Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Russian hackers attack DNC, steal Trump’s files


Russian government hackers broke into the servers of the Democratic National Committee and stole a massive trove of data, including all opposition research into GOP presidential candidate Donald Trump and almost a year's worth of private e-mail and chat messages, according to committee officials and security experts who responded to the breach on Tuesday (June 14).

Researchers with Crowdstrike, the security firm DNC officials hired to investigate and contain the breach, determined the intrusions were carried out by two separate hacker groups that both worked for the Russian military intelligence organization. One, dubbed Cozy Bear, gained access last summer and has been monitoring committee members' e-mail and chat communications. The other is known as Fancy Bear and is believed to have broken into the network in late April. It was the latter intrusion that obtained the entire database of Trump opposition and later tipped off IT team members the network may have been breached.

The U.S. government, however, has not yet determined that the hackers who breached the server are connected to the Russian government.

According to Crowdstrike, Cozy Bear was the same group that in 2014 successfully infiltrated unclassified networks used by the White House, the State Department, and the Joint Chiefs of Staff. They reportedly have also hacked numerous corporations and businesses in the defense, energy, manufacturing and other industries. Fancy Bear has been in operation since 2000.

The networks of presidential candidate Hillary Clinton was also targeted by Russian spies, as were the computers of some Republican political action committees. But details on those cases were not available.

The hackers who penetrated the DNC network were expelled last weekend in a major computer cleanup campaign. No financial, donor or personal information appears to have been taken, leaving analysts to suspect the breach was a case of traditional espionage and not the work of criminal hackers.

CrowdStrike said analysts still aren't sure how the intruders gained access. Suspicions are being raised that they targeted DNC employees with spearphishing e-mails that appeared to come from known and trusted people that contained malicious links or attachments.Researchers with security firm Palo Alto Networks said that a Russian hacking group it calls Sofacy sent an unnamed US government agency spearphishing e-mails that appeared to come directly from the compromised account belonging to the Ministry of Foreign Affairs of another government.

The government is usually hesitant to publicly blame another government for a cyberattack and opts to usually remain silent, concerned of the geopolitical consequences and waiting for strong enough evidence that it might hold up in court.

It's not the first time that hackers have targeted major figures in a US presidential election. In 2008, both computer systems for both the Obama and McCain campaigns were reportedly victims of a sophisticated attack by a then unknown foreign entity. The two hacking groups identified by CrowdStrike didn't appear to work together or to coordinate their attacks.

Any U.S. election is of intense interest to overseas governments, and Trump's candidacy has especially raised his relationship with Russia throughout the campaign. He has at times spoken admiringly of Russian President Vladimir Putin, and some of his foreign policies have drawn praise in Moscow, despite the country's chilly relationship with the U.S.


The intrusions are an example of Russia’s interest in the U.S. political system and its desire to understand the policies, strengths and weaknesses of a potential future president.
Read more »

Wendy's POS breach 'much bigger' than first reported




American fast food chain Wendy’s has admitted that the data breach affecting the company reported last month was a lot bigger than what was said.

(pc-google images)
The Wendy’s breach came into light last month after the company began investigating unusual activity involving customer credit cards in January this year.

“Based on the preliminary findings of the previously-disclosed investigation, the Company reported on May 11 that malware had been discovered on the point of sale (POS) system at fewer than 300 franchised North America Wendy’s restaurants,” Wendy’s stated.  "An additional 50 franchise restaurants were also suspected of experiencing, or had been found to have, other cybersecurity issues."

Wendy's has described the breach as “extremely difficult to detect,” uploaded via a remote access tool to a second POS system that was not previously known to be infected.

The Company believes this series of cybersecurity attacks resulted from certain service providers’ remote access credentials being compromised, allowing access to the POS system in certain franchise restaurants serviced by those providers.

After detecting the malware, the Company has already disabled it in all franchise restaurants where it has been discovered, and continues to work aggressively with its experts and federal law enforcement to continue its investigation.



Read more »

North Korea hacks 140k computers of South Korea

North Korea hacked into more than 140,000 computers at 160 South Korean firms and government agencies, planting malicious code, stealing 40,000 defence-related documents, police said on Monday (June 13).

The incident comes under a long-term plan laying groundwork for a massive cyber attack against its rival. Some 42,000 documents were hacked, majority of them linked to defence.

