Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

User Data
Facebook Fake Accounts Phishing scam Technology UK User Data

Litigation Firm Discovers a New Phishing Scam Falsely Purporting To Be From Leading UK Supermarket


A litigation firm discovered a new phishing scam falsely indicating to be from a leading UK supermarket Tesco. 

The scam had utilized SMS and email communication planned to fool customers into handling over their subtleties, and steal classified and payment data. 

The fraud started through an official-looking but fake Facebook page entitled 'Tesco UK' which shared images implying to be from a Tesco warehouse, showing stuffed boxes of HD television sets. 

As per Griffin Law, the litigation firm, the message stated: “We have around 500 TVs in our warehouse that are about to be binned as they have slight damage and can’t be sold. However, all of them are in fully working condition, we thought instead of binning them we’d give them away free to 500 people who have shared and commented on this post by July 18.” 

The firm stated that at least some 100 customers had responded to the Facebook page or received an email.

The original fake Tesco Facebook page is currently listed as 'content unavailable.' It was the clueless users who had due to immense excitement shared the post helped it to spread before receiving an email offering them the opportunity to 'claim their prize.' 

A button in the message connected victims to a landing page to enter their name, place of residence, phone number, and the bank account details. 

Tim Sadler, Chief, Tessian, stated: As the lines between people in our ‘known’ network and our ‘unknown’ networks blur on social media feeds and in our inboxes, it becomes incredibly difficult to know who you can and can’t trust. Hackers prey on this, impersonating a trusted brand or person to convince you into complying with their malicious request and they will also prey on people’s vulnerabilities." 

Although Sadler empathized with the people who are struggling financially in the wake of the [COVID-19] pandemic and henceforth the proposal of a free television could be appealing to them.

However, he advises the users to consistently scrutinize the authenticity of these certain messages and consistently confirm the requestor's offer before tapping on the link and refrain from asking for trouble.

Read more »
Russian Hackers
Cyber Security National Cyber Security Russia Russian Hackers

Representatives of the Russian government commented on the statements of Western media about the attack of "Russian Hackers"


The media of the United Kingdom and the United States are working in the interests of the authorities, trying to reduce the intensity of critical sentiment among British and American residents, said Alexander Malkevich, First Deputy Chairman of the Commission on Media of the Public Chamber of the Russian Federation, President of the Foundation for the Protection of National Values.

The Daily Telegraph, New York Times, Financial Times and Metro said that the hacker group ART29, allegedly linked to Russian intelligence services, attacked British research centers working on the creation of a vaccine against COVID-19.

In addition, British Foreign Secretary Dominic Raab said that in December last year, Russian hackers "almost certainly" tried to influence the outcome of the parliamentary elections in Great Britain by circulating "illegally obtained" government documents on the Internet.
London threatened to retaliate at the diplomatic level, without providing any evidence of confirmation about the "Russian hackers".

According to Maria Zakharova, spokesman for the Russian Foreign Ministry, British and American tabloids, and newspapers like the New York Times and the Financial Times, do not need real evidence: anti-Russian publications are published there regularly. Britain did not make any real attempts to understand the situation.

“The British authorities are aware of the Russian National Coordination Center for Computer Incidents, specially created for this purpose. However, we did not receive any calls in connection with these incidents through official channels, ”said an employee of the Russian embassy in London.

Russia's ambassador to the UK, Andrei Kelin, called “meaningless” accusations of attempts to steal data on a coronavirus vaccine by hackers led by Russian intelligence services.  According to him, in the current world, it is impossible to attribute hacker attacks to any country.
Read more »
VPN
IP addresses Technology User Data VPN

VPN Services Reportedly Leaked Around 1.2TB User Data Containing Sensitive Information


A recent discovery by a tech service company has taken the world by storm. The VPN services may not be as protected and secure as they guarantee to be, the company reveals that around 894GB of client information and data from UFO VPN has been exposed on the web.

This was proved true for eight quite well-known VPN services that have purportedly released a mammoth 1.2TB of client information. These VPN applications are as yet accessible on the Google Play Store with just one removed until now.

The leaked info contains subtleties like accounts passwords, VPN session secrets/tokens, IP addresses of both client devices and servers, and even the operating system of the devices.

