Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Technology
Bluetooth Flaw Bluetooth-enabled devices Exploits Technology

A New Security Vulnerability Discovered in Bluetooth technology


Two teams of security researchers have discovered a new vulnerability in Bluetooth technology that has been confirmed by The Bluetooth Special Interest Group (SIG), the bloc responsible for Bluetooth interests. The flaw could potentially allow a hacker to take complete control of a user’s Bluetooth enabled device without authorization.

Bluetooth is a short-range, low powered, high-speed open wireless technology that uses the Internet of Things (IoT) for transmitting fixed and mobile electronic device data. Bluetooth replaces the cables that people conventionally used to connect devices, with an added purpose of keeping the communications secure. However, with convenience and productivity, Bluetooth also presents major security threats.

Devices using the Bluetooth standard 4.0 through 5.0 are vulnerable to a flaw called ‘BLURtooth’ in Cross-Transport Key Derivation (CTKD) - it allows an attacker to manipulate the CTKD component and overwrite authentication keys on the victim’s device. The Bluetooth 5.1 standard released by the Bluetooth SIG in January 2019 contains features that provide security against BLURtooth attacks.

Earlier this year, in May, academics from Italy and Germany identified yet another new type of attack ‘Spectra’, it was reported to break the separation between Wi-Fi and Bluetooth running on the same device. While relying upon the fact that transmissions happen in the same spectrum, the attack works against "combo chips".

In a blog post published on their website, the company told that for CTKD attack to be successful “an attacking device would need to be within wireless range of a vulnerable Bluetooth device supporting both BR/EDR and LE transports that supports CTKD between the transports and permits pairing on either the BR/EDR or LE transport either with no authentication (e.g. JustWorks) or no user-controlled access restrictions on the availability of pairing. If a device spoofing another device’s identity becomes paired or bonded on a transport and CTKD is used to derive a key which then overwrites a pre-existing key of greater strength or that was created using authentication, then access to authenticated services may occur. This may permit a Man In The Middle (MITM) attack between devices previously bonded using authenticated pairing when those peer devices are both vulnerable.”

“The Bluetooth SIG is also broadly communicating details on this vulnerability and its remedies to our member companies and is encouraging them to rapidly integrate any necessary patches. As always, Bluetooth users should ensure they have installed the latest recommended updates from device and operating system manufacturers,” the blog further read.
Read more »
Minecraft
Cybersecurity Discord Fortnite Minecraft

Hackers Attack Gaming Industry, Sell Player Accounts on Darkweb


Generating a tremendous revenue of $120.1 billion in 2019, the gaming industry is one of the largest and fastest-growing sectors. But this success comes at a high cost as it attracts hackers as a potential target. However, cyber-attacks in the video game industry are hard to trace, making the sector vulnerable to cybercriminals in recent times.



About the attacks
As per recent research, there exist covert markets that trade stolen gaming accounts. These trades can generate an unbelievable amount of $1 billion annually with this business. The Fortnite and Minecraft together amount to 70% of what these underground markets make. According to reports, Roblox, Runescape, Fortnite, and Minecraft are responsible for generating $700 annually. Experts at Night Lion security say that hackers selling stolen Fortnite player accounts are making up to $1 million annually.

 Recent developments 
Hackers are now operating as a hierarchical organization, appointing designations for different work. The structured enterprise has positions like developers, senior managers, project managers, sales, and public relations to sensationalize their services.

  • The actors are using open cloud services and digital platforms to conduct their business. 
  • The hackers steal in-game inventories like skins, crates, and coupons from player accounts and sell them on the black market for a lower price. 
  • These hackers often target top gaming accounts and steal player profiles to trade them for lower prices in the underground market. 

Recent attacks 

  • Last month, experts found a game named "Fall Guys: Ultimate Knockout," which contained malicious javascript API. It stole data from target players' discord and browser. 
  • In June 2020, around 1.3 million Stalker Online players' accounts were stolen and sold on the dark web later. 
  • In July 2020, a Nintendo leak revealed the game's details before they were officially launched in the market. 


