The School of Cyber Security at the Korean University in Seoul has developed a novel covert channel attack called CASPER that may leak data from air-gapped computers to a nearby smartphone at a pace of 20 bits per second. 

Casper is a 'recognition tool,' built to characterize its targets and decide whether or not to keep tracking them. Prior to introducing more advanced persistent malware into the targeted systems for espionage, the Casper surveillance virus was employed as a starting point.

The industry leader in technology, electronics, and smartphone producer, Samsung reported a data breach in its system. Earlier, the company was hit by a cyberattack in late July 2022. In August, the company discovered that a group of threat actors accessed its systems and breached customer personal data. 

The hackers had access to Samsung customers’ personal details including contacts, product registration data, dates of birth, and demographic information. However, the company said that the Social Security or credit card numbers were safe from the security breach. 

“In late July 2022, an unauthorized third party acquired information from some of Samsung’s U.S. systems. On or around August 4, 2022, we determined through our ongoing investigation that the personal information of certain customers was affected. We have taken actions to secure the affected systems, and have engaged a leading outside cybersecurity firm and are coordinating with law enforcement...” 

“…We want to assure our customers that the issue did not impact Social Security numbers or credit and debit card numbers, but in some cases, may have affected information such as name, contact and demographic information, date of birth, and product registration information,” reads a notice published by the company. 

The company further added that the information exposed for each relevant customer may vary, however, the company has started notifying impacted customers, and also advised them to remain cautious of any unrecognized and illegal communications that ask for their personal credentials or refer them to a web page asking for personal information. Customers must also review their accounts for suspicious and unsolicited activity. Besides, they should avoid clicking on links or downloading attachments from unrecognized and suspicious emails

Furthermore, Samsung claims to have detected the vulnerability in the system caused by the attack and to have taken measures to secure the impacted systems. Also, the company hired a leading cybersecurity firm to investigate the matter and report it to law enforcement.

Since at least May 2021, a botnet known as PseudoManuscrypt has been targeting Windows workstations in South Korea, using the same delivery methods as another malware known as CryptBot. 

South Korean cybersecurity company AhnLab Security Emergency Response Center (ASEC) said in a report published, "PseudoManuscrypt is disguised as an installer that is similar to a form of CryptBot and is being distributed. Not only is its file form similar to CryptBot but it is also distributed via malicious sites exposed on the top search page when users search commercial software-related illegal programs such as Crack and Keygen."

  

According to ASEC, approximately 30 computers in the country are compromised on a daily basis on average. PseudoManuscrypt was originally discovered in December 2021, when Russian cybersecurity firm Kaspersky revealed details of a "mass-scale spyware attack campaign" that infected over 35,000 PCs in 195 countries around the world. 

PseudoManuscrypt attacks, which were first discovered in June 2021, targeted a large number of industrial and government institutions, including military-industrial complex firms and research in Russia, India, and Brazil, among others. The primary payload module has a wide range of spying capabilities, enabling the attackers virtually complete access over the compromised device. Stealing VPN connection data, recording audio with the microphone, and capturing clipboard contents and operating system event log data are all part of it. 

Additionally, PseudoManuscrypt can access a remote command-and-control server controlled by the attacker to perform malicious tasks like downloading files, executing arbitrary instructions, log keypresses, and capturing screenshots and videos of the screen. 

The researchers added, "As this malware is disguised as an illegal software installer and is distributed to random individuals via malicious sites, users must be careful not to download relevant programs. As malicious files can also be registered to service and perform continuous malicious behaviours without the user knowing, periodic PC maintenance is necessary."

Korean researchers have created a set of assaults against some solid-state drives (SSDs) that could allow malware to be planted at a position beyond the user's and security solutions' reach. The attack models are designed for drives with flex capacity characteristics and target a hidden section on the device known as over-provisioning, which is extensively used by SSD manufacturers these days for performance improvement on NAND flash-based storage systems. 

The over-provisioning region is invisible to the operating system and any applications that run on it, including security and anti-virus software. The SSD manager dynamically adjusts this space against the workloads when the user runs different applications, depending on how write or read-intensive they are. 

Flex capacity is a feature of Micron Technology SSDs that allows storage devices to automatically modify the sizes of raw and user-allocated space to improve performance by absorbing write workload volumes. It is a dynamic system that builds and changes a buffer of space which typically consumes between 7% and 25% of total disk capacity. 

