcement involved , ” he says . “ Atlanta made it clear at a press conference soon after the malware was detected ” that they had done so . The length of time it has taken to slowly bring services back online also suggests the cyber criminals abandoned Atlanta without decrypting the city ’ s files , Williams says . “ If that ’ s the case , the city ’ s IT staff spent the past week rebuilding Atlanta ’ s online systems using backed-up data that had not been hit Attack.Ransom by the ransomware , ” he says , adding that any data not backed up is likely “ lost for good. ” “ If the city had paid the ransom Attack.Ransom , I would have expected them to bring up systems more quickly than they have done , ” says Justin Cappos , a professor of computer science and engineering at New York University ’ s Tandon School of Engineering . “ Assuming the city did not pay the ransom Attack.Ransom , their ability to recover their systems at all shows that they at least did a good job backing up their data . ”

Virgin Media has – perhaps rather belatedly – fixed Vulnerability-related.PatchVulnerability a series of vulnerabilities in its Super Hub 3.0 home broadband router modem , after they were reported Vulnerability-related.DiscoverVulnerability more than 18 months ago . Balazs Bucsay , managing security consultant at NCC Group , says that after receiving one of the devices as a home customer and examining it for a few hours , he was quickly able to find Vulnerability-related.DiscoverVulnerability a remote command execution bug . He uncovered many others during the following days . Eventually , he says , he was able to create a full chain of exploits that made it possible to perform a remote authentication as an administrator on the router . This could potentially allow a hacker to take control of millions of these devices , installing backdoors in a way that would be extremely hard to find and investigate . “ After hacking into my own Super Hub 3.0 , I was able to find Vulnerability-related.DiscoverVulnerability multiple security flaws within the router ’ s firmware and combine these to create an exploit that could have been hidden within webpages and sent to other unsuspecting owners via scam emails or other methods , ” Bucsay tells The Daily Swig . “ If customers had opened the webpages and activated the exploit , hackers could have gained unauthorized access to their modems and other devices on the victim ’ s home network , enabling them to spy on online activity and even execute their own commands on the devices. ” Bucsay reported Vulnerability-related.DiscoverVulnerability the vulnerabilities to Virgin Media in March 2017 , but says they weren't fixed Vulnerability-related.PatchVulnerability until the end of July this year . “ The proposed roll-out date was postponed many times , ” he says . However , a Virgin Media spokeswoman defended the company ’ s actions . “ The online security of our customers is a top priority for Virgin Media and the issues described Vulnerability-related.DiscoverVulnerability by NCC have been fixed Vulnerability-related.PatchVulnerability , ” she told The Daily Swig . “ We have seen no evidence that these advanced technical exploits , carried out by NCC as a proof of concept , were used maliciously to impact customers. ” With the patch rolled out Vulnerability-related.PatchVulnerability in August , Super Hub 3.0 users don ’ t need to do anything extra to protect themselves . “ However , this research should remind consumers that no connected device is inherently secure , and that they should consider additional security measures around their home network , such as using password managers and different passwords for each device and service , ” Bucsay warns . He also urged internet service providers to be more proactive in checking the security of any third-party devices they use .

