Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Philippines asks Bangladesh for cyber heist probe results

The Finance Secretary of Philippines, Carlos Dominguez has asked Bangladesh government to share the findings of its investigation into how unknown hackers pulled off one of the world’s largest cyber bank heists, to help speed up recovery of the stolen funds.

Dominguez and other Philippine officials who met with a Bangladesh high-level delegation last week led by Anisul Huq assured them that Philippines was committed to help find the cash.

Philippines has already recovered $15 million from $81 million heist from a gaming junket operator and the delegation thanked them for this generous effort.

The money recovered was returned to Bangladesh, with a further $2.7 million frozen.

Cyber criminals tried to steal nearly $1 billion from Bangladesh Bank in February and made off with $81 million via an account at the New York Federal Reserve. The money stolen was authenticated by the SWIFT message system, widely used by financial institutions. The money was transferred to four accounts with false names at one RCBC branch in Manila before vanishing. Most of the money was laundered through Philippine casinos.

The episode highlighted vulnerable links in the payment network underlying the global financial system.

Bangladesh Bank has declined to disclose the findings of its own inquiry, saying it wanted to deny perpetrators knowledge of the investigation.

Philippine President Rodrigo Duterte, who had earlier pledged the stolen money would be returned, cancelled a meeting with the Bangladesh team because of “pressing matters”. Meanwhile, when Bangladesh’s ambassador in Manila, John Gomes was asked if the findings of the probe would be shared with the Philippines government he said: “No one asked us anything yet.”

However, Philippine central bank deputy governor Nestor Espenilla said that Bangladesh officials have committed to send initial updates on the probe to strengthen Philippines case in the court which it was fighting on behalf of Bangladesh.
Read more »

Cyber attack struck down Talk Talk and Post Office routers


Thousands of Talk Talk and Post Office customers were hit by a cyber attack in the U.K. when the internet access was struck targeting certain types of internet routers.

The assault had used the same malicious software, “Mirai worm” that took some of the world's most popular websites offline in October and this time it began on November 27 affecting about 100,000 of its customers.

Talk Talk confirmed the attack and said that it was working on a fix. However, it did not tell how many of its broadband subscribers were hit but confirmed that a minority were affected on Thursday (December 01) as well. Both companies are working on a fix.

The hack had recently caused major disruptions to the internet, TV and phone networks through Germany’s Deutsche Telekom, leaving 900,000 of its customers affected.

This hack works by exploiting a weakness in customer routers with malicious viruses able to get through unsecured ports. It involves the use of a modified form of the Mirai worm - a type of malware that spreads via hijacked computers, which causes damage to equipment powered by Linux-based operating systems.

Several models of router are vulnerable to the latest cyber-assault, including the Zyxel AMG1302, which is used by the Post Office.

Due to the attack, the routers were unable to provide connections to their customers.

Customers from both Talk Talk and the Post Office complained the companies had done little to inform them of the problems.

It is not yet known who is responsible for the attack, but it is similar in kind to that of the Dyn domain name server, which resulted in dozens of websites including Twitter, Reddit and eBay being taken offline for hours in October. Mirai was involved in the October attack too. Cyber criminals exploited vulnerabilities in internet connected cameras and video recorders to take control of them and launch a distributed denial of service attack.

Though, no personal data is compromised in such attacks, which affect the infrastructure of websites and computer servers still if you have been affected by the hack, the best course of action is to reboot your router. From there, users should create a new password for the device.
Read more »

VindowsLocker Ransomware mimics tech support scam


Phone-based Windows support scams have been going on for at least six years despite repeated warnings from Better Business Bureau, Royal Canadian Mounted Police, the FBI, and Microsoft themselves.

Now, the tech support scammers are too taking on their data hostage by targeting unsuspecting internet users with a combination of social engineering and deception. The malicious tactic has evolved from cold calls to fake alerts and most recently, screen locks. Tech support scammers have now added ransomware to their attack arsenal.

