samsung Archives – Gridinsoft Blog Welcome to the Gridinsoft Blog, where we share posts about security solutions to keep you, your family and business safe. Fri, 31 May 2024 00:58:49 +0000 en-US hourly 1 https://wordpress.org/?v=63232 200474804 Hack group Lapsus$ returned from “vacation” and announced the hacking of Globant https://gridinsoft.com/blogs/lapsus-returned-from-vacation/ https://gridinsoft.com/blogs/lapsus-returned-from-vacation/#respond Thu, 31 Mar 2022 18:36:10 +0000 https://gridinsoft.com/blogs/?p=7232 The Lapsus$ extortionist group has returned from a “vacation” despite the recent arrest of seven of its members. The cybercriminals’ Telegram channel published data allegedly stolen from the Globant software development company. As evidence of the hack, the hackers first posted a screenshot showing a list of folders with the names of various companies from… Continue reading Hack group Lapsus$ returned from “vacation” and announced the hacking of Globant

The post Hack group Lapsus$ returned from “vacation” and announced the hacking of Globant appeared first on Gridinsoft Blog.

]]>
The Lapsus$ extortionist group has returned from a “vacation” despite the recent arrest of seven of its members. The cybercriminals’ Telegram channel published data allegedly stolen from the Globant software development company.

As evidence of the hack, the hackers first posted a screenshot showing a list of folders with the names of various companies from around the world, including Arcserve, Banco Galicia, BNP Paribas Cardif, Citibanamex, DHL, Stifel, and others.

Lapsus$ returned from vacation

A little later, the group also posted a torrent file containing 70 GB of source code allegedly stolen from Globant, as well as administrator passwords associated with Atlassian firms (including Confluence, Jira and Crucible).

Lapsus$ returned from vacation

According to the research group VX-Underground, Lapsus$ members mocked the Globant administrators and separately published some of the passwords they used. The problem is that credentials like “admin” or “admin2” are hardly reliable, easy to guess, and often reused across the company.

Representatives of Globant have not yet commented on the incident.

Let me remind you that lately the Lapsus$ hacker group has become a real cyber sensation and does not leave the front pages of IT publications around the world. These guys blackmailed Nvidia, leaked the source codes of Ubisoft, Microsoft and Samsung and compromised Okta. As the media and experts now report, the leader of this hack group may be a 17-year-old teenager from the UK, moreover, he was recently arrested by the authorities.

As Flashpoint experts noted, Lapsus $ differs from other extortion groups in that it does not encrypt the files of its victims, but penetrates the company’s network, gains access to important files, steals them, and then threatens to leak data if it is not paid a ransom.

It should also be added that Lapsus$ does not have its own “leak site” where it publishes or sells the data of its victims. All leaks and communication “with the public” take place on the hackers’ Telegram channel, which has more than 52,000 subscribers, or by mail, and the stolen data is even distributed via torrents.

In total, 19 companies and organizations have become victims of Lapsus$, while 15 of them are located in Latin America and Portugal.

The post Hack group Lapsus$ returned from “vacation” and announced the hacking of Globant appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/lapsus-returned-from-vacation/feed/ 0 7232
Lapsus$ hack group stole the source codes of Microsoft products https://gridinsoft.com/blogs/source-codes-of-microsoft-products/ https://gridinsoft.com/blogs/source-codes-of-microsoft-products/#respond Wed, 23 Mar 2022 15:19:23 +0000 https://gridinsoft.com/blogs/?p=7190 The Lapsus$ hack group has released the source codes for Bing, Cortana, and other Microsoft products allegedly stolen from an internal Microsoft Azure DevOps server. Over the weekend, a screenshot appeared on the Lapsus$ Telegram channel demonstrating that hackers attacked the Microsoft Azure DevOps server and got to the sources of Bing, Cortana and various… Continue reading Lapsus$ hack group stole the source codes of Microsoft products

The post Lapsus$ hack group stole the source codes of Microsoft products appeared first on Gridinsoft Blog.

]]>
The Lapsus$ hack group has released the source codes for Bing, Cortana, and other Microsoft products allegedly stolen from an internal Microsoft Azure DevOps server.

Over the weekend, a screenshot appeared on the Lapsus$ Telegram channel demonstrating that hackers attacked the Microsoft Azure DevOps server and got to the sources of Bing, Cortana and various other projects of the company.

On Monday evening, the group then torrented a 9 GB 7zip archive containing the source code for more than 250 projects that they say are owned by Microsoft.

Source code of Microsoft products

Lapsus$ states that the archive contains 90% of the Bing source code and approximately 45% of Bing Maps and Cortana code, while Bleeping Computer reports that the uncompressed archive contains approximately 37 GB of source code. At the same time, according to the hackers, only part of the source code got into the dump.

Source code of Microsoft products

Researchers that have already examined the leak confirm that the files are indeed internal Microsoft source codes. Additionally, some of the projects are reported to contain emails and documentation that were clearly used by Microsoft engineers internally to publish mobile apps.

Apparently, these projects are intended for web infrastructure, sites or mobile applications, and the sources for desktops, including Windows, Windows Server and Microsoft Office, have not been published.

