Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Iranian hackers
Cyber Crime FBI Iranian hackers

Department Of Homeland Security Monitoring the Apparent Hack of a Government Website


The Federal Depository Library Program website, run by the Government Publishing Office recently fell victim to a hacking operation being referred to as "defacement" by a senior administration official.

The website makes federal government records and data accessible to the public, including an image that is speculated to have been the reason behind the hack. The website is offline and the Department of Homeland Security is now monitoring the whole situation.

Gary Somerset, the chief public relations officer for the US Government Publishing Office says, "An intrusion was detected on GPO's FDLP website, which has been taken down. GPO's other sites are fully operational. We are coordinating with the appropriate authorities to investigate further,"

Despite the fact that the authorities didn't comment on who could be behind the hack, the site on the fourth of January displayed a picture of President Donald Trump bleeding from his mouth with an Islamic Revolutionary Guard fist in his face.


The picture showed up alongside the claim that is a message from the Islamic Republic of Iran, and that the webpage was "Hacked by Iran Cyber Security Group Hackers." The text is in Arabic, Farsi, and English and passes on a message of support for "oppressed" people in the Middle East.

While Sara Sendek, a spokesperson for DHS's Cybersecurity and Infrastructure Security Agency further added, "We are aware the website of the Federal Depository Library Program (FDLP) was defaced with pro-Iranian, anti-US messaging. At this time, there is no confirmation that this was the action of Iranian state-sponsored actors. The website was taken offline and is no longer accessible. CISA is monitoring the situation with FDLP and our federal partners."

According to sources, the FBI is yet to comment on the matter.

Read more »
ransomware.
DeathRansom malware ransomware.

DeathRansom, started as a mere joke is now encrypting files!


A ransomware strain named DeathRansom, which was considered a joke earlier, evolved and is now capable of encrypting files, cyber-security firm Fortinet reports. This DeathRansom after becoming an actual malware, was backed by a solid distribution campaign and has been taking victims daily in the last two months.

 Initially considered a joke - didn't encrypt anything 

 When it was first reported in Nov 2019, the DeathRansom version didn't encrypt anything and was deemed a mere joke. The infection left a simple ransom note and even though some people fell for the scam and paid the ransom demand, it didn't do much anything else. All the user had to do was to remove the second extension from the file to regain access.

 Now, a new version is released that actually works and will encrypt your files! 

 The developers seems to have evolved the malware further with a solid encryption scheme that works as an actual ransomware. According to Fortinet, "the new DeathRansom strains use a complex combination of Curve25519 algorithm for the Elliptic Curve Diffie-Hellman (ECDH) key exchange scheme, Salsa20, RSA-2048, AES-256 ECB, and a simple block XOR algorithm to encrypt files."

 Researchers and security experts are searching leek ways and implementation faults in the ransomware.

 The DeathRansom Author

 Fortinet examined the DeathRansom source code and the websites distributing the malware payloads and were able to track down the ransomware author and developer. The developer is a malware operator linked to various cyber crimes campaigns over the past few years. Prior to DeathRansom, the malware operator used to infect users with multiple password stealers (Vidar, Azorult, Evrial, 1ms0rryStealer) and cryptocurrency miners (SupremeMiner).

 Fortinet linked these crimes to young Russian named Egor Nedugov, living in Aksay, a small Russian town near Rostov-on-Don. Fortinet said,"They are very confident they found the right man behind DeathRansom, and that they found even more online profiles from the same actor which they didn't include in their report."

 As of now, DeathRansom is being distributed through phishing emails. Fortinet says it's working on finding any faults in the encryption scheme of the ransomware and creating a free decrypter to help victims.
Read more »
Xiaomi
Camera Security Breach. Privacy Security Xiaomi

Privacy Alert! Xiaomi's Security Cameras Not All That Secure?


If you think that if you have a security camera at your home then you are safe, you are absolutely wrong to sleep on your chair so freely!

Xiaomi instantly hit headlines when one of its security cameras displayed stills of a man sleeping on a chair.

Xiaomi, the global giant known for its great products at a low price per reports, had launched a “Home Security Camera” earlier. With increase in the use of security cameras the aspect of privacy and security are still a major concern.

