Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Windows
BlueKeep Healthcare Microsoft Vulnerabilities and Exploits Windows

Windows Devices in Hospitals Vulnerable to Potential Exploits


Windows Devices in Hospitals Vulnerable to Potential Exploits According to recent reports, hackers can exploit the vulnerabilities present in health devices, and it can prove dangerous to the health of the patients at the hospital. But, the problem could be avoided by following some simple steps. The health devices have a more likable chance to the Bluekeep exploit than any other devices connected in the hospitals. Health devices can be exploited up to 2 times, using the Bluekeep exploit. This puts both the patients and the hospital staff in danger as witnessing the current scenario, the health sector has recently been one of the primary targets of the hackers.


Therefore, the issue of cybersecurity among the health sector is one of the main concerns of the digital age. Bluekeep was first discovered in 2019, and it is a vulnerability in Microsoft RDP (Remote Desktop Protocol). The vulnerability affects Windows7, Windows8, Windows Server2008, and Windows Server2008 R2. When the news of Bluekeep vulnerability surfaced, Microsoft immediately released a security patch to resolve the issue. Various intelligence agencies, including the US NSA (National Security Advisory) and Britain's NCSC (National Cyber Security Centre), immediately informed Microsoft to fix all the security patches related to the vulnerability.

The matter of concern was that Bluekeep could be used as malware to do the same damage that EternalBlue had caused, the exploit that triggered Wannacry. In this incident, various high profile organizations were taken the victim, but the greatest attack happened on the National Health Service of UK, in which the entire networks of the hospitals were shut down. But despite various warnings, health devices that run on Windows are still vulnerable to a potential Bluekeep exploit.

According to researchers at CyberMDX, a healthcare cybersecurity company, a newly made report's data suggests that more than 20% of healthcare devices (that run on Windows) in hospitals are vulnerable to the blue keep exploit, as they have still not configured to the latest security patches. The healthcare devices include x-ray machines, anesthesia machines, ultrasound devices, and radiology equipment. If these devices are not fixed to the latest security patch, chances are that hackers could exploit them using the blue keep vulnerability. This can risk the lives of the patients and the healthcare staff.
Read more »
Russian Cyber Security
Bank Security Cyber Security Cyber Security News Russia Russian Cyber Security

Security Experts Say Hackers Can Hack Russian Banks In 5 Days


Experts from the information security company Positive Technologies came to the conclusion that hackers will need only five days on average to hack a large Russian Bank. Experts came to this conclusion on the basis of a number of tests. The attack was successful due to vulnerabilities in applications, software and password selection. In some cases, access to ATMs was obtained.

Tests in 10 banks from the top 50 banks showed that hackers need an average of 5 days to hack the Russian bank’s network. In cases where the hacker acts from the inside, he is able to get full control over the entire infrastructure of the Bank in two days.

During the audit of banks, whose names were not disclosed, experts simulated 18 cyberattacks. In eight cases, the attacks were carried out from the outside using only publicly available data, such as the Bank's website or an incorrectly configured database. In ten cases, the hacker attacked from inside the bank, that is, the hacker was in the Bank building and got access to the power outlet, Wi-Fi network, and so on, or thanks to an external attack, he gained access to user data of a bank employee. Social engineering methods were not used in the tests.

Passwords turned out to be the weakest point because most of them were selected using a combination of similar words or nearby keys. Under one very common password “qwerty123” in one of the credit organizations were more than 500 accounts.

New testing showed that hackers can penetrate from the Internet into the local network of seven out of eight banks.

However, Kaspersky Lab’s Leading Antivirus Expert Sergey Golovanov said, Due to the improvement of bank security systems, Russian-speaking hacker groups are increasingly attacking foreign credit organizations, they are switching to banks in Asia, Africa and Latin America.
Read more »
xHelper
Android Google malware Playstore xHelper

Users can now remove xHelper, the irremovable malware


Hooray! You can now remove the unremovable android malware. Yes, it is xHelper, the unremovable android malware. After 10 months of research and hard work, the cybersecurity experts have finally found a way to remove xHelper from your smartphones, which was not possible earlier. According to cybersecurity experts, the method is reliable and effective.


