Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Technology theft
America Business China Huawei Illegal spying Racketeering Technology theft

America Vs China! The USA Alleges Huawei to be a Technology Thief and Spy for China?


In view of recent reports, China and the US have taken their technology war to court. Now, the US firms allege that the telecom colossus, Huawei has been planning to rip them off of their technology for “decades”.

Hence, the American organizations decided to expand the premises of their lawsuit against the Chinese mega-company.

The prosecuting attorney mentioned that Huawei did indeed violate the terms of the contract with the companies of the US by stealing robot technology, trade secrets and such.

Per sources, Huawei has straightaway denied all the allegations and has cited that the US is merely threatened by the competition and hence are trying to run down the name of Huawei.

Per newspaper reports, the mega smartphone maker’s chief financial officer and the founder’s daughter are held captive in Canada, struggling against extradition.

According to sources, there are charges of fraud and “sanctions violations” on the founder’s daughter, which she has waved off and denied.

Huawei pretty strong-headedly is maintaining that this lawsuit and the charges on the company are trivial attempts at tarnishing the reputation of their company and attempts at depleting stakes of competition.

Per reports, the fresh accusations of the US against Huawei include trade secret embezzlement, racketeering and even sending spies to obtain confidential information.

Sources reveal, that the persecution attorney also said that Huawei with its stolen data cut both times and cost in the research and development for the company which helped it climb the steps faster than the others.

Per Huawei, the newer charges are just another way of bringing up older claims. Nevertheless, it doesn’t look like the US plan to withdraw their claims or the lawsuit in the near future or at all.

This technological rift has a strong possibility of transforming into a political dispute between America and China. The US is forcing countries like the UK to pull back their support from Huawei, continuing to say that the equipment could be used by China for spying.

Relations between China and the US are down a very flimsy and unpredictable road. All the same, the UK still continues its business ties with Huawei but with possible limits.

Read more »
Vulnerability
Runet Russian Cyber Security Security News Vulnerabilities and Exploits Vulnerability

Experts have found the most vulnerable places in Runet


Personal accounts of Runet users in various services, including Internet banks, turned out to be the worst protected from hackers. This is the opinion of Positive Technologies specialists.
After analyzing 38 websites of various organizations, including IT companies, government agencies, financial and telecommunications organizations, Positive Technologies employees concluded that nine out of ten web applications in Runet are vulnerable to hacker attacks.

Despite the fact that the situation has improved compared to the previous year, half of the sites contain "high-level" vulnerabilities. In 2019, there were 22 vulnerabilities per application, which is one and a half times lower than in 2018. According to Positive Technologies, the probability that data will leak from applications to the network is 68%, unauthorized access is possible in 39% of cases and authentication system weaknesses were found in 45%.

Also, hackers often hack applications in the banking sector. The protection of apps of credit organizations works only in 40% of cases.

According to experts, this is due to the fact that the dynamics of the main updates of the program is quite high. He noted that the system does not have time to “undergo full training” and automatic configuration.

Applications of government agencies turned out to be the most vulnerable to hacker attacks. Experts stressed that funding for this sector was low. At first, the tenders were won by those who requested the lowest price. And then expenses were reduced even more — by hiring students, for example.
Experts noted that it is quite difficult to protect web applications. Sometimes systems are used in monitoring mode, and real people monitor this. They have to determine whether the attack occurs or not.

“A 24-hour web service requires at least four operators, and this is from five million rubles a year ($78,700),” said Rustem Khairetdinov, vice president of InfoWatch Group. There is no way to hire such a staff of specialists in small companies and regional government agencies.
Read more »
Phishing scam
Cyber Fraud phishing Phishing emails Phishing scam

Phishing Scam: Puerto Rico Government Loses More than $2.6 million



Puerto Rico's government fell for an email phishing scam and unintentionally lost over $2.6 million to cyber-criminals behind the scam, as per a senior Puerto Rico official. It is a government-owned agency whose mission is to drive economic development on the island while working with local as well as foreign investors.