The gaming industry now faces a bigger challenge to protect its community from the rising attacks. A proactive and multi-layered approach can help gamming companies protect their customers, along with products and services. However, gamers should be careful, too, avoiding re-use of the same password on other platforms.
Read more »
Technology News
Antidrone Drone Technology Technology News

The Antidrone system and a new platform for online voting were created in Russia

The Antidrone system will allow detecting drones that fly up to any object, said Eugene Kaspersky, CEO of the Kaspersky Lab. Depending on the model of the drones, the program can either land it, send it back, or stun it.

"This is necessary at sporting events, at airports, and for private businesses. Do I want someone's drones flying around our office? I don't want. This is the case when simultaneous sales will probably go both in Russia and in Europe," said Eugene Kaspersky.

Another startup of the Kaspersky Lab is an online voting system based on blockchain. According to Eugene Kaspersky, it can only be hacked by infecting a specific device. However, it will be difficult to infect a lot of devices.

"If you infect a thousand devices, it will not affect big elections in any way, but if you infect a million devices, it will be immediately noticeable. Of course, the elections will be disrupted, but we will see it," said Eugene Kaspersky.

The development also includes a process for monitoring online voting.

"If you want to observe the elections, put the server in the blockchain. So we simultaneously increase the blockchain, that is, the number of machines that calculate all this, and give access to observers. That is, if you want to be an observer, come with your computer,” explained the expert.

Also, during the pandemic, the company created its own travel accelerator "Kaspersky Exploring Russia". The program is designed to help tourism startups overcome the crisis and create the basis for further implementation of their projects. During the selection stage, the Kaspersky Lab received more than 500 applications from 47 countries.

Mister Kaspersky also said that Russia trains the world's best programmers, but this sometimes leads to the fact that the world's best hackers also speak Russian.

Read more »
Trump
Chinese Hackers Cyber Security Iranian hackers Microsoft Russian Hackers Trump

Microsoft Confirms Cyber-Attacks on Biden and Trump Campaigns

Microsoft reports breaching of email accounts belonging to individuals associated with the Biden and Trump election campaigns by Chinese, Iranian, and Russian state-sponsored hackers. 

Tom Burt, Corporate VP for Customer Security and Trust at Microsoft, revealed the occurrences in a detailed blog post after Reuters announced about a portion of the Russian attacks against the Biden camp. 

"Most of these assaults" were recognized and blocked, which is what he added later and revealed in the blog post with respect to the additional attacks and furthermore affirmed a DNI report from August that asserted that Chinese and Iranian hackers were likewise focusing on the US election process.

 As indicated by Microsoft, the attacks conducted by Russian hackers were connected back to a group that the organization has been tracking under the name of Strontium and the cybersecurity industry as APT28 or Fancy Bear. 

 While Strontium generally carried out the spear-phishing email attacks, as of late, the group has been utilizing 'brute-force' and password spraying techniques as an integral technique to breaching accounts. 

Then again, the attacks by Iranian hackers originated from a group tracked as Phosphorous (APT35, Charming Kitten, and the Ajax Security Group). 

These attacks are a continuation of a campaign that began a year ago, and which Microsoft recognized and cautioned about in October 2019. At that point, Microsoft cautioned that the hackers focused on "a 2020 US presidential campaign" yet didn't name which one. 

Through some open-source detective work, a few individuals from the security community later linked the attacks to the Trump campaign. 

What's more, only a couple of days back Microsoft affirmed that the attacks are indeed focused on the Trump campaign, yet in addition unveiled a new activity identified with the said group. The attacks were likewise identified by Chinese groups. 

While presently there are several hacking groups that are assumed to work under orders and the security of the Chinese government, Microsoft said that the attacks focusing on US campaigns originated from a group known as Zirconium (APT31), which is a similar group that Google spotted not long ago, in June. 