What is xHelper?
xHelper caused a lot of troubles across the globe to android users for a very long time, 10 months to be specific. It first appeared in March last year, when smartphone users complained about the malware came on the internet that certain apps couldn't be uninstalled from their smartphones, even though the users did a factory reset. Though the apps were not malicious or harmful, they, however, sent annoying ads or popups to the users all the time. As time passed, xHelper kept on targeting more and more devices until it was spread almost everywhere around the world. Last year, until August, xHelper infected merely 32000 smartphones, but by the end of October, the numbers climbed up to 45,000. Malwarebytes and Symantec, both a cybersecurity company, published this information in their reports.

How it spread? 
Cybersecurity experts say that the malware redirected the users to android hosting websites, and this is how the malware spread. These websites allowed users to download apps from them, without the user needing to go to the play store. However, the apps contained hidden HTML coding that released the malware in the smartphones once downloaded. Finding the source of the malware and how it spread was easy, however, the cybersecurity experts had trouble removing it through traditional methods like factory resets or uninstalling the xHelper app. Even after the factory resets, the malware would reappear by itself after some time, installing the app by itself without asking the user permissions.

How to remove xHelper?
According to Collier, users can follow these 6 steps to remove xHelper from their smartphones:

  1. Install a file manager application from the google play store. The app should be able to find directories and search files. 
  2. Disable Google play store (temporarily)
  3.  Run a scan in the Malwarebytes. Try searching for fireway, xHelper, and settings (in case 2 settings are shown) 
  4. In the file manager, search for com.mufc
  5. If the file manager shows results, sort the result by 'date found.' Delete anything with com.mufc
  6. Enable google play after doing the necessary changes.
Read more »
Vulnerability and Exploits
cryptocurrency IOTA Theft Vulnerability and Exploits

Hackers Attack IOTA's Trinity Wallet, Company Shuts Down the Network


The hackers attacked the IOTA's cryptocurrency wallet and stole all the funds. The theft happened by exploiting a vulnerability in the IOTA's networks. Attack took place on 12th February 2020, and the company informed about the incident via its official account on twitter. The tweet said that the IOTA is presently investing an attack on its trinity wallet. IOTA has advised its users not to share or use the Trinity Wallet on their desktop until the case has been solved. According to the news, the IOTA is currently working with cybersecurity experts and law agencies to go to the roots of the problem that has caused the cryptocurrency theft.


The company, on its official website, announced that because of the theft of funds, it has shut down its 'Coordinator' node for a while to protect the users. The Coordinator works as a final checkpoint for safety assurance of the transactions that take place on IOTA's network. According to the company, the decision to shut down the Coordinator node is to protect any further fraudulent transactions that might take place on IOTA's network. IOTA says that the hackers chose to attack the high profile accounts first, and then moved on to smaller accounts, and so on until the transactions were stopped by the coordinator.

“The attack pattern analysis showed that the halt of the coordinator interrupted the attacker’s attempts to liquidate funds on exchanges,” said the IOTA's official website. “The stolen funds have been purposely and repeatedly merged and split to obfuscate the investigation, and with the current token exchange rate as well as exchanges’ KYC limits in mind. We received additional feedback from more exchanges (not all yet), confirming that none of the identified transactions has been received or liquidated.”

As of now, IOTA's network system is still not active, and the company is still investigating the issue. Cybersecurity experts and members of the IOTA say that the hackers found a vulnerability in the Trinity wallet and were thus able to launch the attack. IOTA hasn't announced anything about the amount stolen but the experts believe it to be around $1 Million IOTA coins or more.
Read more »
Technology
Apple China Coronavirus Technology

Apple Becomes the First Major US Company to Say that the ‘Corona’ Epidemic Will Hit Its Finances



The iPhone maker cautions that disturbance in China from the coronavirus will result in revenues falling short of forecasts'. Underscoring the fact that production and sales were influenced, Apple says that "worldwide iPhone supply would be temporarily constrained". 

Sales of Apple products would be lower, bearing in mind that most stores in China are either closed or operating at reduced hours, the company says, "while our iPhone manufacturing partner sites are located outside the Hubei province - and while all of these facilities have reopened - they are ramping up more slowly than we had anticipated.” 

 "All of our stores in China and many of our partner stores have been closed," it added. "Additionally, stores that are open have been operating at reduced hours and with very low customer traffic. We are gradually reopening our retail stores and will continue to do so as steadily and safely as we can."

Experts have assessed that the virus may contribute towards the reduction in the demand for smartphones significantly in the first quarter in China, the world's biggest market for gadgets. 
The car industry is yet another sector that has been influenced by disturbance to its supply chain. 