Hardware-level assaults provide the highest level of persistence and stealth. In the past, sophisticated actors worked hard to execute such concepts against HDDs, concealing dangerous code in unreachable disk sectors. One assault modeled by researchers at Korea University in Seoul targets an invalid data area containing non-erased information that resides between the usable SSD space and the over-provisioning (OP) area, the amount of which depends on the two. According to the research article, a hacker can adjust the size of the OP region using the firmware manager, resulting in exploitable invalid data space. 

In a second attack model, the OP region is used as a covert location where a threat actor can hide malware that users cannot monitor or remove. According to the research article, "It is assumed that two storage devices SSD1 and SSD2 are connected to a channel in order to simplify the description. Each storage device has 50% OP area. After the hacker stores the malware code in SSD2, they immediately reduce the OP area of SSD1 to 25% and expand the OP area of SSD2 to 75%." 

"At this time, the malware code is included in the hidden area of SSD2. A hacker who gains access to the SSD can activate the embedded malware code at any time by resizing the OP area. Since normal users maintain 100% user area on the channel, it will not be easy to detect such malicious behaviour of hackers," the article added.

To counteract the first type of assault, the researchers advise that SSD manufacturers wash the OP area with a pseudo-erase algorithm that has no effect on real-time performance. Implementing valid-invalid data rate monitoring systems that monitor the ratio inside SSDs in real-time is a potentially effective security measure against injecting malware in the OP area for the second type of attack.

After unauthenticated activity on their system, the personal data of some consumers in South Korea and Taiwan were disclosed as McDonald's became the latest data breach affected firm. 

The attackers have obtained e-mails, telephone numbers, and delivery details, but consumer payment information was not included in the breach, the company claimed. On Friday, McDonald's also said that the event was swiftly recognized and managed as a comprehensive study was undertaken. 

The investigation discovered that the information from companies was breached in countries namely the U.S., South Korea, and Taiwan. 

McDonald's said the failure revealed certain corporate contact information for the US staff and franchisees and some information about locations such as seating capacity and the square footage of play areas in a message to U.S. employees. No customer information has been infringed in the US and the information regarding the employees in the United States that was exposed was not sensitive. The corporation urged employees and franchisees to keep an eye on phishing e-mails and request information from them. 

McDonald's said attackers obtained emails of consumers in South Korea and Taiwan along with their shipping numbers and addresses. McDonald's reported that hackers also took staff information of customers from Taiwan, particularly their names and contact information.

The F&B chain has indicated that its South Korea and Taiwan businesses have notified Asian regulators of the infringement and would also contact clients and staff. The officials said that its departments would also communicate probable unlawful access to the data to some South African and Russian staff. These countries were also flagged by the investigation. 

McDonald's asserted that the businesses at its restaurants were not impacted by the infringement and that there was no ransomware attack in which hackers asked for ransom to return data and transactions control to enterprises. McDonald's has declared that no ransom has been requested nor have they paid the hackers. 

McDonald's noted that its cybersecurity defense investment has expanded in recent years and that these mechanisms have helped them respond to the recent incident. Shortly after the breach was detected, the corporation announced it would shut hackers' access to data off. 

“McDonald’s will leverage the findings from the investigation as well as input from security resources to identify ways to further enhance our existing security measures,” the company said.

As per Ciso, ransomware attacks have proliferated in South Korea over the last year, impacting hospitals and shopping malls as the coronavirus pandemic has increased Internet usage. 

A major plastic surgery clinic in southern Seoul disclosed on Thursday that its servers had been the target of a ransomware attack on its website. Personal data about their patients seem to have been obtained by the hackers. This is the most recent in a string of ransomware assaults recorded in the city.

According to the Ministry of Science and ICT, the number of ransomware assaults reported in the country increased by more than thrice to 127 last year, up from 39 in 2019. According to the Yonhap news agency, there have been around 65 cases so far this year. A wide spectrum of businesses has been attacked by ransomware attacks. 

Last month, Super Hero's operations were interrupted for hours due to a ransomware attack that affected 15,000 delivery employees around the world. Hackers broke into the local fashion and retail behemoth E-Land Group last November, forcing the shutdown of 23 of its 50 NC Department Store and NewCore outlet sites. 

