Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Security News. Show all posts

Russian experts give tips on how to prevent personal data leakage

In Russia, the number of cyber attacks increased by almost a quarter in the first quarter of 2020, said Anton Kukanov, head of the Russian Quality System (Roskachestvo) for Digital Expertise, citing Positive Technologies data.

The expert also clarified that about 13% of fraudulent links were related to the topic of the coronavirus pandemic. He drew attention to the fact that almost half of all stolen information in the first quarter of 2020 were usernames and passwords.

According to Anton Kukanov, the main purpose of scammers is not the personal data of users, but payment information.

"They use phishing campaigns, social engineering techniques, and a wide range of malicious programs for this purpose, such as keyloggers that record and transmit passwords, remote access programs that allow a hacker to control the device," said Mr. Kukanov.

The expert advises not to click on suspicious links and not to use sites with illegal content in order to prevent fraudsters from stealing logins and passwords. In particular, resources with free movies, including new products, or games that users love so much, can actually be "monetized" by viral software.

"It is also not recommended downloading applications on third-party sites. You need to do it exclusively in official stores, otherwise, you can quickly "catch" the virus. However, there is a risk of "infecting" the gadget through the official store, although less", noted Anton Kukanov.

Moreover, a specialist from Roskachestvo advises looking at the rating of the application before installing it and read reviews without fail in order not to download an application with a virus.

He also recommended paying attention to the permissions that are requested by installed applications. For security reasons, according to Kukanov, it is better to reject those that contradict the meaning of the application.

Kaspersky Lab and Yandex have detected malicious browser extensions

 Kaspersky Lab and Yandex have identified malicious code in browser extensions. Through them, attackers could gain access to the account in social networks and increase views of videos on various sites

Kaspersky Lab and Yandex experts have identified potentially malicious code that pulls more than twenty browser extensions, including Frigate Light, Frigate CDN and SaveFrom.

Through extensions, cybercriminals could, unnoticed by the user, gain access to his VKontakte account, and increase video views on various sites. Extensions received tasks from their own server, generated fraud traffic by playing videos in hidden tabs, and intercepted a token for access to the social network. The code was run only when the browser was actively used, activating the built-in detection protection.

The investigation began after users of Yandex.Browser began to complain about the sounds of advertising, although the video on the screen was not played. Yandex disabled extensions in Yandex. Browser after detecting a hidden traffic flow. Kaspersky lab blocks such activity on devices where the company's products are installed. The results of the investigation were sent to the developers of the social network and the most popular browsers.

According to Anton Mityagin, head of Yandex's Internet Security and Anti-Fraud Department, the traffic generated by extensions is very difficult to detect, as it is mixed with real user actions. He recalled that browser extensions are very popular and the total number of their installations has long been estimated in the tens or even hundreds of millions.

The leading expert of Kaspersky Lab Sergey Golovanov noted that more than 1 million users could become potential victims of the scheme. "The code from the browser extensions not only increased video views but also gained access to social network accounts, which could later be used, for example, to increase likes," added he.

Experts have found the most vulnerable places in Runet


Personal accounts of Runet users in various services, including Internet banks, turned out to be the worst protected from hackers. This is the opinion of Positive Technologies specialists.
After analyzing 38 websites of various organizations, including IT companies, government agencies, financial and telecommunications organizations, Positive Technologies employees concluded that nine out of ten web applications in Runet are vulnerable to hacker attacks.

Despite the fact that the situation has improved compared to the previous year, half of the sites contain "high-level" vulnerabilities. In 2019, there were 22 vulnerabilities per application, which is one and a half times lower than in 2018. According to Positive Technologies, the probability that data will leak from applications to the network is 68%, unauthorized access is possible in 39% of cases and authentication system weaknesses were found in 45%.

Also, hackers often hack applications in the banking sector. The protection of apps of credit organizations works only in 40% of cases.

According to experts, this is due to the fact that the dynamics of the main updates of the program is quite high. He noted that the system does not have time to “undergo full training” and automatic configuration.