A week ago, the heavy equipment manufacturer JCB said it was cutting production in the UK because of a shortage of components from China. Wedbush analyst Daniel Ives wrote in a note to customers, "While we have discussed a negative iPhone impact from the coronavirus over the past few weeks, the magnitude of this impact to miss its revenue guidance midway through February is clearly worse than feared," 

New virus cases outside the 'epicenter area’ has been declining throughout the previous 13 days. There were 115 new cases outside Hubei reported on Monday, sharply down from about 450 a week back. In any case, regardless of expectations that factories and shops are slowly easing back to normal, Apple's warning, however, will underline that China's economy will be greatly influenced by the coronavirus.
Read more »
Technology News
Russia Technology Technology News

Russian software will be installed on smartphones and smartwatches in the summer


Russian maps, search, antivirus and audio-visual services should be installed from July 1 on all new smartphones, tablets and smartwatches, according to the draft resolution on amendments to the law on consumer protection. Previously, in the "law against Apple" mandatory software pre-installation from July was only for smartphones.

The concept of the bill, which was proposed by the Federal Antimonopoly Service in January, provided for the installation of Russian programs on smartphones from July 1, 2020, on tablets and wearable devices - from July 1, 2021, on computers - from July 1, 2022. Later it became known that set-top boxes and Smart TVs should also comply with the new requirements from July 1, 2023.

However, the wording “wireless equipment for domestic use, having a touch screen and having two or more functions” appeared in the project, such electronics should meet the requirements from July 1, 2020. The Director of Public Relations of transport company RATEK Anton Guskov explained that devices with touch screens that perform more than two functions are smartphones, tablets and smartwatches.

The project also introduces requirements for programs: in order for an application to be included in the list of possible Russian alternatives, it must have a monthly audience of at least 100,000 users and the same number of installations. In addition, according to the bill, the device manufacturer may not preinstall Russian software if it has received refusals from all Russian manufacturers of the relevant programs, or such programs are not compatible with the device's OS.

These requirements, instead of encouraging small Russian manufacturers, will provide protection from competition for large software companies, said Guskov. He believes that legal uncertainty and vague language in the requirements in technology requirements could lead to a collapse in the consumer device market.

Recall that on December 2 last year, Russian President Vladimir Putin signed a law prohibiting the sale of equipment, including smartphones and computers, without preinstalled Russian software.

Read more »
Facebook leaked data
API Cyber Security Data Breach Facebook Facebook leaked data

Facebook Data Breach: API Security Risks


In the year 2018 Facebook disclosed a massive data breach due to which the company had to face a lawsuit along with allegations of not properly securing its user data. The breach directly affected the authentication tokens of nearly 30 million of its users which led to the filing of several class-action complaints in a San Francisco appeals court. In the wake of the incident, Facebook pledged to strengthen its security.

A feature, known as "View As" which was employed by developers to render user pages was exploited by hackers to get access to user tokens. The theft of these tokens is associated with the advancement of a major API security risk, it also indicates how API risks can go unnoticed for such a long time frame. The trends in digital up-gradation have further pushed the process of continuous integration and continuous delivery – CI/CD, which are closely related concepts but are sometimes used interchangeably. The main purpose of continuous delivery is to ensure that the deployment of a new code takes the least possible effort. It enables DevOps to maintain a constant flow of software updates to fasten release patterns and reduce the risks related to development.

Conventionally, developers used to work on the parts of an application– one at a time and then manually merge the codes. The process was isolated and time-consuming, it led to the duplication of code creation efforts. However, as the IT ecosystem went on embracing the new CI/CD model and effectively sped up the development process while ensuring early detection of bugs, almost all the security has been commercialized by ace infrastructure providers namely Microsoft and Amazon. The commodities offered include authorization, container protection and encryption of data. Similarly, security components of first-generation firewalls and gateways like the protection of denial-of-service (DDoS) attacks also constitute the infrastructure.

When it comes to navigating and communicating – especially through an unfamiliar space, APIs are a powerful tool with great flexibility in their framework. However, similar reasons also make APIs equally vulnerable also.

While giving insights into the major IT risk posed by APIs, Terry Ray, chief security officer for Imperva told, "APIs represent a mushrooming security risk because they expose multiple avenues for hackers to try to access a company's data."

"To close the door on security risks and protect their customers, companies need to treat APIs with the same level of protection that they provide for their business-critical web applications."

The API threat is basically rooted in its lack of visibility, Subra Kumaraswamy, the former head of product security at Apigee, an API security vendor owned by Google, while putting the risk into the perspective, told: "When you have visibility into your APIs throughout your organization, you can then put controls in place."

