Category: Internet

Fix the ‘This PC can’t run Windows 11’ Error: How to enable TPM and Secure Boot

Tried to upgrade your PC to Windows 11, but run into the dreaded ‘This PC can’t run Windows 11’ error message? Don’t give up, it could be because your system doesn’t have two security settings turned on: Secure Boot and TPM 2.0. 

Trend Micro Windows 11 Upgrade Helper checks eight aspects of your computer, and perhaps most crucially, which TPM version it is running. Windows 11 requires TPM 2.0, so if your PC is not currently running or is not capable of running TPM 2.0, Windows 11 Upgrade Helper will let you know.Get Windows 11 Upgrade Helper

What are TPM and Secure Boot?

Trusted Platform Module (TPM) is a technology designed to provide hardware-based, security-related functions. A TPM chip is a secure crypto-processor that is designed to carry out cryptographic operations. The chip includes multiple physical security mechanisms to make it tamper-resistant. Malicious software isn’t able to tamper with the security functions of the TPM, either.

Secure Boot is a feature from the latest Unified Extensible Firmware Interface (UEFI). It offers another layer of protection against potential malware infections. It can detect when boot loaders or key operating system files are being tampered with by malware and actively block them before they can infect the system. Both TPM and Secure Boot offer unique ways of strengthening the protection of Windows 11.

Is my device capable of TPM 2.0 and Secure Boot?

To check if your device has Secure Boot, you can follow these steps:
1. In the Windows search box, type “System Information” and open the System Information app.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

2. Select System Summary, and in the panel on the right side, look for “Secure Boot State”.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

3. The value indicates the status of Secure Boot. “On” means it is turned on, “Off” means it is disabled, and “Unsupported” means your hardware does not support Secure Boot.

To check if your device has TPM, follow the steps below:

1. In the Windows search box, type “tpm.msc” and click Open.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

2. Under Status, if you see “The TPM is ready for use”, you know that the TPM is present and available. If you see the message “Compatible TPM cannot be found”, it means that either your computer cannot find the TPM or that it has been disabled in the BIOS or UEFI.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

You can also check if your device is using TPM 2.0 through Device Manager. Here’s how to do so:

1. Right-click on the Windows Start menu icon located in the lower left of your screen, then select Device Manager.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

2. Select Security Devices from the list and it will show you what TPM chip you have. If it says Trusted Platform Module 2.0, you are good to go.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

How to enable TPM and Secure Boot

To enable TPM and Secure Boot, you need to restart your computer to access the BIOS settings. After restarting, at the boot screen, press your computer’s BIOS access key. The most common BIOS access keys are DEL and F2. Here’s a reference for popular PC and motherboard brands and their BIOS access keys:

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

In the example below, we show you how to enable TPM on an ASUS TUF Gaming Z490-PLUS [WI-FI] motherboard, but the instructions will almost certainly differ depending on which brand of PC or motherboard you have.

1. At the UEFI BIOS Utility screen, press F7 to access Advanced Mode.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

2. Click the “Advanced” tab and select “PCH-FW Configuration”.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

3. Alongside “TPM Device Selection”, select “Enable Firmware TPM”.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

To enable Secure Boot, in the “Boot” tab, follow the steps below:

1. Select “Secure Boot”.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

2. Select “OS Type” and beside it, select “Windows UEFI Mode”.

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

3. Go to the “Exit” tab to save the changes and restart the computer. TPM and Secure Boot will be enabled after the restart.

What can I do if I don’t have a TPM chip?

Your device may have a TPM chip, but you need to update your BIOS to have access to it. Please contact your PC or motherboard manufacturer to learn more about how to enable TPM on your device.

You could also buy a TPM module online, but you must know which TPM module is compatible with your motherboard. You also need to install the module onto the motherboard, which might not be an easy task — especially if you don’t have any experience in working with motherboards. If you would like to go down this route, we advise that you contact a technician or take it to a local PC repair shop.

Alternatively, you could upgrade to a new computer.

What’s the most convenient way to check if I can upgrade to Windows 11?

There are tools created that can help you assess if your computer is ready for Windows 11. One of those tools is Trend Micro Windows 11 Upgrade Helper .