North Korea had launched a hacking campaign in 2014 but South Korea was noticed in February that Kim Jong-Un's band of hackers had been infiltrating into its networks.
South Korea suspects since the hacked machines stayed dormant, North Korea wanted to launch an attack intended to cause confusion on a national scale or to continuously steal industrial and military secrets.
South Korea has been on heightened alert against cyber attacks by the North after Pyongyang conducted a nuclear test in January and a long-range rocket launch in February that led to new U.N. sanctions.
The hackers took no action after gaining control on computers and networks of some groups but popular network management software was targeted. Cops refused of naming the platform.
The IP addresses in the attacks points towards the North.
The Pyongyang has always denied of any wrongdoing on Seoul.
In 2014, North Korean hackers led a devastating campaign against Sony pictures which led to the leakage of embarrassing internal e-mails and unreleased movie clips.
Just last month, North Korea was linked to a hacking on a Bangladeshi bank which resulted in a theft of around $ 81 million.
North Korea is not the only country with state sponsored hacking. The United States has an entire entity dedicated to hacking called the United States Cyber Command.

Read more »

Intel plans to kill ROP attacks at chip level



(pc- google images)

Tech-giant Intel has come up with a plan to defeat attacks that use return-oriented programming (ROP) to exploit memory vulnerabilities. The chip-level plan would block malware infections on computers at the processor level.

The new measures are reviewed in a specification from Intel which describes the Control-flow Enforcement Technology (CET) and its attempt to overcome exploits that use ROP and jump-orientated programming (JOP).

CET aims to fill an opening in defensive capabilities against these two conflict types offering  protection for applications and handling complement kernels.

Attackers can use ROP and JOP to execute malicious code to bypass operating-system security measures, such as non-executable memory and code signing.

Baidu Patel, director of the platform security architecture and strategy team in Intel's Software and Services group said, “ROP or JOP attacks are particularly hard to detect or prevent because the attacker uses existing code running from executable memory in a creative way to change program behaviour.”

"What makes it hard to detect or prevent ROP/JOP is the fact that attacker uses existing code running from executable memory. Many software-based detection and prevention techniques have been developed and deployed with limited success," Patel added.

CET works by introducing a shadow stack – which only contains return addresses, is held in system RAM, and is protected by the CPU's memory management unit. These shadow stacks are isolated from the data stack and protected from tampering.

CET focuses on CALL and RETURN instructions and compares a return address that is stored in the data with the shadow stack. If the addresses don't marry up, an exception is flagged.

According to Patel, a CET spec is a perfection of techniques that Intel and Microsoft have jointly grown over a past 7 years directed during anticipating a extensive counterclaim opposite ROP/JOP attacks.







Read more »

32 million Twitter accounts hacked

Around 32 million Twitter accounts were hacked by a user 'Tessa88@exploit.im'. According to LeakedSource website, some of those hacked passwords were even verified by the users.

However, Twitter rubbished all the hacking reports and said there was no breach in their systems, and they are working with LeakedSource to get the data.

While, Twitter has locked some users accounts that it suspects of being affected by the hack. In the meanwhile time,  the microblogging website is asking users to reset their account passwords as well.

Although they have not yet mentioned as to how many accounts it has locked. The Wall Street Journal reports that the number is in millions and that affected users have already received email notifications regarding the same.

"If your Twitter information was impacted by any of the recent issues - because of password disclosures from other companies or the leak on the "dark web" - then you have already received an email that your account password must be reset. Your account won't be accessible until you do so, to ensure that unauthorized individuals don't have access," said Twitter in a blog post.

Even after locking users accounts, the company still says that the user credentials were not obtained from a hack in its servers.

It revealed that "The purported Twitter @names and passwords may have been amassed from combining information from other recent breaches, malware on victim machines that are stealing passwords for all sites, or a combination of both."

Tessa88@exploit.im  sent 32,888,300 Twitter user credentials to the website LeakedSource.

Hacked twitter account consists of Twitter co-founder Evan Williams' account and Facebook CEO Mark Zuckerberg's.
Read more »

Mark zuckerberg’s social media accounts hacked due to weak password



Facebook founder and CEO, Mark Zuckerberg's Twitter, Instagram and Pinterest accounts were briefly hacked on Sunday (June 05) by a group calling itself ‘OurMine Team’, apparently using information from a major LinkedIn security breech that occurred in 2012.