These days, scammers launch thousands of phishing scams like these which resulted in it being a top reported crime to the Federal Bureau of Investigation (FBI), in the past year, as per the IC3 annual report released recently. Some top victims of a similar kind of attack from last year include a Texas school district being scammed for $2.3m, a British community housing non-profit being scammed for $1.2m and Nikkei for a whopping $29m.

On Wednesday a complaint was filed to police, in which Rubén Rivera, finance director of the island's Industrial Development Company confirmed that the money has been sent to a fraudulent account by an unsuspecting employee from Puerto Rico's Industrial Development Company. The officials discovered the incident earlier this week and it was immediately reported to the FBI, according to the statements given by the executive director of the agency, Manuel Laboy to the Associated Press.

However, Laboy did not comment on how the officials came to know about the phishing scam and the aftermath of the incident involving employees being dismissed or how this incident affected the overall operations when the funds went missing. He further told that an internal investigation has been instigated to find out if someone disregarded the set standards and were negligent about the laid out procedures, he also added that the officials at the corporation are attempting to recover the lost funds.

The agency received a fraudulent email claiming that the bank account used by them for remittance payments should not be used anymore for that purpose and it also told the agency that they should transfer the money to a new account that belonged to the criminals operating the scam which agency was oblivious to.

Acknowledging the seriousness of the matter and addressing the criticism from the Puerto Ricans Laboy told, “This is a very serious situation, extremely serious, we want it to be investigated until the last consequences,” “I cannot speculate about how these things might happen,” “It’s a big responsibility.”
Read more »
Scams
Cyber Crime phishing Scams

The Ascent of Gift Card Scams Leads in the Rise of Amount of Money Being Lost


With the rise of phishing attacks, business email compromise (BEC) campaigns and gift scams bring along with it the rise in the amount of money being lost.

Investigation by researchers at Agari, an email security enterprise, published in the cybersecurity organization's most recent 'Quarterly Fraud and Identity Deception' trends report – found that gift card cheats picked up footing especially during the end of 2019, accounting 62% of all BEC attacks, up from 56% during the previous quarter.

These attacks frequently include cybercriminals assuming control over business email accounts and utilizing a 'stolen identity' to email others in the association to demand the acquisition of gift cards. A common tactic is to act like somebody in the management requesting an employee to help them out – in light of the fact that by and large, the employee won't scrutinize a solicitation that is apparently coming from their boss.

The 'run-up' to the holiday season simply presented the criminals with the ideal chance to go ahead with their gift- card attacks, as they could easily do with the solicitation being framed as that for Christmas presents. The normal sum mentioned in gift-card attacks has risen somewhat to $1,627, with the base sum tending to come in at $250. In some progressively ambitious cases, cybercriminals have requested gift cards worth $10,000 to be transferred – by focusing on employees over different departments simultaneously.

Criminals are pulled in to BEC attacks since they end up being fruitful and they're easy to carry out. In any case, associations can go far to forestalling phishing and other email-based attacks from being successful by implementing additional security on accounts, very much like the multi-factor authentication, as well as human-level 'checks- and balances'.

As per, Crane Hassold, senior director of threat research at Agari, "Gift cards have become the preferred method of cashing out for a number of reasons. First, it makes everyone at any company the potential target of a BEC attack, not just the finance and HR departments. We've seen campaigns that have targeted 30-40 employees at a single company at one time in gift-card BEC scams,"

The value of the gift cards mentioned may show up small when considered individually, yet the total costs add up, particularly given how the attacks remain so fruitful and simple to cash out.