Virgin Media has – perhaps rather belatedly – fixed Vulnerability-related.PatchVulnerability a series of vulnerabilities in its Super Hub 3.0 home broadband router modem , after they were reported Vulnerability-related.DiscoverVulnerability more than 18 months ago . Balazs Bucsay , managing security consultant at NCC Group , says that after receiving one of the devices as a home customer and examining it for a few hours , he was quickly able to find Vulnerability-related.DiscoverVulnerability a remote command execution bug . He uncovered many others during the following days . Eventually , he says , he was able to create a full chain of exploits that made it possible to perform a remote authentication as an administrator on the router . This could potentially allow a hacker to take control of millions of these devices , installing backdoors in a way that would be extremely hard to find and investigate . “ After hacking into my own Super Hub 3.0 , I was able to find Vulnerability-related.DiscoverVulnerability multiple security flaws within the router ’ s firmware and combine these to create an exploit that could have been hidden within webpages and sent to other unsuspecting owners via scam emails or other methods , ” Bucsay tells The Daily Swig . “ If customers had opened the webpages and activated the exploit , hackers could have gained unauthorized access to their modems and other devices on the victim ’ s home network , enabling them to spy on online activity and even execute their own commands on the devices. ” Bucsay reported Vulnerability-related.DiscoverVulnerability the vulnerabilities to Virgin Media in March 2017 , but says they weren't fixed Vulnerability-related.PatchVulnerability until the end of July this year . “ The proposed roll-out date was postponed many times , ” he says . However , a Virgin Media spokeswoman defended the company ’ s actions . “ The online security of our customers is a top priority for Virgin Media and the issues described Vulnerability-related.DiscoverVulnerability by NCC have been fixed Vulnerability-related.PatchVulnerability , ” she told The Daily Swig . “ We have seen no evidence that these advanced technical exploits , carried out by NCC as a proof of concept , were used maliciously to impact customers. ” With the patch rolled out Vulnerability-related.PatchVulnerability in August , Super Hub 3.0 users don ’ t need to do anything extra to protect themselves . “ However , this research should remind consumers that no connected device is inherently secure , and that they should consider additional security measures around their home network , such as using password managers and different passwords for each device and service , ” Bucsay warns . He also urged internet service providers to be more proactive in checking the security of any third-party devices they use .

It ’ s safe to say that 2016 was the year of ransomware . More specifically , the year of crypto-ransomware , that nefarious variant that encrypts files and holds them captive until a ransom is paid Attack.Ransom . Since the release of Cryptolocker in late 2013 , crypto-ransomware has exploded , and 2016 was a banner year . As a matter of fact , according to the FBI , cyber criminals used ransomware to steal Attack.Ransom more than $ 209 million from U.S. businesses in just the first quarter of 2016 . And according to a recent report from Kaspersky Labs , from January to September of 2016 , ransomware attacks targeting companies increased by a whopping 300 percent . With threat actors realizing ransomware ’ s lucrative potential , they bombarded the industry with new attacks in 2016 . This variant hit the wild in early 2016 , infecting systems using AES encryption . It not only infects mapped file shares , but any networked share , so remote drives are at risk . This attack was so potent experts estimate it infected more than 100,000 victims per day at its peak . More recently , hackers went after the beloved San Francisco Municipal Transport Agency ( MUNI ) . If you were in the area in late November , you may have gotten the message “ You Hacked ” at public transit ticket kiosks . The city ’ s light rail was hit by ransomware that forced them to offer Attack.Ransom free rides for two days while they recovered the files . Or , what about Popcorn , the ingenious little in-development ransomware variant in December that turned victims into attackers by incentivizing them with a pyramid scheme-style discount . Send the infection to two of your friends , and you get your files back for free . Ransomware perhaps hit Attack.Ransom healthcare the hardest in 2016 , with some reports claiming 88 percent of all ransomware affected hospitals . Whether large or small , no provider could hide from hackers looking to nab and encrypt patient data , disrupting care until the provider paid up Attack.Ransom or recovered files . The New Jersey Spine Center and Marin Healthcare District were attacked Attack.Ransom by Cryptowall , which encrypted