Fix the 'This PC can't run Windows 11' Error: How to enable TPM and Secure Boot

Trend Micro Windows 11 Upgrade Helper can check if your computer meets all the requirements for Windows 11. You can talk to Premium Support Service if you need assistance in making your computer Windows 11 ready, too.Get Windows 11 Upgrade Helper

Source :
https://news.trendmicro.com/2021/10/04/fix-the-this-pc-cant-run-windows-11-error-how-to-enable-tpm-and-secure-boot/

How to Clear Browsing History on Safari on iPhone & Mac

Your browsing history is a vital piece of information that can define your personality, your drives, and your likes and dislikes. That’s why third parties love to collect this information for targeted advertising and, sometimes, malicious activities.

To prevent others from collecting your browsing history, make it a habit to delete it now and then. Here’s some simple steps on how to delete browsing history on your Safari browser.

For Mac

1. Open your Safari App and click History on the top menu options.
2. Click Clear History. A pop-up menu will appear and you can choose how far back you want to clear your browsing history.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

You can also clear specific safari browsing history:

  • In Safari, press Command-Yor select History > Show All History.
  • From the long list, click once on a history item to select it.
  • Right-click to bring up a menu, then choose Delete.
How to Clear Browsing History on Safari on iPhone and Mac_1110_

Manually clearing search and browsing history from your safari can be tedious. However, there is also an automatic solution you can try: Antivirus One , from Trend Micro.

The privacy cleaner feature in Antivirus One can help you clean sensitive browsing information to protect your privacy. Here, you can select Safari and then click the “Clean” button to remove all browsing info in a few seconds.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

For iPhone

1. Go to Settings and click Safari.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

2. Tap “Clear History and Website Data”.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

This will remove history, cookies, and browsing data from Safari.

How to Clear Browsing History on Safari on iPhone and Mac_1110_

If this article has been of use and/or interest to you, please do SHARE with friends and family — and remember to give Antivirus One a go.Get Antivirus One

Source :
https://news.trendmicro.com/2021/11/10/how-to-clear-browsing-history-on-safari-on-iphone-mac/

How to Remove Bing on Chrome, Firefox, and Edge

Users have been complaining that the search engine, Bing, loads as the default instead of Google. Annoying, but don’t fret! We’ve put together a simple guide on how to get rid of Bing and restore your preferred search engine.

On Google Chrome

1. Open Google Chrome and click the 3-dots menu.
2. Select More Tools, then choose Extensions.

3. Remove any Bing Extensions you see.
4. Go back to the Menu, then select Settings.

5. Look for Search Engine and click it.

6. On the right side, choose your preferred Search Engine (Google, Yahoo, DuckDuckGo or Ecosia).
7. Restart Google Chrome.  If it still uses Bing as your search engine, we suggest resetting or reinstalling Chrome.

On Mozilla Firefox

1. Open Mozilla Firefox and click the hamburger menu (3 horizontal lines).
2. Select Add-ons and themes.

3. Choose Extensions on the left side, then remove any Bing extensions you see.

4. Go back to the Menu, then select Settings.
5. On the left side, click Search and look for the Default Search Engine section on the right side.

6. Choose your preferred Search Engine (Google, Amazon.com, DuckDuckGo or Wikipedia).
7. Restart Firefox. If it still uses Bing as your search engine, we suggest resetting or reinstalling Firefox.

On Microsoft Edge

1. Open Microsoft Edge.
2. Click the 3-dots menu on the upper right corner, then select Settings.

3. Select View Advance Settings and click the Change search engine button.

4. Choose your preferred Search Engine then click the Set as default button.

We hope this short guide has helped you get things back to normal! If you’ve found it a useful article, please do SHARE with friends and family.

Source :
https://news.trendmicro.com/2021/11/17/how-to-remove-bing-on-chrome-firefox-and-edge/

Top 10 Most Used Search Engines & Tips for Browsing

In the modern world, searching for information is simple. There’s no need to go from one library to another, flipping through numerous pages, or checking the table of contents before you get to what you’re looking for. Simply typing words on the internet will give you limitless results — all you need to do is narrow them down.

What is a Search Engine?

If you need to find something, like a website or page that contains your needed information, you’ll need to go and visit a search engine page to query keywords.

A search engine is a program or application that checks, hunts, and searches the web for sites based on keywords. It uses these keywords and returns pages that are connected to what you have typed.

Search engines use web crawlers or web spiders to catalog the World Wide Web. These crawling bots are used for indexing contents. They will scan, check, assess and inspect site pages and their information across the web.

Notable Search Engines and Their Brief Histories

Archie — During the 1990s, the very first search engine arrived, named Archie. Its purpose was to search FTP sites to create indexes of files that are downloadable.

