Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

U.S.
Cyber Attacks Cyber Security Satellite U.S.

A New Set of Cybersecurity Principles Issued By the White House


A new set of cybersecurity principles were recently issued by the White House to ensure its commercial and critical infrastructure investments in space.

The short document states: “The United States considers unfettered freedom to operate in space vital to advancing the security, economic prosperity, and scientific knowledge of the Nation.” 

As the US focuses on this unfettered access critical to its future, it additionally increased the utilization of digital services and technologies delivered by satellites. The move was brought about as the focus of the White House goes beyond military operations in space.

The nation is worried about the effect of cybersecurity attacks against a scope of services delivered by satellite, for example, the global positioning systems. GPS is particularly significant, to military activities as well as regular citizen use.

The Space Policy Directive 5 details a list of suggested best practices for making sure that the information systems, netwoRk “radio-frequency-dependent wireless communication channels” that together power US space systems.

“These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade or disrupt space operations, or even destroy satellites,” the document stated.

“Examples of malicious cyber-activities harmful to space operations include spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks.”

Among the suggested best practice principles was the utilization of “risk-based, cyber-security-informed engineering” to create and operate space systems, with persistent monitoring for vindictive action and of system configurations. 

 Other elements that will help ensure a good baseline of cybersecurity were mentioned as:
1. Protection against unauthorized access to space vehicle functions 

2. Physical protection of command

3. Control and telemetry receiver systems

4. Measures to counter communications jamming and spoofing

5. Management of supply chain risks and improved collaboration between space system owners. 

The document likewise included that such attacks could bring about the loss of mission data, damage to space systems, and loss of control over space vehicles such as satellites, space stations, and launch vehicles, which could lead to collisions that generate dangerous orbital debris.

Read more »
cryptocurrency mining
Bitcoin bitcoin exchange Blockchain Crypto-wallet cryptocurrency cryptocurrency hack cryptocurrency mining

New Wave of Cryptocurrency Misappropriation, Hacking, Theft and Fraud Targeting Users Massively in 2020


Crypto criminals have ramped up cryptocurrency theft, hacking, and fraud by a significant margin in the year 2020. They have amassed a sum of $1.36 billion in ill-gotten crypto from January 2020 to May 2020, according to the blockchain analytics firm. The year 2020 is recorded being on the track to become the second-costliest year of all in the history of crypto; only behind 2019’s record of $4.5 billion. The largest contribution in the year’s ongoing standings came from Chinese scam ‘WOTOKEN’ that allegedly scammed more than 700,000 users and stole over $1 billion worth of cryptocurrencies – 46,000 bitcoin, 2.04 million ethereum, 56,000 bitcoin cash, 292,000 litecoin, and 684,000 EOS.

Cryptocurrency is a virtual or digital currency that uses cryptographical functions to make financial transactions. In order to gain transparency and immutability, it makes use of blockchain technology. It is decentralized in nature as there is no central authority controlling or interfering in the processes that include making cryptocurrency exchanges directly between two parties using private and public keys. Equating to money in the real-world it attracts a large possibility of cyber fraud.

On June 2, 2020, CipherTrace released its Cryptocurrency Crime and Anti-Money Laundering Report covering the global trends and latest developments to fight money laundering, terrorism financing, and sanctions evasion. It highlighted the need for regulation and compliance while reporting that 74% of bitcoin in exchange-to-exchange transactions was the cross border and 88% of funds sent to exchanges in 2019 by US Bitcoin ATMs were offshore. Researchers also noted that phishing sites are the most popular COVID-19 related products marketed on the dark web.

“While only 9.8% of the dark market’s one-hop (direct) interactions went directly to exchanges, 30.7% of its two-hop (once removed) interactions went to exchanges—more than tripling the risk exposure to exchanges,” the report read.

In addition, cryptocriminals are also employing several new malware to target cryptocurrencies, an undocumented Trojan called ‘KryptoCibule’ has been found targeting various cryptocurrencies by replacing wallet addresses and stealing cryptocurrency-related files. Previously reported P2P botnet, FritzFrog attempted to brute-force SSH servers of government, education and medical institutions, and telecom players, with an objective of mining cryptocurrency via XMRig miner. Over two weeks ago, a new botnet, dubbed as TeamTNT was observed stealing AWS credentials from affected servers.