Applications of government agencies turned out to be the most vulnerable to hacker attacks. Experts stressed that funding for this sector was low. At first, the tenders were won by those who requested the lowest price. And then expenses were reduced even more — by hiring students, for example.
Experts noted that it is quite difficult to protect web applications. Sometimes systems are used in monitoring mode, and real people monitor this. They have to determine whether the attack occurs or not.

“A 24-hour web service requires at least four operators, and this is from five million rubles a year ($78,700),” said Rustem Khairetdinov, vice president of InfoWatch Group. There is no way to hire such a staff of specialists in small companies and regional government agencies.

Clop Ransomware Upgraded, Now can Terminate 663 Windows Processes


In February 2019, Michael Gillespie from MalwareHunter Team founded Clop ransomware that has been evolving to reach its full potential and now a variant of the same can terminate a total of 663 Windows processes.

While it was first discovered, it did not demonstrate any unique quality which made it stand out amid other ransomware variants, it was merely another likewise addition in the ransomware ecosystem like others that existed since 2017. However, it has continued to take various forms since its discovery and is emerging with all new and integrated process killer that affects several processes of Windows 10 apps, office applications, programming IDEs, languages and text editors.

As per the sources, it was noted in March 2019, that the attackers behind Clop Ransomware started to target entire networks instead of individual systems, they changed the ransom note to imply the same. The same year also witnessed a sudden disruption in the services of Clop Ransomware wherein they abruptly changed and disabled services for Microsoft SQL Server, MySQL, Microsoft Exchange, BackupExec and other enterprise software.

In 2019, while warning the organizations and businesses regarding app-killing malware, the Federal Bureau of Investigation (FBI) reported that the ransomware threat now is even amplified as the attackers are continually upgrading themselves, they have devised ways to bypass detection and be more effective in their operations. Organizations are being warned by investigative agencies to keep abreast of such potential threats and build a security net to guard their systems.

While commenting on the matter, Abrams, editor-in-chief for Bleeping Computer said, "It is not known why some of these processes are terminated," Bleeping Computer editor-in-chief, Abrams, said, "especially ones like Calculator, Snagit, and SecureCRT, but it’s possible they want to encrypt configuration files used by some of these tools."

Meanwhile, in a conversation with SC Media UK, Javvad Malik, security awareness advocate at KnowBe4, told "Clop is a variant of the CryptoMix ransomware family, but has been evolving rapidly in the last year to disable an increasingly large number of windows processes,"

"The main goal of Clop is to encrypt all files in an enterprise and request a payment to receive a decryptor to decrypt all the affected files," read the McAfee report in August.

"To achieve this, we observed some new techniques being used by the author that we have not seen before. Clearly, over the last few months, we have seen more innovative techniques appearing in ransomware."

US: Investigators can Use Fake Social Media Profiles to Monitor Potential Visa Seekers





US Citizenship and Immigration Services officers, who were previously banned from creating fake social media profiles, can now create such profiles for the purpose of monitoring social media information of foreigners attempting for visas, citizenship and green cards.

On Friday, the ban was overturned in the review of potential privacy issues conducted and posted online by the Homeland  Security Department.

Explaining the need for the reversal of the ban, a statement by USCIS said that locating evidence of fraud and cross verifying the information for security reasons will be made easier for officers and investigators while deciding whom to allow inside the US.

The concerned State Department took several other steps which included asking applicants applying for US visa to provide their social media handles. However, it is ambiguous how resorting to fake social media identities would be carried out successfully as the terms and conditions of major social media platforms like Facebook and Twitter would clearly be violated while impersonating.

Commenting on the matter, Twitter said in a statement, "It is against our policies to use fake personae and to use Twitter data for persistent surveillance of individuals. We look forward to understanding USCIS's proposed practices to determine whether they are consistent with our terms of service,"

As per the DHS document, the investigating officers are restricted from interacting or conversing with people on various social media platforms and are only allowed to review and verify information passively. Although a lot of social media activity can be viewed and hence reviewed without an account,  certain platforms still keep within bounds the access for the guest users.

