As evidence of the hack, the hackers first posted a screenshot showing a list of folders with the names of various companies from around the world, including Arcserve, Banco Galicia, BNP Paribas Cardif, Citibanamex, DHL, Stifel, and others.

A little later, the group also posted a torrent file containing 70 GB of source code allegedly stolen from Globant, as well as administrator passwords associated with Atlassian firms (including Confluence, Jira and Crucible).

According to the research group VX-Underground, Lapsus$ members mocked the Globant administrators and separately published some of the passwords they used. The problem is that credentials like “admin” or “admin2” are hardly reliable, easy to guess, and often reused across the company.

Representatives of Globant have not yet commented on the incident.

Let me remind you that lately the Lapsus$ hacker group has become a real cyber sensation and does not leave the front pages of IT publications around the world. These guys blackmailed Nvidia, leaked the source codes of Ubisoft, Microsoft and Samsung and compromised Okta. As the media and experts now report, the leader of this hack group may be a 17-year-old teenager from the UK, moreover, he was recently arrested by the authorities.

As Flashpoint experts noted, Lapsus $ differs from other extortion groups in that it does not encrypt the files of its victims, but penetrates the company’s network, gains access to important files, steals them, and then threatens to leak data if it is not paid a ransom.

It should also be added that Lapsus$ does not have its own “leak site” where it publishes or sells the data of its victims. All leaks and communication “with the public” take place on the hackers’ Telegram channel, which has more than 52,000 subscribers, or by mail, and the stolen data is even distributed via torrents.

In total, 19 companies and organizations have become victims of Lapsus$, while 15 of them are located in Latin America and Portugal.

The post Hack group Lapsus$ returned from “vacation” and announced the hacking of Globant appeared first on Gridinsoft Blog.

Over the weekend, a screenshot appeared on the Lapsus$ Telegram channel demonstrating that hackers attacked the Microsoft Azure DevOps server and got to the sources of Bing, Cortana and various other projects of the company.

On Monday evening, the group then torrented a 9 GB 7zip archive containing the source code for more than 250 projects that they say are owned by Microsoft.

Lapsus$ states that the archive contains 90% of the Bing source code and approximately 45% of Bing Maps and Cortana code, while Bleeping Computer reports that the uncompressed archive contains approximately 37 GB of source code. At the same time, according to the hackers, only part of the source code got into the dump.

Researchers that have already examined the leak confirm that the files are indeed internal Microsoft source codes. Additionally, some of the projects are reported to contain emails and documentation that were clearly used by Microsoft engineers internally to publish mobile apps.

Apparently, these projects are intended for web infrastructure, sites or mobile applications, and the sources for desktops, including Windows, Windows Server and Microsoft Office, have not been published.

Microsoft representatives say they already know about this leak, and the company is investigating what happened.

Soon, representatives of Microsoft, which tracked Lapsus$ under the identifier DEV-0537, confirmed the compromise.

Let me remind you that the Lapsus$ extortionist group breaks into corporate systems and steals source codes, customer lists, databases and other valuable information from companies. At the same time, attackers very rarely use a ransomware. More often, hackers simply extort ransoms from victims, demanding money, and otherwise cajoling to publish the stolen data. Previously, Lapsus$ has already attacked such giants as Samsung, Nvidia, Vodafone, Ubisoft and Mercado Libre.

Let me remind you that I also talked about the fact that 0-day vulnerability remained unpatched for 2 years due to Microsoft bug bounty issues, and also that US and UK accused China for attacks on Microsoft Exchange servers.

The post Lapsus$ hack group stole the source codes of Microsoft products appeared first on Gridinsoft Blog.

The vulnerability received the identifier CVE-2021-3438 and has been present in the driver code since 2005, that is, it poses a threat to hundreds of millions of devices manufactured and sold over the past 16 years.

The vulnerability is described as a buffer overflow in the SSPORT.SYS driver file.

The bug can be used to elevate privileges, that is, it can help locally installed malware to gain access at the administrator level (of course, only if a vulnerable driver is used on the system).

Experts note that on some Windows systems, the vulnerable printer driver could be installed even without the user’s awareness. This could happen if users connected one of the vulnerable printers to their PCs and the driver was downloaded via Windows Update.

Experts advise users to check lists of problem devices and, if necessary, look for updates on the manufacturer’s website.

Let me remind you that I also talked about the fact that New Issues Found with Windows Print Spooler.

The post Researchers found a vulnerability that affects millions of HP, Xerox and Samsung printers appeared first on Gridinsoft Blog.

Horn notes that he did not check the kernel in other Samsung devices, but believes that modifications specific to this manufacturer can generally create vulnerabilities and make it difficult to counter attacks.

“Worse, this practice is common among smartphone manufacturers: they often add something controversial to the Linux kernel code, and upstream developers do not consider and cannot control these changes”, – states Jann Horn.

In particular, the Samsung core includes a function that protects user data from being read or modified by attackers. But Horn found that this function not only does not cope with its task, but also has vulnerabilities that can be used to execute arbitrary code.

The issue affected Samsung’s additional security subsystem called PROCA or Process Authenticator.

Researcher’s PoC exploit demonstrates that an attacker can gain access to an account database containing confidential authentication tokens.

Exploitation of this problem is also linked with an old vulnerability, a disclosure bug in the Linux kernel, which has the identifier CVE-2018-17972. This problem has long been fixed in the Linux kernel and Android kernel, but, as it turned out, not in the Android kernel, which Samsung uses for its phones.

“Samsung’s defense mechanisms do not provide complete protection against intruders trying to hack your phone, they only block the simplest root tools that are not customized for Samsung devices. I believe that such modifications are not their money, since they make it difficult to switch to a new kernel (which should happen more often than now) and add additional space for attack”, – writes Horn.

He notes that the PROCA mechanism is designed to restrict an attacker who, in fact, has already gained reading and writing permissions to the kernel. According to Horn, Samsung could create a more effective defense by directing its resources so that the attacker does not get such access at all.

Samsung developers have already fixed these and other vulnerabilities (including CVE-2018-17972) as part of the February Tuesday update.

Recall; that Android users are also threatened by another dangerous problem – Xhelper malware continues to infect Android devices. Moreover, the Xhelper Trojan remains on the device even after deleting or completely resetting device to factory settings.

The post Samsung amends Android kernel that impair security appeared first on Gridinsoft Blog.

So, as we can see this year was full of unpleasant tech surprises. Even big corporations are vulnerable to mistakes, shortcomings, and viruses. But every user can protect themselves’ by using powerful security software on their PC. GridinSoft Anti-Malware will keep your information and devices safe from any viruses. Be protected in 2017.

The post Top-6 biggest tech failures of 2016 appeared first on Gridinsoft Blog.