Cyber-attacks have increased in both number and profile as the epidemic has led to more Internet usage. According to Kim Seung-joo, a cybersecurity specialist at Korea University, ransomware assaults might pose more problems than just destroying a company's complete work system because enterprises are relying more on remote work during the epidemic. 

As an outcome, a growing number of companies are paying the ransom. This technique supports the spread of ransomware. It's a vicious circle, Kim said, urging more investment in cybersecurity to avoid the crisis in the first place. 

Regrettably, the attacks appear to be part of a bigger global pattern. The hack of Colonial Pipeline, a major oil pipeline operator in the United States, was a notable recent incident. The corporation was compelled to pay a $4.4 million ransom. 

As ransomware assaults continue in South Korea, the ICT ministry established a 24-hour monitoring team last month to help businesses harmed by the attacks. Companies that have been targeted by the attacks are currently receiving assistance from the government, including the restoration of their systems.

The shared information includes user names, academic background, work profile, relationship status, and home addresses. The users logged into other third-party apps using their FB credentials but without giving any permission to access personal information. Nonetheless, FB shared its data with the third-party apps the users were using. 

The issue came to notice when a FB user shared their data with a service while logging in with the FB account, but the user's friends didn't, however, unaware that their FB data was also shared. Following the incident, these third-party apps used Facebook's provided information to show customized ads on social media users' profiles. 

According to PIPC, with no user permission, Facebook provided user data to third-party companies and made monetary profits. PIPC also charges FB to store login credentials (with no encryption) without user knowledge and not notify the users while accessing their data. Besides this, it claims that Facebook presented fake and incomplete documents while the legal investigation was ongoing, instead of providing the real documents. 

It affected the inquiry's credibility and caused difficulties in assessing FB's clear violations of rules and laws. For this misdoing, FB was charged for an extra 66 million won. 

The company Facebook, however, claims that it provided full cooperation during PIPC's investigation. FB find PIPC's complaint regrettable; however, it will respond after the commission takes its final decision. 

"The investigation against the US tech giant started in 2018 by the Korea Communication Commission, the country's telecommunication regulator, in the wake of the Cambridge Analytica scandal. The regulator handed the case to PIPC," reports ZDNet.

Residents and nationals of the Russian Federation (Russia)the six officials were also in Unit 74455 of the Russian Main Intelligence Directorate (GRU), a military intelligence agency of the General Staff of the Armed Forces.

  The government claimed that the group that had attacked Ukraine has likewise hacked different computers promoting the 2018 Winter Olympics in South Korea. It likewise hacked and leaked emails of people related to Emmanuel Macron's 2017 campaign for president of France. 

Besides this, they additionally focused on the companies exploring the poisoning of former Russian operative Sergei Skripal two years ago in Britain. 

All the six hackers are GRU officers; the government said that for over two years, they had battled tirelessly to recognize these Russian GRU Officials who interweaved in a global campaign of hacking, disruption, and destabilization, representing the most dangerous and destructive cyber-attacks ever.

The GRU burrowed into three electrical administration systems and cluttered circuit breakers remotely, it was one of the first cyber-attacks and had a cyber firm that consistently focused on critical infrastructure.

The authorities had at first scrutinized and reprimanded North Korea for the strike yet later found that the GRU utilized North Korean hacking tools to throw off the experts. 

That is the motivation behind why the special agent of FBI Michael Christman insisted that the warrant is the result of over two years of strong investigation by the FBI, a position that was kept up by an agent who worked the case.

Here are the names and the acts done by the hackers referenced below: -

  The FBI has regularly indicated that Russia is very equipped for a cybersecurity adversary, and the information uncovered in this statement shows how omnipresent and harming Russia's cyber activities are. 

While Russia is probably not going to capture the detainees, it is unlikely that they will attain any trial too.

Hundreds, around 338 people have been arrested in the worldwide sting of "largest dark web child porn marketplaces", investigators said.

The now seized English website, "Welcome to Video" hosted 2,00,000 videos showing illegal acts committed to children, which were downloaded more than a million times. The site had eight terabytes of data containing gruesome acts being done to infants, toddlers and children.

The site's owner Jong Woo Son, 23, from Korea is currently in prison, serving a sentence of 18 months. Unites States officials have unsealed nine allegations against him.

"You may try to hide behind technology but, we will find you and arrest you and prosecute you." Jessie Liu, the US attorney for the District of Columbia said in a press conference.

