Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

'Amateurs Can Hack Online Flight Bookings,Get Free Ones'

(pc-Google Images)
Almost anyone having general computer skills can alter online bookings and steal flights, The issue lies with booking systems being too primitive, said German cyber security experts.

Online booking often provides more convenience for passengers, but ageing computer systems used for the purpose are vulnerable to fairly primitive hacks, added the cyber security experts.

Flight bookings worldwide are managed by a certain Global Distributed System (GDS) that connects travel agencies, online booking websites, airlines and passengers in a network. Amadeus, Sabre, and Travelport, the three largest GDS networks, administer more than 90 percent of the bookings as well as numerous hotel, car, and other travel reservations, according to Security Research Labs (SR Labs), a Berlin-based hacking research collective.

Online check-ins and the EU’s visa-free Schengen zone mean that most European passengers do not have to show their IDs at airports while traveling in the bloc. Changing departure time and email address increases the possibility that the actual passenger would know nothing of his data breach.

Nohl said that nothing happens if the hacker-generated booking code is wrong. Modern websites and computer systems actually limit the number of attempts to try a code from a single IP address, but archaic systems operated by many airlines have no such limit. “This is an industry-wide problem,” he asserted.

It is not the first time passengers’ privacy has been exposed as vulnerable to security flaws. In August, Sueddeutsche Zeitung said the names, credit card numbers and flight data belonging to millions of airline passengers in Europe could be accessed due to online security gaps revealed at Germany’s largest wholesale ticket.

While other online booking websites use randomly-generated codes that include both digits and letters, that was not the case at Aerticket, the newspaper reported. Aerticket reportedly eliminated the vulnerability within hours of the newspaper report.
Read more »

'DeriaLock Is Another Screen Lock Ransomware'

(pc-Google Images)
G Data malware analyst Karsten Hahn stumbled upon a new ransomware family named DeriaLock, which locks your screen and requests a payment of $30.

DeriaLock is from the first category, of ransomware families that lock your screen and prevent users from accessing their files or applications but leaving the data intact.

The screen locker window also includes two buttons that when clicked, provide translations of the ransom note in German and Spanish. Only the German translation button works.

Additionally, if users press the ALT + F4 keyboard shortcut to close the screen locker, a popup appears that reads: "I think that is a bad decision. Nice try mate =)"

The good news is that DeriaLock requires the .NET Framework 4.5 to be installed, which means it won't work on Windows XP machines.

UPDATE 1 [December 26, 2016]: Hahn spotted today versions of DeriaLock that encrypt users' files and add the .deria file extension at the end.

UPDATE 2 [December 26, 2016]: Michael Gillespie told Bleeping Computer that he found a way to recover files encrypted by the recent DeriaLock version that appends the .deria extension at the end of files. Victims should reach out to him via his Bleeping Computer profile or Twitter account.

UPDATE 3 [December 27, 2016]: Hahn detected a new DeriaLock version that threatens to delete a users' files if he doesn't pay the ransom and restarts his computer. The DeriaLock decrypter created by Gillespie still works.
Read more »

'Ransomware to get even worse now'

(pc-Google Images)
As if holding your data hostage and seeking cash payment weren’t harsh enough, security experts foresee the next stage of ransomware to be even worse.

Corey Nachreiner, CTO at WatchGuard Technologies, predicts that 2017 will see the first ever ransomworm, causing ransomware to spread even faster.

“In short, bad guys realize ransomware makes money, and you can expect them to double down in 2017,” he says.

Earlier this year, Microsoft warned of a ransomworm called ZCryptor that propagated onto removable drives. By placing a code on every USB drive, employees bring more than just their presentations to a sales meeting; they’re carrying a ransomworm — not the greatest impression you want to give a prospect.

Alex Vaystikh, cybersecurity veteran and co-founder/CTO of advanced threat detection software provider SecBI, thinks along those same lines. He says ransomware will become smarter and merge with information-stealing malware, which will first steal information and then selectively encrypt, either on-demand or when other goals have been achieved or found to be unachievable. Although ransomware is an extremely fast way to get paid as a fraudster/hacker, if you are also able to first steal some information before you encrypt the device, you can essentially hack it twice.

Vaystikh also forsees the first cloud data center-focused ransomware. In 2017, ransomware will target databases, causing significant downtime. There are not currently many hackers attacking corporate networks with ransomware; information-stealing malware is the preferred tool, he says.

“But what we might see in the coming year is ransomware targeting places where there is less chance of backup files being available. For example, I think we’ll see that SMBs who move their files to the cloud generally do not have backups and do not know how to recover. Specifically encrypting cloud-based data like this would have a significant impact on cloud providers and cloud infrastructures,” he says.
Read more »

How Safe Are Digital Payments After Demonetisation?