This implies the social media guru reused passwords across multiple sites or perhaps that the format of the password he chose for other sites was guessable after breaking his LinkedIn login credentials.

A tech magazine, Engadget captured a tweet from OurMine revealing the password as ‘dadada’. Zuckerberg recently became a dad.

The group, whose principal Twitter account has since been suspended, then messaged him to say that it had found his password on a LinkedIn database of user details that was leaked online last month.

Both Twitter and Pinterest rapidly restored control of the accounts over the weekend, and the rogue posts have now been removed—though not before they were screencapped:

“Ouch. Mark Zuckerberg's social media accounts have been hacked pic.twitter.com/KvVmXOIg5s
— Ben Hall (@Ben_Hall) June 5, 2016”

Hopefully this time stronger passwords have been put up in the accounts.

The billionaire’s Facebook account was not affected.

"No Facebook systems or accounts were accessed. The affected accounts have been re-secured," said Facebook Inc. statement which was released on Monday (June 06).

The group said that it was just trying to alert Zuckerberg of the security flaw.

LinkedIn's 2012 breach was significant and embarrassing for the company, and resulted in the theft of millions of passwords and other user information. Users were warned at the time to change their LinkedIn passwords, and those on any other platform on which they were reused. This is clearly evergreen advice, as it isn't hard for a determined hacker to cross-reference someone's username and password information with other sites.

There's no evidence of any widespread damage stemming from the hacked accounts probably Zuckerberg hasn’t tweeted since 2012.

On Pinterest account, the name was changed to read: “Hacked By OurMine Team.”

Zuckerberg has accounts with several rival social media companies, such as Twitter and LinkedIn, but none of them are very active.





Read more »

Millions of MySpace and Tumblr accounts hacked

Hundreds of millions of hacked account details from social networks MySpace and Tumblr have been advertised for sale online.

Time Inc., owner of Myspace has confirmed that once a popular social media has fallen victim to hackers and has blamed the breach on a cyber attacker called 'Peace' from Russia.

It is the biggest hacks to date which has exposed around 360.2 million accounts with 427 million passwords of MySpace and 65 million passwords of Tumblr.
LinkedIn’s big breach exposed over 100 million accounts.

The passwords were stored in a modified form that was meant to protect them, but the technique used was relatively weak and it seems the vast majority have been cracked.
A LeakedSource revealed that user passwords were stored in SHA1 with no salting. This is bad, but so are the passwords that were in use.
Both MySpace and Tumblr’s login appears to have stolen several years ago but only recently came to light.
If you were a registered user before 2013, your information may have been compromised.
The Myspace database was provided by someone who goes by the alias Tessa88@exploit.im.
The Tumblr IDs come from a breach flagged by the Yahoo-owned blogging site on 12 May.
The firm goes on to blame the hack on 'Peace', who is also allegedly responsible for the recent high-profile hacks on LinkedIn and Tumblr.
This data set contains 360,213,024 records. Each record may contain an email address, a username, one password and in some cases a second password. Of the 360 million, 111,341,258 accounts had a username attached to it and 68,493,651 had a secondary password.
The website hasn’t been updated to included the MySpace breach yet.
Even adult dating site Fling was also breached in 2011 had exposed millions of id.

If you are still using one of these bad passwords, for crying out loud, change it. You can check to see whether you are affected on the LeakedSource database. µ
Read more »

Cyber attack On Iran's Statistical center

Recently on 24th May, hackers had targeted  The Statistical Centre Of Iran  and made it temporarily out of service.  Iran's cyber police claims to have traced the hackers IP addresses relating to three Arab countries including Saudi Arabia . 

Cyber police chief General Kamal Hadianfar stated that detailed report of all the IP addresses and exact locations of hackers from Saudi Arabia have been submitted , and ensured that the justice will be done pertaining to the crime . 

Hadianfar said,  "We monitored a cyber attack on May 24 which was conducted from three countries and led by hackers in Saudi Arabia and they launched deceive attacks on the Statistical Centre of Iran and of course such an attack is not important technically," 

Some of the speculations were made initially regarding involvement of extremist group ISIS, but Hadianfar dismissed any such link saying that, "The hacker already had a hacking record and was identified by FATA ".

Hackers were not able to steal any sensitive data or classified information , it was more of a show - off by Saudi Arabia, claimed head of Iran's  Civil Defence Oraganization, General Gholam Reza Jalali.

