Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Russia
Anonymity Information Security News infosec Privacy Russia

Russians learned to circumvent the ban on anonymity in the Network


Russians learned to circumvent the ban on anonymity on the Internet using online services. Services give the customer a phone number for rent for a small amount for a few hours.

Information security experts found that the requirement of mandatory identification of users of messengers by phone number provoked the growth of anonymous verification services. Such resources can be used to spread malicious software or other fraud.

According to the technical Director of Qrator Labs Artem Gavrichenkov, such services provide users with mobile numbers for rent, among them, for example, sms-reg.com, getsms.online, smska.net, simsms.org and others. It costs from 3 to 300 rubles ($0.04 - 5), the rental period is from 20 minutes to several hours. Anonymous verification is available for Mail.ru, Vkontakte, Odnoklassniki, Avito, Yula, WhatsApp, Viber, Telegram, Facebook, Twitter, Yandex, Badoo, Mamba and others.

According to the expert, mobile operators of different countries use services, but judging by the errors in the English version of the sites, the services are aimed at a Russian-speaking audience.

Gavrichenkov is sure that the rented numbers can also be used to distribute illegal content or sell drugs on social networks and messengers.

"The services exploit gaps in government-approved rules for identifying users of instant messengers and social networks by phone number", said Mr. Gavrichenkov. Recall that on May 5, a government decree on the obligation of the owners of Messengers to identify the users of their resources by telephone number came into force in Russia.

The use of anonymous numbers can lead to increased fraud. So, using the generated accounts, anonymous users can make fake likes at posts to lure other users. Most often it is the posts that sell non-existent goods. The situation is the same with malicious applications.

To block all numbers of anonymous Internet portals it is not possible as their list is very quickly updated.

Read more »
supply chain attacks
malware Ransomware Ransomware Attacks. supply chain attacks

Rise of the Ransomware Attacks Leads to an Increase Extortion Demands of Cyber Criminals


As there happens a rise in the number of ransomware attacks doubled is the number of organizations surrendering to the extortion demands of cybercriminals in the wake of succumbing to such attacks particularly this year in contrast with the previous one.

As indicated by figures in the recently released 2019 CrowdStrike Global; Security Attitude Security, the total number of organizations around the globe that pay the ransom subsequent to succumbing to a supply-chain attack has dramatically increased from 14% of victims to 39% of those influenced.

While cybersecurity suppliers and law enforcements suggest that victims don't fund crime by surrendering to the blackmail requests/ extortion demands, at times organizations see it as the fastest and easiest method for re-establishing their networks.

In the UK explicitly, the number of organizations that have encountered a ransomware attack and followed through on the demanded price for the decryption key stands at 28% – twofold the 14% figure of the previous year.

Be that as it may, on the grounds that the victims are as yet paying the ransom – which normally amounts up to six-figure sum – cybercriminals will keep on directing ransomware campaigns and likely broaden them further, particularly as the possibility of them getting captured is low.

In any case, notwithstanding the accomplishment of ransomware attacks – particularly those that have undermined the whole infrastructure of entire organizations – there are some generally straightforward and simple methods for averting the attacks doing any harm.

In the event that organizations guarantee that every one of the frameworks and programming on the network is fixed with the most recent security updates, it goes 'a long way' to preventing ransomware attacks from being effective the same number of campaigns depend on the abuse of the known vulnerabilities.

Organizations ought to likewise guarantee that default passwords aren't utilized on the system and, where conceivable, two-factor verification ought to be applied as this will counteract any hacker who figures out how to break the system from moving around and causing more damage.

However, in case of a ransomware attack being effective, organizations can guarantee they don't have to make the payment by normally creating a backup of their system and guaranteeing that the backup is stored offline.
Read more »
Russia
Cyber Security Cyber Security awareness Information Security News Russia

Russian quality system made recommendations for the safe use of IP cameras


The Russian Quality System study says that wireless IP cameras that are used at home, in cafes and other public places can be hacked by attackers to obtain confidential data.