(pc-Google Images)
The spread of Digital India could be under threat from cyber attacks unless the government and people have understood that they need to change their approach towards cyber security.

E-wallets for instance are under constant threat from cyber criminals as they allow sending and receiving money (up to a limit) without proper verification. So fraudsters frequently use these wallets as an appropriate path to steal money.

Later, this money can be cashed with exchange agents which return physical money for the digital one making all this nearly untraceable as the only way to link the fraud to a person is the phone number and it is not a big secret that obtaining a SIM card with a fraudulent ID/Address proof isn’t very difficult these days, according to BugsBounty.com, which has India’s largest community ethical hackers at 10,000.

It expects to have up to 40,000 by the end of 2017. It is also the 4th ever platform in the world that allows an organisation public or private to host SaaS based bugs bounty programmes.

“Without a paradigm shift in the approach undertaken by organisations, both private and public’, it will be difficult to realise the true potential of Digital India,” said Ankush Johar, director, BugsBounty.com. In 2016 alone over 2,000 ATMs are likely to have been hacked and over 60 lakh debit and credit cards were potentially made vulnerable/hackable and over 40 lakh e-wallets are likely to have been vulnerable/potentially hacked (though for smaller amounts).
Read more »

US Expels 35 Russian Diplomats Over Cyber Attack Charges

(pc-Google Images)
The United States has expelled 35 Russian diplomats and closed two Russian compounds in the response to their alleged interference into last month's presidential elections.

The US declared the Russian diplomats accredited in the US persona non grata, giving them 72 hours to leave the country.

(Maria Zakharova/pc-Google Images)
“One can only hope that this was the last thing that the current administration does to spoil bilateral relations – the last strange, unwise decision. It targeted, among other things, ordinary people and their simple human joys – things which unite people all around the world. Practically everyone celebrates the New Year, but this is what the Obama administration did,” said Maria Zakharova, Russian Foreign Ministry Spokeswoman.

"I would like to note that people who have worked in the US for just 2 months were included in the list of diplomats and diplomatic Russian missions in the United States. How could they in any way be involved in undermining the US election, as evidenced by the [US] special services, in 2015 and spring 2016, cannot be understood", Zakharova added.

According to Zakharova, a total of 96 Russian diplomats and members of their families are forced to leave the United States.

Meanwhile, Russian President Vladimir Putin rejected a suggestion of the Foreign Ministry to expel 35 American diplomats in response to a similar move by the US. Putin said that Russia "will not expel anyone" in response to US sanctions and will determine further steps in restoring ties with the United States depending on the policy of President-elect Donald Trump.

“We took into serious consideration how our American colleagues and their families would feel. Especially their children, who are now preparing for the New Year and are on their Christmas holidays,” Zakharova explained. “They would have been cut off from their school programs and forced to pack their things and go back to their homeland in 72 hours. So we decided against it.”
Read more »

Data Breach Hits Star Wars Card Firm

(pc-Google Images)
Hackers have reportedly hit iconic collectable trading cards manufacturing firm Topps. Topps' products include Star Wars, Disney's Frozen, Top Gear and the UEFA champion league.

The maker of iconic collectable trading cards has said hackers could have stolen customers' credit and debit card numbers along with their associated security codes in a recent breach.

In an email to customers Topps wrote that on 12 October "one or more intruders gained unauthorised access" to its systems.

(pc-Google Images)
"[They] may have gained access to names, addresses, email addresses, phone numbers, credit or debit card numbers, card expiration dates and card verification numbers for customers [who made purchases] between approximately 30 July 2016 and 12 October 2016", it added.

"The really unforgivable aspect here is the loss of credit card details," said cyber-security expert Prof Alan Woodward from Surrey University."If this was an external attack, these details just should not be accessible or readable. An obvious question is, 'was the customers financial data encrypted?' If not that should attract some heavy attention from the appropriate regulators."

Topps declined to say how many people were affected or why the payment card numbers were at risk. It is yet to clarify details of the hack.
Read more »

Meath County Council Targeted By Hackers

(pc-Google Images)
We stand to discuss about the €4.3 million Meath County Council so-called “cyberattack” that emerged into the limelight just like Donald Trump’s 400lb hacker from his bedroom lair.

In brief, the Meath County Council was found victim of a specifically popular type of scam in which, an employee who has the control of accounts is sent a spoof message purporting to be from, for instance, the company chief executive. That person is asked to transfer a large sum of money into an account. The money is duly transferred to the scammers.

If in case, the whole thing comes to light fast enough, the shift can perhaps be retrieved or frozen, as was the case with the Meath mega-sum, now stuck in a Hong Kong account.

