Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Cyber Criminals spent $1200 of Bulgarian Woman's money on their Facebook Ads

A Bulgarian Woman was using Facebook for targeting her business. She made advertising regularly to increase quantity of customer. She also has linked her bank card as a primary payment method for Facebook Ads account.

It appears, that someone else used her profile and spent her money. The person whoever behind the attack used her money to promote his/her business.

The money was used to post Facebook advertisements on Chinese goods.

According to the cyber threats specialist Eugene Kotzev, it comes to cyber attacks, if attacker uses the same network, which victims use. It gives opportunity to redirect traffic on computer. Experts advised people not to use public Internet networks, which are used by them to pay online.

- Christina
Read more »

Young Ethical Hacker From Murmansk Invited To study At A Prestigious University In St. Petersburg

Ilya Glebov, 17 year old Student from the Murmansk region school who received around ₹2,00,000 from Vkontakte and ICQ reward for finding the vulnerability in the social network, has been invited to study at a prestigious university in St. Petersburg.

During the Unified State Exam preparation, he found the vulnerability in those social networks and reported it to the developers. Ilya didn't score much in his exam, he got only 69 points (max = 100 points) in mathematics because he was very fascinated with the search for vulnerabilities in the Internet. So, the bug that he found not only earned him a large amount of cash but also helped him to get into the University.

Danil Zakoldaev, the head of the Department of Computer System Design and Security said that Ilya has an inquisitive mind, and for 17 years old student he made serious research. The University understands the importance of his future education. They hope that Ilya can be a very high-caliber specialist after 4-5 years education.

According to the tradition of the University, Ilya wrote a letter with wish for the next six years education: "I don't know what to wish. But i want to become famous". Ilya wants to practice his profession in information security after graduation. He is sure that he has a talent for it. Ilya is interesting in Programming from secondary school.

- Christina
Read more »

Hacker from Tatarstan fined after attempting to hack Authority's server of Kursk republic

The Federal Security Service of the Russian Federation (FSB) detains Shohrukh Ruzmetov,  a 20-year-old Hacker who is accused of launching hacking attack against the server of Kursk republic administration.

According to the local news report, the hacker used some kind of malicious program against the network to gain access to the server. It is said the programmers noticed the attack and informed FSB about the incident.

On August 15, the hacker was brought to trial.  He was found guilty and charged with "Creation, distribution or use of computer programs that are deliberately designed for unauthorized destruction, blocking of computer information".

The court sentenced him to pay a fine.  The fine amount was not specified.

- Christina


Read more »

Android bootloaders vulnerable to attacks

A team of nine computer scientists from the University of California, Santa Barbara discovered vulnerabilities in Android bootloader components from five major chipset vendors that break the CoT (Chain of Trust) during the boot-up sequence, opening devices to attacks.

Components of android bootloaders are generally hard to analyze because they are closed-source and tend to lack typical metadata (such as program headers or debugging symbols) that are usually found in normal programs and help reverse engineering and security audits.

But the researchers focused on developing a new tool named BootStomp which was specialised in helping test and analyze bootloaders.

“The goal of BootStomp is to automatically identify security vulnerabilities that are related to the (misuse of attacker-controlled non-volatile memory, trusted by the bootloader’s code. In particular, we envision using our system as an automatic system that, given a bootloader as input, outputs a number of alerts that could signal the presence of security vulnerabilities. Then, human analysts can analyze these alerts and quickly determine whether the highlighted functionality indeed constitute a security threat.”

By using BootStomp, the research team found seven flaws, including six new and one previously known (CVE-2014-9798). Of the six new flaws, bootloader vendors already acknowledged and confirmed five.

"Some of these vulnerabilities would allow an attacker to execute arbitrary code as part of the bootloader (thus compromising the entire chain of trust), or to perform permanent denial-of-service attacks," the research team said. "Our tool also identified two bootloader vulnerabilities that can be leveraged by an attacker with root privileges on the OS to unlock the device and break the CoT."

For their work, researchers considered five different bootloaders from four different vendors.

- Huawei / HiSilicon chipset [Huawei P8 ALE-L23]

- NVIDIA Tegra chipset [Nexus 9]

- MediaTek chipset [Sony Xperia XA]

- Qualcomm's new LK bootloader

- Qualcomm's old LK bootloader

The researchers also found a vulnerability in the NVIDIA chipset, and five in HiSilicon bootloaders.
Read more »

The first master's degree program in VR and AR was opened in Russia


September 1, The first master's degree program in VR and AR was opened in Vladivostok(a city and the administrative centre of Primorsky Krai, Russia) - Game Development & VR. The Academy training will be held in the Russian Far East Federal University.