The Home Security Camera by Xiaomi which offers a 1080p recording, infrared night vision, AI motion detectors ad lots more apparently was too high-tech when it displayed pictures from other cameras from “Google Nest Hub”.


Reportedly, the issue surfaced when a user reported that his Xiaomi Security Camera displayed still images from someone else’s camera on the Google Nest Hub of “a man sleeping in his chair”.

Allegedly, the user mentioned that the firmware the “Nest hub” and the “Xiaomi Security Camera” were freshly bought and working on the version 3.5.1_00.66.

Google, as a result of this case disabled Xiaomi integrations on its devices. Users could link the Xiaomi Home Security Camera to their Google accounts and access the Nest devices via the Mi Home application.

Xiaomi immediately, stunned with Google’s response apparently, issued a statement mentioning that they had fixed the issue and that in fact the issue happened owing it to a “cache update”.

The update which was supposed to make the security cameras better in terms of improved streaming quality ended up displaying images “under poor network conditions”.

Per sources, the company cited that over 1000 users had the above mentioned “integrations” and only a “few” with tremendously poor network were majorly affected.

Eventually, the service got suspended by Xiaomi as it mentioned to Google, allegedly.

It goes without saying that the conditions in which this incident took place are extremely rare and the entire satiation is under investigation by the security team of Xiaomi and that the issue wouldn't occur at all if the cameras are linked to the Mi Home app.

Xiaomi also profoundly cited that for them, users’ privacy and security has always been paramount. The issue about the reception of still images while connecting to Mi Home Security Camera on Google Home hub is deeply regretted for. They also apologized for it profusely.



Read more »
Technology
Russia Sweden Technology

The Russian Embassy in Sweden responded to the Swedish Minister's statement about "Russian trolls"


The Russian Embassy in Sweden reacted to an interview with Swedish Minister of Energy and Information Technology Anders Igeman to the TT Agency, in which he said that "Russian trolls" who are opponents of 5G technology attacked his Facebook.

Russia is open for cooperation with Sweden, especially with those of its representatives who are not looking for "Russian trolls". The embassy of the Russian Federation in Sweden wrote about this on Tuesday on its Facebook page.

"We would like to assure the Minister of the fallacy of his opinion that the development of 5G technology in our country is associated with a negative impact on public health. On the contrary, we are open to cooperation with Swedish partners in this area, especially with those who do not suffer, as Anders Igeman, from paranoia in search of "Russian trolls"," said the Embassy.

Anders Igeman said on Monday that an information attack was committed on one of his posts on Facebook organized by opponents of the development of the country's fifth generation of mobile communication 5G. Almost 2 thousand comments were left to this message instead of several hundred. As the Minister himself noted, the content of most of the comments suggests that someone is interested in creating a negative information background around the topic of the development of a new generation of communication. Igeman believes that the "Russian trolls" did this.

"We are especially pleased that Anders Igeman connects the increased interest in his publication about 5G with our country. Judging by the scope of the reaction, almost all Russians who speak Swedish responded to the recent post of Minister!", wrote the representatives of the diplomatic mission.

The Embassy promised to subscribe to the updates of the Swedish Minister and to closely monitor his activity in social networks.

At the same time, representatives of the Embassy expressed hope that Sweden will consider Russia not a threat, but a potential partner.
Read more »
veterans.
Cyber Crime military personnel Scam veterans.

Military Personnel and Veterans - faced the worst hit by scammers loosing 405 Million dollars since 2012



It's easy to trick anyone in a financial scam but hackers and scammers found their favorite victims in militants and veterans. According to a new report analyzed by the Federal Trade Commission (FTC) and Better Business Bureau, nearly one million militants and veterans in the US have been conned of 405 million dollars in different scams since 2012.



The Losses
The loss by Army personnel accounts for up to 142 million dollars, this loss by Army personnel records up to 64% of the total loss in scams since 2012. This was followed by a loss by the Navy, losing 62 million dollars. Meanwhile, loss by Airforce and Marine stands at $44,257,654 and $24,976,528 respectively. Veterans also suffered great losses, 60% of the total loss.

The worst-hit states

The state Virginia was the most impacted, with the highest number of reports recorded standing at a number of 70,047. Most of these were duped by a retailer who tricked army personnel and veterans into paying $5 for legal protection.