"You might decide that a certain API should only be exposed to in-house developers, not external, third-party ones. If you don't have visibility, you can't see who is accessing what."

While labeling the authorization and improper asset management as areas of key concern, Yalon told, “Authorization mechanisms are complex because they are not implemented in one place, but in many different components like configuration files, code, and API gateways."

“Even though this sometimes may look like simple housekeeping, having a very clear understanding of the APIs, with well-maintained inventory, and documentation (we whole-heartedly recommend Open API Specification) is very critical in the world of APIs,” he further said.
Read more »
Technology
Advertising revenue Facebook Google Social Media Technology

Facebook and Google- The Kingpins Who Generated Millions of Ad Revenue This Year!


This fiscal year has been quite a success for all the social media platforms in terms of online digital advertising revenue generation.

Digital advertising revenue is the income that businesses earn via displaying paid advertising advertisements on their social media platforms or websites.

Per sources, Facebook and Google rose big time on the online revenue charts of the year 2018-2019. Facebook gathered 2,233 and as compared to the Rs. 6389 crore of the last fiscal year, Google landed itself a sum of Rs. 9,203 crore in ad revenue.

According to reports the social media giant’s ad revenue partly builds up of the advertisement that Indians “spend” on trendy social applications like Messenger, Instagram, and other third-party affiliations and applications.

Per sources, over 4.39 billion people use the internet all over the world today. Digital advertising hence, is more than a fitting alternative for the online world. The field is growing at a flying rate. According to a major report, the expenditure of ads is likely to multiply exponentially in a couple of years.

Reports also say that Facebook and Google collectively have a share of 68 percent in India’s online advertising sphere. They also plan on expanding it, given the compelling competition from Amazon and other similar entities.

The Indian division of Facebook, Facebook Indian Online Service Pvt. Ltd., cites that it gives the ad inventory amount back to the main company, which adds somewhere up to Rs.1,960 crore in the latest fiscal year. The amount that contributed to the net revenue of this Indian division was Rs. 263 crore.

Per sources, Facebook’s revenue from online ad ventures had an overall rise of 71 percent this “year-on-year”, only to reach a glorious Rs. 892 crore in this fiscal year.

This made the profit for the social media colossus rise by 84 percent which amounts up to Rs. 105 crore, mentioned the reports.
Google India Pvt. on the other hand as per what the reports mentioned displayed Rs. 1, 097 crores as its “net sales” from online advertisements.

The overall revenue for this search engine master totaled Rs.4,147 crore which was half of what it acquired in the previous fiscal year. Nevertheless, its profit experienced a 16 percent hike equalling to Rs. 473 crore, sources indicated.

Read more »
Russia
Cyber Crime Cyber Crime Report E Hacker News Hackers Arrested Russia

Hacker to stand trial for stealing and distributing Russian Railways data


The investigating authorities completed a criminal investigation into the theft of data from Russian Railways employees. This was reported by the press service of the Investigative Committee of Russia.

According to the Committee, in June 2019, the accused, using illegally obtained accounts of two employees of Russian Railways and 96 unique IP addresses, was able to get to the internal website of the state company. There, he copied several hundred thousand photos and information of the Russian Railways management, as well as other employees of the organization. Later, he posted the data on one of the sites that have hosting in Germany.

Investigators were able to identify the computer genius. It turned out to be a 26-year-old IT specialist from Krasnodar, who admitted his guilt. It was possible to establish the identity of the attacker through joint work with the K department of the Ministry of Internal Affairs of Russia and the security service of Russian Railways. In December 2019, he was charged under the article "illegal receipt and disclosure of information constituting a trade secret".

The leak of data of Russian Railways employees became known in August 2019. They were published on the website infach[dot]me, which allowed users to anonymously publish personal data of other people. Among the data of Russian Railways employees published on the site were their names, phone numbers, positions, photos in the uniform and pictures of the insurance documents. The attackers added a note to the publication "Thank you to Russian Railways for the information provided by carefully handling the personal data of their employees". Later, the information was hidden.