The most widely recognized solicitations are for gift cards for Google Play and eBay, very closely followed by Target, iTunes, and Walmart. Best Buy, Amazon, Steam and the Apple Store additionally make for some very well-known requests.
Read more »
Russian Cyber Security
Cyber Security Information Security News Russia Russian Cyber Security

Most corporate networks in Russia are at cyber risks


Most (81 percent) of corporate and government structures networks were infected with malicious software. This is the conclusion was made by Positive Technologies specialists after analyzing the internal traffic of state organizations, industrial enterprises and other structures. IT analysts sound the alarm because employees of Russian companies and government agencies download movies from torrents, communicate via messengers and use simple passwords, increasing vulnerability.

Experts said that among the most common viruses are miners who mine cryptocurrency secretly from the owners and unauthorizedly display advertising software. A quarter of the networks are openly infected with spyware.

The company also reported that employees of 94 percent of Russian companies and government agencies download movies from torrents, communicate via messengers and use simple passwords like 12345. Positive Technologies also includes remote access to corporate resources as a risk factor. Experts explain that the employee's computer can be hacked and fraudsters will get access to the corporate network through it.

Analysts have noticed that it is extremely difficult to distinguish the actions of employees who run Tor, VPN and proxy servers from the actions of hackers because in both cases the same technologies are used. So hackers can steal data from the corporate information system without being noticed.
Sergey Zolotukhin, the trainer of the Group-IB computer forensics laboratory, explained that underestimating the level of development of cybercrime, a lack of attention to modern technologies and a low level of knowledge in this area affect the level of protection of companies from cyber threats.

Earlier, on February 10, it became known about a new type of fraud with Bank accounts of Russians. Scammers call the potential victim and ask which branch the client will come to close the account. The owners report that they did not make such a request to the Bank, after which they are offered to transfer all funds to a secure account.
Read more »
Vulnerabilities and Exploits
DDOS Attacks Jenkins servers Vulnerabilities and Exploits

12,000+ Jenkins servers can be used to launch DDoS attacks


According to Radware researchers, a vulnerability (CVE-2020-2100) in 12,000+ Jenkins servers can be exploited to launch and amplify DDoS attacks to internet hosts.




The said vulnerability can also be abused and triggered by a spoofed UDP packet to launch DoS attacks against the internet server in a repeated sequence of replies that can only be stopped by rebooting the server.

 The vulnerability (CVE-2020-2100) 

 CVE-2020-2100 vulnerability was discovered by Adam Thorn from the University of Cambridge. It is caused by a network discovery service, present by default and enabled in public facing servers.

Radware researchers explains, “The vulnerability allows attackers to abuse Jenkins servers by reflecting UDP requests off port UDP/33848, resulting in an amplified DDoS attack containing Jenkins metadata. This is possible because Jenkins/Hudson servers do not properly monitor network traffic and are left open to discover other Jenkins/Hudson instances”.

 “An attacker can either send a UDP broadcast packet locally to 255.255.255.255:33848 or they could send a UDP multicast packet to JENKINS_REFLECTOR:33848. When a packet is received, regardless of the payload, Jenkins/Hudson will send an XML response of Jenkins metadata in a datagram to the requesting client, giving attackers the ability to abuse its UDP multicast/broadcast service to carry out DDoS attacks.”

Although the CVE-2020-2100 vulnerability was fixed in Jenkins 2.219 and LTS 2.204.2 two weeks ago.

 “Administrators that need these features can re-enable them again by setting the system property hudson.DNSMultiCast.disabled to false (for DNS multicast) or the system property hudson.udp to 33848, or another port (for UDP broadcast/multicast),” developers from Jenkins explained.

  The danger from the vulnerability 

Pascal Geenens, Cyber Security Evangelist for Radware said, “Much like was the case with memcached, people that design and develop on the open source Jenkins project assume that these servers will be internally facing”.

But contrary to that, the Jenkins servers were exposed to the public. Nearly 13,000 vulnerable servers were distributed globally including Asia, Europe and North America to the top service providers. “Many DevOps teams depend upon Jenkins to build, test and continuously deploy their applications running in cloud and shared hosting environments such as Amazon, OVH, Hetzner, Host Europe, DigitalOcean, Linode, and many more” Geenens stated.