electronic health records , backup files and the phone system . MedStar , which operates 10 hospitals in the D.C and Baltimore area , was forced to shut down its entire IT system and revert to paper records . And the list goes on and on with names like California ’ s Hollywood Presbyterian Medical Center , The University of Southern California ’ s Keck and Norris Hospital , Kansas Heart Hospital , Alvarado Medical Center , King ’ s Daughter ’ s Health , Chino Valley Medical Center and Desert Valley Hospital , and more . Criminals have obviously realized the awesome money-making potential of ransomware , and you should expect them to double-down in 2017 . That said , how can they make an already effective threat even more widespread ? Every year I try to predict changes and evolutions to the threat and security landscape . In this year ’ s predictions , I forecast that you ’ ll see the first ever , wide-spread ransomworm . This new variant will dramatically accelerate the spread of ransomware . Years ago , network worms like CodeRed , SQL Slammer , and more recently , Conficker were pretty common . As you probably know , a worm is a type of malware that automatically spreads itself over a network , using either legitimate network file sharing features , or network software vulnerabilities . In the past , the fastest spreading worms – like the examples mentioned above – exploited Vulnerability-related.DiscoverVulnerability network software flaws to automatically propagate through networks ( whether the Internet or just your internal network ) . Although we haven ’ t seen many wildly successful network worms lately , they ’ re still a threat . All it takes is for one black hat to find Vulnerability-related.DiscoverVulnerability a new zero-day networking software flaw and wide-spread ransomworm becomes a real possibility . In fact , attackers may not even need to know a new networking flaw to create a successful ransomware . By stealing Attack.Databreach a computer ’ s local credentials , attackers can use normal Windows networking , or tools like Powershell to spread through an internal Windows network without leveraging any vulnerability at all . Now , imagine ransomware attached to such a network worm . After infecting one victim , it could tirelessly copy itself to every computer it could reach on your local network . Whether or not you want to imagine such a scenario , criminals have already added network-scanning capabilities to some ransomware variants , and there ’ s a high likelihood they will more aggressively merge ransomware and worm capabilities next year . In 2017 , I suspect you ’ ll see a ransomworm that automatically spreads very quickly and successfully , at least on local networks , if not the Internet . Since falling victim to ransomware can be a costly and time-consuming affair , how can you prepare to combat these evolving threats ? Backup – Sure , I know most people just want to prevent ransomware , but you ’ ll never have 100 percent assurances of that in information security . Backing up your data is an important part of security for reasons far beyond just recovering from a ransomware attack . If you don ’ t already backup your important data , ransomware is the best reason yet to do so . Patch your software – There are many ways ransomware might get on your systems , including just users manually doing foolish things . However , in order to forcefully or automatically install malware on your system , attackers must exploit software flaws . That said , vendors have already fixed Vulnerability-related.PatchVulnerability a huge percent of the vulnerabilities hackers use to spread malware . If you simply keep your patches up to date Vulnerability-related.PatchVulnerability , you won ’ t succumb to many of these forced or automated attacks , which could even help against ransomworms , assuming the network flaw they used was also patched Vulnerability-related.PatchVulnerability . Implement Killchain Defense – You won ’ t find one security technology that can protect you from 100 percent of ransomware by itself . However , there are many security controls that help protect you from various stages of a ransomware attack . For instance , Intrusion Prevention Systems ( IPS ) can prevent some of the exploits criminals use to spread ransomware . AntiVirus can catch some of the most common ransomware variants , and more modern advanced threat protection solutions can even identify and block new zero-day ransomware samples . However , none of these defenses are fool proof alone . The best way to protect your computer or organization is to combine all of them . Unified Threat Management ( UTM ) solutions often offer the easiest option for placing all these protections under one pane of glass