Veronica and Jughead — Created around 1992/93, they both searched file names and titles in Gopher index systems.

Infoseek — In 1994, Webmasters would submit and provide a page in real-time with this program.

Yahoo Search — Also created in 1994, it created a collection of favorable web pages with description of each website.

LooksmartExcite and AltaVista — These search engines were created in 1995 and tried to compete with Yahoo.

Backrub — Created around 1996, Google’s initial project, Backrub, was a search engine that utilized backlinks for searches. It ranked pages depending on citations from other sites.

Ask Jeeves — Started in 1996, this search engine used human editors that tried to match search queries.

Google — Officially launched in 1998.

MSN Search — Relied on three different search engines: Looksmart, Overture and Inktomi.

Snap — A somewhat complex search engine, released in 2005, that shows search volumes, revenues and advertisers.

Bing — Rebranded name for MSN/Live Search.

Schema.Org — In 2011, Microsoft, Google and Yahoo collaborated to create Schema.org to create structured internet data.

Top 10 Most Used Search Engines

The following list contains the top ten from across the world:

1. Google:“Just google it” is a ubiquitous expression nowadays. Google is the most popular across all search engines — even more than all others combined. According to statistics, around 78% of desktops and laptops uses Google.

2. Yahoo: In the past, Yahoo had competed with Google. But as the years went on, Yahoo users had declined significantly. Now it is mostly used as a backup search engine in case the dominant one is down.

3. Bing: Microsoft Bing (or just Bing) is owned by Microsoft. Its origin came from MSN Search and Windows Live Search. This search engine is proud of its ‘decision’ engine which provides suggestions on the sides.

4. AOL Search: Known before as American Online Search. This search engine is used mostly by older people accustomed to AOL.

5. Duck Duck Go: Some say that Duck Duck Go is for and by Hipsters. But the main reason users choose this search engine is that it does not track search history and avoids spammy websites.

6. Baidu: This search engine is the 3rd largest out there. Baidu dominates the Chinese market and is the first choice in China. This engine has a sophisticated online censorship system since there’s many restrictions in its operating region.

7. Yandex: If Baidu has China as its market, then Yandex has the Russian market.

8. Ask: Its origin is the older “Ask Jeeves”. Since it could not compete with Google, it’s now powered by Google — if you can’t beat ‘em, join ‘em!

9. Naver: South Korea is another huge tech and communications market with its own search engine, Naver.

10.Seznam: The search engine popular in the Czech Republic and C. Europe.

And some honorable mentions:

  • Ecosia — Donates surplus income to organizations that plant trees.
  • Dogpile — Shows results from the top 3 search engines (Google, Bing and Baidu).
  • Gigablast — An open-source search engine.
  • Qwant — A popular, EU-based search engine.

Tips For Using Search Engines

Search engines are brilliant tools to immediately get the information we want. However, since search engines generally do not have much security capability, you should invest in a security product to provide and efficient browsing.

1. Install the Maximum Security tool bar to prevent you from visiting malicious websites.

You can install the Trend Micro Maximum Security toolbar service, which warns you of security risks relevant to the websites you visit.

When you search online, it monitors and rates websites in search engines such as Google, Bing, Baidu, and Yahoo. The Trend Micro Toolbar provides Page Ratings that show if the page is safesuspiciousdangeroustrusted or untested.

  • A Mac User? No problem. Trend Micro Antivirus for Mac has the same toolbar feature to protect your online activity.

2. Install AdBlock One to stop annoying ads.

In addition, be sure to also use AdBlock One for Safari. This app stops annoying online ads from bothering you and helps load web pages faster — a significant boost in securing and improving your digital life.

Without AdBlock One

With AdBlock One

Get AdBlock OneIt’s free

If you’ve found this article an interesting and/or useful read, please do SHARE with family and friends.

Source :
https://news.trendmicro.com/2021/11/25/top-10-most-used-search-engines-tips-for-browsing/

How to Free Up Memory on Mac

If your Mac frequently performs slowly or freezing all the time, you see a “Your system has run out of application memory” message or occasionally seeing the dreadful spinning beach ball, chances of these can be signs that your memory, or RAM, is being used to the max.

What is RAM on Mac?

Random Access Memory (RAM) is a computer’s temporary data storage device. It stores the information the computer is actively using so that it can be accessed quickly. The more running programs your computer has, the more it uses memory to perform properly. It’s essential for your computer to work properly.