According to Al-Monitor, just day after reports of attack on Iran's statistic center emerged, hackers targeted two of the Saudi Arabian government website. Hadianfar said attack may have been orchestrated by emotional move and Iran has not carried out any "organized" attack.

Jalali mentioned that Iran will be conducting specialized war games in order to boost its cyber defense. 
Read more »

Restrictions on use of smartphones after data theft attempts in government Official placesattempted

After dealing with numerous hacking and data theft attacks from Pakistan and China, the Indian goverment has come up with policy for officials dealing with sensitive informations. 

There have been various limitations regarding use of smartphones by officials  which includes , not connecting any smartphone device to any official computer , they are not even allowed to charge phone battery through systems . Each and every device will have to be approved by seniors , a top government official said . 

The rules would be applied to armed forces, intelligence officials and personnel of the Central Armed Police Forces (CAPF).  According to Haribhai Parthibhai Chaudhary , Minister of State(Home), "Pakistan Intelligence Agencies were spying on Indian Security Forces by sending malwares in mobile apps such as Top Gun (Game App), mpjunkie (music App), vdjunky (video app), talking frog (entertainment App)." and he added,  “Indian Security forces have been sensitised about Pakistan ISI using dubious applications on smartphones and the government has asked various departments to take steps to prevent, detect and mitigate cyber attacks.”

A Union government note said “Use of personal devices must be authorised by competent authority with documented forms maintained to reflect approvals. This documentation should include information such as officer’s name, device approved and type of device.”and they  added  “under no circumstances these devices should be connected to any computer network or stand alone systems in the establishment.”" 

Elaborating more on this, the government note said "smart devices should not be allowed during sensitive meetings or briefings. Taking of pictures and videos, which may compromise the security of BSF assets and posting them on social media should be strictly prohibited.”
Read more »

Cyber attack knocked down hundreds of school networks offline in Japan


The Cyber attack knocked down hundreds of school networks offline in Japan was allegedly instigated by a student.

A 16-year-old high school student hacked the Osaka Board of Education server that took 444 elementary, junior high and high school networks offline afetr he was frustrated with his teachers.

According to the investigators the student used his cellphone to monitor the attack, and he wanted to join hacktivist group Anonymous.

Radware security researcher Daniel Smith said that student-launched attacks are becoming more common.

"We have been getting approached by education institutions or regional IT firms who say they are starting to see some increased attack activity," said Smith.

This attack was result of the aggression toward a school or staff member, others reasons include delaying tests, changing grades and manipulating the registration process to gain an advantage over other students.

"He wanted to show the vulnerabilities inside the college network," said Smith. "It was very simple for him to topple the network, and it caused a lot of issues for students and staff members."

Most of the attackers aims at student portals, admission processing sites, mail servers and sensitive databases holding personal information. 
Read more »

Tech-giant Microsoft steps in to combat terrorism



(pc-google images)

Tech-giant Microsoft has now braced itself to tackle the never-ending global issue of terrorism. With the internet proving to be a major conduit for terrorist groups to spread violence, Microsoft has reacted to this matter of concern.

In a blog post, Microsoft explained that its services are meant to empower people and not contribute to terrible acts. The company stressed on promoting values such as privacy, freedom of expression and the right to access information.

"Terrorism is one of the truly urgent issues of our time," said Microsoft. "We are committed to doing our part to help address the use of technology to promote it or to recruit to its causes."

“We are amending our terms of use – which already prohibit hate speech and advocacy of violence against others – to specifically prohibit the posting of terrorist content on our hosted consumer services,” the company said.

“There is no silver bullet that will stop terrorist use of the Internet,” Microsoft's vice president Steven Crown told a special Security Council debate on counter-terrorism.

Microsoft will continue using its notice and takedown process for removing prohibited content. Microsoft said it would remove links to terrorist-related content from Bing search results when the takedown would be required of search providers under local law.

"We will remove links to terrorist-related content from Bing only when that takedown is required of search providers under local law," said Microsoft.

The company also has plans to work with non-governmental organisations to offer alternative narratives in its search results.

Microsoft is one of the last major tech companies to issue anti terrorism policies .Twitter, Facebook and others in recent months have taken steps to crack down on the use of their sites for terrorist activity, hateful speech or content promoting violence.



Read more »
Subscribe to: Comments (Atom)