The organization found that cameras have many vulnerabilities, as well as other devices that connect to the Network, for example, smart refrigerators, coffee makers. Specialists of the Russian quality system reported numerous cases in which personal data fall into the hands of hackers due to the hacked Wi-Fi cameras. Hackers can connect to the cameras of a cafe or restaurant and see the victim’s keyboard and their passwords.

In addition, there was a case of hacking the casino’s Wi-Fi cameras when any person with sufficient technical skills could connect to them and observe the casino’s work from the inside, seeing people’s cards.

The vulnerability of wireless cameras is associated with the quality of software that manufacturers save on and the lack of data encryption. In addition, cameras are often managed from accounts for developers who use standard logins and passwords.

Often, the owners of the cameras themselves do not change the data for connecting to the camera, leaving the default passwords and thereby simplifying access to it.

"The cameras are often not thought out in terms of security, so it’s unlikely that they can completely protect themselves from hacking," said the hacker, who wished to remain incognito.

To reduce the risk of hacking IP cameras, the Russian quality system is advised not to save on them and buy cameras with data encryption. It is worth paying attention to the websites of manufacturers, as it is important that the camera model is supported at the moment. The page to which the recording from the camera is broadcast must be protected by the HTTPS protocol.

Experts also advise changing standard passwords, making them complex and limiting the number of devices from which you can connect to the camera.
Read more »
Hackers attack
cyber attack Defaced Website Hackers attack

Attackers hacked a Spanish TV channel and showed an interview with the separatist leader of Catalonia


Spanish state television company TVE on Wednesday said that last Thursday unknown attackers used an open portal on its website to air a Russia Today program about Catalan separatist leader Carles Puigdemont.

According to the representative of TVE, hackers did not break into any external cybersecurity barriers but took advantage of the “open door” on the site.

As the source noted, it is too early to talk about the identity and location of the attackers, since the investigation is not yet finished.

The interview shown last Thursday was watched by about 96 users. Puigdemont and former Ecuadorian President Rafael Correa participated in a program produced by the Russian state channel. 
In addition, in an interview, Puigdemont said that there is no option to resolve the problem of Catalonia, which would not include the independence of the region.

It is interesting to note that both of them fled to Belgium after legal proceedings were initiated against them in their home countries.

Earlier, the Spanish authorities found evidence that Russian groups actively used social networks to support the independence movement of Catalonia and tried to influence public opinion in an effort to destabilize Spain.

Russia Today editor-in-chief Margarita Simonyan said that the channel was not involved in the hack.
"Hackers broke into the Spanish channel "+24" and turned on our broadcast instead of them, Simonyan commented on her Telegram channel.

"We just had an interview with Puigdemont, the chief on the independence of Catalonia. We don't know who did it, but it was beautiful," noted she.

Russian hackers in recent years are suspected of interfering in the political affairs of many countries, including the United States, Britain and France.
Read more »
surveillance
APT20 China Cyber Security surveillance

Businesses over Various Countries become Victims of Threat 'APT20'


An Advanced Persistent Threat (APT) player expected to work from China from the last 2 years is silently targeting companies in the US and throughout the world in complete surveillance operations. Amongst its many targets are businesses in the flight, architecture, service, banking, health, transport businesses, and more, over 10 nations, including the United States, United Kingdom, Germany, China, and France. The threat is known as APT20, according to a report from Fox-It. "We say with great certainty that the threat is from a group from China and, it is probably supporting the interests of the Chinese government with stealing data for surveillance aim," says Fox-IT in a statement.


Fox-IT's report of APT reveals that in a few events, the hackers gained primary entrance to a target's system through a weak Network. Usually, the servers by which APT20 gained access had already jeopardized in an unrelated earlier intervention and had Network pods put upon them. APT20 utilized those Network pods for primary parallel mobility and surveillances. The group's other methods for getting primary entrance involve the use of phishing e-mails and corrupt movable media accessories. Similar to several different threats,

APT20's plan after getting a primary space is to attempt and collect and use entrance information of vested profiles, like those relating to businesses and domains manager. The organization has also used the administrator account to obtain the target system via its own Virtual Private Network (VPN). Fox-IT further says- Our research reveals that the threat uses a variety of design devices and legal assistance in its surveillance. Amongst the designing tools, it works on is one that gets data on software, public links. APT20 uses various tools for the attacks, some of which are: PowerShell, External Remote Services, Command-Line Interface, and WMI (Windows Management Instrumentation) and WAS (Windows Admin Shares).