AVG security researcher Jakub Kroustek first spotted the ransomware which he named VindowsLocker based on the file extension it added at the end of all encrypted files (.vindows). The VindowsLocker ransomware uses the AES encryption algorithm to lock files with the following extensions:
txt, doc, docx, xls, xlsx, ppt, pptx, odt, jpg, png, csv, sql, mdb, sln, php, asp, aspx, html, xml, psd

To attack, the victims are called upon by hackers claiming to be a Microsoft support rep that is checking up on reports of errors or a malware infection on the victim's computer. The caller then asks the victim to download a diagnostic tool, usually a legitimate remote support app like LogMeIn Rescue or Teamviewer. A connection is established to the "troubled" computer and then the smoke and mirrors routine begins.

Thereafter, commands are run. Files and lengthy text logs are displayed on the screen, which indicate a serious problem. For a fee, of course, the scammer will gladly take care of everything. They'll even offer to install a "protection package" to keep the victim safe down the road. The victim is asked to call a phone number provided and talk to a tech support personnel, which is different from most ransomware families that employ a Dark Web portal to handle payment and decryption operations.

Now, Malwarebytes and independent security researcher @TheWack0lian have released a free decryption tool to help victims of a recent ransomware attack recover their data from cyber criminals employing a tech support scam technique. VindowsLocker which surfaced last week works by connecting victims to phoney Microsoft technicians to have their files encrypted using a Pastebin API.

This ransomware stands out from all others because it uses tech support scams and it extorts larger payments from the victims.
Read more »

Apple to use drones to improve maps data


Since its launch in 2012, Apple Maps has come a long way yet has not been able to surpass its rival Google Maps which is why now it has decided to hop drones on its mission.

Apple has got approval from Federal Aviation Administration (FAA) to use drones for data collection. The drones will be flown overhead and capture critical street information, including signs and traffic changes during which it will capture photos, videos and other traffic data.

The tech giant has also acquired startup Indoor.io for indoor navigation features, like views inside buildings, to improve its Map service and catch longtime leader Google. It is said that the company will also make improvements to car navigation.

Drone capture could prove important to Apple AAPL -0.93% as it works to improve its Maps application running on iOS and MacOS devices. After capturing the data from streets both in the U.S. and abroad, it can then be transmitted back to Apple’s team and its information uploaded to the Apple Maps servers. The drones would replace the existing fleet of camera-and-sensor ladened minivans to collect data.

According to Bloomberg’s report, Apple is said to want to use the drones to examine street signs, monitor road changes as well as see if areas are under construction.

Apple, like Google and Microsoft's Bing, currently uses cars equipped with cameras and sensors to travel and record mapping data. By switching to drones the company could conceivably record this data faster and thus more quickly update and improve Maps.

Apple's move toward drones isn't indicative of any future commercial drone plans. Apple has planned to use drones from manufacturers such as DJI and Aibotix.

The Cupertino, California-based company was vastly criticized when it had launched the Maps four years ago for having inaccurate information and poor driving directions following which its CEO, Tim Cook had apologized and suggested users try out other options like Google Maps which was previously bundled with Apple’s mobile operating system. Apple lacked the technology needed to quickly suck in data from many different sources to evaluate and change the digital maps.

Since then, Apple has made strides towards improving the app’s accuracy and data and has added more information, including traffic and transit data. Over the years, it had included Street View feature which lets users see images of addresses but it is still considered inferior to Google Maps.

Looking ahead, Apple could possibly hit the market with its new improved mapping system sometime next year along with a tool which would tell users when and where to change lanes during navigation.
Read more »

German elections may be disrupted by Russia


Germany's spy chief, Bruno Kahl warned that state-sponsored hackers aligned with Russia may disrupt German elections taking place next year by spreading campaigns of misinformation and hacking government emails which could undermine the democratic process.

Kahl, president of the German Federal Intelligence Agency (BND), added that the entire Europe was on focus of disruption but presently the danger was hovering more over Germany.