To understand why it is so difficult to defend computers from even moderately capable hackers , consider the case of the security flaw officially known as Vulnerability-related.DiscoverVulnerability CVE-2017-0199 . The bug was unusually dangerous but of a common genre : it was in Microsoft software , could allow a hacker to seize control of a personal computer with little trace , and was fixed Vulnerability-related.PatchVulnerability April 11 in Microsoft ’ s regular monthly security update . But it had traveled a rocky , nine-month journey from discovery to resolution , which cyber security experts say is an unusually long time . Google ’ s security researchers , for example , give vendors just 90 days’ warning Vulnerability-related.DiscoverVulnerability before publishing Vulnerability-related.DiscoverVulnerability flaws they find Vulnerability-related.DiscoverVulnerability . Microsoft Corp ( MSFT.O ) declined to say how long it usually takes to patch Vulnerability-related.PatchVulnerability a flaw . While Microsoft investigated , hackers found Vulnerability-related.DiscoverVulnerability the flaw and manipulated the software to spy on unknown Russian speakers , possibly in Ukraine . And a group of thieves used it to bolster their efforts to steal Attack.Databreach from millions of online bank accounts in Australia and other countries . Those conclusions and other details emerged from interviews with researchers at cyber security firms who studied the events and analyzed versions of the attack code . Microsoft confirmed the sequence of events . The tale began last July , when Ryan Hanson , a 2010 Idaho State University graduate and consultant at boutique security firm Optiv Inc in Boise , found Vulnerability-related.DiscoverVulnerability a weakness in the way that Microsoft Word processes documents from another format . That allowed him to insert a link to a malicious program that would take control of a computer . The company often pays a modest bounty of a few thousands dollars for the identification of security risks . Soon after that point six months ago , Microsoft could have fixed Vulnerability-related.PatchVulnerability the problem , the company acknowledged Vulnerability-related.DiscoverVulnerability . But it was not that simple . A quick change in the settings on Word by customers would do the trick , but if Microsoft notified Vulnerability-related.DiscoverVulnerability customers about the bug and the recommended changes Vulnerability-related.PatchVulnerability , it would also be telling hackers about how to break in . Alternatively , Microsoft could have created Vulnerability-related.PatchVulnerability a patch that would be distributed Vulnerability-related.PatchVulnerability as part of its monthly software updates . But the company did not patch immediately Vulnerability-related.PatchVulnerability and instead dug deeper . It was not aware that anyone was using Hanson ’ s method , and it wanted to be sure it had a comprehensive solution . “ We performed Vulnerability-related.PatchVulnerability an investigation to identify other potentially similar methods and ensure that our fix addresses [ sic ] more than just the issue reported , ” Microsoft said through a spokesman , who answered emailed questions on the condition of anonymity . “ This was a complex investigation. ” Hanson declined interview requests . The saga shows that Microsoft ’ s progress on security issues , as well as that of the software industry as a whole , remains uneven in an era when the stakes are growing dramatically . Finally , on the Tuesday , about six months after hearing from Hanson , Microsoft made Vulnerability-related.PatchVulnerability the patch available Vulnerability-related.PatchVulnerability . As always , some computer owners are lagging behind and have not installed it . Ben-Gurion University employees in Israel were hacked , after the patch , by attackers linked to Iran who took over their email accounts and sent infected documents to their contacts at technology companies and medical professionals , said Michael Gorelik , vice president of cyber security firm Morphisec . When Microsoft patched Vulnerability-related.PatchVulnerability , it thanked Hanson , a FireEye researcher and its own staff . A six-month delay is bad but not unheard of , said Marten Mickos , chief executive of HackerOne , which coordinates patching efforts between researchers and vendors . “ Normal fixing times are a matter of weeks , ” Mickos said . Privately-held Optiv said through a spokeswoman that it usually gives vendors 45 days to make Vulnerability-related.PatchVulnerability fixes before publishing research Vulnerability-related.DiscoverVulnerability when appropriate , and that it “ materially followed ” that practice in this case . If the patching Vulnerability-related.PatchVulnerability took time , others who learned of the flaw moved quickly . On the final weekend before the patch , the criminals could have sold it along to the Dridex hackers , or the original makers could have cashed in a third time , Hultquist said , effectively staging a last clearance sale before it lost peak effectiveness . It is unclear how many people were ultimately infected or how much money was stolen .