As per by Comparitech, the tech service company responsible for the discovery,  more than 20 million client entries are included in the logs every day.

The VPN specialist co-op was likewise informed regarding the information spill yet denied any such claims. UFO VPN said that the client logs are saved for traffic monitoring and that every last bit of it is 'anonymized'.

It was later found that there are seven more Hong Kong-based VPN administrations that have around 1.2TB of client information out in the open online.

The list incorporates FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, Rabbit VPN, and UFO VPN as well. Found by VPNmentor, it was discovered that all these VPN services share a typical Elasticsearch server and also the same recipient for payments, Dreamfii HK Limited.

The information uncovered from these VPN administrations contain sensitive data like home addresses, Bitcoin and PayPal payment details, email addresses and passwords, user names, and more. Dreamfii HK is expected to be the parent company for all these VPN services.

As of now, these VPN applications are as yet accessible on the Play Store, and only Rabbit VPN has been removed.

Read more »
Russian Hackers
Cyber Attacks National Cyber Security Russian Hackers

Three countries have accused Russia of trying to steal data on the vaccine


The UK's National Cyber Security Center (NCSC) said that Russian hackers, led by Russian intelligence agencies, tried to steal information about the development of a coronavirus vaccine in the UK, Canada and the United States.

The report clarifies that the "cyber espionage group" APT29, or Dukes and Cozy Bear, which is "almost certainly" part of the Russian intelligence structure, has been carrying out attacks on various organizations that participated in the creation of the drug throughout the year.

According to the NCSC, hackers used malicious software WellMess and WellMail and phishing to gain access to the developers' computers. From the point of view of intelligence, many of these data were not valuable, but the stolen information can allegedly be used later or in case they become significant.

In the UK, SARS-CoV-2 vaccines are being developed by two research centers: the University of Oxford and Imperial College in London. The British media, citing information from sources in the special services, write that both organizations were “attacked by hackers”.

In turn, the Press Secretary of the Russian President Dmitry Peskov called the allegations of the British side unfounded. "We do not have information about who could have hacked pharmaceutical companies and research centers in the UK. We can say one thing - Russia has nothing to do with these attempts. We do not accept such accusations," said the Kremlin spokesman.

Hundreds of laboratories around the world are searching for a COVID-19 vaccine. The World Health Organization has said that without creating a vaccine, a pandemic cannot be defeated. Currently, nine research centers have begun clinical trials in the world. In Russia, clinical trials should begin in June. The Russian Ministry of Health expects a vaccine to appear at the end of July.
Earlier, E Hacking News reported that accusations of the British authorities against Russia of allegedly stealing coronavirus developments by Russian hackers are "typical corona - madness".
Read more »
Vulnerabilities and Exploits
IoT devices Security Cameras Vulnerabilities and Exploits

Vulnerabilities with AvertX IP security cameras


Palo Alto Networks Unit 42, this February found three vulnerabilities present in AvertX IP cameras in their latest version.

These three vulnerabilities were found in models HD838 and 438IR of AvertX used as outdoor surveillance cameras with object-detection and infrared and technology built-in. The users can store the recordings both in the cloud on a Network Video Recorder (NVR) or in a memory card.

The three vulnerabilities that were found and confirmed by AvertX were:

CVE-2020-11625: User enumeration 

Faulty web user interface (UI) login attempts lead to varied results when the account doesn't exist that could enable attackers to use brute force attacks.

 CVE-2020-11624: Weak password requirements 

The software does not require users to change from the default password. When the user tries to login with the default password the pop shows 'password has been changed' but lets the user login.

 CVE-2020-11623: Exposed dangerous method or function 

An exposed UART interface exists that could be exploited by an attacker with physical access to the UART and change diagnostic and configuration functionalities.

 The Impact of these Vulnerabilities

The attackers can use a brute force attack by gaining legitimate accounts as the vulnerability allows to collect valid usernames and once the username is accessed it is easy to gain the password via brute force attack.

Since the camera can be accessed by using the default password- can easily make your camera and machine compromised. And the default password can be as easily accessed by reading a user manual, as a result, can connect to Iot devices.

