Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Technology
IBM Internships STEM Technology

IBM announces 1000 STEM internship opportunities for students


Petrarch once said, "Sameness is the mother of disgust, variety the cure". And we as a society believe quite strongly in diversity, it is the core of our harmonious existence; even research proves that diverse companies produce 19% more revenue. Most companies today give considerable weightage to being diverse and inclusive, one of them being IBM.

IBM, a highly innovative and research-focused company has always been inclusive in its approach with its ingenious programs like "creating new pathways to science, technology, engineering and math careers with Pathways in Technology Early College High School also known as P-TECH".

 "The fight against racism and racial inequality is as urgent as ever. Despite much progress since the Civil Rights movement, Black people are still significantly affected by poverty, unemployment, segregated housing, and other injustices in the United States.", they wrote on their website.

And with the same thought, IBM has announced to provide 1000 internships for the United States P-TECH students instead of the 150 they used to earlier.

"At IBM, one way we are taking action in advocating for social justice and racial equality is by advancing education, skills, and jobs. Today, as part of our ongoing efforts, we are pleased to announce the creation of 1,000 paid internships for P-TECH students in the United States from now until December 31, 2021. This commitment is a 10x incremental increase from our most recent internship goals." announced the company.

P-TECH is a unique program by IBM, where students from grade 9-11 are prepared with STEM training, mentorship, and work experience. The students earn a high school diploma, a two-year associate degree and work experience, and ample opportunities to enter the tech field. STEM, a science, technology, engineering, and mathematics field has lead the global innovation bar but it is also a field where still minorities are much unrepresented and IBM steps to endeavor this issue with their 1000 free internships program.

 "We aspire to create more open and equitable pathways to employment for all regardless of background. It’s about generating the skills and training that lead to good jobs. We will continue the fight to bring new faces to the tech industry that truly reflect the demographics of our communities.", IBM writes on P-TECH programs announcing the new internship opportunities.
Read more »
Telegram
Cybersecurity IS Islamist Propaganda Telegram

Telegram Takes Down Islamist Propaganda on its Platform, Extremist Groups Struggle


The social networks and US military have imposed high regulations to control Islamist propaganda on social media and have been able to take down Islamic State terrorist groups. After this move, experts say these groups are now struggling to recover their control on the mainstream social media apps and networks. As most of the major social networking sites have choked the group, the Islamist group has tried to build its propaganda on small sites. But even there, it has met by strong regulations by the authorities. According to Europol, an EU (European Union) law agency, the social networking companies have tried to bring down these Islamist propaganda content growing on their websites, in an attempt to take down the extremist group activities on social media.


Europol, in its report, said, "While Google and Instagram deployed resilience mechanisms across their services, Telegram was the online service provider receiving most of the referral requests during this Action Day. As a result, a significant portion of key actors within the IS network on Telegram were pushed away." These extremist groups used Telegram as their primary platform of propaganda until 2019.

According to Europol, Telegram had removed up to 5000 terrorist profiles and bots in two days, in an effort against shutting down the Islamist propaganda. Earlier, it was only able to take down 200-300 accounts on average. After that incident, the extremist groups moved towards more covert apps like the Russian "TamTam" and "Hoop Messenger." Canada hosts these websites. The IS, in apparent desperation, has also started using chat services designed for blockchain developers to spread their messages. In 2016-17, the US cyber command took action against these extremist groups. It shut down recruitment groups and suppressed their further attempts to spread the messages.

Currently, the US cyber command has presidential approval to combat IS propaganda with cyberattacks. They have also widened their jurisdiction area since then. "In the past year and a half, Telegram has also put forth a considerable effort to root out the abusers of the platform by bolstering its technical capacity in countering malicious content and establishing a close partnership with Europol," says Europol.
Read more »
Online Education
cyber attack Cyber Security DDOS Attacks Hackers Online Education

Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack



The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. 

The test had been hit by a distributed denial of service (DDoS) attack, which includes a hacker or group endeavoring to bring down a server by overpowering it with traffic according to ExamSoft, one of the three vendors offering the exam that certifies potential attorneys. 

The incident marked the first DDoS attack the organization had encountered at a network level, ExamSoft said, and it worked with the Michigan Board of Law Examiners to give test-takers more time to take the test after it was ready for action once more. 