(pc-Google Images)
At every mention of the word cyber, my will to believe the world's literacy declines further. What makes media and communications people rush to use this particular word for about anything related to computers and the internet? With the Meath story, cyber was splattered everywhere. 

Mathematician Norbert Wiener’s 1948 book Cybernetics or Control and Communication in the Animal and the Machine, is acceptable to utilise ”cyber" in order to discuss cybernetics (should you be so inclined) or even cyborgs – short for cybernetic organisms.

And cyber also may be used at will if discussing William Gibson’s famed 1984 novel Neuromancer, which is known for introducing the term cyberspace to the world. The popularity of the novel, however, seems to be responsible for the release into the wild of all the unwanted silly cyber variations that taint our knowledge today.

Just because the novel passes for cool cyberpunk (arguably, an allowed usage) does not mean your use of cyber is cool. It almost certainly is not.

Nothing catches a wannabe geek desperately vying for street cred, a generalist in search of a trendy speciality, or an insecure self-promotional IT security professional like sticking "cyber" in front of a job title or using the word liberally in every reference to anything digital.

This is of course why governments, surveillance agencies and a host of makey-uppy experts wave the word around as legitimate with all aspects.

Because let's get this straight. If the term cyberattack is going to be forced on us at every level, it has to at least be in an appropriate context in which it is just about acceptable for security experts to sometimes use it. That means a major and debilitating attack using computers and the internet, by the most sophisticated of criminal hackers or those acting on behalf of a nation state.

Garden variety fraud 

It should not be extensively used because an email was used to perpetrate a garden variety fraud, as in the case of the Meath scam. It could just as easily have been a letter in the post, a text or a phone call. But in this case “the vector of attack" appears to have been an email. This uses basic social engineering – pretend to be someone you are not and sometimes a third party will be taken in and you’ll get useful information, access to networks, or money transfers.

By international measures, this was indeed a big scam. When the FBI sent out an alert last spring warning about a massive increase in these so-called CEO scams, it noted the average loss to duped companies was $25,000-$75,000.

Mattel – the giant multinational toy company – lost $3 million in 2015 to a CEO scam. Meath County Council nearly outperformed Mattel.

Incidentally, one common way of perpetrating these scams, according to the FBI, is free email services. Hack into someone in authority’s account, send an email seeming to come from that person . . . Just saying, maybe some of our politicians and State employees need to think again about those Gmail accounts they also use for business matters.
Read more »

Corporate Sector Struggles To Handle Cyberattacks

(PC-Google Images)
Major cyberattacks against organizations of various sizes seem to happen on a regular basis now. On Dec. 14, Yahoo announced the largest-ever data breach, involving around 1 billion customer accounts.

Despite the scale and harm from such attacks, there's wide recognition that corporate leaders, especially boards of directors, aren't taking the necessary actions to save their companies against these attacks. It's not just an issue of finding the right cyber-defense tools and services, but also one of management awareness and security acumen at the highest level, namely corporate boards.

"Our country and its businesses and government agencies of all sizes are under attack from a variety of aggressive adversaries and we are generally unprepared to manage and fend off these threats," said Gartner analyst Avivah Litan, a longtime cybersecurity consultant to many organizations.

"Some organizations do a better job than others, but those efforts are almost always led by CIOs, CISOs or business line managers and not by corporate boards, CEOs and executive management throughout government and the private sector," Litan added.

Unless senior partners, corporate boards and other senior stakeholders get their act together, the threat actors will continue to succeed.

Litan said what's needed is a national response and cyber protection plan, but said she fears that the federal government is "way too fragmented and politicized to make any real progress towards the execution of this goal."

Threats against national infrastructure, including the electricity grid, are "enormously serious," she added. "Unless senior executives, corporate boards and other senior stakeholders get their act together, the threat actors will continue to win. I'm not sure how many more wake-up calls we need in this country."

Litan's worries seem to have impacted some quarters of the corporate governance community. The National Association of Corporate Directors (NACD) recently released a survey of more than 600 corporate board directors and professionals that discovered only 19% believe their boards have a high level of understanding of cybersecurity risks. That's an improvement from 11% in a similar poll conducted a year earlier.

The survey also inferred that 59% of respondents find it challenging to overlook several cyber risks. The nonprofit NACD, which has 17,000 members, is working along with security awareness firm Ridge Global and Carnegie Mellon University to establish a Cyber-Risk Oversight program to educate corporate directors about the systemic risks of cyberattacks.

Litan suggests that education is important, but she also supports state and federal laws to require organizations to report cyber attacks so that customers and partners will know how to change passwords and make other adjustments to protect sensitive data.

