That means the NYPD essentially would get to dictate the truth unchallenged in a number of potentially sensitive local stories. Critics worry a turn towards encryption by law enforcement could reduce transparency, hamstring the news media, and potentially jeopardize the safety of protestors looking to stay a step ahead.Īccording to amNY, the NYPD's new plan would allow law enforcement officers discretion on whether or not to publicly disclose newsworthy incidents. While law enforcement has spent years fighting to make encryption less accessible for everyday people, police think they need a little more privacy. "For the time being, Microsoft also recommends people block HTTP port 5985 and HTTPS port 5986, which attackers need to exploit CVE-2022-41082."Īn anonymous reader quotes a report from Gizmodo: The NYPD says it wants to reimagine its current police communication system and transition to encrypted messages by 2024, according to a recent amNY report confirmed by Gizmodo. The rule can be found in Microsoft's advisory. People running on-premises Exchange servers "should apply a blocking rule that prevents servers from accepting known attack patterns," reports Ars. Beaumont went on to say that the backdoor malware appears to be novel, meaning this is the first time it has been used in the wild. The malware then sends and receives data that's encrypted with an RC4 encryption key that's generated at runtime. Independent researcher Kevin Beaumont said the address hosts a fake website with only a single user with one minute of login time and has been active only since August. It also makes a connection to the IP address 1371846733, which is hardcoded in the binary.
#Decipher backup repair cnet install
GTSC went on to say that the malware the threat actors eventually install emulates Microsoft's Exchange Web Service. Commands issued also bear the signature of the China Chopper, a webshell commonly used by Chinese-speaking threat actors, including several advanced persistent threat groups known to be backed by the People's Republic of China. These webshells contain simplified Chinese characters, leading the researchers to speculate the hackers are fluent in Chinese. Wednesday's GTSC post said the attackers are exploiting the zero-day to infect servers with webshells, a text interface that allows them to issue commands. Eventually, the researchers discovered the unknown hackers were exploiting a new Exchange vulnerability. The mystery exploit looked almost identical to an Exchange zero-day from 2021 called ProxyShell, but the customers' servers had all been patched against the vulnerability, which is tracked as CVE-2021-34473. The currently unpatched security flaws have been under active exploit since early August, when Vietnam-based security firm GTSC discovered customer networks had been infected with malicious webshells and that the initial entry point was some sort of Exchange vulnerability. An anonymous reader quotes a report from Ars Technica: Microsoft late Thursday confirmed the existence of two critical vulnerabilities in its Exchange application that have already compromised multiple servers and pose a serious risk to an estimated 220,000 more around the world.
0 kommentar(er)
