Search This Blog

Latest News

‘Evil PLC’ Could Turn PLCs Into Attack Vectors

  When one thinks of someone hacking a programmable logic controller, one usually think of the PLC as the end objective of the assault. Adv...

All the recent news you need to know

Cyble: Over 9,000 VNC Sessions Without a Password Found

Virtual network computing (VNC) endpoints that can view and utilize credentials were reported to be vulnerable on at least 9,000 occasions, giving hackers simple access to the data. 

The platform-independent system referred to as Network Computing (VNC) enables users to remotely control other computers, most of which have limited monitoring and adjusting capabilities. Therefore, anyone who compromises VNCs will eventually have access to the underlying systems.

The endpoints can act as access points for unauthorized access, including hackers with malevolent intentions if they are not fully secured with a password, which is frequently the result of neglect, error, or a decision made out of convenience.

As per researchers, the risk of each exposed VNC relies on the kind of underlying system it is in charge of. Some people are discovered to be in charge of a municipality's water control systems, which is quite serious.

Research Analysis 

Over 9,000 vulnerable servers were found when Cyble's security researchers searched the web for internet-facing VNC instances without passwords. China and Sweden are home to the majority of exposed instances, while the United States, Spain, and Brazil round out the top 5 with sizable numbers of unprotected VNCs.

The fact that some of these open VNC instances were for industrial control systems, that should never be accessible to the Internet, only made the situation worse, according to Cyble. Under one of the examined cases, the unencrypted VNC access connected to an HMI for controlling pumps on a remote SCADA system in a nameless manufacturing facility.

Cyble employed its cyber-intelligence systems to keep a watch out for attacks on port 5900, the standard port for VNC, to assess how frequently attackers target these servers. In a single month, Cyble counted more than six million requests. The Netherlands, Russia, and the United States were the major countries from which to access VNC servers.

On hacker forums, there is a large market for accessing vital networks via exposed or compromised VNCs because this kind of access can be utilized for more in-depth network espionage. In other circumstances, security experts provide guidance on how users might actively scan for and find these vulnerable instances.

A long list of exposed VNC instances with very weak or no passwords is presented in a post on a darknet forum that Bleeping Computer has seen.

In this sense, it's crucial to keep in mind that many VNC systems do not accept passwords longer than eight characters, making it essentially unsafe even when both the sessions and the passwords are encrypted.

Servers should never be exposed to the Internet directly, and if they must be accessed remotely, they should at least be hidden behind a VPN to protect access to the servers.

Bitter APT and Transparent Tribe Campaigns on Social Media

 

Facebook's parent company, Meta, has recently shut down two cyberespionage efforts on its social networking networks. Bitter APT and Transparent Tribe threat groups were behind these campaigns. Both groups have been based in South Asia.

About Bitter APT:

The first group discovered was Bitter APT or T-APT-17, which targeted firms in the government, engineering, and energy industries. The group used social engineering against targets in India, the United Kingdom, New Zealand, and Pakistan.

To install malware on target devices, it exploited a combination of hijacked websites, URL shortening services, and third-party file hosting companies. To interact with and fool their victims, the hackers impersonated activists, journalists, and young women. Bitter also utilised Dracarys, a new Android malware that exploits accessibility services.

Transparent Tribe

Transparent Tribe, also known as APT36, is less complex than Bitter APT. It employs social engineering techniques as well as widely available malware. Its most recent campaign targeted citizens in India, Pakistan, Afghanistan, Saudi Arabia, and the United Arab Emirates. 

Human rights advocates and military officials were the primary targets of the campaign. The hackers pretended to be recruiters for bogus and real firms, as well as young ladies and military personnel.

In conclusion

Social media has become a playground for cybercriminals of all sorts. Cyberspies utilise these platforms to gather intelligence and lure victims to external sites where malware may be downloaded. As a result, users are advised to exercise caution while befriending strangers online.

Google Fined $60M+ for Misleading Australians About Collecting Location Data

 

Google was fined $60 million by the Australian Competition and Consumer Commission (ACCC) for deceiving Australian Android users about the collection and utilization of their location data for over two years, between January 2017 and December 2018. 

According to the Australian Competition watchdog, the tech giant continued to follow some of its customers' Android phones even after they deleted "Location History" in the device's settings. While consumers were misled to believe that option would deactivate location tracking, another account setting, "Web & App Activity," which was enabled by default, allowed the firm to "collect, retain, and use personally identifiable location data." 

According to the ACCC, based on available data, more than 1.3 million Australian Google accounts have been impacted. 

"Google, one of the world's largest companies, was able to keep the location data collected through the 'Web & App Activity' setting and that retained data could be used by Google to target ads to some consumers, even if those consumers had the "Location History" setting turned off," stated ACCC Chair Gina Cass-Gottlieb. 

"Personal location data is sensitive and important to some consumers, and some of the users who saw the representations may have made different choices about the collection, storage and use of their location data if the misleading representations had not been made by Google." 

In October 2019, Australia's competition watchdog initiated proceedings against Google. The Australian Federal Court ruled in April 2021 that Google had violated the Australian Consumer Law by deceiving customers regarding the gathering and use of their location data. 

By 20 December 2018, Google has taken corrective action and resolved all faults that had led to this fine, with users no longer being shown deceptive information implying that halting location history will stop collecting information about the areas they go with their devices. 

"Companies need to be transparent about the types of data that they are collecting and how the data is collected and may be used so that consumers can make informed decisions about who they share that data with," Cass-Gottlieb added.

U.S. Bans Crypto Mixing Service Tornado Cash

A 29-year-old man was detained in Amsterdam on Friday, per the Dutch tax authorities investigative department, who suspects him of working as a developer for Tornado Cash, a cryptocurrency mixing business that the US had earlier in the week sanctioned. 

The Dutch agency's action further demonstrates the increasing interest that governments are showing in so-called crypto mixers. Another cryptocurrency mixing service, Blender, received approval from the Office of Foreign Asset Control earlier this year. 

Sanctions against the service were imposed by the US Treasury Department on Monday. According to reports, North Korean state hackers used Tornado Cash to hide billions of dollars.

The Block identified the Tornado Cash engineer as Alexey Pertsev despite FIOD concealing his name. Tornado Cash, as per FIOD, "has been utilized to mask large-scale criminal money flows, particularly from data thefts of cryptocurrencies so-called crypto hacks and scams," the organization claimed.

The platform works by pooling and scrambling different digital assets from thousands of addresses, including money that might have been obtained illegally as well as money that might have been obtained legally, to hide the trail back to the asset's original source, giving criminals a chance to hide the source of the stolen money.  

After the U.S. sanction, a variety of companies have banned or deleted accounts connected to Tornado Cash, including GitHub, Circle, Alchemy, and Infura.

On the news, the Tornado Cash token TORN fell from $16.5 to $13.7, furthering this month's fall. According to CoinMarketCap, the token's decline during the past seven days has exceeded 50%.

The latest findings point to the greater attention of bitcoin mixing services for what is believed to be a means of paying out illicitly obtained cryptocurrency. 

This includes the indebted North Korean government, which is known to rely on cyberattacks on the cryptocurrency industry to steal virtual money and circumvent trade and economic sanctions placed on the country.