With the old techniques being upgraded and the new ones being continually introduced to mine illicit financial gains, cryptocurrencies have become one of the most increasingly targeted areas at present. Users are advised to stay perceptive to indicatives of criminal behavior.
Read more »
Russia
Data Breach Hackers News Russia

Hackers broke into the system of the Georgian Ministry of Health to steal data on the Russian nerve agent Novichok


 According to the Georgian Ministry of Internal Affairs, the purpose of infiltrating the Ministry of Health's database was to get hold of important medical records

The Ministry of Internal Affairs reported that the Cyber Crimes Department of the Criminal Police Department of the Ministry of Internal Affairs of Georgia has begun an investigation into the fact of unauthorized entry into the computer system of the Ministry of Health of Georgia.

Recall that the Ministry of Internal Affairs established that on September 1, 2020, a cyberattack was carried out from one foreign country on the computer system of the Ministry of Labor, Health and Social Protection of Georgia in order to obtain and use important medical records from the database.

"According to the evidence collected at this stage, this cyberattack was carried out by a special service of a foreign country," stated the Georgian Interior Ministry.

The department claims that some original documents obtained as a result of illegal penetration into the computer system are currently uploaded to one of the foreign websites and are available to the mass user. In addition, clearly fabricated documents are uploaded to the website, which are deliberately fabricated in order to intimidate the public.

"The Ministry of Internal Affairs of Georgia will appeal to the relevant services of the partner countries with a request to provide effective assistance in a quick and effective investigation of this complex and specific crime,” said the ministry in a statement.

It is interesting to note that Yuri Shvytkin, Deputy Chairman of the State Duma Defense Committee, stated that there are laboratories in Georgia and the United States that produce Novichok, a Soviet-era chemical weapon.

Recall that Russian opposition leader Alexey Navalny, who is one of Russian President Vladimir Putin's fiercest critics, was poisoned with a nerve agent Novichok. Currently, he is in Charite hospital in Germany. This caused a violent reaction in the West.

Read more »
WhatsApp
CVE Facebook Vulnerability and Exploits WhatsApp

WhatsApp Reveals Six Bugs On Its Security Advisory Website


The Social Messaging app WhatsApp has been open about its bugs and vulnerabilities recently. To be vocal about the issue, the company has set up a dedicated website that will work as a security advisory and inform users about the latest developments on issues and bugs in WhatsApp. Owned by social media giant Facebook, WhatsApp, with a current user base of around 2 million, has set up the website as an initiative to keep the community informed about security and be more transparent with its users.


The dedicated website is not limited to WhatsApp users but open to the entire cybersecurity community. The move comes as a response to the criticisms that WhatsApp faced over its handling of security issues. The dedicated platform will give users detailed reports of security updates related to WhatsApp, along with CVEs (Common Vulnerabilities and Exposures) details. The updates will help cybersecurity experts to know the effect of these bugs and vulnerabilities.

WhatsApp reported six security bugs that it had recently discovered. The company had released security patches for these six bugs before the hackers could exploit them. Few of the bugs could be remotely launched. CVE-2020-1890, an android based WhatsApp bug, sent the recipients sticker, which contained malicious codes. The bug could be deployed without user interaction. Few bugs, however, required user interaction and couldn't be launched remotely. CVE-2019-11928 bug became active when a desktop WhatsApp user clicked any location link, allowing cross-site scripting. WhatsApp says that it will keep the community updated about the latest developments through its advisory platform, trying to release security patches as soon as possible.

According to reports, five of the six bugs were patched on the same day; however, the last bug took quite some time. "We are very committed to transparency, and this resource is intended to help the broader technology community benefit from the latest advances in our security efforts. We strongly encourage all users to ensure they keep their WhatsApp up-to-date from their respective app stores and update their mobile operating systems whenever updates are available," says WhatsApp.
Read more »
Information Security risk
Cyber Security Cyber Security News Information Security risk

Russian experts warn about security risks of Bluetooth on a smartphone

Associate Professor of computer science at the Russian University of Economics, Alexander Timofeev said that hackers can use Bluetooth to break into an electronic device.

