Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Security
CyberCrime Hacking Measurement instruments SCPI Security

Hacked! SCPI Protocol Vulnerabilty; Measurement Instruments Could be Hacked!


A leading cyber-security firm recently alerted all the netizens about a vulnerability discovered in the measurement tools that support the Standard Commands for Programmable Instruments (SCPI) protocol, mentioned reports.

According to sources, SCPI is an ASCII-based standard especially crafted out for the purposes of testing and measurement machines that came into existence in 1990.

SCPI still happens to be used quite a lot given its easy and user-friendly interface and the inclusion of commands that could help alter any setting on the devices.

In recent times, most of the measurement devices are connected to networks and in some cases even to the internet. Hence, SCPI’s holding no authentication mechanism is a matter of risk and insecurity for all its users.

Per sources, when one of the major cyber-security research firms ran analytic research on SCPI they uncovered all the devices that use it and therefore are vulnerable to cyber-crime.

Per reports, the aforementioned measurement devices encompass of multimeters, signal analyzers, oscilloscopes, data acquisition systems, and waveform generators.

The researchers carried forward their analysis on different brands and different products of the same type and came across the fact that all the vendors’ products could be equally susceptible to cyber-attacks of similar nature if they used SCPI.

A multimeter was analyzed by the researcher wherein they found that its web and other interfaces were quite easily available and were very easy to get to as they were neither password-protected nor had any security functions by default.

Therefore, any cyber-attack that even a basic attacker plans could have a high possibility of success as the “configuration panel” could be very easily accessed and the password could be changed to anything in accordance with the attacker’s whims.

And as if all this wasn’t enough, the attacker could actually configure the measurement instruments to cause physical harm to people. The devices could be set to show illogical and unsystematic text any number of times, as well.

Per sources, the memory of the measurement instruments could be written for a definite number of times but incessant writing could lead to the devices’ physical distortion which couldn’t be reversed without changing the parts.

The power supply units of the devices could also be easy targets for attackers, according to sources, and could trigger DoS leading to physical corruption of the device.

Read more »
WhatsApp
Pavel Durov Telegram Vulnerability Vulnerability and Exploits WhatsApp

Pavel Durov again warned about the danger of using WhatsApp


Pavel Durov claims that the hacking of the iPhone of Jeff Bezos, the richest man in the world, occurred due to vulnerabilities in WhatsApp. Facebook which owns the messenger insists that the leak is related to the Apple device itself.

The reason for the leak of personal photos and correspondence of the founder of Amazon and the richest man in the world, Jeff Bezos, is a vulnerability in the encryption system of WhatsApp, not problems with Apple gadgets. Telegram founder Pavel Durov wrote about this in his Telegram channel.

This is how he reacted to an interview with Vice President of Facebook's Global Policy Department Nick Clegg, who said that Bezos confidential data leak was due to the iPhone. "We are confident that end-to-end encryption technology cannot be hacked," he said.

Durov recalled that a few months ago he talked about the vulnerabilities of WhatsApp, which, in his opinion, eventually led to the hacking of Bezos smartphone. At the same time, Facebook then assured that there is no evidence that attackers used this vulnerability. According to the founder of Telegram, the backdoor in WhatsApp allowed access to personal messages and photos of the richest man in the world.

Durov explained that the vulnerability used during the hacking of Bezos phone existed not only on iOS, but also on smartphones with Android and Windows. In addition, it is not available in other messengers.

Durov also accused WhatsApp management of using the phrase "end-to-end encryption" as a "magic spell" that automatically makes correspondence secure. He pointed out that the technology itself does not guarantee complete privacy. For example, WhatsApp developers may intentionally leave vulnerabilities in the app at the request of security forces from different countries. As a result, WhatsApp has no problems with the authorities, and Telegram is banned in some countries like Russia and Iran.

Read more »
Russian Cyber Security
Cyber Security Cyber Security News National Cyber Security Protonmail Russian Russian Cyber Security

Roskomnadzor blocked the email service Protonmail


The FSB of the Russian Federation reported that it was possible to install another email service that was used by an "electronic terrorist" to send messages about mining of objects with a massive stay of people in Russia. On Wednesday, the FSB and the Federal Service for Supervision of Communications, Information Technology and Mass Media (Roskomnadzor) announced the blocking of the Swiss postal service Protonmail.com.