The researchers concluded, "Combined with over 12,000 exposed Jenkins servers globally, it creates a viable DDoS threat. "
Read more »
Russian Cyber Security
Facebook Privacy Privacy Breach Russia Russian Cyber Security

Deputy of the State Duma of the Russian Federation: it is necessary at the legislative level to protect the data of Russians on Facebook


Andrey Alshevskikh, the State Duma Deputy, said that the threat to the personal data of Russian users of the social network Facebook is real. The Deputy notes that it is necessary to take appropriate security measures at the legislative level.

The day before it became known that the hacker group OurMine hacked two official Facebook accounts on Twitter. On the night of February 8, an appeal appeared on these pages stating the vulnerability of Facebook to hacker attacks. It was also said about the weakness of the Twitter security system.

"As for Facebook, this is not the first case and, something tells me, not the last. It is necessary to deal with such cases in detail and take concrete steps at the legislative level, make amendments to existing laws, and adopt new ones to protect the data of Russian citizens," said the Deputy.

Alshevskikh recalled that the threat to the personal data of Russians who use Facebook was mentioned repeatedly. Therefore, a law was adopted providing for the storage of personal data of citizens of the Russian Federation in Russia, however, some companies do not want to comply with it.

"We need to force Facebook to comply with Russian law," said Alshevskikh. Recall that earlier Roskomnadzor started administrative proceedings against Facebook and Twitter, which did not provide a localization report at the indicated time. Refusal to localize, according to Russian law, faces a multimillion-rubles fine. In the case of the first violation, legal entities may be charged up to 6 million rubles ($94,000), in the case of a second violation - from 6 to 18 million rubles ($94,000-$282,000). Court hearings have already been scheduled and will take place on February 13 in a Moscow court.

Earlier, CEO of a detective agency and speaker on cyberattacks Vladimir Golovin recommended that those who are concerned about the safety of their personal data stop using Facebook.
Read more »
Vulnerabilities and Exploits
Bug Technical Glitch User Data Vulnerabilities and Exploits

Glitch in Tax Service Exposed 1.2 Million Danes' CPR Numbers




A bug in the TastSelv Borger tax service which falls under the management of the US company DXC Technology has exposed almost 1.2 million CPR numbers of Danish citizens to the American multinational companies – Google and Adobe. The leak has been discovered by The Danish Agency for Development and Simplification for the first time, however, the researchers claim that CPR numbers along with other sensitive information have been exposed for around 5 years now.

People who have a tax liability to Denmark are allowed by TastSelv's services to see and alter their tax returns, annual statements and pay residual tax. As per the findings of the security researchers at the agency, all the exposed data was found to be encrypted and hence reportedly, Google and Adobe were not able to view the same due to encryption which barred them.

Other sources have it that in an attempt to downplay the entire incident, The Danish Agency for Development and Simplification put forth a solid confirmation on the CPR numbers being encrypted when accessed by the companies. Meanwhile, cybersecurity specialist and founder of the CSIS group, Peter Kruse asserted that Google did access those 1.2 million CPR numbers as there was no encryption, according to him the numbers were rather in plain text.

How was the glitch exploited?

It was when the users who were logged into TastSelv Borger happened to click on the text displayed as 'Correct contact information' and consequently rectified the contact information, faced an error in the app. The error triggered the process of transferring the CPR numbers to Google and Adobe, as per DR news website.

Referencing from the statement given by the government agency, “We take this kind of case very seriously. And of course, we need to be able to make sure that our suppliers handle all data according to applicable law and within the framework agreed upon with them.”

“The data received by Google is unencrypted. Google has been able to read data in unencrypted form,” he added.

