NewApp Digest
search bot

emergency response

Android app will help deploy first responders faster
AppWizard
November 22, 2024

Android app will help deploy first responders faster

The RapidDeploy app is a tool for dispatchers and first responders that enhances emergency response by providing real-time assistance. In a specific incident in Walton County, Florida, Louise Barthel used the app's video feature to share live footage with 911 responders when her husband fell off a boat. This allowed responders to visualize the situation and navigate to her location more efficiently. The app's mapping functionality also helped ensure a swift route to the scene, and responders guided Louise in restarting the boat through the video feed. The RapidDeploy app is currently available for Android users and is offered free of charge.
Microsoft patches Windows zero-day exploited in attacks on Ukraine
Winsage
November 14, 2024

Microsoft patches Windows zero-day exploited in attacks on Ukraine

Suspected Russian hackers are exploiting a zero-day vulnerability in Windows, identified as CVE-2024-43451, which is an NTLM Hash Disclosure spoofing vulnerability. ClearSky security researchers discovered that the vulnerability allows attackers to steal a logged-in user's NTLMv2 hash by manipulating connections to a server they control. The malicious campaign was first detected in June, using phishing emails with links that download an Internet shortcut file from a compromised server. User interaction with the URL file can trigger the vulnerability, enabling the download of malware like SparkRAT. ClearSky reported the findings to Ukraine's Computer Emergency Response Team (CERT-UA), linking the attacks to a Russian-affiliated threat group known as UAC-0194. Microsoft patched the vulnerability during the November 2024 Patch Tuesday and confirmed that user interaction is necessary for exploitation. The vulnerability affects all supported versions of Windows, including Windows 10 and later. The Cybersecurity and Infrastructure Security Agency (CISA) added this vulnerability to its Known Exploited Vulnerabilities Catalog, requiring organizations to secure affected systems by December 3.
Russia's APT29 Mimics AWS to Steal Windows Credentials
Winsage
October 26, 2024

Russia’s APT29 Mimics AWS to Steal Windows Credentials

APT29, a Russian advanced persistent threat group, has been targeting military, governmental, and corporate organizations through phishing campaigns. This group, associated with the Russian Federation's Foreign Intelligence Service (SVR), is known for significant breaches, including those involving SolarWinds and the Democratic National Committee. Recently, APT29 breached Microsoft's codebase and targeted political entities across Europe and Africa. The Computer Emergency Response Team of Ukraine (CERT-UA) discovered APT29's phishing attempts aimed at extracting Windows credentials from various sectors in Ukraine. The phishing campaign, which began in August, used malicious domain names resembling Amazon Web Services (AWS) to send emails with attachments that contained configuration files for Remote Desktop, enabling attackers to establish connections to compromised systems. Although APT29 did not use legitimate AWS domains, Amazon disrupted the campaign by taking down the malicious imitations. CERT-UA recommends organizations monitor network logs for APT29-related IP addresses and block RDP files at email gateways to mitigate risks.
JPCERT shares Windows Event Log tips to detect ransomware attacks
Winsage
September 30, 2024

JPCERT shares Windows Event Log tips to detect ransomware attacks

Japan's Computer Emergency Response Center (JPCERT/CC) has identified specific Windows Event Logs that can help detect ransomware attacks. The four types of logs analyzed are Application, Security, System, and Setup logs. Notable ransomware variants and their associated event IDs include: - Conti: Detected through event IDs 10000 and 10001. - Phobos: Leaves traces when deleting system backups via event IDs 612, 524, and 753. - Midas: Alters network settings, leaving event ID 7040. - BadRabbit: Records event ID 7045 during encryption installation. - Bisamware: Logs the start (event ID 1040) and end (event ID 1042) of a Windows Installer transaction. Other ransomware variants such as Shade, GandCrab, AKO, AvosLocker, BLACKBASTA, and Vice Society leave behind event IDs 13 and 10016, linked to permission issues when accessing COM applications to delete Volume Shadow Copies. JPCERT/CC notes that while older ransomware like WannaCry and Petya did not leave traces in Windows logs, modern strains do exhibit detectable patterns. In 2022, the SANS Institute published a guide on detecting ransomware using Windows Event Logs.
Google Chrome Security Alert: Indian Govt Issues Major Warning For Windows And Mac Users - News18
Winsage
September 28, 2024

Google Chrome Security Alert: Indian Govt Issues Major Warning For Windows And Mac Users – News18