The tools used by APT20 are authentic in all phases of the intervention series, from primary entrance and performance to exclusive acceleration and parallel flow, to endurance, support dodging, compilation, and filtration. The data on the attacks shows organs of the threat APT20 are most probably from China, that usually works for 8 hours every day, except the weekends.
Read more »
Honda
Data Breach Honda

Automotive Giant Honda Exposes 26,000 Vehicle Owner Records Containing Personally Identifiable Information of North American Customers


Subsequent to misconfiguring an 'Elasticsearch cluster' on October 21, the multinational conglomerate Honda exposed around 26,000 vehicle owner records containing personally identifiable information (PII) of North American customers.

Security Discovery researcher Bob Diachenko reached out to Honda's security team in Japan following which the team immediately verified the publicly accessible server within only a couple of hours.

The database records incorporated the customers' full names, email addresses, phone numbers, mailing address, vehicle make and model, vehicle VINs, agreement ID, and various service information on their Honda vehicles, the company later included that none of its North American customers' financial information, credit card information, or credentials were uncovered in the episode.

While the company responded instantly in the wake of being informed that the misconfigured Elasticsearch cluster was publicly accessible on the Internet, Diachenko says that their week-long public exposure "would have allowed malicious parties ample time to copy the data for their own purposes if they found it."

The Honda customers' information may be utilized in highly targeted phishing attacks later on if the information was spilled during the week the database was exposed.

Anyway this isn't the first episode for Honda for being involved with such occurrences, for in the past there were comparable circumstances experienced by the 'automotive giant', with the most recent one from July 2019 additionally including a publicly accessible ElasticSearch database that exposed about 134 million documents containing 40 GB worth of information on roughly 300,000 Honda employees from around the world.

Despite the fact that Elastic Stack's 'core security features' are free since May per an announcement made by Elastic NV, publicly accessible and "unsecured" ElasticSearch clusters are continually being spotted by security researchers while scouring the web for unprotected databases. "

This means that users can now encrypt network traffic, create and manage users, define roles that protect index and cluster level access, and fully secure Kibana with Spaces, “ElasticSearch’s designer’s state.

Nonetheless Elastic NV recommends database administrators to verify their ElasticSearch stack by "encrypting communications, role-based access control, IP filtering, and auditing," by appropriately configuring the cluster before conveying it, and by setting up passwords for the servers' built-in clients.

Read more »
User Security
Google Google Chrome Technology User Privacy User Security

Google Releases Chrome 79, Warns Users of Data Breach


Tech giant Google has issued warning of data leak for Indian and global users, after fixing Chrome 79 bug and re-issuing it later this week. Users were being sent notifications by the company via affected websites– through the means of pop-up alerts that started to appear on desktops, mobile phone screens and laptop screens; it forced users into reading the text which said that their passwords may have been exposed and hence they should change it immediately – "Change your password. A data breach on a site or app exposed your password. Chrome recommends changing your password for the site," the warning pop-up read.

As per sources, a bug affected data in select Android applications and Google had put on hold the release of Chrome 79. It was finally this week, Google's Chrome Releases blog confirmed the rollout of Chrome 79 for desktop and mobile platforms; Chrome 79 (79.0.3945.93) for Android comes with a fix for the WebView flaw and an assurance of improved defense against issues revolving around password protection of users.

According to the reports by media, the fix, "Resolves an issue in WebView where some users' app data was not visible within those apps. The app data was not lost and will be made visible in apps with this update."

WebView is a feature which is employed by various third-party applications to open a webpage, it ensures rendering of webpages within applications. However, here, Google Chrome is solely responsible for loading the content. PhoneGap and Twitter Lite are two apps that employ WebView functionality, as per AndroidPolice.

There have been various instances recorded in regard of the matter, nationally and globally, one such incident had a user trying to log into an e-commerce platform named 'Freshtohome' to shop fresh and chemical-free seafood as he received a pop-up warning him about the issue and advising to change his password.