“Google Hosted Libraries have been designed to remove all information that allows identifying users before logging on. Thus, no user information is shared with Google in this process.” Google told the website which first reported the incident.
Read more »
Telegram Messenger
Bitcoin Cyber Crime Telegram Messenger

Scammers Target Coindesk ;Impersonating Reporters and Editors in the Last Months


Scammers have a new target and this time its CoinDesk as they try to impersonate CoinDesk reporters and editors in the last few months, promising inclusion of projects in return for a fee.

At least two unique victims have paid hundreds of dollars in bitcoin and ether to these convicts and reached CoinDesk just subsequent to acknowledging that something wasn't right.

Thus CoinDesk makes it explicitly clear through an announcement that the news site doesn't, and will never, accept payment for coverage. They cautioned their users by informing them that in the event that they are being reached out by somebody professing to be one of CoinDesk's reporters on Telegram or LinkedIn, and that individual requests payment, then they should know that the account connecting to them is a fraud and should report it to the concerned social media platform right away, and to CoinDesk immediately, by emailing fraud@coindesk.com.

If possible, it would be ideal if the users could incorporate screenshots of what was written. On the off chance that the user has to affirm that they are, indeed, in contact with a CoinDesk staff member they are welcomed to at email news@coindesk.com.

Now that CoinDesk has been ensnared in various scams, they wish to clarify what is being done and how. Most of the victims are said to have received a Telegram message like this one:


This to and fro between the scammer and the news editor is generally well disposed and, in certain nations where associations regularly pay for news coverage, 'expected'.

The opportunity is straightforward and simple: Send the scammer $500 or so in bitcoin and get onto CoinDesk's front page.

There is typically some 'to and fro' and a portion of these scammers have come 'sophisticated' to the point that they are mocking CoinDesk email addresses to "confirm" their identities. One 'con-artist' even forged a CoinDesk editor's passport to "confirm" their identity.

Hence, CoinDesk advises its users that it's working with the new site's legal counsel and tech group to discover ways for impeding these impostors and in the meanwhile, requests the users to kindly verify the handles of the accounts contacting them.

The clients can likewise email the writer or the editor directly in the event that they have any inquiries.
Read more »
Zero Day Attack
Cisco CVE Routers Vulnerabilities and Exploits Zero Day Attack

Cisco's Routers. Switches and IP Equipment Suffer Zero-Day Attacks! Major Vulnerabilities Discovered!


The extremely well-known Cisco’s products, including IP Phones, Routers, cameras, and switches, were determined to have several severe “zero-day” vulnerabilities by researchers in the “Cisco Discovery Protocol (CDP)”, per sources.

CDP is a proprietary “Layer 2” network protocol that is put into effect in all the Cisco devices to be privy to the mechanisms of the devices.

Reports mention that a total of five vulnerabilities were ascertained out of which, four were “Remote Code Execution” (RCE) that let hackers or any other cyber-con to manipulate every single operation of the devices without any sort of consent of the user.

According to sources, one of the vulnerabilities led to a “Denial of Service” in the Cisco FXOS, NX-OS and IOS XR software that ended up damaging the victims’ networks

By exploiting the vulnerabilities effectively, numerous organizations’ and companies’ networks were smashed, costing all the affected parties heavily.

Per legitimate sources, following is the list of all the vulnerable devices in the represented categories:

Switches
• Nexus 1000 Virtual Edge
• Nexus 1000V Switch
• Nexus 3000 Series Switches
• Network Convergence System (NCS) 1000 Series
• Network Convergence System (NCS) 5000 Series
• Network Convergence System (NCS) 540 Routers
• Network Convergence System (NCS) 5500 Series
• Network Convergence System (NCS) 560 Routers
• MDS 9000 Series Multilayer Switches
• Nexus 5500 Series Switches
• Nexus 5600 Series Switches
• Nexus 6000 Series Switches
• Nexus 7000 Series Switches
• Nexus 9000 Series Fabric Switches
• Network Convergence System (NCS) 6000 Series
• UCS 6200 Series Fabric Interconnects
• UCS 6300 Series Fabric Interconnects
• UCS 6400 Series Fabric Interconnects