Some of the prominent scams

Bank and lender scams were the highest, with a loss of 111,709,530 dollars. The next one and among the most common scam that conned veterans were the fraudulent employment variety. Such scams were reported for over 270,000 since 2012. In these cases, scammers send emails to new veterans offering them jobs as civilians.

They claimed of having the job offer on popular boards like LinkedIn. After hiring, they asked the newly appointed individual to buy equipment from a website (operated by fraudsters). The veterans were assured that they will receive the amount for the equipment back but to no avail.
Other scams reported during the last seven years included identity theft, imposter scams, and advanced payment for credit services.
Read more »
Technology
Internet isolation law Russia Technology

The Internet isolation law will save the Russian Federation from isolation from the World Wide Web


In 2019, Russia took a number of measures to ensure the security of the information sphere, which in recent years has become the main means of foreign intelligence services to spread lies. First Deputy Chairman of the Federation Council Committee on Foreign Affairs Vladimir Dzhabarov noted that Russia should ensure security in the cyber environment to exclude any possibility of using the global Network against the interests of the state.

"Now it is important not just to control, but to understand and prevent any attacks against the government. The upcoming year will be aimed at ensuring security in the field of IT technologies not only in Russia but also around the world," said the Senator.

He explained his point of view on the example of the law on the isolation of the Runet which came into force on November 1, 2019.

Dzhabarov stressed that the document was adopted not to isolate Russia from the World Wide Web, but to protect the Runet from external threats and various technological disasters that could endanger the reliable functioning of Russian life support systems. In other words, to ensure the independence of the Internet in the country.

“If we feel that we are being blocked, we will take retaliatory measures. We have many rivals. First, of course, the NATO countries, because everything depends on security,” the politician concluded.
In addition, there was a bill introduced by members of the Federation Council to the State Duma. The document proposes to block users of e-mail services and messengers that distribute information prohibited by Russian law. Such activities pose a direct threat to society and the state. Vivid examples are social networks such as Facebook and Twitter, which are the main sources of misinformation. The draft law is currently under consideration.

Earlier, the head of the National Values Protection Fund Alexander Malkevich said that Russia needs a cybersecurity strategy, and announced a forecast for the development of this sphere for 2020. He noted that the state has made a big step forward in countering cyber attacks, but there is still much to do. In his opinion, all the relevant structures should unite to repel any attacks on the cyber borders of the Russian Federation.
Read more »
Shitcoin Wallet
Chrome Extension Crypto Wallets Cyber Fraud Google Chrome Shitcoin Wallet

Google Chrome Extension, Shitcoin Wallet found stealing passwords and crypto-wallet keys


MyCrypto platform reported that Shitcoin Wallet, a Google Chrome extension was injecting JavaScript code on web pages, in order to steal passwords and keys from cryptocurrency wallets.


The extension, Shitcoin Wallet, Chrome extension ID: ckkgmccefffnbbalkmbbgebbojjogffn, was launched last month on December 9. With Shitcoin Wallet, users managed their Ether (ETH) coins, and Ethereum ERC20-based tokens -- tokens usually issued for ICOs (initial coin offerings) either from the browser or by installing a desktop app.

Malicious Behavior with the extension

Harry Denley, Director of Security at the MyCrypto platform, discovered that the chrome extension isn't what it promises to be. He found malicious code within the extension. In a blog, ZDNet reported that "According to Denley, the extension is dangerous to users in two ways. First, any funds (ETH coins and ERC0-based tokens) managed directly inside the extension are at risk.
Second, the extension also actively injects malicious JavaScript code when users navigate to five well-known and popular cryptocurrency management platforms. "

 Danley, said that the extension traffics all the keys on its system to a third party website at erc20wallet[.]tk.

 The malicious code works by the following process

1. The user installs the chrome extension Shitcoin Wallet.
2. The extension request permission to inject the malicious JavaScript code to 77 websites.
3. If the user navigates to any of these 77 websites, it injects an additional code.
4. The code activates on five websites: MyEtherWallet.com, Index. Market, Binance.org, NeoTracker.io, and Switcheo.exchange
5. After activation, the code saves the user's login credentials, keys, and other data then siphon it to a third party.