Physical access to UATR ( universal asynchronous receiver-transmitter) can allow the attacker to change configurations, modify them, or even shut the camera down.

 The company AvertX, analyzed the faults and vulnerabilities and have released a patch with proper modifications and removed the UATR connector as well as changed the interface in the later produced batches.
2020 Unit 42 IoT Threat Report showed that security cameras make 5% of Interest Of Things (IoT) devices all over but they cover 33% of security issues related to IoT devices.
Read more »
Cybersecurity
.skl files ATM ATM Hacking Cybersecurity

Black Box: A New ATM Attack that Diebold Nixdorf Warns Off


A unique kind of ATM attack has come to surface called "Black Box." ATM developer Nixdorf warns the financial sector to stay on alert. The attack was widespread accross Europe recently. The Black Box ATM attacks are similar to Jackpotting, in which hackers make the ATMs dispense out cash in piles. Hackers use jackpotting to attach a malware in the ATM or use a black box instead. "Some of the successful attacks show a new adapted Modus Operandi on how the attack is performed.
"Although the fraudster is still connecting an external device, at this stage of our investigations, it appears that this device also contains parts of the software stack of the attacked ATM," says Diebold.


In the case of black-box attacks, the hacker tampers with the ATM's external casing and gets access to the port. The hacker can also put a hole in the machine to find internal wires and connectors. Once the hacker has access, he connects the black-box with the ATM through a laptop, building a connection with the internal systems. After this, the hacker then has control over the command options and uses it to dispense cash out of the ATM.

These kinds of jackpotting attacks on ATMs have happened for a decade. The jackpotting attacks have been quite famous among gangs, as the method is very cost-effective and profitable. Jackpotting attacks are more straightforward compared to cloning cards, ATM skimming, and laundering money, which consumes quite a lot of time. Another reason for the popularity of black-box attacks is that the noob hackers (amateur) don't have to spend a lot of money to get a black box. One can purchase a device and launch an ATM attack without having to spare a lot of time.

"In recent incidents, attackers focus on outdoor systems and are destroying parts of the fascia to gain physical access to the head compartment. Next, the USB cable between the CMD-V4 dispenser and the special electronics, or the cable between special electronics and the ATM PC, was unplugged. This cable is connected to the black box of the attacker to send illegitimate dispense commands," says Diebold on his website.
Read more »
telecommunications
Data Breach Data Leak Ransomware ransomware attacks telecommunications

Orange Confirms Ransomware Attack Compromising Data of 20 Enterprise Customers


Orange, the fourth-largest mobile operator in Europe has confirmed that it fell prey to a ransomware attack wherein hackers accessed the data of 20 enterprise customers. The attack targeted the 'Orange Business Services' division and was said to have taken place on the night of 4th July and was continued into the next day, ie., 5th July.

Orange is a France based multinational telecommunications corporation having 266 million customers worldwide and a total of 1,48,000 employees. It is a leading provider of global IT and telecommunications services to residential, professional, and large business clients. It includes fixed-line telephone, mobile communications, Internet and wireless applications, data transmission, broadcasting services, and leased line, etc.

The attack was brought to light by Nefilim Ransomware who announced on their data leak site that they acquired access to Orange's data through their business solutions division.

In a conversation with Bleeping Computer, the company said, "Orange teams were immediately mobilized to identify the origin of this attack and has put in place all necessary solutions required to ensure the security of our systems." Orange further told that the attack that occurred on the night of 4th July affected an internal IT platform known as, "Le Forfait Informatique", it was hosting data belonging to 20 SME customers that were breached by attackers, however, there were no traces of any other internal server being affected as a result of the attack. Giving insights, Tarik Saleh, a senior security engineer at DomainTools, said, "Orange certainly followed best practices by promptly disclosing the breach to its business customers, who will need to take all the possible precautions to make their data unusable in future attacks: changing the password of their accounts and looking out for potential phishing or spear-phishing emails."

While commenting on the security incident, Javvad Malik, Security Awareness Advocate at KnowBe4, said that in these times, it is essential, "that organizations put in place controls to prevent the attack from being successful, as even if they have backups from which they can restore, this won't bring back data that has been stolen."