Microsoft says it detected thousands of attacks coordinated by this group between March 2020 and September 2020, with the hackers accessing almost some 150 accounts during that time period.


Read more »
Web Skimming
Card Skimming Malware Cyberfraud E Skimming Web Skimming

Online Credit Card Skimming on a Continual Rise – Here's How to Prevent it


Credit card skimming has already been on a rise prior to the pandemic and the trend is most likely to develop in the near future as online shopping has seen a dramatic jump due to the confinement measures imposed in various nations – giving cybercriminals more opportunities to bank upon than ever.

Popularly known as, 'Magecart' moniker, web skimming is the practice of compromising online stores and stealing payment card data in the process. In March, web skimming soared by 26%, as per the data by MalwarebytesLABS.

Credit card skimming is a form of credit card theft where crooks steal victims' credit card credentials and other sensitive information through a skimmer which is a small device constructed to steal information stored on credit cards when victims carry out transactions at ATMs. Lately, the terminology has been expanded to include malicious code that targets payment card data filled on e-commerce websites while making purchases. By either means–hardware or software, skimming attempts to achieve the same goal of performing fraudulent transactions by using the stolen data.

As various nations upgraded their cybersecurity by moving to chip-enabled cards, crooks have also continually adopted new and sophisticated methods to avoid detection. Certain skimming devices are designed to fit into the card reading slot – known as "deep-insert." They are intended to read data from the chips on chip-enabled cards.

Consumers are advised to stay extra cautious as there is not just a single way to fall in the trap of skimming, security experts recommend looking for signs of tampering like chunks of metal or plastic that seem off in dispositions, strange holes, or constituents, not in alignment with the rest of the ATM.

To prevent online skimming, there is not much one can do directly as they can't control the affected software. However, consumers can constantly monitor their card statements to look out for unauthorized transactions. They can use virtual card numbers to make online purchases if the bank offers of can also pay with smartphones; services such as Google Pay and Apple Pay that uses tokenization, replacing the real number with a virtual one, assures a great deal of security for real number by not exposing it. Another way to ensure safety is by making use of an alternative e-wallet service like PayPal.

Recent skimming attacks include a data breach disclosed by Warner Music Group, The American Payroll association's report wherein cybercriminals installed skimming malware on the login page of their website as well as the checkout section by exploiting a vulnerability in the company's CMS. Magecart skimmers also employ Telegram as a means for sending stolen credentials back to its C2 servers.
Read more »
Russia
Cyber Security Cyber Security News National Cyber Security Russia

Russia has fallen to 13th place in the world ranking of the stability of Internet segments

According to Qrator Labs, a company specializing in ensuring the availability of Internet resources and countering DDoS attacks, Russia has worsened its position in the ranking of countries with the most stable segments of the national Internet, dropping from 11th to 13th place. Experts attribute this to the continuing expansion of the market of Internet operators and the slow transition to the new IPv6 protocol, which allows using more IP addresses.

The rating of the stability of the national segments of the Internet has been calculated since 2016 among 249 countries of the world. According to the rating, Russia took the 13th place this year, the year before the Russian Federation took the 11th place.

Experts believe that the use of a more advanced version of IPv6 by network operators along with the IPv4 Protocol can increase the stability of Internet segments. Then in case of problems with one Protocol, the other will work.

According to Google, just over 30% of users in the world use the new Protocol, while in Russia this figure is slightly more than 5%.

The problem is that Russia does not have a universal program for switching to IPv6. "It is difficult to force current market participants to switch to a new Protocol, because they will have to upgrade equipment and hardware and software systems, and this is a serious expense," said Andrey Vorobyov, director of the Coordination Center for .ru / .РФ domains.

The global five countries are led by Brazil, Germany, Switzerland, Ukraine and the United Kingdom. Next in the ranking are the Netherlands, Canada, the United States, France and Liechtenstein. Four newcomers, Liechtenstein, Japan, Indonesia and Argentina, entered the top 20 this year, while Luxembourg, Czech Republic, Ireland and Bulgaria left. Hong Kong dropped eight positions in a year.