In an interview to a daily, Süddeutsche Zeitung on Tuesday (November 30), Kahl said that his agency knows of “cyber attacks that have no other point than causing political insecurity.” He told that pressure on public discourse and democracy is "unacceptable."

"The perpetrators are interested in delegitimising the democratic process as such, regardless of who that ends up helping," Kahl said, adding that the attacks may come "from the Russian region" where he claimed hacking is "at least tolerated or desired by the state."

Kahl also claimed to have already witnessed targeted email spoofing campaigns orchestrated by foreign hackers although admitted attribution remains tough.

The head of Germany's domestic BfV intelligence agency told Reuters earlier in November that authorities were concerned that Russia may seek to interfere in Germany's national elections through the use of misleading news stories.

Earlier, German Chancellor Angela Merkel also warned that social bots software used by Russian hackers might manipulate public opinion by spreading fake news.

In the wake of a suspected cyber attack on Deutsche Telekom on Monday (November 29), Merkel said: "such cyber attacks, or hybrid conflicts as they are known in Russian doctrine, are now part of daily life and we must learn to cope with them."

Merkel faces a challenge from the anti-immigrant Alternative for Germany (AfD) party which has said the EU should drop sanctions on Russia and that Berlin should take a more balanced position towards Moscow.

During the U.S. presidential elections too, intelligence officials believed that votes were manipulated by Russian authorities by hacking into Democratic National Committee emails which Russian officials denied. These incidents have sparked fear of nation-state influence on elections.

Some critics say a proliferation of fake news helped sway the US election in the favour of Republican Donald Trump, who has pledged to improve relations with Russian President Vladimir Putin. Defeated Democratic candidate Hillary Clinton accused Trump of being a Putin “puppet”.
Read more »

Cybersecurity Firm Proficio raises $12 Million Funding

(pc-Google Images)
Proficio, a Carlsbad-based startup providing cybersecurity protection services for middle market companies, has raised $12 million in an investment round led by Kayne Anderson Capital Advisors. The Los Angeles-based private equity firm provided funding from its Kayne Partners Fund Group, which invests in high-growth technology businesses.

It is the first major capital raise for Proficio, which previously took in about $1 million, said co-founder and President Tim McElwee.

“They haven’t done anything in cyber, and they have been looking to get involved in the cybersecurity space,” said McElwee. “We are excited to be partnering with Kayne Capital as we accelerate the next phase of Proficio’s growth.”

“Proficio is changing the way organizations meet their information technology security and compliance goals by providing the most advanced cybersecurity solutions without the cost and complexity of acquiring sophisticated software or operating a 24x7 security operations center on their own,” said Nate Locke, a Kayne partner who will join Proficio’s board of directors, in a statement.

With the funding, Proficio aims to expand in its current markets of North America and parts of Asia, as well as spread into additional regions such as Europe and other parts of Asia. The company also plans to expand its cybersecurity technology platform, adding new services for advanced analytics, threat intelligence and incident response.

Founded in 2010, Proficio provides managed cybersecurity services on a subscription basis to customers in banking, health care, utilities, credit and consumer businesses.
Read more »

Locky Ransomware Spreads Through Facebook,LinkedIn

(pc-Google Images)
A new ransomware has spread into social networking sites Facebook and LinkedIn through graphic files and images. The new type of ransomware, Locky, is being distributed by a new attack vector called ImageGate.

Few researchers from CheckPoint says that Locky understands the flaws in the treatment of images by Facebook and LinkedIn and uses it to their advantage by making users download malicious codes through the pictures which eventually hijacks computer exactly when you open them. The ransomware encrypts your files and attackers don’t give the back to the user until a certain amount is paid.

Dikla Barda, Check Point Research team wrote, “The attackers have built a new capability to embed malicious code into an image file and successfully upload it to the social media website. The attackers exploit a misconfiguration on the social media infrastructure to deliberately force their victims to download the image file. This results in infection of the users’ device as soon as the end-user clicks on the downloaded file.”