Referencing from the remarks made by Dave Maass, a senior investigative researcher for the civil liberties advocacy group Electronic Frontier Foundation, use of fictitious accounts "undermines our trust in social media companies and our ability to communicate and organize and stay in touch with people."

"It can't be this double standard where police can do it, but members of the general public can't." He added.

Cryptographer hacked an online voting system in Moscow


According to the results of the meeting of the technical working group on electronic voting, it became known that the French cryptographer, who pointed out the shortcomings in the electronic voting system, will receive a reward of one million rubles (15 000$).

Last week it became known that Pierrick Gaudry, an employee of the French National Center for Scientific Research, said that the encryption used in the Russian electronic voting system is “completely unsafe” and can be hacked by attackers in about 20 minutes.

Recall that the Russian Government offered a cash prize of 1.5 million rubles (23 800 $) to a hacker who can hack the electronic voting system.

However, according to Artem Kostyrko, the Deputy Head of the Moscow Department of information technology, nobody, including the French cryptographer, managed to hack the system. However, since Pierrick Gaudry pointed out the weakness of the system and drew attention to its testing, he will receive a reward of one million rubles, provided that no one will be able to hack the system during the next testing on August 21.

Other sources reported that Pierrick hacked the system, as he managed to restore all three secret keys. He has published a command-line script, so anyone can hack the voting system. Therefore internet users repeated the experiment and the calculations took the same amount of time - a little more than 20 minutes. When the private keys are known, decrypting the message becomes a trivial task.

It is interesting to note that before Pierrick published his work, Stanislav Smyshlyaev, the Deputy General Director of the company CryptoPro, stated that any laboratory accredited by the FSB of Russia would have found such a vulnerability. At the same time, Artem Kostyrko at one of the meetings of the technical working group mentioned that the Internet voting system was checked by experts from the FSB. Alexey Venediktov, the member of the Public Chamber of Moscow, claimed that military hackers from the GRU were involved in testing the voting system. However, none of them found the vulnerability.

According to forecasts, about 3 percent of the total number of voters will be able to take advantage of electronic voting in the elections to the Moscow City Duma on September 8. By the way, this is 1 percent more than during the experimental electronic voting in Estonia.

Previously, Ehacking News reported that the team of the Ukranian president Vladimir Zelensky promised to hold the next presidential elections in Ukraine using Estonia's experience in electronic technologies.

It is known that the widespread introduction of electronic technologies has become a kind of visiting card of Estonia and its know-how in the eyes of the world community. 

On the guard of the cyber world: Ethical-hackers will appear in the Russian army


The Russian army will have special units, which will include ethical-hackers - people with technical education who will protect the "military Internet". They will scan the system for the presence of enemy cyber attacks and quickly neutralize them.

Conscripts will not be able to get into such units because only officers with special higher technical education can serve in a cyber army.

According to military expert Dmitry Boltenkov, it is necessary to block the attacking computers of the enemy and prevent him from getting into the network. Usually, software and hardware protection is used for this, as well as special devices that protect against hacking or warn of penetration.

It is already known that the software has already been created that should unite the field control stations and provide a multi-level network protection system.

According to experts, such a system will make it impossible for external access to the "military Internet". Protection includes several firewalls that prevent unauthorized access. So, specially designed antiviruses will track the unauthorized access of malware.

The exact place where the invasion occurred and the enemy could intercept radio signals or connect to the network will be detected with the help of special programs and equipment. Further, cybersecurity experts from the new unit can identify and localize the consequences of the attack.

The main advantage of this system is its autonomy because "military Internet" is not connected with the usual network, which means it is less prone to leaks and hacker attacks from outside.

The Ministry of Defense tested the work of the “military Internet” this year. The exchange of information at a speed of 300 Mbit/s was carried out between the field control stations at a distance of more than 2 thousand km. The military Department used special equipment and more than a thousand mobile communication and encryption complexes to create ultra-long data lines. The new system allows the exchange of information at a distance of several thousand kilometers, and all communication channels will be protected from hacking.

In addition, the Armed Forces of Russia are also creating a sovereign Internet - multiservice transport communication network (MTSS). It is planned to complete the first stage of work at the end of this year.