Training is carried out as part of the project of the Agency for Strategic Initiatives "Cyber Russia". Students will develop the latest software and will introduce technologies of augmented reality in various directions.

Previously Dmitry Zemtsov, Vice-rector in development of University, said that by the year 2020 over hundred demand specialist in VR and AR will finish the University.

As a reminder, in July, the head of Sberbank, German Gref, proposed to establish in Russia training program "Blockchain technology" for students.

He stated that Bank will no longer hire employees, who can not work with artificial intelligence. He recalled that instead of the information age came digital.

The emergence of big data technologies represents a watershed, which allows you to work with massive amounts of data. According to Gref, only North America, China and Russia could take full advantage of globalization's potential.

- Christina

Read more »

India issues alert on Locky ransomware

The Indian government has issued alert warning citizens of the spread of a ransomware called Locky. The ransomware spreads via spam emails and 2.3 lakh infected messages are believed to have been sent by those behind the campaign.

The alert, issued on Cyber Swachhta Kendra, said it has been reported that a new wave of spam mails is circulating with common subject lines to spread variants of Locky Ransomware.

“Alert regarding spam spreading Locky ransomware issued today by @IndianCERT...,” Electronics and IT Additional Secretary Ajay Kumar tweeted.

Over 23 million infected e-mails filled with dangerous malware were sent in the space of just 24 hours this week to the US workforce on Monday (August 28).

The e-mails have vague subjects such as “please print”, “photo”, “documents” and “images” among other titles. However, the subject texts may change in targeted spear phishing campaigns. The messages also come with a ZIP file attached to it, and if you see any such messages from a suspicious looking e-mail address do not click on it.

According to a report by US researchers, the malware payload was hidden in a zip file containing a Visual Basic Script (VBS) file, which once clicked, will download the latest version of Locky ransomware- the recently spotted Lukitus variant- and encrypts all the files on the infected computer.

The cybercriminals through this ransomware can lock you out of your computer and demand ransom for unlocking them. Ransomware is a malicious software and the Locky Ransomware is learnt to be demanding ransom of half bitcoin, which at present rate is equivalent to £1,862 or over Rs 1.5 lakh.

The ransomware was once considered almost defunct.

Researchers at US-based cybersecurity firm AppRiver, who discovered the new campaign touted it as “one of the largest malware campaigns in the latter half of 2017”.
Read more »

Three Lithuanians hackers detained for stealing sensitive data from plastic surgery clinic

Three citizens of Lithuania, among which there are professional programmers, were arrested on Wednesday. According to Lithuanian Criminal Police Bureau, the suspects stole client database and demanded ransom from clinic and clients. Finally, they made public more than 25 thousand private photos, including photos of naked body, names, surnames, photos before and after surgery, and another personal information of patients of Lithuanian plastic surgery clinics "Grozio Chirurgija".

It's important to note that, at first, the hackers demanded a ransom from the clinic, but administration refused them. Then criminals published photos on the Internet, and patients of the clinic confirmed that this is photos of them. Since then, hackers demanded a ransom (from 50 to 2000 euros) from clients. In addition, a few hundred people gave money for photos to hackers.

Evgenii Papantonopulo, Deputy Director of the Scientific-technical center "ATLAS", commented: "Cyber crime is a well established, highly yielding innovative business. All large enterprises, especially medical institutions, are under daily attacks. At the same time, the estimate of the number of leaks by industries showed that a quarter of all cases is the medical sector".

Unknown user on Russian Forum said that this situation gravely hurts image and prestige of clinic and, apparently, clinic did not spend enough money on cyber protection.

The Deputy Prosecutor General of Lithuania noted that the investigation in this case was quite complex and large.

- Christina
 
Read more »
Hackers Arrested
Cyber Crime Report Hackers Arrested

Trial Of a Group Accused Of Hacking Transport Card System "Troika" To Resume On September 12



Trial of Russian hackers who are accused of hacking transport card system "Troika" and other transport cards is postponed from 31 August to September 12. The accused are Denis Kazmin, Yury Putin and Pavel Andryushin.

The group bought the details of the Turnstiles (like in metro) for the creation of malicious software. After studying the working process of Turnstiles, they developed a program in Object Pascal Programming language, namely "Terminal.exe" "ATMega128_BackDoorBootLoader.asm".

The program allowed them to get information of the carrier, memory dumps and access keys from the Turnstiles located at one of the Moscow station. The information were used for adding money to transport card and sold the card.

The hackers may receive 3 to 4 years of imprisonment

Experts were surprised, according to them, transport card fraud is a rare, because in this way you can not earn big money. The whole damage amounted to 2 million rubles.