"This email service was used by hackers both in 2019 and especially actively in January 2020 to send false messages about mass mining of objects on the territory of the Russian Federation under the guise of reliable information," said the representative of Roskomnadzor.

In turn, the FSB of Russia reported that this service is used starting from January 24. Messages with threats of mining were sent to the email addresses of courts in four regions of the Russian Federation. Last year, the same service was also used to send false terrorist threats, but on a smaller scale.
"The texts also indicated allegedly mined 830 social and transport infrastructure objects. All threats were false," the FSB reported.

ProtonMail CEO Andy Yen recently announced his decision to go to court because he believes the block is unfounded. According to him, blocking the service is an inefficient and inappropriate tool to combat cyber attacks.

"This will not stop cybercriminals from sending threats from another email service and will not help if the criminals are located outside of Russia. Cybercriminals are also likely to be able to bypass the block using one of their many VPN services," Ian said.

The head of the company stressed that blocking mail will only harm private users and restrict access to private information for Russians.

Recall that this is the third foreign mail service blocked by Roskomnadzor for spreading false messages about mining facilities in Russia. On January 23, Roskomnadzor announced the blocking of the StartMail service. It was noted that mass mailings of messages about the mining of various objects on the territory of Russia were carried out through this mail service. Emails have been received since November 28, 2019.
Read more »
U.N.
cyber attack Hacked Microsoft U.N.

Sophisticated Hackers Infiltrate Dozens of U.N. Servers


An internal confidential document from the United Nations, leaked to The New Humanitarian and seen by The Associated Press, says many servers were undermined including at the U.N. human rights office, which gathers rather sensitive information all year round.

 According to a U.N. official, the hack seemed very "sophisticated" and the degree of the damage stays vague, particularly regarding personal, secret or compromising information that may have been 'stolen'.

The official, who talked openly about the scene, basically on the condition of appearing anonymous, said frameworks have since been strengthened. “It’s as if someone were walking in the sand, and swept up their tracks with a broom afterward. There’s not even a trace of a clean-up,” says the authority said.

Jake Williams, CEO of the cybersecurity firm Rendition Infosec and a former U.S. government hacker says, “The intrusion definitely looks like espionage,” referring to the incident which occurred just the previous year where the 'sophisticated hackers' had invaded U.N. offices in Geneva and Vienna in an apparent espionage operation, and their identity and the degree of the information they acquired is obscure.

 “The attackers have a goal in mind and are deploying malware to machines that they believe serve some purpose for them and any number of intelligence agencies from around the globe are likely interested in infiltrating the U.N,” Williams added further.

U.N. representative Stephane Dujarric said the attack “resulted in a compromise of core infrastructure components” and was “determined to be serious.” The 'earliest' activity was identified with the intrusion that happened in July and it was detected in August, he said in light of emailed questions.

He said the world body needs more data to figure out who may have been behind the incursion; however included "the methods and tools used in the attack indicate a high level of resource, capability, and determination."

The report says that the hackers exploited a flaw in Microsoft's SharePoint software to penetrate the systems however that the type of malware utilized was unknown, nor had professionals recognized the command and control servers on the web used to exfiltrate data.

Nor was it comprehended what component and mechanism were utilized by the hackers to keep up their presence on the invaded systems. The inner document from the U.N. Office of Information and Technology said 42 servers were "compromised" and another 25 were regarded "suspicious," about all at the sprawling Geneva and Vienna offices.

Three of the "compromised" servers are believed to belong to the Human Rights office, which is situated across town from the primary U.N. office in Geneva, and two were utilized by the U.N. Economic Commission for Europe.

Nonetheless, this hack comes in the midst of rising concerns about computer or cell phone vulnerabilities, both for huge associations like governments and the U.N. just as for individuals and businesses.

Read more »
Shlayer
Apple Mac OS malware Shlayer

Alert! Your Mac maybe under threat - SHLAYER MALWARE attacks every 10th Mac OS


The macOS traditionally was always considered a safe bet compared to Windows but now even Apple is facing a dangerous security threat.