Banks collect biometric data of citizens in Russia






More than 70 Bank offices in the Irkutsk region are already working in the Unified Biometric System, which allows receiving services of bank remotely.


Recall that remote identification was launched in Russia in mid-2018. Clients just need to confirm their identity using biometric data - face images and voice recording.

According to the employer of the Irkutsk Branch of the Bank of Russia, clients need to come to the office once with a passport in order to register in the system. This procedure takes less than 1 minute. Today, 71 Bank offices work with such technologies in the Irkutsk region. Siberian residents can do the identification procedure in the biometric system in 687 branches of 57 banks.

Citizens have access to services of opening an account, obtaining a loan and transferring funds. These services can be obtained by phone, without a personal visit to the office of the Bank. The number of services will expand in the future. In addition, soon insurance companies will also recognize citizens by biometric data.

The new system has significantly reduced the number of Bank frauds. Thus, according to the Pochta Bank, the credit institution managed to block about five thousand fraud attempts in the last year through the biometric identification of clients.

Svetlana Ozeretskovskaya, the Head of Promotion of the Unified Biometric System project, stressed that "all biometric data is encrypted. It is almost impossible to restore them. This reduces the risk of compromise and does not allow attackers to take advantage of the data, even if some kind of leak occurs".

Meanwhile, cybersecurity specialists still see some weaknesses in the system. For example, Trojans in mobile applications or social networks can intercept biometric. But the authors of the biometric identification system are sure that even if your data gets to the criminals, the system will still calculate the fraud. According to the company Rostelecom, the probability of incorrect recognition of the client is 1 per 10 million. Moreover, the system will distinguish even twins from each other.

Russian cyber security specialists massively quit from Russian banks



The Central Bank’s requirements for information security, which have dramatically increased over the past year, led to the departure of specialists in this field from banks to other industries. This situation has risks for banks and their customers. Experts noted that hackers who in 2019 refocused the attack from banks to government offices and industrial companies, can come back.

The banking market is in a dangerous situation, because the leading information security experts leave banks, finding application in other industries.

According to Alexander Vinogradov, the former head of the information security service at Zlatkombank, only among his acquaintances, 11 important Bank security officers who held senior positions resigned from credit institutions and found work in other areas — Telecom, retail, etc.

"The guys are just tired: the load on information security specialists has increased many times over the past year, the requirements have increased many times, many do not stand the load,” he said.

"The maximum responsibility and requirements with a very dubious return," — said Denis Malygia, the former head of the service of the Bank "Garant-invest", commenting on his decision to leave the post.

According to the information security experts, there is another problem, it is the unwillingness of banks to allocate budgets, which is why the risks of successful hacker attacks increase. Specialists of Group-IB said that 74% of the banks are not ready for hacker attacks.

Experts believe that the departure of information security specialists from banks is a dangerous trend. Maria Voronova, the Director of Consulting at InfoWatch Group of Companies, said that personnel risks, in particular, shortage of personnel, are one of the main operational risks in the field of information security.

According to experts, it is rather difficult to find a replacement for those who quit the bank. It may take about six months to find a new head of information security service.

It is interesting to note that in the first quarter of 2019, cyber attacks on the financial sector amounted to 6% of the total number of attacks on legal entities. State institutions (16%), medical (10%) and industrial companies (10%) became the most popular among hackers. If the bank security system will be more vulnerable, hackers can switch to this area.

The Moscow Mayor’s Office claims that electronic voting is safe


According to Alexey Shaposhnikov, the Chairman of the Moscow Parliament, the experiment to conduct electronic voting in the elections of deputies of the Moscow City Duma will take place, despite the detection of weaknesses in its system during testing.

Shaposhnikov said, “I am a supporter of the development of e-democracy; e-voting is one of the elements of its development.”

Recently, Alexei Venediktov, the Deputy Chairman of the Public Chamber, said that the electronic voting system from July 11 will be available in test mode for everyone. Hackers will be able to try to hack it for a fee of 1.5 million rubles.

