Ars Technica

Syndikovat obsah security – Ars Technica
Serving the Technologist for more than a decade. IT news, reviews, and analysis.
Aktualizace: 26 min 27 sek zpět

McAfee joins Sophos, Avira, Avast—the latest Windows update breaks them all

19 Duben, 2019 - 18:26

Enlarge / A colorized transmission electron micrograph (TEM) of an Ebola virus virion. (Cynthia Goldsmith) (credit: CDC)

The most recent Windows patch, released April 9, seems to have done something (still to be determined) that's causing problems with anti-malware software. Over the last few days, Microsoft has been adding more and more antivirus scanners to its list of known issues. As of publication time, client-side antivirus software from Sophos, Avira, ArcaBit, Avast, and most recently McAfee are all showing problems with the patch.

Affected machines seem to be fine until an attempt is made to log in, at which point the system grinds to a halt. It's not immediately clear if systems are freezing altogether or just going extraordinarily slowly. Some users have reported that they can log in, but the process takes ten or more hours. Logging in to Windows 7, 8.1, Server 2008 R2, Server 2012, and Server 2012 R2 are all affected.

Booting into safe mode is unaffected, and the current advice is to use this method to disable the antivirus applications and allow the machines to boot normally. Sophos additionally reports that adding the antivirus software's own directory to the list of excluded locations also serves as a fix, which is a little strange.

Read 3 remaining paragraphs | Comments

Kategorie: Hacking & Security

Hackers could read non-corporate Outlook.com, Hotmail for six months

15 Duben, 2019 - 17:14

Enlarge (credit: Getty / Aurich Lawson)

Late on Friday, some users of Outlook.com/Hotmail/MSN Mail received an email from Microsoft stating that an unauthorized third party had gained limited access to their accounts and was able to read, among other things, the subject lines of emails (but not their bodies or attachments, nor their account passwords), between January 1 and March 28 of this year. Microsoft confirmed this to TechCrunch on Saturday.

The hackers, however, dispute this characterization. They told Motherboard that they can indeed access email contents and have shown that publication screenshots to prove their point. They also claim that the hack lasted at least six months, doubling the period of vulnerability that Microsoft has claimed. After this pushback, Microsoft responded that around 6 percent of customers affected by the hack had suffered unauthorized access to their emails and that these customers received different breach notifications to make this clear. However, the company is still sticking to its claim that the hack only lasted three months.

Not in dispute is the broad character of the attack. Both hackers and Microsoft's breach notifications say that access to customer accounts came through compromise of a support agent's credentials. With these credentials, the hackers could use Microsoft's internal customer support portal, which offers support agents some level of access to Outlook.com accounts. The hackers speculated to Motherboard that the compromised account belonged to a highly privileged user and that this may have been what granted them the ability to read mail bodies. The compromised account has subsequently been locked to prevent any further abuse.

Read 2 remaining paragraphs | Comments

Kategorie: Hacking & Security

To catch a drug thief, hospital secretly recorded births, women’s surgeries

3 Duben, 2019 - 17:41

Enlarge / Not where you want a hidden camera. (credit: Getty | Brendan Hoffman)

A California hospital faces a lawsuit from 81 women who allege they were secretly filmed by hidden cameras in labor and delivery operating rooms while undergoing extremely intimate procedures, including Caesarean births, sterilizations, and operations to resolve miscarriages.

The women claim that their privacy was egregiously violated by the hospital, Sharp Grossmont Hospital in La Mesa, California, which is run by Sharp HealthCare. The women say they did not consent to be filmed during the procedures—and would not have done so if given the choice.

Moreover, they allege that their sensitive videos were insecurely stored on various desktop computers, some of which were not even password protected, and that numerous non-medical staff members—including security guards and attorneys—were able to watch the videos. The lawsuit further alleges that the hospital made no effort to log or monitor who viewed the footage and did not ensure proper deletion of the data. In all, the lawsuit estimates that the hospital had secret recordings of around 1,800 procedures that took place in the women’s center.

Read 5 remaining paragraphs | Comments

Kategorie: Hacking & Security

Woman from China, with malware in tow, illegally entered Trump’s Mar-a-Lago

3 Duben, 2019 - 02:30

Enlarge (credit: The White House / Flickr)

A woman carrying four cellphones, two Chinese passports, and a thumb drive containing malware was arrested over the weekend after gaining access to President Donald Trump’s Mar-a-Lago resort under false pretenses, a court document alleged.

The woman, identified as 32-year-old Yujing Zhang, on Saturday afternoon told a US Secret Service agent she was there to use the pool and produced the passports, a criminal complaint filed in US District Court for the Southern District of Florida alleged. She was admitted past a security checkpoint after a resort security manager verified that her last name matched the surname of a club member. A “potential language-barrier issue” raised the possibility she was the daughter of the member. She didn’t give a definitive answer when asked if she was there to meet anyone and was escorted to a front desk in a golf cart.

When questioned by a receptionist inside the club, Zhang said she was there to attend a United Nations Chinese American Association event later that evening, according to the complaint. The receptionist confirmed that no such event was scheduled and was unable to find Zhang’s name on any list of people approved to be past the security checkpoint.

Read 6 remaining paragraphs | Comments

Kategorie: Hacking & Security

How Microsoft found a Huawei driver that opened systems to attack

26 Březen, 2019 - 21:03

Enlarge (credit: Valentina Palladino)

Huawei MateBook systems that are running the company's PCManager software included a driver that would let unprivileged users create processes with superuser privileges. The insecure driver was discovered by Microsoft using some of the new monitoring features added to Windows version 1809 that are monitored by the company's Microsoft Defender Advanced Threat Protection (ATP) service.

First things first: Huawei fixed the driver and published the safe version in early January, so if you're using a Huawei system and have either updated everything or removed the built-in applications entirely, you should be good to go.

The interesting part of the story is how Microsoft found the bad driver in the first place.

Read 10 remaining paragraphs | Comments

Kategorie: Hacking & Security