The company noted that "at no time" was any information compromised, and that it had the option to “thwart the attack, albeit with a minor delay” for test-takers. 

The Michigan Supreme Court tweeted preceding the organization's statement that a "technical glitch" had made the test go down, and those test takers were “emailed passwords and the test day will be extended to allow for the delay for some test takers to access the second module.” 

As per the court, those taking the test with provisions from the Americans with Disabilities Act were not affected by the episode.

 “All exam takers were successfully able to start and complete all modules of the Michigan Bar exam,” the organization wrote. 

“This was a sophisticated attack specifically aimed at the login process for the ExamSoft portal which corresponded with an exam session for the Michigan Bar,” ExamSoft said in a statement on Tuesday. 

United for Diploma Privilege, a national gathering of law students, graduates, professors, and lawyers pushing for the bar exam to be postponed during the COVID-19 pandemic, raised worries about data privacy issues associated with the cyberattack.  

Numerous states have opted to offer the bar exam in-person this month, while others will offer the test online in early October. 

A spokesperson for the National Conference of Bar Examiners (NCBE), which drafts a segment of the test, told 'The Hill' just earlier this month that states and jurisdiction could decide to offer the test through vendors such as ExamSoft, Extegrity and ILG Technologies.


Read more »
Phishing Attacks
COVID-19 Cyber Security. Phishing Attacks

COVID-19 used as a lure for Cyber Attacks: Report suggest massive increase in Phishing Trends


Since the starting of the year, 2020 has been a bearer of bad news and Covid seems like a bad punch line. With 14 Million cases, the pandemic has wreaked havoc not only on human life but other sectors of business and economy as well; especially impacting cybersecurity, giving a sweet opportunity for hackers and scammers to con people.


According to recent research by Positive Technologies, there has been a 25% increase in phishing attacks in quarter one (Q1)of this year as compared to Q4 of 2019 and 13% of these phishing attacks were related to COVID-19. One of the analysts at Position Technologies said, “Hackers were quick to use common concerns about coronavirus as lures in phishing emails. One out of every five emails was sent to government agencies.”

The researchers also noted that 23 of the tenacious and active APT (Advanced Persistent Threat) groups targeted financial and medical institutions, government agencies, and industries. Around 34% of the attacks on organizations were ransomware ( malware attackers demanding money ransom in order to decrypt files and to not reveal stolen data). One out of every 10 ransomware was targeted at an organization.

This year has seen ransomware evolving into much-feared threat with Maze ransomware collaborating with other ransomware groups and publishing the stolen data on their website. Another ransomware Snake released in the beginning of this year, even deletes backups and snapshots.

Many security analysts discourse that the report from the research isn't all that surprising as COVID-19 has been used as a lure and click-bait to trap users desperate for info on the pandemic.

Jamie Akhtar, CEO of CyberSmart says, “enormous spike in phishing campaigns, fake websites and social profiles that were deliberately impersonating COVID-19 and healthcare-related authorities as hackers exploited the unprepared public.”

 Adding, “Many of these phishing emails can be extremely convincing and are not likely to end soon.

“Businesses and their employees can protect themselves against these attacks in the future by using email filtering that will detect and flag suspicious email addresses and malicious links or attachments, but these often don't catch everything. Training employees on how to spot suspicious and phishing emails is the best way to prevent these kinds of attacks.”
Read more »
malware
Adware Google Google Play Store malware

Google Banned 29 Android Apps Containing Adware


A research discovered that almost all the malware are designed to target android users and in order to prevent users from installing adware filled apps built to stealthily access their banking and social media credentials; Google has made a continuous effort including the introduction of ‘Google Play Protect’. The main idea behind Play protect is to keep your device, apps, and data secure by automatically scanning the apps in real-time and identifying any potentially malicious apps. Despite the strength of Google’s machine learning algorithms and constantly improving real-time technology, the operations of Potentially Harmful Applications (PHAs) do not seem to halt any time soon as cybercriminals are devising new methods to evade detection by Play Protect also.