It is different from the internal storage on your Mac. You keep all your files in internal storage but you can’t choose what to save in your RAM as your computer needs flexibility in moving files in or out of that memory all the time.

It works similarly like when you are working in an office. The bigger the office the more people can do different tasks simultaneously. Like in a computer, the more RAM you have the more process your computer can handle at once.

When you launch a program, your computer gathers the program’s files from the hard drive. Once the files are retrieved, the computer needs a working area to process the data and allow you to interact with it. This is your RAM. Your computer places your program’s files in RAM temporarily while you are working with them so that your computer can access that information faster and efficiently.

Why it is necessary to Add more RAM

By default, most Macs were shipped with around 8GB of RAM. Old files and cluttered caches can reduce your Mac’s available RAM and cause your system to slow down. Some applications require a lot of RAM to work efficiently, such as video editing apps and 3D design software.

Adding more RAM is one of the easiest, most cost-effective ways to improve the performance of your MAC, primarily because most computers are shipped with a minimal amount of memory.

Free up Memory with System Activity Monitor

If installing more RAM isn’t an option, you can start looking at the Activity Monitor to show how much memory is being used – that will help you identify if an app is using up more than it should be.

Activity Monitor comes with your Mac. You can find it in Utilities, or start typing Activity Monitor into Spotlight. If you select the Memory tab, this shows a list of all the active apps and processes on your Mac and how much memory each of them is using.

How to free up memory on Mac_20220317_1

You should see a Memory Pressure chart and the breakdown of how your memory is being used.

The most important thing to look at is the Memory Pressure chart, which shows up in green, yellow, or red based on whether your Mac needs more RAM or not. If it is all green, it means your RAM is still efficient. Yellow means your Mac might be needing an upgrade, and red means your Mac definitely needs that added RAM.

When you find the suspect app to be using resources even though you weren’t using them, select it and click on Information (i).

How to free up memory on Mac_20220317_1

This will show more information about the process including the memory it used. If you want to close this app, you can just click on Quit. Then it will ask if you are sure to quit this process. You can choose Quit or Force Quit. Force Quite is useful for frozen apps.

Note: If you are not familiar with the process, it’s better not to close as it may be required by your Mac.

Reduce Memory Usage on Mac

We now know the fix we can do when our Mac is running out of memory. It is still better if we can prevent it from happening especially if we only have limited options to upgrade our Mac’s memory.

There are a few things you can do to maximize what is available. This may also help speed up your Mac.

1. Make your Desktop Clean all the time.

Cluttered documents, images, and different types of files are worth cleaning or at least sorting them to a different folder/location. The macOS is designed to manage your Desktop icon as an active window. The more icons the more memory will be used.

2. Manage Memory Usage in Finder

The Finder application is designed by default to show all files available on the system. Try changing the default display of Finder to not show All My Files.

  • Open Finder and click on Finder > Preferences
  • Under General choose a folder to be shown when you open a new Finder window.
How to free up memory on Mac_20220317_3

3. Close Unwanted Finder Windows or merge them.

Each Finder window can have an impact on RAM usage. You can close them all at once by using the keyboard shortcut, pressing Command + Option + W, or merging all the Finder windows together.

In the Finder, click on Window > Merge All Windows.

How to free up memory on Mac_20220317_4

4. Disable Items that launches at Start up

Check if there are apps set to run during start-up or after you log in on your Mac as most of these might not be really essential for your everyday use of your computer.

How to stop apps from starting automatically:

  • Open System Preferences > Click on Users & Groups.
  • Click on your User name on the sidebar on the left if that’s not already selected.
  • Click on Login Items.
  • Select an app in the list that you don’t want to run during startup and click on the (-) button.

5. Close web browser tabs

It’s best practice to keep minimal open browser tabs at the same time as recent macOS will see the websites open in Safari listed as a separate process in Activity Monitor. It would also be best to close Safari or the browser you use from time to time.

6. Delete browser extensions

Browser extensions are tools for quick access to features while surfing the internet. But sometimes they just consume more memory. Check your browsers for unwanted browser extensions you don’t really need.

7. Free up more disk space on your Mac

You may also need to clear some space on your Mac from time to time. The recommendation is to keep 20% of your drive space free. You could delete large unused files, old downloads, and old apps. Large unused files can be installer packages you used a long time ago that you already forgot. You can also look for duplicate files or similar photos.