In a similar manner, when one of India's media houses attempted to log into their portal, were faced with disruption and warnings began to pop-up onto the screen advising them the same.

In a public statement issued on Google threads, a Chromium engineer explains, "We are currently discussing the correct strategy for resolving this issue which will be one of: a) continue the migration, moving the missed files into their new locations. b) revert the change by moving migrated files to their old locations. We will let you know which of these two options have been chosen soon."
Read more »
Zeppelin
Cyber Crime Rasomware Trojan Zeppelin

Zeppelin Is Back! Ransomware Stealing Data Via Remote Management Software


Hackers are employing remote management software to steal data and exploit networks only to install “Zeppelin” ransomware on compromised devices.

Reportedly, “ConnectWise” is the name of the software that fabricates agents that are installed on target computers. Once the agent kicks off, the device appears on the ConnectWise Control Site management software.

"ConnectWise" is a remote management software generally employed by MSPs and IP professionals to acquire access and render support to remote devices.

The ransomware Zeppelin was recently per reports spread via “ScreenConnect” which is a desktop control tool basically in charge of remotely executing commands on a user’s device and managing it.

The ScreenConnect client was installed on a compromised station leading to a massive real estate company’s network being jeopardized.

The client that is named, ScreenConnect.ClientService.exe would run in the background undetected waiting all the while for a “remote management connection”.

The software was then used to execute numerous commands that harvest data from back-up systems and install malware, Trojans capable of stealing data, other exploitation tools to make the network more vulnerable and finally the Zeppelin ransomware to infect machines.

The attack starts with the execution of the CMD script that readies the device for the ransomware installation. A “registry file” is installed which “configures the public encryption key”, which is then used by the ransomware to disable Windows defender by deactivating several security mechanisms.

Per reports, the hacker would execute a PowerShell command that downloads the Zeppelin ransomware in form of a file by the name of “oxfordnew.exe or oxford.exe on the C drive of Windows in the “Temp folder” section.

In most cases, such ransomware attacks are employed by firstly hacking the MSP and then configuring the remote management software to wreak havoc.

Instead, here, the hackers themselves deployed the ScreenConnect software only to have complete control over the situation and making as much trouble as possible.

Ransomware is being used at high rates where repeated incidents of stealing data are coming in light. The hackers use the stolen data as a weight to get people to pay in exchange for it.

Zeppelin, Maze, and REvil are leading names in the ransomware market.
Read more »
Russia
Bank Cyber Security Bank Hacking Cyber Attacks Insider Threat Russia

Insider Threat : Employees of Russian banks are massively recruited to get data


In Russia, there are 73 services that recruit insiders in Russian banks. This information was shared by Darknet researcher Anton Staver.

"Many groups providing such services is due to the amount of work that falls on them," explained Staver. According to the researcher, services that recruit Bank employees receive up to 50 orders a day, which is enough for the existence of an entire industry.

The expert said that customers of such data are usually competitors of banks, jealous spouses of customers, as well as hackers and scammers. Scammers often asked to choose a list of victims with the big account balance. At the same time, according to Staver, recruitment is most often “carried out by specialized structures”.

The expert noted that recruiters receive from customers about 15 thousand rubles ($240) for one employee of the Bank. During the work, the recruiter receives the search criteria, after which the client receives the contacts of the necessary person in Telegram or Jabber. It takes about 5-7 days to search for an insider.

Pavel Krylov, who runs a company specializing in the investigation of cybercrime, agrees with the research data. "Fraudulent schemes using personal data are now successful and effective, so attackers are actively looking for insiders in banks," said the expert. He also noted that various criminal groups taking advantage of theft and withdrawal options use schemes with recruitment for monetization.

The cost of recruitment ranges from 7 thousand to 100 thousand rubles ($112-$1600) and depends on the complexity of the task. If the security service of the Bank works effectively, the price will be much higher. Employees are usually hired through social networks, instant messengers, personal contacts, LinkedIn.
Read more »
Twitter
cyber attack Hacking Twitter

Twitter Followers of the Epilepsy Foundation Targeted by a Mass Strobe Cyber attack


A series of mass cyber-attack occurred during the National Epilepsy Awareness Month, as the hackers circulated videos and pictures of 'flashing strobe lights' to a huge number of Twitter followers of the Epilepsy Foundation and obviously aimed to trigger seizures in those suffering with the disorder.