"The possibility of Bluetooth hacking can endanger any information stored on the device (photos, emails, texts). In addition, an attacker can gain control of the device and send unwanted data to it,” noted Timofeev.

According to him, at the hacker festival What The Hack, which takes place in the Netherlands, experts showed how using a laptop and a special program with a directional antenna people can eavesdrop on what the driver of a passing car is talking about through a Bluetooth headset.

The head of Check Point Software Technologies Ltd. Sergey Zabula agreed that constantly enabled Bluetooth carries a significant threat to the security of the phone and its owner. Scammers are constantly improving their attack methods, and the small range of Bluetooth signal propagation is no longer a problem for them.

"Using amplifiers, hackers can get into a user's device without even asking for their permission and without knowing the secret key of the connection”, noted Mr. Zabula.

The consequences of attacks using Bluetooth can be varied. So, in just a few seconds, fraudsters can connect to a user's device, install malware, and eventually steal or delete valuable information. Moreover, via Bluetooth, hackers can listen to calls, set their forwarding, and send calls and text messages, which in turn leads to financial losses of the victim. Also, using a Bluetooth connection, fraudsters can carry out a DoS attack and completely disable the phone.

Experts recommend disabling Bluetooth as soon as it is no longer necessary, since this function, when activated, is a "godsend for scammers."

Read more »
Email Hacking
Anonymous Hackers Cyber Attacks Data Breach Email Hacking

Norwegian Parliament Hit by a Cyber-Attack on Its Internal Email System


Stortinget, the Norwegian Parliament succumbed to a cyber-attack that targeted its internal email system. The news came in on Tuesday when the Norwegian parliament's director, Marianne Andreassen, affirmed that the threat actors had targeted the parliament. 

The hackers penetrated email accounts for elected representatives and employees, from where they stole various amounts of data. Andreassen said that the incident is currently being monitored, and, so couldn't give any insight into who was responsible for the attack, or the number of hacked accounts.

People whose accounts were exposed in the attack have been informed about the same and a report has been filed with the Norwegian police and the nation's intelligence agency has just begun investigating the incident, as per a statement the agency posted on its Twitter account after the incident. 

The local press, who initially broke the story additionally, announced that the parliament's IT staffs has closed down its email service to keep the hackers from siphoning more information. 

Besides this, a representative for Norway's main opposition party, the Labour Party, told public broadcaster NRK that the attack had additionally affected a few Labour Party members and staff. 

After the incident was found, the Norwegian National Security Authority (NSA) was brought in to counter the attack and get to the bottom of what had occurred "We have been involved for a few days," said NSA spokesman Trond Oevstedal. 

"We are assisting parliament with analysis and technical assistance." Andreassen said that the parliament had discovered "anomalies a little more than a week ago." 

"A number of risk-reducing immediate measures were implemented to stop the attack," said Andreassen. "These measures had an immediate effect." 

In a statement issued earlier read: "Burglary has been registered in the email accounts of a small number of parliamentary representatives and employees. Our analyses show that different amounts of data have been downloaded." 

The Storting through this statement said that the attackers had snatched a vague measure of data. So far no there is no info released with respect to what sort of cyber-attack was executed against the Norwegian parliament or who was responsible for it. 

However, as Andreassen said to the reporters they take the matter quite seriously and have given our complete attention to investigating the situation to get a complete image of the incident and the possible degree of harm caused by it.

Read more »
Ransomware
Botnet Botnets Encrypted Files malspam malware Ransomware

Emotet Botnet Operators Switching to a New Template Named ‘Red Dawn’


Emotet malware has been continually evolving to the levels of technically sophisticated malware that has a major role in the expansion of the cybercrime ecosystem. First discovered as a simple banking Trojan, Emotet’s roots date back to 2014 when it attempted to steal banking credentials from affected machines.

However, after going through multiple upgrades, since then, it has taken upon various roles- to exemplify, it has leveled up its threat game long ago to become a “loader”; it gathers data and sends it via an encrypted channel to its command and control (C2) servers, it also downloads modules to further the functionality.