It's interesting to note that in May 2016 another Russian researcher Igor Shevtsov did research and wrote an article(https://habrahabr.ru/post/301832/) about a critical vulnerability of transport card "TROIKA".

He explained how to fake balance of the card and how travel on public transport for free.  It took him 15 days, he used Android smartphone with NFC chip. He also created an android application TroikaDumper to exploit the vulnerability. The Representatives of Moscow metro contacted with the researcher and fixed the vulnerability after few days. The article written by Shevtsov is now removed.

- Christina
 
Read more »

WikiLeaks publishes information on CIA’s new hacking toolset

The WikiLeaks whistleblowing platform published new documents on Thursday from the Vault 7 series, which contain information on the hacker tool which the CIA used to load and execute implants targeting computers using Microsoft Windows operating systems.

Dubbed as CIA Angelfire, the project is a malware framework developed to infect Windows computers. 

The leaked Angelfire user guide shows that Windows XP and Windows 7 are vulnerable to the exploit toolkit but it’s not clear whether or not Windows 10 users are safe from it.

According to the manual, Angelfire is made up of five components, including Solartime, Wolfcreek, Keystone (previously MagicWand), BadMFS, and the Windows Transitory File system, each with its own purpose:

↦ Solartime - Malware that modifies the boot sector to load Wolfcreek.

↦ Wolfcreek - Self-loading driver that can load other drivers and user-mode applications.

↦ Keystone - Component that's responsible for starting other implants (a technical term for malware).

↦ BadMFS - a covert file system that is created at the end of the active partition. AngelFire uses BadMFS to store all other components. All files are obfuscated and encrypted.

↦ Windows Transitory File System - a newer component that's an alternative to BadMFS. Instead of storing files on a secret file system, the component uses transitory (temporary) files for the storage system. 

WikiLeaks describes the Angelfire project as follows:

“Like previously published CIA projects (Grasshopper and AfterMidnight) in the Vault7 series, Angelfire is a persistent framework that can load an execute custom implants on target computers running the Microsoft Windows operating system.”

The CIA reportedly uses Angelfire to load and execute malicious user applications on target computers. One of the tool's components modifies the boot sector, allowing the implants to be downloaded simultaneously with Windows' boot time device drivers. Loaded implants never touch the file system, so it is rather difficult to track the process.
Read more »

711 million email accounts leaked by Spambot

A malware researcher has discovered a spamming operation spambot that could target more than 711 million email addresses.
The Spambot was first discovered by a Paris-based security expert, Benkow. But was brought to wider attention by the ZDnet news site.
Troy Hunt, head of “Have I Been Pwned” (HIBP), a website where you can see if your email or username has been exposed by a security breach or not,  says that this is “largest single set of data” he has ever added to his website.
Hunt wrote in his blog post, “The one I'm writing about today is 711m records which make it the largest single set of data I've ever loaded into HIBP. Just for a sense of scale, that's almost one address for every single man, woman, and child in all of Europe.”
And he tweeted, “Write-up is out! From Onliner Spambot to millions of email's lists and credentials https://t.co/yuBuZTvM3l #HaveIBeenPwnedpic.twitter.com/0AxaJf12YE

The spambot can bypass spam filters because it uses leaked email addresses. According to Benkow, “thousands of valid SMTP accounts give the spammer a nice range of mail servers to send their messages from. There are many files like this too; another one contained 142k email addresses, passwords, SMTP servers and ports.”
Read more »
hacker news
DDOS Attacks hacker news

Hackers' attempt to bring down Rostelecom failed


 

At the end of August, a powerful DDOS attack was launched against Rostelecom, a largest Internet provider in Russia.  According to the local news report, the experts from the company managed to detect and defend the attack within 8 minutes.

If the attack was successful, it coulld disrupted the usage of 170,000 customers and disrupted the work in Kirov region.  Moreover, this attack would have done economic and reputation damages for the Rostelekom.

It is to note that "Rostelecom" is serving a large number of users: about 130,000 people use the Internet, 44000 use the interactive TV, another 300000 use telephony. The customers not only include normal users but also a corporates which includes largest ones.

"Our company has powerful monitoring tools, we can identify these attacks, reflect them and, in most cases, determine where the attack has been initiated. Generally, the purpose of these attacks is to create problem for service provider and users, limiting their access to the Internet, in order to cause commercial and reputation risks.", The technical Director of "Rostelecom" in Kirov region, Alexey Dolzhenkov said.

It is still unknown who is behind this attack, the experts are gathering evidence of the attack.

- Christina

Read more »
Subscribe to: Comments (Atom)