IP Phones
• Unified IP Conference Phone 8831
• Wireless IP Phone 8821-EX
• Wireless IP Phone 8821
• IP Conference Phone 7832
• IP Conference Phone 8832
• IP Phone 6800 Series
• IP Phone 7800 Series
• IP Phone 8800 Series
• IP Phone 8851 Series

IP Cameras
• Video Surveillance 8000 Series IP Cameras

Routers
• IOS XRv 9000 Router
• Carrier Routing System (CRS)
• ASR 9000 Series Aggregation Services Routers
• Firepower 1000 Series
• Firepower 2100 Series
• Firepower 4100 Series
• Firepower 9300 Security Appliances
• White box routers running Cisco IOS XR

The exploitation of the other four Remote Execution vulnerabilities could be in a way that a “maliciously” fabricated “CDP Packet” could be sent on the targeted Cisco devices and have their mechanisms altered.

There’s a vulnerability that could be hunted down or traced by (CVE-2020-3119). It helps the attackers to completely override the default switch and network infrastructure settings.

One of the vulnerabilities which could be traced as (CVE-2020- 3118), could help attackers gain control of the target’s router via remote code execution and use it in any harmful way they find acceptable.

Cisco’s 800 series IP cameras were vulnerable to attackers’ remote code execution. The vulnerability could be located as (CVE-2020-3110)

According to sources, in the other Cisco “Voice over IP Phone” vulnerability, an overflow in the parsing function could be exploited to access “code execution”. This vulnerability could be traced to (CVE-2020-311).

The troubles this vulnerability could cause an organization are manifold.
Acquiring access to other devices via “man-in-the-middle” attacks.
Damaging the network’s structure
“Data Exfiltration”, ranging from network traffic to sensitive information and personal phone calls, by the help of manipulated routers and switches.

Per reports, Cisco has come up with patches and the users are directed to employ them without any further delay.
[CVE-2020-3111
CVE-2020-3118
CVE-2020-3120
CVE-2020-3110
CVE-2020-3119]


Read more »
Vulnerability
Smart Devices Smart Devices Hacked Smart Light Bulb Vulnerabilities and Exploits Vulnerability

Computers can be hacked through a "smart" light bulb


Smart light bulbs can not only make the lighting in an apartment and house more convenient and cheaper but also threaten the safety of their owners.

Experts have proven that hackers can hack computers through smart light bulbs. The vulnerability in the smart home system was noticed by cybersecurity company Check Point.

Experts have discovered a way to hack computers through a lamp using a Philips smart home system. At the first stage, the virus program is downloaded to the victim's smartphone and causes the lighting to fail. Experts have noticed that the only way to fix the problem is to reinstall the app, so the user deletes the program and re-downloads it to their phone.

At the stage when the owner of the lamp connects it to the smart home system, attackers take advantage of the vulnerability in the ZigBee protocol, which Philips uses. At the moment of pairing between the lamp and the smart hub, the malicious algorithm causes an overflow of the system buffer, which bypasses the antivirus and is installed on the computer's disk. After that, the device goes under the remote control of hackers.

Check Point experts said that the study has already attracted the attention of the manufacturer of smart lamps and eliminated the gap in the system. Experts advised owners of the Philips smart home system to update their software.

Experts have found vulnerabilities in Philips smart bulbs (at the moment, the problem with these devices has already been solved), but it is possible that similar vulnerabilities are found in many other smart home devices.

Earlier EHackingNews reported that in the fall of 2019, an IT specialist from Russia and blogger Anna Prosvetova discovered a vulnerability in Xiaomi Furrytail Pet Smart Feeder. Since feeders are used when the owners leave the house for a long time, pets may starve to death. The vulnerability was discovered in the application API through which feeders are controlled.
Read more »
Subscribe to: Comments (Atom)