Recently, Google pulled off 29 apps from the Play Store as they were found to be infected with adware, most of these apps were present in the facade of photo editing apps having a feature of ‘blur’, which was also the codename of the investigation called as “CHARTREUSEBLUR”- that unveiled the malicious operations. The apps were discovered as a part of the White Ope’ Satori threat intelligence team. In total, these Android apps had more than 3.5 million downloads.

As per the observations, these malicious apps were promoting irrelevant advertisements which are said to be used to keep away from detection. After the victim installs any of these apps, the icon to launch the app would immediately disappear from the home screen and won’t be found anywhere, making it highly inconvenient for the users to remove the adware laden apps from their devices. Moreover, there was no open function to be found on the Play Store either.

In order to stay on a safer side, the investigation team advised Android users to stay wary of adware filled apps by examining reviews properly before downloading and not to fall for fake 5-star reviews. Apps that seem new and have received a whopping number of downloads in a short period of time should be strictly avoided.

Recently banned 29 Android applications included Color Call Flash, Photo Blur, Photo Blur Master, Super Call Screen, Square Blur Master, Blur Photo Editor, Super Call Flash, Auto Picture Cut, Square Blur Photo, Magic Call Flash amid a few others.
Read more »
Russian Cyber Security
Bank Cyber Security Dark Web Darknet Data Breach Russian Cyber Security

The data of clients of the Russian bank Alfa-Bank leaked to the Network


On June 22, a message appeared on the Darknet about the sale of a database of clients of the largest Russian banks. The seller did not specify how many records he has on hand but assured that he is ready to upload 5 thousand lines of information per week.

One of the Russian Newspapers had a screenshot of a test fragment of the Alfa-Bank database, which contains 64 lines. Each of them has the full name, city of residence, mobile phone number of the citizen, as well as the account balance and document renewal date.

A newspaper managed to reach up to six clients using these numbers. Two of them confirmed that they have an account with Alfa-Bank and confirmed the relevance of the balance.

Alfa-Bank confirmed that they know about the data leak of several dozen clients.
The seller of Alfa-Bank's database said that he also has confidential information of clients of other credit organizations.

"I can sell a database of VTB clients with a balance of 500 thousand rubles or more with an update from July 17 for 100 rubles per entry," claimed the seller. However, the Russian newspaper was not able to get test fragments of these databases.

The newspaper also contacted two other sellers who offered information about users of Gazprombank, VTB, Pochta Bank, Promsvyazbank, and Home Credit Bank.
Information about the account balance is classified as a Bank secret. Knowing such confidential details makes it easier for attackers to steal money using social engineering techniques.

"There are two ways to get bases on the black market. One of them is the leak of data by an insider from a Bank or company. The second option is through remote banking vulnerabilities," said Ashot Hovhannisyan, founder of the DLBI leak intelligence service.
According to him, the reason for the ongoing leaks is inefficient investments in security. Companies often protect their systems from hacking from outside, but not from insiders.

Read more »
Ukrainian Cyber Security
Data Breach National Cyber Security Ukraine Ukrainian Cyber Security

The National Security and Defense Council of Ukraine reported a leak of IP addresses of government websites


The leaked list of hidden government IP addresses of government websites occurred in Ukraine. This is stated in the statement of the National Security and Defense Council (NSDC).

It is noted that specialists of the National Cyber Security Coordination Center under the National Security and Defense Council of Ukraine have found in the DarkNet a list of almost 3 million sites using the Cloudflare service to protect against DDoS and a number of other cyberattacks. The list contains real IP-addresses of sites that are under threat of attacks on them.

"The list contains real IP addresses of sites, which creates threats to direct attacks on them. Among these addresses are 45 with the domain" gov.ua" and more than 6,500 with the domain "ua", in particular, resources belonging to critical infrastructure objects",  specified in the message on the official website of the NSDC.

According to Ukrainian experts, some data on Ukrainian sites are outdated, and some are still relevant. In this regard, according to the NSDC, there is a threat to the main subjects of cybersecurity.

It was found that Cloudflare provides network services to hide real IP addresses to mitigate DDoS attacks.

In January of this year, the national police of Ukraine opened criminal proceedings due to a hacker attack on the website of Burisma Holdings. According to Assistant to the Interior Minister Artem Minyailo, the attack "was most likely carried out in cooperation with the Russian special services." To conduct an investigation, Ukraine turned to the US Federal Bureau of Investigation.