It is not constructively clear yet if the Shitcoin Wallet team is responsible for the malicious behavior or a third party infiltrated the extension. The Shitcoin Wallet team is silent on the allegations and has yet to give any comments on the matter.

Desktop App

Both 32-bit and 64-bit installers are available for the user to download on the extension's official website. VirusTotal, a website that aggregates the virus scanning engines of several antivirus software makers, showed that both versions were clean. But on a warning note, the desktop app may contain the code or something even worse.
Read more »
National cyber security strategy
Cyber-security Economic crisis Ireland National cyber security strategy

Warning! Ireland's National Cyber Security Strategy; Fight Against Cyber-Crime


Ireland is all set to fight cyber-crime with its recently updated “National Cyber Security Strategy” which is way ahead of the last one the nation had.

This security strategy is just a way to meticulously ensure that the Irish netizens fully enjoy their digital rights and contribute to the internet society.

Per sources, the report cites that any minor or major cyber-attack on the multinational titans of the technological world could directly harm the security of data centers of the county.

The nation’s economic as well as political future depends on its cyber-security. The forthcoming Irish elections could be hindered easily if it were left to un-secure cyber-points.

Per reports, Ireland happens to hold more than 28% of the European Union’s data which in turn, in turn, is the headquarters of numerous big-time technology companies across the globe.

Hence, it is of the utmost importance to keep the country’s networks and devices essentially secured and tight against cyber-attack which is the aim of the Irish “National Cyber Security Strategy”.

If any of the prestigious institutions were to be even slightly compromised it would pose a direct threat to the business encompassed within the EU which in turn could lead to an economic disaster.

Ireland has never been too strong in terms of its cyber defense tactics and strategies as proven by the various attacks it has faced over the years.

Allegedly, the Cyber Security Strategy clearly mentions the challenges the Irish government faces especially regarding sensitive information.

Earlier the concepts of cyber-security were restricted to devices and networks that functioned on the internet wherein the targets could have been technology giants or other individuals.

But ever since the diaspora of the cyber-world and the evolution that it’s enjoyed ever since there are more serious matters that need attention like the electoral processes and other legislative tasks that need excessive secure conditions.

Irish military infrastructure, public sector security, the Irish political processes and almost every other thing that requires interconnected networks and devices, are all strong at the mercy of a safe and secure cyber environment.

Therefore it’s imperative for the nation to completely and effusively realize every single part of the strategy to their utmost capacity.
Read more »
Phishing Attacks
Cyber Crime Hacking Phishing Attacks

Email Server of Special Olympics of New York Hacked; Later Used To Launch a Phishing Campaign


A nonprofit organization committed towards competitive athletes with intellectual inabilities, The Special Olympics of New York as of late at the Christmas holidays had their email server hacked which was later utilized to dispatch a phishing campaign against past donors.

Promptly as the issue surfaced a notification was sent by the nonprofit to reveal the security episode to the people influenced, asking the donors to dismiss the last message received and clarifying that the hack just affected the "communications system" that stores just contact information and no financial information.

"As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies," email notification from Special Olympics New York told donors.


The phishing messages conveyed by the attackers were 'camouflaged' as an alert of an approaching donation transaction that would consequently debit $1, 942, 49 from the target's account within two hours.

Utilizing such a brief span outline enabled the phishers to initiate a 'sense of urgency' intended to make the Special Olympics NY donors click on one of the two installed hyperlinks, links that would, as far as anyone knows, divert them to a PDF rendition of the transaction statement.

The phishing email used a Constant Contact tracking URL that redirected to the attackers' landing page. This page has since been brought down, however, it was in all likelihood used to steal the donors' credit card subtleties.


"Please review and confirm that all is correct if you have any questions, please find my office ext number in the statement and call me back," the phishing emails said. "It is not a mistake, I verified all twice. Thank you, have a great weekend."

Shockingly so, this isn't the first, historically speaking, episode where such a ‘mishappening’ was recorded, as the Tokyo 2020 Summer Olympics staff additionally gave an admonition cautioning of a phishing campaign that conveyed emails intended to look like they had originated from the Tokyo Organizing Committee of the Olympic and Paralympic Games (Tokyo 2020).