Read more »
malware
Fleeceware. Google Playstore Joker malware

6 Malware Apps from Playstore has been banned by Google: Uninstall them from your device ASAP


The malware Joker was yet again caught making rounds on Playstore - Cybersecurity firm Pradeo identified at least six applications on the Playstore infected with Joker and now are banned from the same.


In July, Google had banned 11 apps containing the same malware. Joker also is known as Bread has been characterized as a fleeceware. These apps' sole purpose is to charge huge subscriptions and other fees to clients for the features and services they could avail for free. These apps though tricks the user they however neither steal your data nor do they run any malicious code hence fundamentally they are not malwares. Simply termed fleecewear are malicious apps hiding in "sheep's clothing". Joker malware prompts the user into paying for certain featured via SMS and has little malicious coding and is very hidden to be detected by Playstore security checks. 

The six Joker containing apps are- 
Safety AppLock, 
Convenient Scanner 2, 
Push Message- Texting & SMS, 
Emoji Wallpaper, 
Separate Doc Scanner
 and Fingertip GameBox. 

Since these apps do not contain malicious code it's hard for security to detect them, “Many of these samples appear to be designed specifically to attempt to slip into the Play Store undetected and are not seen elsewhere,” Google wrote. 

But Google is tightening the leash for apps notorious such as these. It announced earlier this year that developers will be required to make details of subscriptions, free trials, and introductory offers more precise and clear. "Part of improving the subscription user experience comes from fostering a trustworthy platform for subscribers; making sure they feel fully informed when they purchase in-app subscriptions," Angela Ying, Google product manager wrote in a blog.
Read more »
Russian Cyber Security
Cyber Attacks cyber espionage National Cyber Security Russia Russian Cyber Security

DDoS attacks from the USA, UK, Ukraine were recorded during the voting in the Russian Federation

Andrey Krutskikh, special representative of the President of Russia for international cooperation in the field of information security, said on Monday at a conference on cybersecurity that the sources of DDoS attacks on Russian government agencies during the voting on amendments to the constitution were recorded from the United States, Great Britain, Ukraine and a number of CIS countries.

He noted that in 2020, attacks with the aim of affecting critical infrastructure and electoral processes have become commonplace.

"For example, during the voting period on amendments to the Constitution of the Russian Federation (June 25 - July 1 this year), there were large-scale attacks on the infrastructure of the Central Election Commission and other state bodies of Russia. Sources of DDoS attacks with a capacity of up to 240 thousand requests per second were recorded from the United States, Great Britain, Ukraine and a number of CIS countries,” said the special representative of the President of the Russian Federation.

According to Krutskikh, in 2020, the problems that all countries face in the information space are growing like a "snowball". Thus, the volume of illegal content, including terrorist content, distributed on the Internet is increasing, and the implementation of destructive actions of states in the information space is becoming the norm.

"The concepts adopted in some countries for preemptive cyber strikes and offensive actions in the cyber sphere do not add the optimism,” stated Mr. Krutskikh.

It is interesting to note that during the six days of voting, officials reported one major attack, it occurred on the evening of June 27. Artem Kostyrko, head of the department for improving territorial administration and developing smart projects of the Moscow government, explained that hackers tried to influence the system through a service for monitoring online voting.

Read more »
USA
China Cybersecurity India Iran USA

Iranian Threat Actors Have Modified Their Strategies, Attacks Now More Effective


Since the dawn of the digital age, Iranian hackers have been infamous for their attacks on critical infrastructures, targeting governments, and hacking large corporate networks. The main motive behind these attacks is getting espionage intelligence, steal confidential information, ransomware attacks, and target massive data networks. Since 2019, the hackers have been using developed strategies that are more effective in causing damage to the targets, resulting in better monetary benefits, says the Bloomsbury news.