In May 2020, representatives of the state service for special communications and information protection of Ukraine announced hacker attacks on the websites of state bodies of Ukraine, including the portal of the office of President Vladimir Zelensky. In the period from 6 to 12 may, more than 10.9 thousand suspicious actions were recorded on state information resources.

Read more »
Vulnerabilities
Cyber Actors DDoS Exploits FBI Security Vulnerabilities

New Network Protocols Abused To Launch Large-Scale Distributed Denial of Service (DDoS) Attacks


The Federal Bureau of Investigation issued an alert just the previous week cautioning about the discovery of new network protocols that have been exploited to launch large-scale distributed denial of service (DDoS) attacks. 

The alert records three network protocols and a web application as newfound DDoS attack vectors.  

The list incorporates CoAP (Constrained Application Protocol), WS-DD (Web Services Dynamic Discovery), ARMS (Apple Remote Management Service), and the Jenkins web-based automation software. 

Three of the four (CoAP, WS-DD, ARMS) have just been exploited in reality to launch monstrous DDoS attacks, the FBI said dependent on ZDNet's previous reporting. 


 COAP 

In December 2018, cyber actors began exploiting the multicast and command transmission features of the Constrained Application Protocol (CoAP) to lead DDoS reflection and amplification assaults, bringing about an enhancement factor of 34, as indicated by open-source reporting. 


WS-DD 

In May and August 2019, cyber actors abused the Web Services Dynamic Discovery (WS-DD) convention to launch more than 130 DDoS attacks, with some reaching sizes of more than 350 Gigabits for every second (Gbps), in two separate influxes of attack, as indicated by open-source reporting. 


ARMS 

In October 2019, cyber actors abused the Apple Remote Management Service (ARMS), a part of the Apple Remote Desktop (ARD) feature, to lead DDoS amplification attacks, according to open-source reporting. 


JENKINS 

In February 2020, UK security researchers identified a vulnerability in the inherent network discovery protocols of Jenkins servers-free, open-source, automation workers used to help the software development process that cyber actors could exploit to conduct DDoS amplification attacks - as indicated by open-source reporting. 

FBI officials believe that these new DDoS threats will keep on being exploited further to cause downtime and damages for the 'foreseeable future'. 

The reason for the alert is to warn US companies about the 'imminent danger', so they can put resources into DDoS mitigation systems and create partnerships with their internet service providers to quickly respond to any attacks utilizing these new vectors. 

As of now, these four new DDoS attack vectors have been utilized inconsistently, however, industry specialists anticipate that them to become widely abused by DDoS-for-hire services.
Read more »
Windows
Botnets Microsoft SBM Vulnerabilities and Exploits Windows

Prometei: A Cryptomining Botnet that Attacks Microsoft's Vulnerabilities


An unknown Botnet called "Prometei" is attacking windows and Microsoft devices (vulnerable) using brute force SMb exploits. According to Cisco Talos, these SMB vulnerabilities help in mining cryptocurrency. The botnet has affected around a thousand devices. It came in March; however, according to experts at Cisco Talos, the campaign could only generate a small amount of $5000 in four months of its activities. The botnet was working since the beginning of March and took a blow on 8th June. However, the botnet kept working on its mining operations to steal credentials. According to experts, the botnet is working for somebody based in Europe, a single developer.


"Despite their activities being visible in logs, some botnets successfully fly under detection teams' radar, possibly due to their small size or constant development on the adversary's part. Prometei is just one of these types of networks that focuses on Monero mining. It has been successful in keeping its computing power constant over the three months we've been tracking it," says Cisco Talo's report.
Vanja Svajcer, a cybersecurity expert, says that earning $1250 monthly is more than average for a European. Therefore, the developer would 've made a fair profit from the botnet. Besides crypto mining, it can also steal private credentials and escape without getting traced.