The site was shut down a year ago in March by US authorities, but on Wednesday officials said 338 users have been arrested from 38 countries including UK, Ireland, US, South Korea, Germany, Spain, Saudi Arabia, the United Arab Emirates, the Czech Republic and Canada.
The site also used a Bitcoin based marketplace with at least 7,300 transaction worth about 730,000 dollars. UK's National Crime Agency said "The site was one of the first to offer sickening videos for sale using the cryptocurrency bitcoin. "

The arrest was  result of a three years of hunt by National Crime Agency of Britain, and task forces from UK, US, South Korea and Germany. The officials first came across the website while investigating one of UK's worst child sex offender and paedophile, geophysicist Dr Matthew Falder in 2017. Fadler, admitted to 137 offenses and is serving a 25 years sentence for sharing images and abusive videos on the dark web. Then in March, 2018 officials went to South Korea to take down the website's server and to arrest Jong Woo Son, the owner of the site.

The officials were able to arrest many suspects by tracing the cryptocurrency transactions. Seven men from the UK and five from America have already been convicted of the investigation. One of them being, Kyle Fox another child offender already in jail for raping a five-year-old boy and sexually abused a three-year-old girl.
“The scale of this crime is eye-popping and sickening,” said John Fort, the chief of IRS criminal investigations. The task force was able to rescue 23 children from a state of constant abuse.

There are new vulnerabilities discovered with the 4G network used by smartphones. South Korean researchers discovered 36 new flaws using a technique called 'fuzzing'.

It turns out that our mobile networks may not be the safest. As LTE gets ready to make way for 5G, researchers have discovered several flaws in the Long-Term Evolution (LTE) standard, which could allow an attacker to intercept data traffic or spoof SMS messages.

The 4G LTE standard has vulnerabilities that could allow a hacker to intercept data that is being transferred on the networks. Although there has been plenty of research about LTE security vulnerabilities published in the past,  what's different about this particular study is the scale of the flaws identified and the way in which the researchers found them.

Researchers at the Korea Advanced Institute of Science and Technology Constitution (KAIST) have discovered 51 vulnerabilities with the 4G LTE standard—this includes 15 known issues and 36 new and previously undiscovered flaws with the standard.

LTE, although commonly marketed as 4G LTE, isn’t technically 4G. LTE is widely used around the world and often marketed as 4G. LTE can be more accurately described as 3.95G.

Given the widespread use of LTE, the latest findings have massive implications and clearly show wireless networks that consumers often take for granted aren't foolproof.

In their research paper [PDF], the researchers claim to have found vulnerabilities enabling attackers to eavesdrop and access user data traffic, distribute spoofed text messages, interrupt communications between base station and phones, block calls, disconnect users from the network and also access as well as manipulate data that is being transferred. The researchers are planning to present these at the IEEE Symposium on Security and Privacy in May.

“LTEFuzz successfully identified 15 previously disclosed vulnerabilities and 36 new vulnerabilities in design and implementation among the differ- ent carriers and device vendors. The findings were categorized into five vulnerability types. We also demonstrated several attacks that can be used for denying various LTE services, sending phishing messages, and eavesdropping/manipulating data traffic. We performed root cause analysis of the identified problems by reviewing the related standard and interviewing collaborators of the carriers,” said the researchers in the report.

South Korea has arrested four men accused of online streaming of the “intimate private activities” of 1600 hotel rooms.

The men allegedly installed mini cameras in TVs, hair-dryer holders, and sockets, to record all the private activities which were sold on online platforms for up to $6,200.

If the allegations proved right, then they could face jail up to 10 years and a  30m won ($26,571; £20,175) fine.

The men created a website in November, where they allowed users to pay for full videos or watch 30-second clips for free. They reportedly posted 803 videos and earned money from 97 paying members before the website was taken down.

"The police agency strictly deals with criminals who post and share illegal videos as they severely harm human dignity," a spokesman for the Seoul Metropolitan Police Agency told the local newspaper the Korea Herald.

The recent incident has sparked a nationwide protest against the filming of sex and nudity as the number of such incidences have increased many folds.

"There was a similar case in the past where illegal cameras were (secretly installed) and were consistently and secretly watched, but this is the first time the police caught where videos were broadcast live on the internet," police said.