A pair of iOS bugs identified Vulnerability-related.DiscoverVulnerability as resolved Vulnerability-related.PatchVulnerability by Apple in its latest iOS 12.1.4 release were successfully exploited Vulnerability-related.DiscoverVulnerability by hackers , according to a Google researcher who shared details Vulnerability-related.DiscoverVulnerability of the zero-day vulnerabilities on Thursday . Apple 's latest iOS 12.1.4 release , issued Vulnerability-related.PatchVulnerability earlier today , contains fixes for Foundation and IOKit flaws that , according to security researcher Ben Hawkes , were used to hack devices in the wild . As noted by ZDNet , Hawkes , leader of Google 's Project Zero security team , shared the revelation Vulnerability-related.DiscoverVulnerability on Twitter late Thursday , saying Vulnerability-related.DiscoverVulnerability the iOS bugs were leveraged as zero-day vulnerabilities . How , exactly , the vulnerabilities were exploited Vulnerability-related.DiscoverVulnerability and by whom is unknown . Both bugs were detailed Vulnerability-related.DiscoverVulnerability in Apple documentation detailing security changes delivered Vulnerability-related.PatchVulnerability with the iOS 12.1.4 package . Logged with the identifier Vulnerability-related.DiscoverVulnerability CVE-2019-7286 , the Foundation flaw involves a memory corruption issue that could allow an app to gain elevated privileges in iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . An anonymous researcher , Clement Lecigne of Google Threat Analysis Group , Ian Beer of Google Project Zero and Samuel Grob of Google Project Zero were credited with finding Vulnerability-related.DiscoverVulnerability the flaw . The second bug , identified Vulnerability-related.DiscoverVulnerability as CVE-2019-7287 , also involves a memory corruption , but instead of granting elevated privileges it allows an app to executive code with kernel privileges on iPhone 5s and later , iPad Air and later , and iPod touch 6th generation . The same researchers were credited with the find Vulnerability-related.DiscoverVulnerability . Apple released Vulnerability-related.PatchVulnerability iOS 12.1.4 alongside a supplemental update to macOS Mojave to address Vulnerability-related.PatchVulnerability the widely publicized FaceTime flaw that allowed interlopers to eavesdrop on Group FaceTime calls . The update also patched Vulnerability-related.PatchVulnerability a Live Photos in FaceTime bug that was discovered Vulnerability-related.DiscoverVulnerability after Apple conducted a `` thorough security audit '' of the service . Details of the Live Photos vulnerability have yet to be made public Vulnerability-related.DiscoverVulnerability .

Hackers are likely exploiting the easy-to-find vulnerabilities , according to the security researcher who warned Vulnerability-related.DiscoverVulnerability the Pentagon of the flaws months ago . The vulnerable systems could allow hackers or foreign actors to launch cyberattacks through the department 's systems to make it look as though it originated from US networks . Dan Tentler , founder of cybersecurity firm Phobos Group , who discovered Vulnerability-related.DiscoverVulnerability the vulnerable hosts , warned Vulnerability-related.DiscoverVulnerability the flaws are so easy to find Vulnerability-related.DiscoverVulnerability that he believes he was probably not the first person to find Vulnerability-related.DiscoverVulnerability them . `` It 's very likely that these servers are being exploited in the wild , '' he told me on the phone . While the Pentagon is said to be aware Vulnerability-related.DiscoverVulnerability of the vulnerable servers , it has yet to implement any fixes Vulnerability-related.PatchVulnerability -- more than eight months after the department was alerted Vulnerability-related.DiscoverVulnerability . It 's a unique case that casts doubts on the effectiveness of the Trump administration 's anticipated executive order on cybersecurity , which aims to review all federal systems of security issues and vulnerabilities over a 60-day period . The draft order was leaked Attack.Databreach last week , but it was abruptly pulled minutes before it was expected to be signed on Tuesday . Tentler , a critic of the plans , argued that the draft plans are `` just not feasible . '' `` It 's laughable that an order like this was drafted in the first place because it demonstrates a complete lack of understanding what the existing problems are , '' he said . `` The order will effectively demand a vulnerability assessment on the entire government , and they want it in 60 days ? It 's been months -- and they still have n't fixed it , '' he said . In the past year , the Pentagon became the first government department to ease up on computer hacking laws by allowing researchers to find and report bugs and flaws in systems in exchange for financial rewards . Trump aides ' use of encrypted messaging may violate records law Using disappearing messages in government could be a `` recipe for corruption , '' says one expert . Researchers must limit their testing to two domains -- `` defense.gov '' ( and its subdomains ) and any `` .mil '' subdomain . In an effort to pare down the list of hosts from `` all public Department of Defense hosts '' to `` only the ones in scope , '' Tentler was able to identify several hosts that answered to the domain names in scope . `` There were hosts that were discovered Vulnerability-related.DiscoverVulnerability that had serious technical misconfiguration problems that could be easily abused by an attacker inside or outside of the country , who could want to implicate the US as culprits in hacking attacks if they so desire , '' he told me . `` The flaw could allow politically motivated attacks that could implicate the US , '' he added . In other words , a foreign hacker or nation-state attacker could launch a cyberattack and make it look like it came from the Pentagon 's systems . Tentler argued that the hosts were covered by the scope of the wildcard domains . A Pentagon spokesperson confirmed Tuesday that the vulnerabilities had been fixed Vulnerability-related.PatchVulnerability , and encouraged researchers to continue to submit Vulnerability-related.DiscoverVulnerability bugs and vulnerabilities , which are covered under the Pentagon 's vulnerability disclosure policy .