Kaspersky reports that Macs have become a hot target for a dangerous malware - SHLAYER, been active for two years this malware-infected 10 percent of MacOS, affecting more than one in ten users.

“The Shlayer Trojan is the most common threat on macOS,” Kaspersky Labs reported on Jan 23, 2020. The users from France, Germany, the United States, and the United Kingdom become the top target of Shlayer in 2019.

As for what is Shlayer, Seals said, "Shlayer is a trojan downloader, which spreads via fake applications that hide its malicious code...Its main purpose is to fetch and install various adware variants. "These second-stage samples bombard users with ads, and also intercept browser searches in order to modify the search results to promote yet more ads."

As per the report by Kaspersky, after the malware is installed on the system it displays chains of advertisement, recovering advertisement revenue and slowing your Mac. “The macOS platform is a good source of income for cybercriminals,” warns Kaspersky. However, “the most widespread threats are linked to illicit advertising,” reassures the report.

Hides behind fake updates

The malware enters your system through fake flash updates, fooling the victim into installing the update and paving the way into your Mac. Many illegal streaming websites are filled with these fake updates. You may have encountered streaming websites asking for flash updates before playing the video, this malware hides behind such adverts.

"Our statistics show that the majority of Shlayer attacks are against users in the U.S. (31%), followed by Germany (14%), France (10%), and the UK (10%). This is wholly consistent with the terms and conditions of partner programs that deliver the malware, and with the fact that almost all sites with fake Flash Player download pages had English-language content", Kaspersky reports.

These fake updates could also be present on some legitimate websites, so be careful while downloading any updates.
Read more »
User Privacy
Antivirus Avast data misuse Privacy User Data User Privacy

Avast Antivirus Harvested Users' Data and Sold it Google, Microsoft, IBM and Others



Avast, a popular maker of free anti-virus software being employed by almost 435 million mobiles, Windows and Mac harvested its users' sensitive data via browser plugins and sold it to third parties such as Microsoft, Google, Pepsi, IBM, Home Depot, and many others, according to the findings of an investigation jointly carried out by PCMag and Motherboard.

As per the sources, the investigation basically relied on leaked data; documents used to further the investigation belonged to Jumpshot which is a subsidiary of Avast. The data was extracted by the Avast anti-virus software itself and then repackaged by Jumpshot into various products which were sold to big companies as the report specified, "Potential clients include Google, Yelp, Microsoft, McKinsey, Pepsi, Sephora, Home Depot, Conde Nast, Intuit, and many others."

"The sale of this data is both highly sensitive and is, in many cases, supposed to remain confidential between the company selling the data and the clients purchasing it," other company documents found.

Allegedly, Avast has been keeping a track of personal details such as exact time and date when a user starts surfing a website, the digital content being viewed by him and his browsing and search history. As per the findings, the information sold by Jumpshot includes Google Maps searches, Google search engine searches, YouTube videos viewed by users, activity that took place on companies' LinkedIn handles and porn websites visited by people. The data contained no traces of personal information of people like their names or email addresses, however, the investigators at Vice pointed out how the access to such precise browsing data can potentially lead back to the identification of the user anyway.

When the investigation reports were made public, Jumpshot stopped receiving any browsing-related data harvested by extensions as Avast terminated the operations, however, currently, the popular anti-virus maker is being investigated for collecting user data asides from browser plug-ins.

While Google denied commenting on the matter, IBM told Vice that they have no record of dealing with Avast's subsidiary, Jumpshot. Meanwhile, Microsoft made it clear that at present they are not having any relationship with Jumpshot.
Read more »
Russia
Cyber Attacks hacker news Hackers Hacking Attack Russia

The website of the Echo of Moscow radio station reported a two-week hacker attack


For two weeks, the website of the Echo of Moscow radio station and the computers of its employees have been hacked.

According to Sergey Buntman, First Deputy Editor-in-Chief of Echo, the radio station technically and actually proved that there are attacks not only on the Echo of Moscow website but also on the Echo office, and on computers, computer and Internet communications. Because of this, part of the telephone service is also affected.