"As part of this, organizations should implement a layered defensive strategy, in particular against credential stuffing, exploitation of unpatched systems, and phishing emails which are the main source of ransomware. This includes having technical controls, the right procedures, and ensuring staff has relevant and timely security awareness and training," he further added.
Read more »
Twitter
Accounts Hacked cyber attack Twitter

Recent Twitter hacks raises security concerns and discredits the platform's credibility


The recent hack on Twitter leaves security researchers and others worried about the credibility of the platform, especially during the upcoming US presidential election and how a hack like this, if to be occurred during the elections, could be catastrophic.

Late Wednesday, a number of Twitter's verified accounts were hacked including former president Barack Obama, Democratic presidential candidate Joe Biden, Actress Kim Kardashian, Co-founder Microsoft Corporation Bill Gates, Amazon CEO Jeff Bezos, and Tesla founder Elon Musk. The hackers gained the login credentials of employees and hijacked these accounts. 

The company tweeted, “We detected what we believe to be a coordinated social engineering attack by people who successfully targeted some of our employees with access to internal systems and tools.” And "used this access to take control of many highly-visible (including verified) accounts and Tweet on their behalf.” 

This raises the concern that the platform has been compromised and that the hack was not performed from the user end rather it was attacked from the server.

Adam Conner, vice president for technology policy at the Center for American Progress, tweeted, “This is bad on July 15 but would be infinitely worse on November 3rd.” Twitter is a critical platform of political discourse and discussion and often serve as a news source. And if something similar to this was to occur on or near to Nov 3 Presidential Elections to say important political persons like Donald Trump; it would be cataclysmic.

“If the hackers do have access to the backend of Twitter, or direct database access, there is nothing potentially stopping them from pilfering data in addition to using this tweet-scam as a distraction,” said Michael Borohovski, Director at Synopsis.

These hacks have damaged Twitter's reputation especially since these are not the first attack on the platform but the worst one yet for sure. Dan Guido, CEO of security company Trail of Bits responded on the hack saying, “Twitter’s response to this hack was astonishing. It’s the middle of the day in San Francisco, and it takes them five hours to get a handle on the incident".

 The hijacked accounts tweeted to double the money sent to them via Bitcoin. By Wednesday evening 400 transfers were made and transactions worth $120,000 occurred.
Read more »
Russian Cyber Security
Bank Cyber Security Cyber Security Cyber Security awareness Mobile Bank Hacking Russian Cyber Security

Russian experts gave tips on protecting a mobile Bank from fraudsters


Two-factor authentication and compliance with digital hygiene rules can protect users from hacking a mobile Bank on smartphone

According to experts, mobile banking programs are quite secure, so most often funds are stolen due to user errors.

“More often, cybercriminals call customers of financial institutions or use malware,” said Sergei Golovanov, a leading expert at Kaspersky Lab. In this case, users may accidentally give fraudsters the card details and login passwords.

Andrey Arsentiev, head of Analytics and Special Projects at InfoWatch Group, believes that any applications are vulnerable to hacking if malware is installed.

Vladimir Ulyanov, head of the Zecurion analytical center, is sure that users need to configure two-factor authentication to get an additional one-time code. At the same time, the specialist believes that the spyware installed on the smartphone can intercept the SMS code from the Bank. "It is more secure to perform operations and receive confirmation codes on different devices," Ulyanov said.

"Install the software on your phone only from authorized, approved sources (App Store and Google Play)," said Ruslan Suleymanov, Director of information technology at ESET Russia. In his opinion, customers of credit organizations need to have a separate card for online purchases, set daily limits for transfers, and regularly change passwords.

"You can't tell anyone your card details or login details to the customer Bank by telephone. Not a single bank makes such official requests on its behalf,” concluded Suleymanov.
According to the founder of DeviceLock Ashot Hovhannisyan, it is best not to use a mobile Bank, but to log in to your personal account on a computer protected by antivirus. If mobile banking is important, then you should stop using a jailbreak and installing dubious programs through alternative stores.

In addition, Roskachestvo experts have recommended that users should regularly update the software on their devices, even if they do not see a particular need for it. Otherwise, it can lead to unpleasant consequences.