And additionally said that the malignant emails probably diverted the beneficiaries to landing phishing sites or tainted the victim's PCs with malware whenever opened.

Read more »
Vulnerabilities and Exploits
API Bug Bug Bounty Programs Security flaw Vulnerabilities and Exploits

Indian Security Researcher Finds Starbucks API Key Exposed on GitHub



Developers at Starbucks left an API (Application Programming Interface) key exposed to hackers with no password protection that could have been used by them to gain access to internal systems and consequently manipulate the list of authorized users. Hackers could have exploited the vulnerability in several ways which allowed them to execute commands on systems, add or remove the listed users and AWS account takeover.

The key was discovered by Vinoth Kumar who is an India security researcher, he happened to locate the open key in a public GitHub repository and responsibly reported it to Starbucks on 17th October via HackerOne vulnerability coordination and bug bounty platform. While reporting the same, HackerOne told, “Vinoth Kumar discovered a publicly available Github repository containing a Starbucks JumpCloud API Key which provided access to internal system information.”

“While going through Github search I discovered a public repository which contains JumpCloud API Key of Starbucks.” the expert himself told.

The key would have allowed an attacker to access a Starbucks JumpCloud API and hence the severity of the flaw was all the way up to critical. Colorado-based JumpCloud is an Active Directory management platform that offers a directory-as-a-service (DaaS) solution that customers employ to authorize, authenticate and manage users, devices, and applications. Other services it provides include web app single-on (SSO) and Lightweight Directory Access Protocol (LDAP) service.

The issue had been taken into consideration by Starbucks very early on, however, Kumar tends to take note of the same on October 21 and told that the repository had been taken down and the API key had been revoked. As soon as the company examined Kumar's proof-of-concept of the flaw and approved of the same, the expert was rewarded with a bounty worth US$4,000 for responsibly disclosing the vulnerability.

While commenting on the matter, Starbucks said, “Thank you for your patience! We have determined that this report demonstrates “significant information disclosure and is therefore eligible for a bounty,”

“At this time, we are satisfied with the remediation of the issue and are ready to move to closure. Thank you again for the report! We hope to see more submissions from you in the future.”
Read more »
Wyze
Cyber Crime Data Breach Wyze

Seattle- based Wyze alleged of data breach: Unpaired all devices from Google Assistant and Alexa


Seattle-based smart home appliance maker Wyze, which is popular for selling its products cheaper than its competitors, has been accused of a data breach and trafficking the data to Alibaba Cloud servers in China.




In response to the alleged data breach against its production database, Wyze logged out its users out of their accounts and has strengthened security for its servers.
 "Customers endured a lengthy reauthentication process as the company responded to a series of reports claiming that the company stored sensitive information about people's security cameras, local networks, and email addresses in exposed databases.", stated Android Police.

Texas-based Twelve Security, a self-described "boutique" consulting firm, claimed of a data breach against Wyze's two Elasticsearch databases on Medium yesterday. The data has come from 2.4 million users from the United States, United Kingdom, the United Arab Emirates, Egypt, and parts of Malaysia.

The data included, email addresses, firmware versions, and names of every camera device in a household, time of devices' last activation, times of users' last login and logout, account login tokens for users' Android and iOS devices, camera access tokens for users' Alexa devices, Wi-Fi SSID, and internal subnet layout. Some users who also gave out more information, their info was also tracked, their height, weight, gender, bone health, and protein intake were also exposed.

Twelve Security also posted that Wyze was clearly dealing with and trafficking data through Alibaba Cloud servers in China. Video surveillance news blog IPVM along with Twelve Security could spot devices and accounts linked to their staff those reviewed Wyze products. They chose not to inform Wyze about this breach before going public because of the negligence of the company and probable link to Alibaba and previous security blunders.

Wyze in response to these allegations logged out the users from their accounts but posted in their community forum that it failed to verify a breach. Wyze also denied any relation with Alibaba.

But later it posted that the breach was caused by an employee and was a "mistake" and the affected customers can expect an email from the company and as a caution,n the company logged out all users and they'll have to log in again with two-factor authentication.
Read more »
Subscribe to: Comments (Atom)