Artem Kostyrko, the Deputy Head of the Department of Information Technology Department of Moscow, said that the guarantee of security of the electronic voting system is the fact that it will be held on the website of the Moscow Mayor’s Office mos.ru.

The speaker of Moscow City Duma noted that he did not know of any cases of hacking into the site mos.ru. Specialists, who are responsible for the functioning of the security system, guaranteed correct operation during the counting of votes.

People wishing to participate in the electronic voting must pass verification in advance on the official website of the Mayor of Moscow.

The Moscow City Duma Chairman added that according to preliminary forecasts, up to 6% of the voters in Moscow will participate in the experiment on conducting electronic voting.

It should be noted that the Moscow authorities plan to arrange an online broadcast of electronic voting, during which it will be possible to find out the number of voters.

Experts believe that it remains unclear how the voter authentication, the secrecy of the vote and freedom from being forced to vote will be ensured.

In addition, the technical side of the e-voting process is provided by the Moscow Mayor’s Office, which is a structure of the Executive branch of Government, the head of which represents one of the political parties. According to experts, this is a violation of the principle of independence of election organizers and the principle of separation of powers.

Elections to the Moscow City Duma are scheduled for September 8, 2019. An experiment on electronic voting will be conducted in three districts of Moscow.

Yandex responded to a Reuter’s article on hacking by Western intelligence agencies


Russian Internet giant Yandex reported that hackers working for Western intelligence had access to the company's systems for several weeks. Yandex stated that the hacking attempt was neutralized immediately.

Yandex claims that hackers did not get access to user data. Moreover, the attack did not cause any damage. Sana Paritova, the Head of corporate communications of Yandex, stated, "We can assure you that the attackers are unable to access data of users of Yandex services.”
Yandex specialists “promptly identified and neutralized at the beginning” the hacking attempt.

The company stated, “Yandex, as well as all the major Internet companies,  are regularly confronted with various types of cyber threats. Our corporate policy does not imply the dissemination of detailed information about such cases.”

Recall that the Agency Reuters reported that in October or November 2018, hackers working for Western intelligence services hacked the company in order to spy on user accounts. According to the Agency, employees of Western intelligence agencies have installed a malicious program Regin used by the Five Eyes Alliance. This program allows them to impersonate users and access their messages.

The malicious software involved in the hacking is used by the United States, the United Kingdom, Australia, New Zealand and Canada. It was not possible to determine which country was behind the attack.

The article states that hackers were interested in technical information that allows them to understand how Yandex identifies user accounts. Possessing it, foreign intelligence could impersonate the user and gain access to their messages. The ultimate goal of the hacking was espionage, it was not an attempt to steal intellectual property.

Sources also said that hackers had access to Yandex systems for at least a couple of weeks.

The company turned to Kaspersky Lab, which found that the target of the attack was a group of Yandex developers.

It’s interesting to note that Yandex is working in the field of information technology. It owns the eponymous search engine on the Internet, an Internet portal, a number of different information services.

Recall that earlier EhackingNews was reported that cyber attacks with the use of the Troldesh encryption virus, also known as Shade, XTBL, Trojan.Encoder.858, Da Vinci and No_more_ransome, have again increased in Russia.

The Program " The straight line with Vladimir Putin” underwent a DDoS attack.


The straight line call center with Russian President Vladimir Putin was DDoS-attacked from abroad. It is noted that due to this fact there were problems with connection during Putin's communication with the Russians.

The host of the program on the air told, "Our call center just underwent a massive DDoS attack from abroad, apparently, failures in video calls are associated with this. The total number of calls is already approaching two million”.

The press service of Russia's largest provider of digital services Rostelecom said, “Two powerful attacks happened. Rostelecom successfully repelled the attacks. The attacks did not affect the straight line operation."

An interesting fact is that Margarita Simonyan, the editor of the Russian international news channel RT, said that the attack of hackers was carried out from the territory of Ukraine.

Alexey Malnev, the Head of the Monitoring and Response Center at Jet Infosystem, said that in the period from 2013 to 2015, almost every political or economic event was subjected to a powerful surge of attacks.