About SMB attack 

 The hacker exploits the Windows Server Message Block protocol using a vulnerability. After this, the hackers retrieve passwords from Mimikatz, which is an open-source app for credential authentication. To spread itself in SMB protocol, the hackers use the RdpcIip.exe spreader module. This spreader tries to authenticate SMB operation using retrieved credentials or a temporary guest profile, which doesn't require any password. If the spreader can infiltrate, it uses a Windows app to launch the botnet remotely. But if the attack fails, the hackers can use other versions of vulnerabilities to start botnet.

To protect yourself, Cisco Talos says, "defenders need to be constantly vigilant and monitor systems' behavior within their network. Attackers are like water — they will attempt to find the smallest crack to seep in. While organizations need to be focused on protecting their most valuable assets, they should not ignore threats that are not particularly targeted toward their infrastructure."
Read more »
Mozilla Firefox
Bug Cyber Security Mozilla Firefox

Firefox expected to release a fix for their "Camera active after phone locks" bug this October


A bug in Mozilla Firefox enabled websites to keep the smartphone camera active even after leaving the browser or locking the phone. The company is working on fixing the bug and are planning to release the fix around October this year.


The bug was first reported by Appear TV, a video delivery platform last year in July. The bug activates when a user opens a video streaming app from their Mozilla Firefox browser in their Android smartphone.

It was first noticed by Appear TV when the video kept playing in the background even when it should have stopped that is the video kept playing in the background even when the user moved out of the browser or pushed it to the background or locked the phone. This raised concerns over user's privacy and bandwidth loss. "From our analysis, a website is allowed to retain access to your camera or microphone whilst you're using other apps, or even if the phone is locked," said a privacy app, Traced in talks with ZDNet. "While there are times you might want the microphone or video to keep working in the background, your camera should never record you when your phone is locked".

On Fixing the Issue

 "As is the case with dedicated conferencing apps, we provide a system notification that lets people know when a website within Firefox is accessing the camera or microphone, but recognize that we can do better, especially since this gets hidden when the screen is locked," a Mozilla spokesperson said in a statement.

"This bug [fix] aims to address this by defaulting to audio-only when the screen is locked," Mozilla added. "[The fix] is scheduled for release at the platform-level this October, and for consumers shortly after."

Mozilla has been working on a next-generation browser Firefox Nightly with more focus on privacy to replace their current browser for Android. The update is out for testing.

"Meanwhile, our next-generation browser for Android, now available for testing as Firefox Nightly, already has a prominent notification for when sites access this hardware as well," said Mozilla.
Read more »
malware
Banking Trojans Emotet Emotet Trojan malware

Botnet Activity Goes Down; Revived Emotet Suffers Hindrances in Operations by A Vigilante Hacker


An anonymous vigilante hacker has been actively involved in obstructing 2019's most widespread cybercrime operation, Emotet that made a comeback recently. He has been sabotaging the malicious affairs and protecting users from getting affected by removing Emotet payloads and inserting animated GIFs at their places. Acting as an intruder, he replaced Emotet payloads with animated GIFs on certain hacked WordPress sites, meaning when victims would open the infected Office files, the malware would not be downloaded and executed on their computers, saving them from the infection.

Emotet is a banking Trojan that was first spotted in the year 2014 by security researchers, it was primarily designed to sneak onto the victim's computer and mine sensitive data. Later, the banking malware was updated; newer versions came up with spamming and malware delivery functionality. Emotet is equipped with capabilities to escape anti-malware detection, it uses worm-like abilities that help it proliferate through connected systems. Mainly, the infection is spread via malspam, however, it may also be sent through malicious scripts, links, or macro-enabled documents.

Started off casually a few days ago, on the 21st of July, the act of sabotaging the operations has become a major concern for the Emotet authors, affecting a significant fragment of the malware botnet’s revived campaign. Essentially, the sabotage has been possible owing to the fact that Emotet authors are not employing the best web shells in the market, it was noted earlier in 2019 also that the criminals involved in Emotet operations were using open-source scripts and identical password for all the web shells, risking the security of its infrastructure and making it vulnerable to hijacks just by a simple guess of password.

While giving insights on the matter, Kevin Beaumont said in 2019, “The Emotet payload distribution method is super insecure, they deploy an open-source webshell off Github into the WordPress sites they hack, all with the same password, so anybody can change the payloads infected PCs are receiving.
Read more »
Subscribe to: Comments (Atom)