Read more »
malware
Backdoor China malware

Experts Discover Backdoor Malware in Chinese Tax Softwares named "GoldenHelper"


Trustwave has found a new malware (backdoor) named GoldenHelper. The malware is encoded in Golden Tax Invoice Software. It's under the Golden Tax Project of China's government, and its function is issue invoice and adds VAT (Value Added Tax). In June, experts had also discovered another malware named GoldenSpy. The backdoor malware was embedded within tax softwares that the Chinese companies had to install, to work in the financial sector. The backdoor malware GoldenHelper is entirely distinct from GoldenSpy.


However, both the malware function in a similar way. The backdoor malware gains entry into the international company's network operating in China to steal information. The GoldenHelper campaign distribution was active between January 2018 to July 2019 (the operations ceased to exist after January 2020). It should be noted that the GoldenSpy campaign also became active in April 2020.

The malware uses intelligent techniques to cover its usage activity when it's in function. Popular methods include using arbitrary files pattern, systems locations, and names while in transition. "The Golden Tax Project is a national program in China, impacting every business operating in China. We are currently aware of only two organizations authorized to produce Golden Tax software, Aisino, and Baiwang. This is now the second Golden Tax software package that Trustwave SpiderLabs has found to contain a hidden backdoor capable of remotely executing arbitrary code with SYSTEM level privileges," says Trustwave in its report. 

About GoldenHelper's Activity 

  • It doesn't ask user permission to gain access (UAC Bypass) 
  • Obfuscation- Randomization of file names 
  • Timestomping- Randomization while generating timestamps of "creation" and "last write." 
  • Arbitrarily downloads executable using fake file names. 

"During our investigation, we have been informed that the Golden Tax software may be deployed in your environment as a stand-alone system provided by the bank. Several individuals report receiving an actual Windows 7 computer (Home edition) with this Golden Tax software (and GoldenHelper) preinstalled and ready to use. This deployment mechanism is an interesting physical manifestation of a trojan horse," says Trustwave in a report published on its website.
Read more »
Ransomware
Cloud Security Crypto-jacking Cyber Criminals Cyber Security India Ransomware

Indian Organizations Suffer the Most in Public Cloud Security Incidents



In a survey of 26 countries for public Cloud security incidents, India emerges as the nation which endured the hardest hits the previous year with 93 percent of the nation's organizations encountering the problem.

The survey included more than 3,500 IT managers across 26 nations in Europe, the Americas, Asia Pacific, the Center East, and Africa that currently host data and workloads at hand in the Public Cloud.

The cybersecurity incidents that Indian organizations suffered most included ransomware (53 percent) and other malware (49 percent), exposed data (49 percent), compromised accounts (48 percent), and cryptojacking (36 percent), said the report titled "The State of Cloud Security 2020" by cybersecurity company Sophos.

While Europeans seem to have endured the least level of security incidents in the Cloud, an indicator that compliance with General Data Protection Regulation (GDPR) guidelines are assisting with protecting organizations from being undermined.

However, India still hasn't enforced a data protection law.

Chester Wisniewski, Principal Research Scientist at Sophos said in a statement, "Ransomware, not surprisingly, is one of the most widely reported cybercrimes in the public Cloud."

 "The recent increase in remote working provides extra motivation to disable Cloud infrastructure that is being relied on more than ever, so it's worrisome that many organizations still don't understand their responsibility in securing Cloud data and workloads," Wisniewski added later.

"Cloud security is a shared responsibility, and organizations need to carefully manage and monitor Cloud environments in order to stay one step ahead of determined attackers."

According to the report, more than 55 percent of Indian organizations and businesses revealed that cybercriminals obtained access through the stolen Cloud provider account credentials.

Regardless of this, only 29 percent said managing access to Cloud accounts is a top area of concern. Albeit 'accidental exposure' keeps on plaguing organizations, with misconfigurations exploited in 44 percent of reported attacks on Indian organizations.

With 76 percent of organizations utilizing the Public Cloud, detection and response are driving the Cloud security concern for IT managers in India while data security still stays as a top concern across the world for organizations.

Read more »
Subscribe to: Comments (Atom)