At the federal level, a number of U.S. senators have backed breach notification laws, but no bills have passed congressional muster. President Barack Obama proposed such legislation in 2015.

With the January inauguration of Donald Trump as the next U.S. president, it remains a mystery whether a federal breach notification law will take effect in the next four years, or longer.


Read more »

North Korean Hackers Could Weaken US Pacific Command

(pc-Google Images)
A cyberattack by North Koreans could potentially knock out the computer network for the US Pacific Command, warned a report issued out by a South Korean state-run agency.

According to a report by the South Korean Defence Agency for Technology and Quality (DATQ), North Korea’s cyber warfare specialists could “paralyze” the networks for the U.S. Pacific Command’s control center and cripple parts of the U.S. power grid.

Pyongyang has around 6,800 cyber warfare specialists, according to the South Korean Ministry of National Defense. Some experts believe the North could have as many as 30,000 hackers in its employ.

"The enemy (North Korea) will seek to disable our cyber capacity at a critical point via an all-out cyberattack. ... It is crucial (for South Korea) to establish an asymmetrical cyber warfare capacity to overwhelm that of the North," the report said.

North Korea has been the primary suspect in a number of cyber attacks in recent years.

Local cyber expert Lim Jong In, a professor at the graduate school of information security at Korea University, said cyber terrorism appeals to poorer countries like North Korea, as it can be done on a relatively small budget but still has a large impact.

Cyber tension between North and South have recently escalated, amid a wave of allegations and cyberattacks.

The South Korean military reported that its cyber command, a division set up to prevent hacking, was breached by North Korea earlier this month. Over a period of several years, North Korea hacked into over 140,000 computers and breached the security systems of more than 160 South Korean firms and government agencies.
Read more »

Bangladesh bank heist: Police suspect IT technicians

(pc-Google Images)
One of the biggest bank hacks of 2016 was the Bangladesh bank hack. The hackers successfully broke into the Central Bank of Bangladesh and stole nearly $1 Billion, of which $81m (£65.9m) still remains unrecovered.

Mohammad Shah Alam, a Bangladesh police deputy inspector general who is heading investigations in Dhaka, went into some detail about how insiders at Bangladesh Bank may have helped in the execution of one of the world's biggest cyber-heists last February.

The suspect in this case are now considered to be IT technicians from the bank hooking up its transactions to the public internet, giving access to the hackers.

"There were a number of other things, which if the Bangladesh Bank people had not done, the hacking would not have been possible," said Alam.

Alam said he was focusing on why a password token protecting the SWIFT international transactions network at Bangladesh Bank was left inserted in the SWIFT server for months leading up to the heist. It is supposed to be removed and locked in a secure vault after business hours each day.The failure to remove the token allowed hackers to enter the system when it was not being monitored, first to infect it with malware and then to issue fake transfer orders, he said.

Alam said that he was waiting for "specific information" on any communications between the suspects and the hackers, which may help further solidify the case.

No suspects have been named or arrested yet. The Bangladesh bank, Swift and the FBI, which also launched its own probe into the attack, are yet to comment on that matter.
Read more »

Obama imposes sanctions on Russia

The Treasury Department of United States has announced the new sanctions against five entities and four individuals after President Barack Obama has signed the papers on Wednesday night.
In the executive order, the president said “additional steps to deal with the national emergency with respect to significant malicious cyber-enabled activities… in view of the increasing use of such activities to undermine democratic processes or institutions.”

The five institutions included in the list are: the Professional Association of Designers of Data Processing Systems, an autonomous non-commercial organization; Federal Security Service (Federalnaya Sluzhba Bezopasnosti or FSB); Main Intelligence Directorate (Glavnoe Razedyvatelnoe Upravelenie or GRU); Special Technology Center; and Zorsecurity, formerly known as Esage Lab or Tsor Security.

The list of sanctioned people includes:  GRU's  first deputy chief,  Vladimir Stepanovich Alexseyev; the deputy chief,  Sergey Gizunov; Igor Korobov, chief of the GRU; and Igor Kostyukov, the first deputy chief of the GRU. The Treasury Department included two other names to the list "for malicious cyber-enabled activities," Aleksey Alekseyevich Belan and Evgeniy Mikhaylovich Bogachev.

In retaliation for reports of harassment of US diplomats in Moscow, White House has expelled 35 Russian intelligence officials,  giving them 72 hours to leave the country. However, there is no correlation between both the cases.

“These actions follow repeated private and public warnings that we have issued to the Russian government, and are a necessary and appropriate response to efforts to harm U.S. interests in violation of established international norms of behavior,” Obama said in a statement.
Read more »
Subscribe to: Comments (Atom)