Cybercriminals exploit a vulnerability in Microsoft Exchange servers to distribute the Qakbot malware.
Global furniture giant IKEA has launched an investigation into an ongoing malware campaign targeting its computer systems. According to company representatives, evidence has been found that points to the compromise of Microsoft Exchange servers.
As reported by Bleeping Computer, which had a letter to IKEA employees, a “full-scale investigation” of the incident is ongoing and there are currently no signs of compromise of customer data. Other organizations, suppliers and business partners of IKEA were affected by the attack.
In a malicious campaign, criminals distributed emails disguised as a real response to an existing chain of letters. E-mail interception is one of the unique identifiers of the current SquirrelWaffle malicious spam campaign. Cybercriminals exploit ProxyShell and ProxyLogin vulnerabilities in Microsoft Exchange servers to distribute Qakbot malware.
The emails may come from allegedly trusted colleagues or third-party companies that the employee has previously interacted with, thereby increasing the likelihood of a socially engineered cyberattack being successful. “Our email filters can identify some of the malicious emails and quarantine them. Because an email can be a response to an ongoing conversation, it’s easy to think that the email filter has made a mistake and quarantine the email. Therefore, until further notice, we have disabled all employees’ ability to move emails out of quarantine, ”IKEA told its employees.
IKEA recommends that employees be extra vigilant when scanning their inbox for phishing emails, especially if they contain seven-digit links at the end.
When visiting URLs in malicious emails, the user will be redirected to download a file named charts.zip containing the malicious Microsoft Excel document. Recipients are prompted to click the “Include Content” or “Allow Editing” buttons, ostensibly to view it correctly. After clicking these buttons, malicious macros will be launched that download the files besta.ocx, bestb.ocx and bestc.ocx from a remote site and save them in the C: Datop folder. OCX files are renamed DL-L Libraries and run with regsvr32.exe to install the payload.
Bitcoin could be hacked by new quantum supercomputers
Mark Webber of the University of Sussex, UK, and his colleagues studied how powerful a quantum computer would be needed to crack bitcoin in terms of the number of qubits, or quantum bits equivalent to conventional computational bits.
Every bitcoin transaction must be “confirmed” by a network of miners before it can be added to the blockchain. Each transaction is assigned a cryptographic key during this confirmation process, and cracking the key will allow you to become the owner of those bitcoins.
Transactions are declared and a key is associated with this transaction. There is a finite window of time during which this key is vulnerable, and it varies, but it is usually from 10 minutes to an hour, maybe a day.
Webber’s team calculated that it would take a quantum computer with 1.9 billion qubits to break the bitcoin encryption in 10 minutes, and a machine with 317 million qubits to break in an hour. Even taking into account a whole day, this figure drops to only 13 million qubits.
This is encouraging news for bitcoin holders because IBM’s top quantum computer only has 127 qubits, so quantum computers need to become a million times more powerful to threaten the cryptocurrency. And this, according to Webber, is unlikely to happen within the next decade.
Fingerprint scanner for payment cards. Samsung introduced the industry’s first universal security chip for this purpose.
Samsung has introduced what it calls an intelligent multi-functional fingerprint security chip for biometric payment cards. Simply put, this is a chip for implementing a fingerprint scanner on ordinary bank (and not only) cards.
The chip is called S3B512C. It is EMVCo and Common Criteria Evaluation Assurance Level (CC EAL) 6+ certified and operates in accordance with the latest Mastercard Biometric Evaluation Plan Summary (BEPS) specifications.
The S3B512C combines a fingerprint sensor, Secure Element (SE) and Secure Processor, adding an extra layer of authentication and security to payment cards. S3B512C is primarily intended for payment cards, but can also be used in cards requiring highly secure authentication such as student or employee identification, membership, or building access
Samsung claims it is the industry’s first all-in-one security chip that reads biometric information with a fingerprint sensor, stores and authenticates encrypted data with a tamper-resistant Secure Element, and parses and processes data with a secure processor. With three key features integrated into a single chip, the S3B512C can help card manufacturers reduce the number of chips needed and streamline their card development processes for biometric payment cards.
Vulnerability in Dark Souls 3 allows attackers to take over any computer
According to Dexerto and The Verge, a hacker discovered a security vulnerability in Windows that was opened using the game Dark Souls 3. It allows attackers to remotely take over and control a computer.
Famous streamers such as The_Grim_Sleeper have heard about the problem personally. In the case of The_Grim_Sleeper, the hacker fired up Microsoft PowerShell and ran a text-to-speech script, criticizing the streamer for his game.
At the same time, this hacker did not have malicious intent, he only showed a vulnerability and warned FromSoftware developers about the vulnerability that Dark Souls 3 has. FromSoftware studio and publisher Bandai Namco reacted to the discovered exploit. They have temporarily disabled PvP servers for Dark Souls 3 and its predecessors while the security team investigates the vulnerabilities.
It is not yet known when the servers will be back online, but FromSoftware and Bandai have made it clear that they will not restore service until they are reasonably confident that players are safe. Other hackers could use the vulnerability to steal sensitive information and do other harm.
Meizu 17 for $345, Meizu 18 Pro for $550. Meizu has reduced the cost of its current smartphones in China
Meizu has announced a sale in China dedicated to the local New Year – this year it is celebrated in...
Micron plans to shut down DRAM production in Shanghai
Memory chip maker Micron Technology will close DRAM production in Shanghai by the end of this year. This was reported...
Growth of the OLED TV market will slow down in 2022
In a report and forecast related to the TV market, TrendForce analysts singled out OLED and mini-LED TVs. According to...
be quiet! power supplies introduced Pure Power 11 FM
be quiet! has added two models to the Pure Power 11 FM series. One is characterized by a power of...
Components6 days ago
Google Approved Fake Target Gift Card Balance Check Site Advertisement
News5 days ago
5000 mAh, two times 50 MP and Dimensity 8000. Realme GT Neo 3 specifications revealed
How To4 days ago
So you can share everything others post on Instagram
News3 days ago
OnePlus has improved the OnePlus 10 Pro camera. The company has already released the second version of the ColorOS 12.1 firmware for its flagship.