Check Point added that it will release further details about the vulnerability once the affected websites confirm they have fixed the flaw.
Read more »

Hackers stole Tesla car using App

A team of hackers in  Norwegian cyber security firm have demonstrated how the cyber-criminals can easily exploit  the security of the Tesla's car by just compromising the car's companion smartphone application.

The cyber security researchers of the firm Promon used a laptop to remotely unlock the Model S's doors, start the electric car and drove away unhindered without using the key. They successfully managed to do so by hacking a car owner's smartphone.

The company published a video that  exposes the vulnerabilities in the Tesla app, which is commonly used by owners to check the battery level and charging status, identify the  location of their car,  for temperature regulation before getting in, and flash the lights to help find the car in a car park.
The app is available for both Android and iOS phones.

The hackers first convince the owner to download a malicious app onto their phone and then create a free and open Wi-Fi hotspot close to a Tesla charging station.

Tom Lysemose Hansen, founder, and CTO at Promon, said: “Keen Security Labs' recent research exploited flaws in the CAN bus systems of Tesla vehicles, enabling them to take control of a limited number of functions of the car. Our test is the first one to use the Tesla app as an entry point, and goes a step further by showing that a compromised app can lead directly to the theft of a car.”

Within few days of the demonstration, Tesla sent a software patch to fix that flaw.

“Our test is the first one to use the Tesla app as an entry point, and goes a step further by showing that a compromised app can lead directly to the theft of a car,” Hansen said.

“By moving away from having a physical car key to unlock the door, Tesla is basically taking the same step as banks and the payment industry. Physical tokens are replaced by ‘mobile tokens,’” Hansen said. “We strongly believe that Tesla and the car industry need to provide a comparable level of security, which is certainly not the case today.”
Read more »

Irish Law Firms Suffer 50 percent Rise in Cyber Crimes

(pc-Google Images)
A new research has shown that there is 50 percent increase in the cyber-attacks in Irish law firms. Per the study, three out of every ten firms have suffered a cyber-attack in the past 12 months.

The data shows that more than half of the attacks were caused by malware, while 35 percent involved ransomware, a program that blocks access to computer systems until a sum of money (ransom) is paid.

Amárach Research conducted the survey, drawing data from 107 law firms during September and October. Although the names of the firms were not revealed, 13 of the country's top 20 firms, 17 mid-tiers and 77 small firms were involved.

The report states that : "Law firms present a particularly attractive target for cyber criminals. Firms hold sensitive and potentially valuable data about individuals and corporates and may have significant client account balances on hand. Losing client data or funds or having sensitive and confidential information exposed may be the most frightening outcome for a law firm resulting from a cyber-attack."

"Earlier this year it was reported that law firms were the targets of espionage by hackers who tried to obtain merger and acquisition details to facilitate insider trading. Firms acting in this area are likely to remain at risk from both cybercriminals and nation state attacks."

The report described cybercrime as “a clear and present threat to legal practices in Ireland”, warning attacks will occur more frequently.
Read more »

DOD shakes hand with white hackers

After the huge success of the “Hack the Pentagon”  bug bounty pilot,  organized for the hackers across the country to report and find vulnerabilities in Department of Defense networks in return for huge cash payments, The Department of Defense  has launched two unique initiatives to further strengthen the  cybersecurity of DOD.

The US Department of Defense (DoD) and HackerOne have collaborated officially a  bug bounty program where researchers will have all the freedom to report bugs or flaws they discover in its websites without any fear of prosecution.

 "This policy is a first of its kind for the US Government," HackerOne says. "With DoD's new vulnerability disclosure policy, hackers have clear guidance on how to legally test for and disclose vulnerabilities in DoD's websites outside of bug bounty challenges. This new initiative underscores DoD's commitment to working in partnership with the hacker community to improve security."