"We asked for help wherever we could, both technical, political, and law enforcement agencies. We linked these attacks with certain information, programs. Law enforcement agencies, as I understand it, are now searching for the source of the attacks," said Alexey Venediktov, Editor-in-Chief of Echo.

He said that two weeks ago, powerful hacker attacks began. Their peculiarity was that they attacked not only the site but also the communication channels of Echo of Moscow when programs were broadcast with presenters who are located remotely," explained Venediktov.

In addition, office computers were unexpectedly attacked, due to which Echo Moscow could not receive news from news agencies. "It is very important that they attack Internet communication channels, including from the satellite from which our regional partners receive the signal. These are very experienced, very powerful DDoS attacks. As experts tell us, very large structures have such capabilities," he said, adding that the radio station's specialists have already learned to repel all these attacks.

However, according to Venediktov, the radio station is losing subscribers and advertisers. The Editorial Board drew the attention of the shareholders to this fact, and "the shareholders are worried".
Read more »
Webex
Cisco Vulnerability and Exploits Webex

Vulnerability found in Cisco Webex Meeting Suit- Lets unauthorized attackers join private meetings


Cisco Webex Meetings Suite, a platform that offers its customers to organize online meetings and seminars anytime anywhere, has revealed a security vulnerability that allows an unauthorized attacker to enter a password-protected meeting without the password.


The Vulnerability -
The vulnerability allows the attacker to join a meeting if they have the meeting ID or meeting URL from the mobile device browser. Then the browser will launch the meeting on Webex mobile application, and then the unauthenticated user can join the password-protected meeting without the said browser. “The unauthorized attendee will be visible in the attendee list of the meeting as a mobile attendee,” reads the Cisco blog post.

This makes it quite easy to track the unauthorized individual as they will be visible as a mobile attendee. This Cisco Webex vulnerability has received a score of 7.2 out of 10 (can be tracked as CVE-2020-3142). Cisco Product Security Incident Response Team (PSIRT) said that they have not yet faced an attacker exploiting the vulnerability. Versions with the vulnerability - The vulnerability is seen in Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online versions earlier than 39.11.5 and 40.1.3. Though Cisco says that the Webex meeting server is unaffected with the vulnerability.

After discovering the vulnerability, Cisco has now released a new version fixing the vulnerability in versions 39.11.5 and later 40.1.3 for Cisco Webex Meetings Suite sites and Cisco Webex Meetings Online sites. “The fix applies to Cisco Webex Meetings Suite sites and Cisco Webex Meetings sites only. Customers are not required to update the Cisco Webex Meetings mobile application or the Cisco Webex Meetings desktop application.”

Cisco recently fixed 11 more bugs in Cisco Data Center Network Manager when the faults let hackers RCE, SQL Injection, and Authentication Bypass Attacks. Cisco is expected to fix the bug soon. The users are advised to stay careful of any suspicious activity and report to the company immediately if they found any malicious activity on the platform.
Read more »
two step verification
CyberCrime Sim Hijacking SIM Swapping two step verification

Understand how SIM Swapping can easily be used to hack your accounts!

We've all heard about sim swapping, SIM splitting, simjacking or sim hijacking- the recent trend with cybercriminals and now a study by Princeton University prooves the vulnerability of wireless carriers and how these SIM swapping has helped hackers ease their hands into frauds and crimes.



SIM swapping gained quite an attention when Twitter CEO Jack Dorsey’s account was hacked on his own platform. A study by Princeton University has revealed that five major US wireless carriers - AT&T, T-Mobile, Verizon, Tracfone, and US Mobile - are susceptible to SIM swap scams. And this sim hijacking is on a rise in developing countries like Africa and Latin America.

What is SIM swapping? 

SIM swapping is when your account is taken over by someone else by fraud through phone-based authentication usually two-factor authentication or two-step verification. This could give the hacker access to your email, bank accounts, online wallets and more.

How does the swap occur? 

In a SIM swap, scammers exploit the second step in two-factor verification, where either a text message or a call is given to your number for verification.

Citywire further explains the process, "Usually, a basic SIM-card swapping work when scammers call a mobile carrier, impersonating the actual owner and claiming to have lost or damaged their SIM card. They then try to convince the customer service representative to activate a new SIM card in the fraudster’s possession. This enables the fraudsters to port the victim’s telephone number to the fraudster’s device containing a different SIM."