Best App to Free up RAM and Optimize memory usage on Mac

Cleaner One Pro is an all-in-one disk cleaning app with an easy-to-use interface so you can effortlessly visualize, manage and free up your storage space to keep your Mac optimized for the best performance.

Its key features include:

  • Quick Optimizer – Quick Optimizer monitors your CPU Usage, Network Usage and Memory Usage, while scanning and deleting Junk Files in just one click.
  • Junk Files – Remove temporary files and hidden hidden leftover files in one click.
  • Similar Photos – Offer an abundance of useful features to get rid of similar looking images.
  • Big Files – Filter and manage large files on your disk and free up more storage space.
  • Disk Map – Analyze your storage usage in a visual and interactive map.
  • Duplicate Files – Retrieve and delete duplicate files.
  • App Manager – View and manage apps by name, size or date. Remove unwanted apps and associated files. Batch remove multiple apps.
  • Startup Manager – Easily manage startup apps and services. Speed up boot time and enhance the performance.

Cleaner One Pro is available from Apple’s App Store and the Trend Micro website. Download and claim your free trial today!

You may check our article about Cleaner one Pro for more information:


Source :
https://news.trendmicro.com/2022/03/17/how-to-free-up-memory-on-mac/

Urgent Update Released for Zero-Day Chrome & Edge Vulnerability

Updates for both Google Chrome and Microsoft Edge have been released which address the critical CVE-2022-1096 zero-day exploit. If you use either of these web browsers, you should install the update immediately.

What we know so far

The high severity vulnerability — referred to as CVE-2022-1096 — stems from a newly-discovered “type confusion” issue with V8, Google’s open-source JavaScript engine that powers both Google Chrome and Microsoft Edge. The vulnerability, which affects Windows, Mac, and Linux, could allow hackers to hijack people’s web browsers and embed malicious code.

Although it didn’t elaborate, in a short blog post addressing the issue, Google stated that a known exploit currently exists in the wild, although it is not clear how many people have already been affected or how damaging this exploit is.

The vulnerability also affects Microsoft’s Chromium-based web browser Edge in the same way.

What you need to do

You can stay protected from this vulnerability by ensuring your web browser is updated to the latest version. For Google Chrome, this is version 99.0.4844.84 and for Microsoft Edge, it is version 99.0.1150.55.

To check if you have the latest version installed, within one of the web browsers, click the three vertical dots in the top right-hand corner > Settings > About Chrome/About Microsoft Edge. If you don’t already have the latest version installed, you will be presented with the option to download and install it.

How to help the online community

Due to Google remaining tight-lipped about the severity of the known exploit, the level of harm it could cause to potential victims is as yet unclear. To limit the fallout, we all need to do our part in spreading the word — especially when considering how easy it is to install the latest update and guarantee protection. If you found this article helpful and you would like to see that others are protected, please consider sharing this post.

Source :
https://news.trendmicro.com/2022/03/30/urgent-update-chrome-edge-zero-day/

CISA Warns of Active Exploitation of Critical Spring4Shell Vulnerability

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) on Monday added the recently disclosed remote code execution (RCE) vulnerability affecting the Spring Framework, to its Known Exploited Vulnerabilities Catalog based on “evidence of active exploitation.”

The critical severity flaw, assigned the identifier CVE-2022-22965 (CVSS score: 9.8) and dubbed “Spring4Shell”, impacts Spring model–view–controller (MVC) and Spring WebFlux applications running on Java Development Kit 9 and later.

“Exploitation requires an endpoint with DataBinder enabled (e.g., a POST request that decodes data from the request body automatically) and depends heavily on the servlet container for the application,” Praetorian researchers Anthony Weems and Dallas Kaman noted last week.

Although exact details of in-the-wild abuse remain unclear, information security company SecurityScorecard said “active scanning for this vulnerability has been observed coming from the usual suspects like Russian and Chinese IP space.”

Similar scanning activities have been spotted by Akamai and Palo Alto Networks’ Unit42, with the attempts leading to the deployment of a web shell for backdoor access and to execute arbitrary commands on the server with the goal of delivering other malware or spreading within the target network.

“During the first four days after the vulnerability outbreak, 16% of the organizations worldwide were impacted by exploitation attempts,” Check Point Research said, adding it detected 37,000 Spring4Shell-related attacks over the weekend.