The name of the program is  “see something, say something." Defense Secretary Ashton B. Carter said that the program focuses on  improving the  cyber security of the Pentagon’s unclassified, public-facing networks.

“This is a historic moment for hackers and the U.S. government,” said Katie Moussouris, founder of Luta Security and an adviser to the Pentagon on the new policy. “For the first time since hacking became a felony offense over 30 years ago, the Department of Defense has now opened the doors for ongoing vulnerability disclosure from helpful hackers who want to help secure these systems without fear of legal prosecution.”

But the DoD  has issued certain guidelines for the reaseachers.

“Your activities are limited exclusively to –
(1) Testing to detect a vulnerability or identify an indicator related to a vulnerability; or
(2) Sharing with, or receiving from, DoD information about a vulnerability or an indicator related to a vulnerability.”

Here are ten commandments released by the Department of Defense for demonstrating compliance with its policy:


  1. You do no harm and do not exploit any vulnerability beyond the minimal amount of testing required to prove that a vulnerability exists or to identify an indicator related to a vulnerability.
  2. You avoid intentionally accessing the content of any communications, data, or information transiting or stored on DoD information system(s) – except to the extent that the information is directly related to a vulnerability and the access is necessary to prove that the vulnerability exists.
  3. You do not exfiltrate any data under any circumstances.
  4. You do not intentionally compromise the privacy or safety of DoD personnel (e.g. civilian employees or military members), or any third parties.
  5. You do not intentionally compromise the intellectual property or other commercial or financial interests of any DoD personnel or entities, or any third parties.
  6. You do not publicly disclose any details of the vulnerability, indicator of vulnerability, or the content of information rendered available by a vulnerability, except upon receiving explicit written authorization from DoD.
  7. You do not conduct denial of service testing.
  8. You do not conduct social engineering, including spear phishing, of DoD personnel or contractors.
  9. You do not submit a high-volume of low-quality reports.
  10. If at any point you are uncertain whether to continue testing, please engage with our team.
Read more »

U.S. tries to bust myth on cybersecurity skill shortage


The U.S. government has released a data which shows that the shortage of cybersecurity skills is a myth and that its own job fair organized by the Department of Homeland Security this summer was a success. However, experts are wondering if the event was an outlier or a sign of optimism.

The cyber security skills shortage has been discussed in many different ways over the recent years. The U.S in October 2015 planned to hire 6,500 people with cyber security skills by January 2017 and it hired 3,000 by the first half of the year. The two-day long job fair was organized as part of the hiring effort in July which was aimed at filling critical positions to protect Nation’s cyberspace. Angela Bailey, the chief human capital officer at DHS wrote in a blog post on Monday (November 21) that the event garnered "over 14,000 applicants and over 2,000 walk-ins" and culminated with more than 800 candidate interviews and "close to 150 tentative job offers within two days. Close to 430 job offers have been made in total, with an original goal of filling around 350 positions.”

The experience of the U.S. government seems to counter to what industry studies say is actually going on. A report published by Intel security a day before the job fair pointed to a talent shortage crisis of cyber security skills.

Meanwhile, Gunter Ollmann, CSO for Vectra Networks, said although the event "was pitched under the banner of cyber security it is not clear what types of jobs were actually being filled," and some positions sounded more "like IT roles with an impact on cybersecurity, rather than cybersecurity-specific or even experienced infosec roles."

CISO and CTO for Core Security, Chris Sullivan also agreed that the DHS event may not be indicative of the state of the cybersecurity skills shortage.

David Foote, co-founder and chief analyst at Foote Partners, is also skeptical of the government's findings, and says there's really no unemployment among people with cyber security skills, "so why would they go to a job fair?"

According to Foote, the government pays far less to cyber security experts then firms do which is why it may be focusing on hiring people it can train and not on hiring someone with experience and who would command much higher salaries than can government offer.
Read more »
Subscribe to: Comments (Atom)