After accessing the account, the scammers can control your email, bank accounts, online wallets and more.

 Detecting SIM swapping attack

• The first sign is if your text messages and cell phones aren't functioning, it's probable that your account is hijacked.

• If the login credentials set by you stop working then it's probably a sign that your account has been taken over. Contact your telecom provider and bank immediately.

• If you get a message from your telecom provider that your SIM card has been activated on another device, be warned it's a red sign.

Read more »
Technology
AI Military Software Technology

Researchers And Army Join Hands to Protect the Military’s AI Systems


As an initiative to provide protection to the military's artificial intelligence systems from cyber-attacks, researchers from Delhi University and the Army have joined hands, as per a recent Army news release. 

As the Army increasingly utilizes AI frameworks to identify dangers, the Army Research Office is investing in more security. This move was a very calculated one in fact as it drew reference from the NYU supported CSAW HackML competition in 2019 where one of the many major goals was to develop such a software that would prevent cyber attackers from hacking into the facial and object recognition software the military uses to further train its AI.

MaryAnne Fields, program manager for the ARO's intelligent systems, said in a statement, "Object recognition is a key component of future intelligent systems, and the Army must safeguard these systems from cyber-attack. This work will lay the foundations for recognizing and mitigating backdoor attacks in which the data used to train the object recognition system is subtly altered to give incorrect answers."


This image demonstrates how an object, like the hat in this series of photos, can be used by a hacker to corrupt data training an AI system in facial and object recognition.

The news release clearly laid accentuation on a very few important facts like, “The hackers could create a trigger, like a hat or flower, to corrupt images being used to train the AI system and the system would then learn incorrect labels and create models that make the wrong predictions of what an image contains.” 

The winners of the HackML competition, Duke University researchers Yukan Yang and Ximing Qiao, created a program that can 'flag and discover potential triggers'. And later added in a news release, "To identify a backdoor trigger, you must essentially find out three unknown variables: which class the trigger was injected into, where the attacker placed the trigger and what the trigger looks like," 

And now the Army will only require a program that can 'neutralize the trigger', however, Qiao said it ought to be "simple:" they'll just need to retrain the AI model to ignore it. 

And lastly, the software's advancement is said to have been financed by a Short-Term Innovative Research that grants researchers up to $60,000 for their nine months of work.

Read more »
Security
America cyber attack Oregon Ransomware Security

Malware Attack! Oregon County's Network Smashed By a Ransomware?


Per local news and reports, allegedly, a cyber-attack shook the Tillamook County of Oregon, USA when it rendered the local government’s services ineffective.

Apparently owing it to the cyber-attack, the county officials are back to basics with all their daily tasks and are working about the crisis.

When the computers in the various departments of the county started misbehaving, that’s when the officials grasped the severity of the situation and immediately warned the IT department.

That is when the IT department comprehended that the systems had been infected with encrypting malware. To contain the infection, all the affected servers and devices were instantly isolated.

There is no sincere evidence to show if the malware was used for a ransomware attack but it sure is being conjectured on the affirmative. Per sources, no request for a ransom has been posted so far.

Allegedly, the Oregon city was recently struck by a cyber-attack of the same nature about a week ago.

The damage is of such a severe type that along with infecting all of the county’s computers and servers it has seriously harmed both the online and offline phone systems given the “VoIP” (Voice over Internet Protocol) that they employ.

Per sources, to rummage the details of the cyber-attack including the source, type, and magnitude of the attack, the county especially engaged a “digital forensic” team from a well-known cyber-security organization.

There is no doubting the fact that the Oregon county systems have been shut by the attack indefinitely and there is no knowing when they’d be back on operations.

With quite a substantial population to be hit by a cyber-attack of such severity, Oregon County has never before experienced a similar attack. Hence they can’t exactly mention their modus operandi to their plan of mitigation.

Sources mention that the county officials have decided to subcontract a few response operations to counter the attack and its repercussions.

The cyber-crisis management team happens to be the best at what they do and are efficiently working towards containing and mending the damages done by the malware.

Read more »
Subscribe to: Comments (Atom)