Microsoft representatives say they already know about this leak, and the company is investigating what happened.

Soon, representatives of Microsoft, which tracked Lapsus$ under the identifier DEV-0537, confirmed the compromise.

In the course of this activity, source codes or customer data were not affected. Our investigation revealed that one account was compromised and this helped [the hackers] gain limited access. Our response teams quickly set about fixing the hacked account issue and preventing further action [by the attackers].

Microsoft does not consider code secrecy to be a security measure, meaning that viewing the source code does not increase the risk.

Our team was already investigating an account compromise when the attackers publicly reported their intrusion. This public announcement intensified our activity, allowing our specialists to intervene and interrupt the actions of hackers in the middle of the operation.Microsoft says.

Let me remind you that the Lapsus$ extortionist group breaks into corporate systems and steals source codes, customer lists, databases and other valuable information from companies. At the same time, attackers very rarely use a ransomware. More often, hackers simply extort ransoms from victims, demanding money, and otherwise cajoling to publish the stolen data. Previously, Lapsus$ has already attacked such giants as Samsung, Nvidia, Vodafone, Ubisoft and Mercado Libre.

Let me remind you that I also talked about the fact that 0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues, and also that US and UK accused China for attacks on Microsoft Exchange servers.

The post Lapsus$ hack group stole the source codes of Microsoft products appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/source-codes-of-microsoft-products/feed/ 0 7190
Researchers found a vulnerability that affects millions of HP, Xerox and Samsung printers https://gridinsoft.com/blogs/vulnerability-that-affects-hp-xerox-and-samsung-printers/ https://gridinsoft.com/blogs/vulnerability-that-affects-hp-xerox-and-samsung-printers/#respond Fri, 23 Jul 2021 16:01:22 +0000 https://blog.gridinsoft.com/?p=5736 In February of this year, SentinelOne experts found a 16-year-old vulnerability in the driver of HP, Xerox and Samsung printers. The problem allows attackers to gain administrator rights on systems that use vulnerable software. The vulnerability received the identifier CVE-2021-3438 and has been present in the driver code since 2005, that is, it poses a… Continue reading Researchers found a vulnerability that affects millions of HP, Xerox and Samsung printers

The post Researchers found a vulnerability that affects millions of HP, Xerox and Samsung printers appeared first on Gridinsoft Blog.

]]>
In February of this year, SentinelOne experts found a 16-year-old vulnerability in the driver of HP, Xerox and Samsung printers. The problem allows attackers to gain administrator rights on systems that use vulnerable software.

The vulnerability received the identifier CVE-2021-3438 and has been present in the driver code since 2005, that is, it poses a threat to hundreds of millions of devices manufactured and sold over the past 16 years.

This vulnerability affects a very long list of devices: more than 380 models of HP and Samsung printers, as well as at least a dozen of different Xerox products.the researchers write.

The vulnerability is described as a buffer overflow in the SSPORT.SYS driver file.

The bug can be used to elevate privileges, that is, it can help locally installed malware to gain access at the administrator level (of course, only if a vulnerable driver is used on the system).

Successful exploitation of this driver vulnerability would allow attackers to install programs, view, modify, encrypt, or delete data, and create new accounts with full user rights. Among the obvious options for the abuse of such vulnerabilities is the fact that they can be used to bypass security solutions.says the SentinelOne report.

Experts note that on some Windows systems, the vulnerable printer driver could be installed even without the user’s awareness. This could happen if users connected one of the vulnerable printers to their PCs and the driver was downloaded via Windows Update.

Just by running the printer software, the driver gets installed and activated on the machine regardless of whether you complete the installation or cancel. Thus, in effect, this driver gets installed and loaded without even asking or notifying the user. Whether you are configuring the printer to work wirelessly or via a USB cable, this driver gets loaded. In addition, it will be loaded by Windows on every boot.write the researchers.

Experts advise users to check lists of problem devices and, if necessary, look for updates on the manufacturer’s website.

Let me remind you that I also talked about the fact that New Issues Found with Windows Print Spooler.

The post Researchers found a vulnerability that affects millions of HP, Xerox and Samsung printers appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/vulnerability-that-affects-hp-xerox-and-samsung-printers/feed/ 0 5736
Samsung amends Android kernel that impair security https://gridinsoft.com/blogs/samsung-amends-android-kernel-that-impair-security/ https://gridinsoft.com/blogs/samsung-amends-android-kernel-that-impair-security/#comments Mon, 17 Feb 2020 16:58:25 +0000 https://blog.gridinsoft.com/?p=3465 Jann Horn, Google Project Zero Specialist, studied the Android kernel, supplied by Samsung with its Galaxy A50 phones, and stated that the security mechanisms added by Samsung engineers to the kernel not only lack full protection, but also create additional vectors for attacks. According to Horne, Samsung amends the Android kernel, which only worsens security.… Continue reading Samsung amends Android kernel that impair security

The post Samsung amends Android kernel that impair security appeared first on Gridinsoft Blog.