Later, Ashot Hovhannisyan, the founder and technical Director of DeviceLock, a company specializing in preventing data leaks from corporate computers, said that unknown people had posted personal data of 703 thousand people for free access. He also suggested that the leak occurred from the database of the security service of the state company. According to the report for the first half of 2019, the number of employees of Russian Railways amounted to 732 thousand people.
After the leak, Russian Railways assured that the passenger data was not stolen.
Read more »
US
Cybersecurity lazarus North Korean Hackers US

US Intelligence Reveals Malware, Blames North Korea


The FBI (Federal Bureau of Investigation), US Cyber Command, and DHS (Department of Homeland Security) recently discovered a hacking operation that is supposed to originate from North Korea. To inform the public, the agencies issued a security statement which contains the information of the 6 malware that the North Korean Hackers are currently using.


US Cyber Command's subordinate unit, Cyber National Mission Force (CNMF), on its official twitter account published that the North Korean hackers are spreading the malware via phishing campaigns. The tweet says, "Malware attributed to #NorthKorea by @FBI_NCIJTF just released here: https://www.virustotal.com/gui/user/CYBERCOM_Malware_Alert …. This malware is currently used for phishing & remote access by #DPRK cyber actors to conduct illegal activity, steal funds & evade sanctions. #HappyValentines @CISAgov @DHS @US_CYBERCOM."

According to the US Cyber Command, the malware allows the North Korean hackers to sneak their way into infected systems and steal money. The funds stolen are then transferred back to North Korea, all of it done to avoid the economic sanctions imposed upon it. It is not the first time that the news of the North Korean government using hackers to steal money and cryptocurrency to fund its nuclear plans and missile programs, and avoid the economic sanctions have appeared. According to the reports of the US agencies, the 6 malware are Bistromath, Slickshoes, Crowdedflounder, Hotcroissant, Artfulpie, and Buffet line. The official website and twitter account of DHS, US Cyber Command, have complete details about the malware.

The US Alleges Lazarous Group for the Attack 

 Cybersecurity and Infrastructure Security Agency (CISA) claims that the attack was carried away by the North Korean hacker group Lazarus. The group also works under an alias, Hidden Cobra, and is one of the largest and most active hackers' groups in North Korea. According to the DOJ (Department of Justice), Lazarus was also involved in the 2014 Sony hack, 2016 Bangladesh Bank Attack, and planning the 2017 WannaCry ransomware outbreak.

A new 'Name and Shame' approach 

 Earlier, the US used to avoid issuing statements when it faced cybersecurity attacks. However, in the present times, it has adopted a new name and shame approach to deal with this issue. The US cybercommand, as observed, publishes about the malware publicly on its Twitter handle, along with the nation responsible. This didn't happen earlier.
Read more »
Windows
Apple Cybersecurity iOS Microsoft Windows

Apple Doubles Microsoft by 2:1 in Cybersecurity Threats


According to a fresh report on malware that further sinks deep into the debate of cyberattacks, research company Malwarebytes has used data from various fields to analyze the cybersecurity attacks that effected either the consumers or the business in 2019. But the most surprising thing is the platforms on which these attacks happened: Apple vs Microsoft. Surprisingly, the report tells us that the cybersecurity threats had a larger effect on Apple than that of Microsoft.


An insight into State of Malware Reports- 

 The 2020 Malwarebytes research looked into the following fields for the potential cybersecurity threats: macOS and Windows, iOS and Android users, attacks based on web browsers, and attacks that happened on Windows or Mac PCs. After calculating the cybersecurity threats and analyzing the data, the 'State of Malwares' report revealed that cybersecurity threats against Apple increased by 400% in the year 2019. It also concludes that Apple outnumbers Microsoft by 2:1 in terms of cybersecurity threats.

The ratio shouldn't be ignored as Malwarebyte's Apple has a larger user base than Microsoft. Further, the report reveals that Mac files tend to have more malicious behavior (front and center) throughout the years, allowing more space for hackers to deploy evading techniques to escape iOS discovery. As the malware signs of progress keep affecting the iOS, users should rethink if they should install antivirus in their phones or not, as it opens up the space for cyber attacks.

 Does it raise concern over Mac Security- 

 If you look back in the past media coverage on cybersecurity, the reports would suggest that there were more attacks to Microsoft or Windows users than to Apple or iOS. But simply having fewer reports than Microsoft doesn't mean that Apple has better cybersecurity. There have been a few prominent incidents that raised suspicion over Apple's commitment to security. For instance, the iPhone specific threats, or the Siri feature that left encrypted emails encrypted, or the apps that could tell if "your iPhone was hacked," or to ensure the security of the Apple Smartwatch 5. The Malwarebytes report suggests that one shouldn't ignore this while moving into 2020, as 2019 showed it was a bad year for Apple.
Read more »
Subscribe to: Comments (Atom)