The expert stressed that the hacker attack on the straight line with Russian President Vladimir Putin was carried out in order to destabilize the situation.

"Today we can say with confidence that this is a wave of the established trend of recent years," said Malnev.

He also added that the cyber war in the modern world is permanent. The expert noted that in the future we should continue to expect similar as well as more complex attacks.

It is worth noting that the Program "The straight line with Vladimir Putin" is already the 17th since 2001 and takes place in the classical format. The President is in the Studio, where he answers questions of interest to Russians, received both by phone and through the direct line website or a special application. If necessary, the Head of State may contact the Heads of regions and Ministers on various issues.

Usually at the end of a straight line Putin draws up a list of instructions, appointing responsible persons and deadlines for the execution of each task.

GLONASS to protect signals of future satellites from hacker attacks


The Transport Safety Forum was held in St. Petersburg last week, in which the Chief Designer of GLONASS JSC Mikhail Korablev took part. He reported that the new Federal Target Program has a task to protect signals of future satellites from hacker attacks.

It is worth noting that GLONASS is a Russian satellite navigation system, one of only two fully functioning global satellite navigation systems in the world for today.

According to Mr Korablev, the task is to improve the accuracy of the GLONASS system and to increase the security of the signal, to combat spoofing (an attack on a satellite in which a navigation signal is faked).

"The attack of the ship management system is a problem. All ships use satellite navigation. There is a confirmed fact of information attacks on ships that do not allow making it possible to determine the location. Therefore, one of the tasks of the new program, in addition to improving accuracy, is to increase security," said Korablev.

It is not yet known how the satellite signal will be protected because the new Federal Target Program for the development of the GLONASS navigation system for the period 2021-2030 has not yet been approved. Currently, it is in the process of negotiation and should soon be sent for approval to the Government of the Russian Federation.

In the future, the entire GLONASS navigation system will be upgraded to the new GLONASS-K2 devices, which are fully assembled on the basis of domestic products. The first GLONASS-K2 satellite is scheduled to be launched into orbit at the end of 2019 - the beginning of 2020. It’s interesting to note that, currently, the GLONASS system orbital network includes 26 satellites.

The National Payment Card System (NPCS) of Russia says the Fast Payment System is secure


According to Dmitry Kolesnikov, Director of the FPS project in the NPCS, the Fast Payments System is completely safe.

Earlier, the Head of Sberbank German Gref said that one of the reasons why Sberbank does not join the Fast Payment System is cybersecurity. So, according to Gref, the system is still unsafe.

"The system is safe, secure, fully complies with all standards. There were no incidents during the operation," said Kolesnikov at the International Forum "Remote Services, Mobile Solutions, Cards and Payments - 2019".

The Bank of Russia summed up the results of the first four months of the FPS. According to Maria Krasenkova, the Head of the Development and Regulation of the National Payment System of the Central Bank, from January 28 to May 28, 500 thousand transfers were made through the FPS for a total of 4.2 billion rubles ($ 64 million). Dmitry Kolesnikov noted that during the operation of the system, about 200 thousand people took advantage of it. According to NPCS, 40% of transfers are made between own accounts, 60% between accounts of different clients.

It is worth recalling that the Central Bank launched a competitor to the Sberbank transfer system, it's a money transfer system (FPS) by telephone number between accounts of different banks. First, only 11 financial institutions joined the FPS, including Alfa-Bank, Tinkoff Bank, Gazprombank, VTB and others. Another 100 banks expressed their desire to join the system. However, Sberbank has not yet expressed its desire to join the FPS. The largest Russian Bank was a monopolist in the market of money transfers between individuals. In 2018, Sberbank earned 47.2 billion rubles ($ 722 million) on transfers, and the launch of the Central Bank system has already hit its revenues. In the future, participation in the FPS is planned to be mandatory for all banks.

The Bank of Russia expects to connect important Banks to the FPS before September 1. However, according to Gref, the agreement with the Bank of Russia on the connection of Sberbank to the FPS has not yet been achieved.