The Indian government issued a security alert on September 26 regarding vulnerabilities in Google Chrome, as announced by the Indian Computer Emergency Response Team (CERT-In). Users on Windows, macOS, and Linux are at risk, particularly those using versions prior to 129.0.6668.70/.71 for Windows and Mac, and prior to 129.0.6668.70 for Linux. The vulnerabilities could allow remote attackers to execute arbitrary code and crash the application, stemming from issues such as Type Confusion in V8, Use after Free in Dawn, Integer Overflow in Skia, and inappropriate implementation in V8. Users are advised to update their browsers to the latest version to mitigate these risks.
CERT-In Issues Critical Warnings for Windows PCs: IPv6 and Kernel Vulnerabilities Explained - PUNE.NEWS
Winsage
August 25, 2024

CERT-In Issues Critical Warnings for Windows PCs: IPv6 and Kernel Vulnerabilities Explained – PUNE.NEWS

The Indian Computer Emergency Response Team (CERT-In) has issued a critical security alert regarding vulnerabilities in Windows PCs, classified as "Critical." The vulnerabilities affect Windows PCs using IPv6 connectivity and include: 1. Windows TCP/IP Remote Code Execution Vulnerability: This flaw allows arbitrary code execution through specially crafted IPv6 packets. 2. Windows Kernel Vulnerability: This flaw permits privilege escalation via a race condition. Affected systems include: - Windows 10: Versions 1607, 1809, 21H2, 22H2 - Windows 11: Versions 21H2, 22H2, 23H2, 24H2 - Windows Server: 2016, 2019, 2022 (including Server Core installations) To mitigate these risks, users are advised to: - Disable IPv6 if not necessary and apply the latest Microsoft updates. - Install the latest security patch for the Windows Kernel vulnerability identified as “CIVN-2024-0260.”
High Risk Warning Issued By Govt For Windows Users | Entrepreneur
Winsage
August 20, 2024

High Risk Warning Issued By Govt For Windows Users | Entrepreneur

The Ministry of Electronics and Information Technology's cybersecurity watchdog, CERT-In, has raised concerns about vulnerabilities in Windows 10, Windows 11, and Windows Server that could allow attackers to gain elevated privileges. These vulnerabilities are associated with systems supporting Virtualization Based Security (VBS) and Windows Backup. Microsoft has addressed these issues in a recent security patch, and users are advised to install the updates promptly.
India govt issues high risk warning for Windows users. Here's what you must do
Winsage
August 18, 2024

India govt issues high risk warning for Windows users. Here’s what you must do

CERT-In has alerted users of Windows 10 and Windows 11 about two significant vulnerabilities that could allow attackers to gain elevated privileges on affected systems. These vulnerabilities exist in Windows-based systems supporting Virtualization Based Security (VBS) and Windows Backup, potentially enabling unauthorized access and control. The affected Windows versions include various builds of Windows 10 and Windows 11, as well as Windows Server 2019 and 2022. Microsoft has released fixes in the latest security patch, and users are advised to download and install these updates promptly.
Microsoft Windows users beware: Govt warns of multiple vulnerabilities in Windows 10, Windows 11 devices
Winsage
August 13, 2024

Microsoft Windows users beware: Govt warns of multiple vulnerabilities in Windows 10, Windows 11 devices

The Indian Computer Emergency Response Team (CERT-In) has issued a warning for Windows users regarding vulnerabilities in various versions of Microsoft Windows that could allow attackers to gain elevated privileges. The affected Windows versions include: - Windows 10: Versions 1607, 21H2, 22H2, and 1809 (32-bit, x64, and ARM64-based systems). - Windows 11: Versions 21H2, 22H2, and 24H2 (x64 and ARM64-based systems). - Windows Server: 2016, 2019, 2022 (including Server Core installations). Microsoft has not yet provided security patches, so users are advised to activate their firewall, update antivirus software, be cautious of phishing attempts, consider disabling unused features like Virtualization-Based Security (VBS) and Windows Backup, maintain up-to-date backups of important files, and stay informed about updates from Microsoft and CERT-In.
Microsoft Windows users may land in big trouble again, Indian government issues warning
Winsage
August 13, 2024

Microsoft Windows users may land in big trouble again, Indian government issues warning

Microsoft Windows users are experiencing issues due to a significant outage caused by a problematic update from CrowdStrike. The Indian Computer Emergency Response Team (CERT-In) has issued an alert for Microsoft Windows users in India, highlighting vulnerabilities that could allow attackers to elevate privileges on compromised systems, particularly affecting systems with Virtualization Based Security (VBS) and Windows Backup. CERT-In advises users to follow Microsoft's recommendations until a security update is available. The affected Microsoft Windows versions include various editions of Windows Server and Windows 10 and 11 across different architectures.
Search