The foundation revealed 30 similar attacks in the first seven day stretch of November, and said it had documented complaints with law enforcement authorities, also including with the US Lawyer's Office in Maryland, where the group's headquarters are situated. It was very indistinct what number of users tapped on the videos and animated images known as GIFs.

In that attack, a Marine Corps veteran from Maryland, John Rayne Rivello, was accused for utilizing Twitter to send a GIF with a blinding strobe light to an epileptic author, Kurt Eichenwald, who had expressed his views through his writings fundamentally on Donald J. Trump and his supporters during the 2016 presidential campaign.

The journalist Kurt Eichenwald was sent a strobing image over Twitter that caused him to have an epileptic seizure

Mr. Eichenwald, who was a correspondent for The New York Times from 1986 to 2006, had composed an opinion piece in Newsweek featured as "How Donald Trump Supporters Attack Journalists."  and in his writing he portrayed the death threats he had received on the grounds that he had 'written critically' on Mr. Trump.

In December 2016, after production of the Newsweek piece, Mr. Eichenwald told the investigators that he once came across such a message from somebody distinguished as @jew_goldstein, which contained a strobe light GIF and an assertion in capital letters: "You deserve a seizure for your posts."

Looking at the strobe caused an immediate seizure that kept going around eight minutes.

Investigators discovered several digital clues which drove them to Mr. Rivello, including a message he had sent to some other Twitter users that read, "I hope this sends him into a seizure." They likewise found a screenshot on Mr. Rivello's iCloud account demonstrating Mr. Eichenwald's Wikipedia page with a 'fake' date of death just as a screenshot of a list of epilepsy seizure triggers that had been duplicated from an epilepsy data site.

Nonetheless Mr. Eichenwald filed a lawsuit against Mr. Rivello in the federal court in Maryland for battery and various other claims. The defense moved to reject it, contending to some degree that the battery claim couldn't be bolstered on the grounds that Mr. Eichenwald didn't claim that any physical contact had happened.

Be that as it may, Chief Judge James K. Bredar of the United States District Court in the District of Maryland allowed the lawsuit to continue, further writing that the “novelty of the mechanism by which the harm was achieved" didn't make the supposed activities any lesser degree of an unjust act.
Read more »
US
Data Leak Defense Privacy US

Data leak- Thousands of US defense contractors' data leaked !


A digital consultancy firm accidentally leaked personal information of thousands of defense contractor employees of United States due to A misconfiguration in cloud infrastructure .

 IMGE, a Washington DC based firm unintentionally revealed personal data like names, phone numbers, home and email addresses of more than 6000 Boeing staff as reported by The Daily Post.

 The employees whose data was leaked included defence staff, government relations staff, senior executives and even those who worked on prototyping unit on highly sensitive technologies.

 “This information was exposed as a result of human error by the website’s vendor,” a Boeing spokesperson told the news site. “Boeing takes cybersecurity and privacy seriously and we require our vendors to protect the data entrusted to them. We are closely monitoring the situation to ensure that the error is resolved quickly.”

 The data was collected by IMGE from a website called Watch US Fly, with the idea - “advancing and protecting American aerospace and manufacturing.” The website asks its users for contact details for future campaigns. The Daily Post reports that, Chris DeRamus, CTO of DivvyCloud, explained that cloud misconfigurations like this are increasingly common as many users aren’t familiar with cloud security settings and best practices.

“It is especially concerning that the database contained information about 6,000 Boeing employees, many of whom are heavily involved with the US government and military, as the exposed data is more than enough information for cyber-criminals to launch highly targeted attacks against those impacted to gain more confidential government information,” he added.

 “Companies who manage large amounts of sensitive data, especially data related to government and military personnel, need to be proactive in ensuring their data is protected with proper security controls. Companies must adopt robust security strategies that are appropriate and effective in the cloud at the same time they adopt cloud services – not weeks, months, or years later.”
Read more »
Subscribe to: Comments (Atom)