The Ministry of Internal Affairs of the Russian Federation to create a portal for complaints against hackers


In Russia, a special resource that will allow better fight against hackers to be created. Citizens themselves will be able to inform on hackers who either suffered from hackers or simply noticed some violations.

The concept of the service is the collection of information on cybercrime from citizens and legal entities, as well as government agencies, and then accumulating it in one system. The resource will be continuously and automatically collect data about the threats.

It will be possible to tell about violations by phone, e-mail, messenger, SMS and social networks. The database of the resource will also be updated due to the already existing systems in Russia: for example, a Unified Biometric System, a Portal of Public Services.

Citizens and government agencies will be able to use the service for free. Today in Russia there is no single place to collect information about cybercrime, access to which could be obtained by all interested citizens.

The system is being created by the Russian organization Data Economy. The organization was created to provide services in the Development of the Digital Economy in Russia supporting socially significant projects and initiatives. The founders of the organization are the Russian Government, ASI, Russian Post, Sberbank, a number of telecommunications and IT companies.

However, an employee of one of the IT companies said that the effectiveness of this system is sharply questionable, as the data from the public resource will be in the hands of attackers very soon and will only help them quickly modify the attack to be unnoticed.

It is interesting to note that the concept of a single portal was approved by the organization Data Economy and sent for approval to the Cabinet of Ministers. The total amount of financing of the national project for the next six years is more than 1.5 trillion rubles.

Security Bug Discovered in Google's Titan Security keys, Provides Free Replacement




A security bug in Google’s Titan Security Key which can potentially allow fraudsters located nearby to bypass the security provided by the key. While the company provided a replacement key for free to all the already existing users, it blamed a “misconfiguration in the Titan Security Keys’ Bluetooth pairing protocols” for the security bug.
Although the defected keys are reported to be still protecting against phishing attacks, the company decided to provide a replacement key regardless. The affected keys include all those which are sold in packages priced a $50; it also includes a usual NFC/USB key.
In order to exploit the security bug, the fraudsters need to in a Bluetooth range of around 30 feet, he is supposed to act promptly as the victim activates the key by pressing the button, then the fraudsters can employ falsely configured protocol to intercept your device’s connection to the key and connect theirs instead. Then given, they would be having access to your username and password, they would be able to log in to the victim’s account.
Google has given students to ensure that the bug does not intercept the security key’s ultimate purpose that is to provide security against phishing attacks; Google also urged the users worldwide to keep utilizing the keys until a replacement is provided.
In an announcement, the company said, “It is much safer to use the affected key instead of no key at all. Security keys are the strongest protection against phishing currently available,”
Around the time when Google launched its Titan keys, Stina Ehrensvärd, Yubico founder, wrote, “While Yubico previously initiated the development of a BLE security key, and contributed to the BLE U2F standards work, we decided not to launch the product as it does not meet our standards for security, usability and durability,”



According to Russians, Assange is a freedom fighter and an altruist


According to a survey by the Russian Public Opinion Research Center, the majority of Russians believe that the founder of WikiLeaks Julian Assange is a freedom fighter and an altruist.

According to 45% of Russians, Assange promotes the principles of freedom of speech and freedom of the media, publishing secret materials. In addition, 40% of survey participants believe that Assange acted in the interests of the world community.

Most Russians believe that “Assange wanted to open the eyes of the world community to cases of corruption, crimes, scandals in different countries."

However, a quarter (27%) of those surveyed believe that Assange violated the law with his publications. According to 17% of Russians, Assange sought to take revenge on his enemies and attract attention.

The survey was conducted on April 13, 2019, among 1600 Russians over 18 years old. The survey method was a telephone interview.

It should be remembered that on April 11 the British court found Assange guilty of the violation of conditions of release on bail. The journalist was arrested at the Embassy of Ecuador in London. where he asked for political asylum in 2012. He never left the diplomatic mission building for fear of arrest and extradition to the United States, where he is accused of publishing secret documents of the State Department.

Security flaws found in taxi booking apps

Experts of the Russian Quality System (http://roskachestvo.gov.ru/) made a decision that the most popular applications for ordering a taxi can cause the leakage of personal data, such as Bank card information.