Microsoft 365 Defender Threat Intelligence Team also chimed in, stating it has been “tracking a low volume of exploit attempts across our cloud services for Spring Cloud and Spring Core vulnerabilities.”

According to statistics released by Sonatype, potentially vulnerable versions of the Spring Framework account for 81% of the total downloads from Maven Central repository since the issue came to light on March 31.

Cisco, which is actively investigating its line-up to determine which of them may be impacted by the vulnerability, confirmed that three of its products are affected –

  • Cisco Crosswork Optimization Engine
  • Cisco Crosswork Zero Touch Provisioning (ZTP), and
  • Cisco Edge Intelligence

VMware, for its part, also has deemed three of its products as vulnerable, offering patches and workarounds where applicable –

  • VMware Tanzu Application Service for VMs
  • VMware Tanzu Operations Manager, and
  • VMware Tanzu Kubernetes Grid Integrated Edition (TKGI)

“A malicious actor with network access to an impacted VMware product may exploit this issue to gain full control of the target system,” VMware said in the advisory.

Also added by CISA to the catalog are two zero-day flaws patched by Apple last week (CVE-2022-22674 and CVE-2022-22675) and a critical shortcoming in D-Link routers (CVE-2021-45382) that has been actively weaponized by the Beastmode Mirai-based DDoS campaign.

Pursuant to the Binding Operational Directive (BOD) issued by CISA in November 2021, Federal Civilian Executive Branch (FCEB) agencies are required to remediate the identified vulnerabilities by April 25, 2022.

Source :
https://thehackernews.com/2022/04/cisa-warns-of-active-exploitation-of.html

Hackers Breach Mailchimp Email Marketing Firm to Launch Crypto Phishing Scams

Email marketing service Mailchimp on Monday revealed a data breach that resulted in the compromise of an internal tool to gain unauthorized access to customer accounts and stage phishing attacks.

The development was first reported by Bleeping Computer.

The company, which was acquired by financial software firm Intuit in September 2021, told the publication that it became aware of the incident on March 26 when it became aware of a malicious party accessing the customer support tool.

“The incident was propagated by an external actor who conducted a successful social engineering attack on Mailchimp employees, resulting in employee credentials being compromised,” Siobhan Smyth, Mailchimp’s chief information security officer, was quoted as saying.

Although Mailchimp stated it acted quickly to terminate access to the breached employee account, the siphoned credentials were used to access 319 MailChimp accounts and further export the mailing lists pertaining to 102 accounts.

The unidentified actor is also believed to have gained access to API keys for an unspecified number of customers, which the company said have been disabled, preventing the attackers from abusing the API keys to mount email-based phishing campaigns.

In the wake of the break-in, the company is also recommending customers to enable two-factor authentication to secure their accounts from takeover attacks.

The acknowledgment comes as cryptocurrency wallet company Trezor on Sunday said it’s investigating a potential security incident stemming from an opt-in newsletter hosted on Mailchimp after the actor repurposed the stolen data to send rogue emails claiming that the company had experienced a security incident.

The fraudulent email, which came with a supposed link to download an updated version of the Trezor Suite hosted on what’s actually a phishing site, prompted unsuspecting recipients to connect their wallets and enter the seed phrase on the trojanized lookalike application, allowing the adversary to transfer the funds to a wallet under their control.

“This attack is exceptional in its sophistication and was clearly planned to a high level of detail,” Trezor explained. “The phishing application is a cloned version of Trezor Suite with very realistic functionality, and also included a web version of the app.”

“Mailchimp have confirmed that their service has been compromised by an insider targeting crypto companies,” Trezor later tweeted. “We have managed to take the phishing domain [trezor.us] offline,” warning its users to refrain from opening any emails from the company until further notice.

The American company hasn’t so far clarified on whether the attack was carried out by an “insider.” It’s also unclear at this stage how many other cryptocurrency platforms and financial institutions are impacted by the incident.

A second confirmed casualty of the breach is Decentraland, a 3D virtual world browser-based platform, which on Monday disclosed that its “newsletter subscribers’ email addresses were leaked in a Mailchimp data breach.”

Source :
https://thehackernews.com/2022/04/hackers-breach-mailchimp-email.html

VMware Releases Critical Patches for New Vulnerabilities Affecting Multiple Products

VMware has released security updates to patch eight vulnerabilities spanning its products, some of which could be exploited to launch remote code execution attacks.