Popular security products such as anti-viruses and middleboxes put customers at risk through poor transport layer security ( TLS ) interception implementations , researchers have found Vulnerability-related.DiscoverVulnerability . A group of researchers from United States universities as well as tech companies Google , Mozilla , and Cloudflare tested middleboxes - which act as network proxies for traffic analysis and content filtering - from A10 , Blue Coat , Barracuda , CheckPoint , Cisco , Fortinet , Juniper , Microsoft , Sophos , Untangle , and WebTitan . All but the BlueCoat device weakened connection security and introduced Vulnerability-related.DiscoverVulnerability TLS vulnerabilities such as Logjam , weak export and RC4 ciphers , or did n't validate digital certificates properly . The researchers also tested [ pdf ] 29 anti-viruses , and found Vulnerability-related.DiscoverVulnerability 13 would intercept TLS connections . Only Avast versions 10 and 11 for Windows did not reduce TLS connection security . Interception of TLS connections involves security products injecting their own certificates in web browsers or devices in organisation networks . This alllows them to terminate TLS connections , decrypt the traffic so as to look for malicious or disallowed content , and then re-initiate the TLS connection after analysis is complete . Such interception is increasingly prevalent , the researchers said , meaning the security community is working at cross purposes - the attempts to detect and block harmful traffic dramatically reduces connection security , the researchers said . `` Many of the vulnerabilities we find Vulnerability-related.DiscoverVulnerability in anti-virus products and corporate middleboxes — such as failing to validate certificates and advertising broken ciphers — are negligent and another data point in a worrying trend of security products worsening security rather than improving it , '' they wrote . Compounding the problem , the researchers noted that while it was possible to adjust middlebox settings in many cases to avoid them degrading TLS security , their configuration was `` confusing , oftentimes with little or no documentation '' . `` We note that the installation process for many of these proxies is convoluted , crash-prone , and at times , non-deterministic , '' they said . Testing middleboxes with services such as Qualys SSL Labs , How 's My SSL , and Bad SSL is a must for administrators , the researchers said . There is no good reason for anti-virus vendors to intercept TLS since their software operates locally and already has access to the file system , browser memory , and any content loaded over HTTPS , they claimed . The researchers disclosed Vulnerability-related.DiscoverVulnerability the vulnerabilities in the security products to vendors , but said the reception to the reports varied greatly . `` In many cases , we received no response and in other cases , we were unable to convince manufacturers that TLS vulnerabilities such as Logjam required patching Vulnerability-related.PatchVulnerability , '' they wrote .