Experts tested such programs as "Yandex.Taxi", Uber Russia, Maxim, Gett, City-Mobil, Rutaxi and Fasten. It turned out that almost half of the applications are vulnerable to DDoS attacks which can cause a blocking of the service.

The test showed that there are a number of potential vulnerabilities in applications, for example, weak hashing and encryption algorithms and insecure SSL implementation.

In turn, Taxi services specified that their programs use a secure data transfer protocol, and all information is stored in encrypted form.

According to experts, people should not order a taxi when connected to an open Wi-Fi network or they must install a VPN client on the device.

The idea of taxi applications nowadays is very practical and comfortable, but the quality of services leaves much to be desired. It turns out that in reality companies are not responsible for the qualification of taxi drivers, as well as for its absence when it comes to litigation. It will not be surprising if next time companies will not take the consequences for the leakage of personal data.

Fraudsters Gaining Access to Users Mobile Devices to Commit Bank Fraud


With the advent of Unified Payment Services (UPI), the idea of sending money from one bank account to the other without having to top up the sum in the mobile wallet has become a reality. However, with new means of transactions coming up and widening of the horizon of banking operations, there is an even enhanced possibility of bank frauds. Hackers have been continuously coming up with new ways of bypassing security.
ICICI Bank reported that in order to gain remote access of smartphones of various users, cybercriminals trick users into downloading ‘AnyDesk’, an application available on App Store as well as Play Store.
Once the user downloads the app, a nine-digit app code is generated on his mobile device which they are then asked to share with the criminals. After receiving the code, fraudster enters the code onto his mobile and then asks the user to grant him certain permissions. Now, once the criminal gets the permissions, he can access the user’s device with ease.
Users are advised to verify and then install the original UPI app and payment wallets from Apple Store and Google Play Store owned by authenticated companies. Avoid downloading applications from suspicious or unknown sources and consider reading reviews prior to going for the download.
Furthermore, while granting permissions on making the download, one should be highly alert and pay extra attention to the details. Banks suggest having your e-mail ID registered and verified in order to be notified of any illegal action taken on your account.
Other safety tips include getting your SIM card blocked instantly if you happen to misplace your mobile device and logging out of your bank account from the web browser. Lastly, customers should always keep a track of their banking transactions which are sent through SMS, it will allow them to take note of any fraudulent transaction and report it to the bank.  


An ex-FSB officer was sentenced to seven years in prison in the case of State treason



The Moscow City Court sentenced to seven years in prison an entrepreneur and ex-FSB officer Georgii Fomchenkov. The case was heard behind closed doors because of secrecy.

Recall that Fomchenkov was arrested on December 5, 2016. He is the fourth defendant involved in the case of State treason of employees of the FSB. So, Sergei Mikhailov, the Head of one of the divisions of the Information Security Center of FSB, his subordinate major Dmitrii Dokuchaev and Ruslan Stoyanov, an employee of the Computer Incident Investigation Department of Kaspersky Lab, were arrested in this case. It should be noted that Ruslan worked until 2006 in law enforcement agencies.

It is known that Mikhailov received 22 years in prison and a fine of 400 thousand rubles, Stoyanov received 14 years and a fine of 150 thousand rubles.

According to media reports, the defendants are accused of transferring secret information to foreign intelligence services. 

Colonel Mikhailov and his subordinates carried out operational development in the case of Pavel Vrublevskii, the founder and CEO of the processing company Chronopay. It turned out that they gave the FBI secret information about the ways and methods of conducting operational and investigative activities in the case of Vrublevskii, who is considered to be a cybercriminal in the United States. They earned on the sale of State secrets 10 million rubles.

In addition, Fomchenkov previously engaged in business on the Internet. In the early 2000s, he had the payment services that were popular among the webmasters of pornography sites, spammers, and owners of pharmacy resources.

An interesting fact is that the detention of Stoyanov and Mikhailov happened shortly after the arrest of Vladimir Anikeev, the Head of the hacker group Humpty - Dumpty. Officially, the FSB does not connect these two events. However, Anikeev was interrogated in the case of Fomchenkov.