The threat actors, actively involved in the rapid expansion of “Emotet” as a service, have devised a new method of attacking their targets by making them access infected documents. Until a while ago, the operators of Emotet have been using an iOS-themed document template in their botnet campaigns, the template informed victims that the document was created on iOS and that in order to view the content properly, he needs to ‘Enable Content’.

However, this is not the scenario anymore. In its newer campaigns, the notorious botnet is reported to be employing a new template, named ‘Red Dawn’ by Emotet expert, Joseph Roosen, for its red accent colors.

While displaying the message, “This document is protected”, the Red Dawn template informs the user that the preview is unavailable and in order to view the document, he is required to click on ‘Enable Content’ or ‘Enable Editing’ button.

After the user is being tricked into accessing the document via the steps he was asked to follow, Emotet malware gets installed on his system following the execution of macros. Once the system is successfully infected, Emotet malware may proceed to deliver other malware and ransomware namely Trickbot and Qbot or Conti and ProLock respectively.

“#Emotet AAR for 2020/09/02: Only a couple malspams at dayjob. It looks like JP is getting targeted heavily now by E1/E2 and E3. Seeing templates on all 3! The new regex for E1 is stupid and I bet Yuri thought that was epic, well nope, even easier to block, new regex in report. TT”, Joseph Roosen said in his related Tweet.
Read more »
Hackers News
Cyber Attacks Hackers News

Cyber Criminals broke into the database of patients of the Russian cancer center and demanded a ransom

The Sverdlovsk Regional Clinical Center was hacked. Svetlana Lavrova, a neurophysiologist, told about this on her Facebook page.

“The data of 400 patients who were operated on from the 10th to the 21st were encrypted," said Alexander Dorofeev, Deputy chief physician at the Sverdlovsk Regional Cancer Center.

The Department of information policy of the Sverdlovsk region said that the hack occurred on August 21 at the time of installation and integration of the laboratory information system.

Hackers chose the moment when the system was most vulnerable, during the installation of new software. A specially designed virus encrypted data on test results - information that is so necessary to prescribe an effective treatment. They became unreadable without a special key.

Then the hackers demanded one thousand dollars for the decoder. The management agreed to pay, but the hackers stopped communicating.

As a result, a lot of work had to be done in a few days: manually restore medical reports, re-enter them into the database.

"Especially for those who doubt confidentiality: the missing data was not transferred to someone, no one found out who had what kind of tumor, just hackers "broke" our access to them," wrote a neurophysiologist Svetlana Lavrova on Facebook.

As a result, a statement to the police has not yet been written, since there was no time.  Now, when all the data has been restored and the patients received the necessary treatment, a check will be carried out. Police need to find out who these scammers are who tried to sell the lives of 400 people for a thousand dollars. And most importantly, how they managed to find out at what point the system will be vulnerable.

Read more »
Microsoft
Anubis malware Microsoft

Anubis Malware that Attacks Windows Users


In a recent cybersecurity incident, Microsoft reports of a new malware called 'Anubis.' Anubis is not related to any banking malware and is famous for attacking windows systems and devices. Recently, the MSI Microsoft Security Intelligence discovered a new window malware. Anubis is capable of stealing windows users' data and has a high threat level. Detailed analysis revealed that the malware triggers the coding of 'Loki' malware responsible for stealing data. The Loki malware came out a few years ago and wreaked hell as infamous ransomware.


According to Microsoft, "the new malware shares a name with an unrelated family of Android banking malware. Anubis is deployed in what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers." On its Twitter account, according to Microsoft's tweet, it found a new malware named Anubis, that was roaming in the wild until now. Currently, Anubi has only a limited target, and its range of attacks is also little. "Anubis is deployed in what appears to be limited, initial campaigns that have so far only used a handful of known download URLs and C2 servers," says MSI. Besides, the malware only targets windows systems. Hence, non-windows users are safe. Also, Microsoft defender can identify this malware. Therefore users are safe from Anubis. Another good news.