Networked printers for years have left gaping holes in home and office network security . Today , experts continue to find Vulnerability-related.DiscoverVulnerability flaws in popular laser printers , which are putting businesses at risk . Experts at the University Alliance Ruhr recently announced Vulnerability-related.DiscoverVulnerability vulnerabilities in laser printers from manufacturers including Dell , HP , Lexmark , Samsung , Brother , and Konica . The flaws could permit print docs to be captured , allow buffer overflow exploits , disclose passwords , or cause printer damage . Up to 60,000 currently deployed printers could be vulnerable Vulnerability-related.DiscoverVulnerability , they estimate . When unprotected , printers expose users to several types of attacks , says Jeremiah Grossman , chief of security strategy at SentinelOne . Hackers can use vulnerabilities to capture old printer logs , which may contain sensitive information . They may also use these flaws to establish their foothold in a networked device and move laterally throughout the organization to gather data . Some attackers want to wreak havoc outside a single business . With networked printers under their control , a cybercriminal may use one company 's bandwidth to perform DDoS attacks on other organizations and individuals around the world . These examples are among the many types of damage that will continue to threaten security as part of the growing Internet of Things , Grossman predicts . `` Most of the time , printers are not going to be terribly different from any IoT device , '' he explains . Hackers who find Vulnerability-related.DiscoverVulnerability vulnerabilities in the web interface can take over , as they could for any device connected to the network . The difference , of course , is printers have been around far longer than most IoT products . This presents a market failure that will be difficult to correct because patches wo n't be made available Vulnerability-related.PatchVulnerability . Even when they are , devices wo n't be patched Vulnerability-related.PatchVulnerability often . Right now the easiest vectors include web hacking and email attacks , but they will move to IoT as computers and operating systems get more secure . Printers are low-hanging fruit , he says , and easier to target . He also recommends isolating printers on local networks , separate from PCs , and disabling out-of-network communication so even if they 're hacked , printers ca n't interact with adversaries outside the organization . Wingate suggests adopting the same baseline security practices businesses employ for computers ; for example , periodically update passwords so sensitive content is n't left in the open for people to steal . He also recommends intrusion detection , another practice people use for their PCs but do n't frequently employ on printers .

Networked printers for years have left gaping holes in home and office network security . Today , experts continue to find Vulnerability-related.DiscoverVulnerability flaws in popular laser printers , which are putting businesses at risk . Experts at the University Alliance Ruhr recently announced Vulnerability-related.DiscoverVulnerability vulnerabilities in laser printers from manufacturers including Dell , HP , Lexmark , Samsung , Brother , and Konica . The flaws could permit print docs to be captured , allow buffer overflow exploits , disclose passwords , or cause printer damage . Up to 60,000 currently deployed printers could be vulnerable Vulnerability-related.DiscoverVulnerability , they estimate . When unprotected , printers expose users to several types of attacks , says Jeremiah Grossman , chief of security strategy at SentinelOne . Hackers can use vulnerabilities to capture old printer logs , which may contain sensitive information . They may also use these flaws to establish their foothold in a networked device and move laterally throughout the organization to gather data . Some attackers want to wreak havoc outside a single business . With networked printers under their control , a cybercriminal may use one company 's bandwidth to perform DDoS attacks on other organizations and individuals around the world . These examples are among the many types of damage that will continue to threaten security as part of the growing Internet of Things , Grossman predicts . `` Most of the time , printers are not going to be terribly different from any IoT device , '' he explains . Hackers who find Vulnerability-related.DiscoverVulnerability vulnerabilities in the web interface can take over , as they could for any device connected to the network . The difference , of course , is printers have been around far longer than most IoT products . This presents a market failure that will be difficult to correct because patches wo n't be made available Vulnerability-related.PatchVulnerability . Even when they are , devices wo n't be patched Vulnerability-related.PatchVulnerability often . Right now the easiest vectors include web hacking and email attacks , but they will move to IoT as computers and operating systems get more secure . Printers are low-hanging fruit , he says , and easier to target . He also recommends isolating printers on local networks , separate from PCs , and disabling out-of-network communication so even if they 're hacked , printers ca n't interact with adversaries outside the organization . Wingate suggests adopting the same baseline security practices businesses employ for computers ; for example , periodically update passwords so sensitive content is n't left in the open for people to steal . He also recommends intrusion detection , another practice people use for their PCs but do n't frequently employ on printers .