Tracked from CVE-2022-22954 to CVE-2022-22961 (CVSS scores: 5.3 – 9.8), the issues impact VMware Workspace ONE Access, VMware Identity Manager, VMware vRealize Automation, VMware Cloud Foundation, and vRealize Suite Lifecycle Manager.

Five of the eight bugs are rated Critical, two are rated Important, and one is rated Moderate in severity. Credited with reporting all the vulnerabilities is Steven Seeley of Qihoo 360 Vulnerability Research Institute.

The list of flaws is below –

  • CVE-2022-22954 (CVSS score: 9.8) – Server-side template injection remote code execution vulnerability affecting VMware Workspace ONE Access and Identity Manager
  • CVE-2022-22955 & CVE-2022-22956 (CVSS scores: 9.8) – OAuth2 ACS authentication bypass vulnerabilities in VMware Workspace ONE Access
  • CVE-2022-22957 & CVE-2022-22958 (CVSS scores: 9.1) – JDBC injection remote code execution vulnerabilities in VMware Workspace ONE Access, Identity Manager, and vRealize Automation
  • CVE-2022-22959 (CVSS score: 8.8) – Cross-site request forgery (CSRF) vulnerability in VMware Workspace ONE Access, Identity Manager, and vRealize Automation
  • CVE-2022-22960 (CVSS score: 7.8) – Local privilege escalation vulnerability in VMware Workspace ONE Access, Identity Manager and vRealize Automation, and
  • CVE-2022-22961 (CVSS score: 5.3) – Information disclosure vulnerability impacting VMware Workspace ONE Access, Identity Manager and vRealize Automation

Successful exploitation of the aforementioned weaknesses could allow a malicious actor to escalate privileges to root user, gain access to the hostnames of the target systems, and remotely execute arbitrary code, effectively allowing full takeover.

“This critical vulnerability should be patched or mitigated immediately,” VMware said in an alert. “The ramifications of this vulnerability are serious.”

While the virtualization services provider noted that it has not seen any evidence that the vulnerabilities have been exploited in the wild, it’s highly recommended to apply the patches to remove potential threats.

“Workarounds, while convenient, do not remove the vulnerabilities, and may introduce additional complexities that patching would not,” the company cautioned.

Source :
https://thehackernews.com/2022/04/vmware-releases-critical-patches-for.html

First Malware Targeting AWS Lambda Serverless Platform Discovered

A first-of-its-kind malware targeting Amazon Web Services’ (AWS) Lambda serverless computing platform has been discovered in the wild.

Dubbed “Denonia” after the name of the domain it communicates with, “the malware uses newer address resolution techniques for command and control traffic to evade typical detection measures and virtual network access controls,” Cado Labs researcher Matt Muir said.

The artifact analyzed by the cybersecurity company was uploaded to the VirusTotal database on February 25, 2022, sporting the name “python” and packaged as a 64-bit ELF executable.

However, the filename is a misnomer, as Denonia is programmed in Go and harbors a customized variant of the XMRig cryptocurrency mining software. That said, the mode of initial access is unknown, although it’s suspected it may have involved the compromise of AWS Access and Secret Keys.

Another notable feature of the malware is its use of DNS over HTTPS (DoH) for communicating with its command-and-control server (“gw.denonia[.]xyz”) by concealing the traffic within encrypted DNS queries.

In a statement shared with The Hacker News, Amazon stressed that “Lambda is secure by default, and AWS continues to operate as designed,” and that users violating its acceptable use policy (AUP) will be prohibited from using its services.

While Denonia has been clearly designed to target AWS Lambda since it checks for Lambda environment variables prior to its execution, Cado Labs also found that it can be run outside of it in a standard Linux server environment.

“The software described by the researcher does not exploit any weakness in Lambda or any other AWS service,” the company said. “Since the software relies entirely on fraudulently obtained account credentials, it is a distortion of facts to even refer to it as malware because it lacks the ability to gain unauthorized access to any system by itself.”

However, “python” isn’t the only sample of Denonia unearthed so far, what with Cado Labs finding a second sample (named “bc50541af8fe6239f0faa7c57a44d119.virus“) that was uploaded to VirusTotal on January 3, 2022.

“Although this first sample is fairly innocuous in that it only runs crypto-mining software, it demonstrates how attackers are using advanced cloud-specific knowledge to exploit complex cloud infrastructure, and is indicative of potential future, more nefarious attacks,” Muir said.

Source :
https://thehackernews.com/2022/04/first-malware-targeting-aws-lambda.html

Exit mobile version