]]>
Jann Horn, Google Project Zero Specialist, studied the Android kernel, supplied by Samsung with its Galaxy A50 phones, and stated that the security mechanisms added by Samsung engineers to the kernel not only lack full protection, but also create additional vectors for attacks. According to Horne, Samsung amends the Android kernel, which only worsens security.

Horn notes that he did not check the kernel in other Samsung devices, but believes that modifications specific to this manufacturer can generally create vulnerabilities and make it difficult to counter attacks.

“Worse, this practice is common among smartphone manufacturers: they often add something controversial to the Linux kernel code, and upstream developers do not consider and cannot control these changes”, – states Jann Horn.

In particular, the Samsung core includes a function that protects user data from being read or modified by attackers. But Horn found that this function not only does not cope with its task, but also has vulnerabilities that can be used to execute arbitrary code.

The issue affected Samsung’s additional security subsystem called PROCA or Process Authenticator.

Researcher’s PoC exploit demonstrates that an attacker can gain access to an account database containing confidential authentication tokens.

Exploitation of this problem is also linked with an old vulnerability, a disclosure bug in the Linux kernel, which has the identifier CVE-2018-17972. This problem has long been fixed in the Linux kernel and Android kernel, but, as it turned out, not in the Android kernel, which Samsung uses for its phones.

“Samsung’s defense mechanisms do not provide complete protection against intruders trying to hack your phone, they only block the simplest root tools that are not customized for Samsung devices. I believe that such modifications are not their money, since they make it difficult to switch to a new kernel (which should happen more often than now) and add additional space for attack”, – writes Horn.

He notes that the PROCA mechanism is designed to restrict an attacker who, in fact, has already gained reading and writing permissions to the kernel. According to Horn, Samsung could create a more effective defense by directing its resources so that the attacker does not get such access at all.

Samsung developers have already fixed these and other vulnerabilities (including CVE-2018-17972) as part of the February Tuesday update.

Recall; that Android users are also threatened by another dangerous problem – Xhelper malware continues to infect Android devices. Moreover, the Xhelper Trojan remains on the device even after deleting or completely resetting device to factory settings.

The post Samsung amends Android kernel that impair security appeared first on Gridinsoft Blog.

]]>
https://gridinsoft.com/blogs/samsung-amends-android-kernel-that-impair-security/feed/ 1 3465
Top-6 biggest tech failures of 2016 https://gridinsoft.com/blogs/top-6-biggest-tech-failures-2016/ https://gridinsoft.com/blogs/top-6-biggest-tech-failures-2016/#respond Thu, 29 Dec 2016 14:06:02 +0000 https://blog.gridinsoft.com/?p=88 Samsung Galaxy Note 7 The biggest failure of Samsung for all history is Galaxy Note 7. Smartphones started exploding, that caused a stoppage in production and users were forbidden from taking them on airplanes. It will take a lot of time to clear the PR debacle from this company. Windows 10 We all waited for… Continue reading Top-6 biggest tech failures of 2016

The post Top-6 biggest tech failures of 2016 appeared first on Gridinsoft Blog.

]]>
  • Samsung Galaxy Note 7

    The biggest failure of Samsung for all history is Galaxy Note 7. Smartphones started exploding, that caused a stoppage in production and users were forbidden from taking them on airplanes. It will take a lot of time to clear the PR debacle from this company.

  • Windows 10

    We all waited for the Windows 10 Anniversary Update after the unusual and inconvenient Windows 8, that hasn’t a Start Menu button. But a lot of users were faced with the problem of an endless reboot cycle that developers couldn’t stop. In the end, the company found a way to fix this problem, but updates caused other complaints, such as blocking Internet access.

  • Screen problem of iPhone 6

    Another problem with smartphones was detected in 2016. This time is iPhone 6 and iPhone 6 Plus. The screen on both phones became unresponsive. The problem lay in the controller, that wasn’t properly connected to the motherboard. Even if you were very careful when using your device, someday this problem would show up and there was no way to fix it properly.

  • Facebook Killer

    Although Facebook is the biggest social network it couldn’t prevent one of the biggest fails of this year. In November a lot of users “became” dead with some regretful messages from the system on their page. A victim of this mistake was even the creator of the network Mark Zuckerberg. But, most of the users were joking about this, so Facebook got off lightly.

  • Yahoo data breach

    The biggest data breach of the past few years happened with Yahoo. Over a billion users were hacked. Passwords, names, dates of birth and other private information were stolen, but luckily data about credit cards and banking accounts stayed private.

  • GoPro Karma drone

    This time products weren’t exploding, but they just stopped working while customers were using them. Given, that the cost of one of these drones starts at $800 it is an unforgivable error for any company. Unlike Apple Inc. GoPro gave a refund to each customer that bought a GoPro Karma drone.

  • So, as we can see this year was full of unpleasant tech surprises. Even big corporations are vulnerable to mistakes, shortcomings, and viruses. But every user can protect themselves’ by using powerful security software on their PC. GridinSoft Anti-Malware will keep your information and devices safe from any viruses. Be protected in 2017.

    The post Top-6 biggest tech failures of 2016 appeared first on Gridinsoft Blog.

    ]]>
    https://gridinsoft.com/blogs/top-6-biggest-tech-failures-2016/feed/ 0 88