About Anubis 
Microsoft team first identified the malware in June, as of now, Anubis has become highly active. Having the same name Anubis, users shouldn't confuse it with another android trojan that bears the same name. The windows malware steals user information, including financial data, system data, cryptocurrency wallets, login credentials, and personal information, whereas the android trojan is only a banking malware.

The MSI team is yet to confirm how Anubis is attacking its targets. Therefore, every windows user, for now, should be alert while downloading any 3rd party application/softwares, suspicious emails, etc. The users should also use premium software that guarantees safety against malware. If you're not a Windows user, you needn't worry. The company will update its users if it finds more details about the malware.
Read more »
Technology News
Russia Russian Federation Technology Technology News

Russian engineer raised $5 million for Tamagotchi for hackers

Russian techno enthusiast Pavel Zhovner raised almost $5 million for the production of Tamagotchi for hackers Flipper Zero.  The project attracted 37,987 users of the Kickstarter crowdfunding platform.

Zhovner launched the campaign in early August and expected to be able to raise at least $60,000 within a month — the minimum amount needed to start production in China. However, the enthusiast received this money within 8 minutes after the start of the collection. A day later, the project raised $500,000, and by the end of the weekend - more than $1 million. The campaign ended on 29 August with an impressive result of $4 882 784.

“I’m even a little glad that this will finally end, I can breathe out. We are called to continue the campaign on all sorts of IndieGoGo, but we decided to take a break and go into development more tightly, without being distracted by marketing,” wrote Zhovner in his Telegram channel.

Flipper Zero is an electronic multitool equipped with a built-in radio module for receiving and transmitting signals at frequencies of 300-928 MHz, as well as an infrared transmitter for controlling household appliances.

The creator describes the device as a universal tool that can turn into anything in the hands of experts — from remote control for a TV to a device for hacking a Wi-Fi router.

The developers said that Flipper Zero does not fall under the description of a special tool or device for the secret collection of information. The device does not have the ability to capture audio-visual information and is not disguised as household items. The factory firmware will not contain jamming, brute force, or other potentially malicious features.

Also, inside Flipper Zero there is a cyberdolphin that needs to be fed. This mascot is a reference to Johnny Mnemonic, the cult cyberpunk film.

Kickstarter's sponsors are expected to be able to receive their devices as early as February 2021. Later, the creator plans to release Flipper Zero for free sale through online stores and resellers at a price of $169.

Read more »
Technology
Amazon Drone Technology

Amazons gets FAA's approval for Drone Delivery Trails



Retail giant Amazon got the approval to deliver their products from the sky (like your package dropped straight from the skies, well the thought is good but not really); that is to say, the online retail behemoth got USA's Federal Aviation Administration approval to start trials for drone airlines for delivery.

The Federal Aviation Administration approved Amazon Prime as an "air carrier" allowing it to begin deliveries by air with their drone tech, probably with the MK27 drone released last year. These will be under a trial program. Other companies that already had this approval are Wing, the Alphabet.Inc (Google) and United Parcel Service Inc. (UPS).

In recent years, companies in retail have been evolving and developing Drone Delivery to quite an extent and have achieved major leaps. Wing and UPS both fly their products to a limited distance via drones and Amazon has stated they would start their own trials through the exact data that was not mentioned. 

During the pandemic, Amazon made extensive profits and grew exponentially and their autonomous air delivery if applied globally with success could change the way for ecommerce forever. 

"This certification is an important step forward for Prime Air and indicates the FAA's confidence in Amazon's operating and safety procedures for an autonomous drone delivery service that will one day deliver packages to our customers around the world," said David Carbon, vice president of Prime Air, in a statement. "We will continue to develop and refine our technology to fully integrate delivery drones into the airspace, and work closely with the FAA and other regulators around the world to realize our vision of 30-minute delivery." 

The FAA said it has granted the approval to support innovation and development in Drone flights. But the approval was difficult and still has some issues as FAA's regulations are for humans aboard and not sans humans. Thus the agency is planning on making a new set of regulations for Drone flights. 

But routine Drone Deliveries still have a long way to go like something like this would require some standards for flight, machine, and mechanism along with proper air traffic control and route settings without a pilot - all of which would take years to set up.
Read more »
Subscribe to: Comments (Atom)