Attack details

  • Earlier this year in April, hacking group APT34 (otherwise knowns as OilRig) launched a modified version of the backdoor named 'RDAT.' The backdoor uses the C2 channel, which can hide commands and data under images via attachments. 
  • Earlier this year in May, APT34 also added a new tool to its hacking inventory, known as DNSExfiltrator. The tool has allowed hackers to become the first hacking group that uses the DoH (DNS-over-HTTPS) protocol in its attacks. 

Keeping view of these new modifications in the hacking realm, organizations should know that the criminals are evolving and modifying their methods over time. It suggests that hackers have become more powerful and possess a more significant threat to the cybersecurity world.

 Other developments 

  • In August 2020, the FBI issued a security alert about the hacking group going by the name of 'Fox Kitten' attacking potentially weak F5 networks. The hacker's purpose was to attack private and public U.S. government organizations. 
  • In July 2020, making its comeback, threat actor Charming Kitten launched a cyberespionage campaign, using WhatsApp and LinkedIn to imitate Persian speaking journalists. The targets included the U.S. government, Israeli scholars belonging to Tel Aviv and Haifa universities. 
  • In June 2020, an amateur hacking group from Iran attacked Asian companies using 'Dharma' ransomware. 

According to intelligence reports, the hackers used widely available hacking tools to target companies in China, Russia, Japan, and India. From July 2020, threat actor Fox Kitten is also infamous for giving small corporate networks access on hacking forums. According to experts, it is just trying to generate revenue using other income channels, using systems that lack any intelligence value but provide Iran money.
Read more »
Russian Cyber Security
China Chinese Hackers Cyber Attacks cyber espionage Russia Russian Cyber Security

Chinese hackers targeted about five Russian developers of banking software

Chinese hacker group Winnti attacked at least five Russian developers of banking software, as well as a construction company. According to Positive Technologies, the names of banks and developers are not disclosed.

Positive Technologies noted that the implantation of special malicious code by hackers at the development stage potentially allows them to get access to Bank data. After the code is implemented onto the infected machine, a full-fledged backdoor is loaded to investigate the network and steal the necessary data.

Andrey Arsentiev, head of analytics and special projects at InfoWatch, explained that previously Winnti hacked industrial and high-tech companies from Taiwan and Europe through attacks on the software supply chain, but now, apparently, it has decided to switch to Russian companies.

According to him, there is a rather complex software supply chain in the financial sector, so Winnti may be interested not only in obtaining direct financial benefits but also in corporate espionage. As for the construction industry, Chinese hackers may be aimed at obtaining trade secrets, which in turn may be related to the plans of Chinese companies to expand into the Russian market. Mr. Arsentiev came to the conclusion that, in this way, hacker attacks would allow studying the strategy of potential competitors

Nikolay Murashov, deputy director of the National Coordination Center for Computer Incidents, said that organizations involved in software development and system integration accounted for about a third of all targeted attacks in the Russian Federation in recent years.

According to Mikhail Kondrashin, technical director of Trend Micro, attacks specifically on software developers for banks open up endless opportunities for subsequent attacks. The appearance of such attacks actually changes the rules of information security in the field of development: it is no longer just about developing secure code, but rather protecting the infrastructure itself.

Read more »
Technology
Drone Aircraft Sustainable Technology Technology

Flying V: the futuristic and sustainable drone aircraft makes it's first maiden flight


The Flying V took to air for the first time in July at a German Airbase with a successful flight albeit a slightly bumpy landing.

The image is a representation of the Flying V and not the actual aircraft.


Funded by KLM and Airbus, researchers and engineers from Dutch-based Technical University of Delft (TU Delft) successfully tested the scaled model of Flying V, named after it's 'V' shape. The drone is fuel efficient to quite a sizable degree and is designed to carry passengers in its wings.

TU Delft says, “computer calculations have predicted that the aircraft’s improved aerodynamic shape and reduced weight will reduce fuel consumption by 20% compared to today’s most advanced aircraft.” 

The aircraft has a unique 'V' design with passengers, cargo hold, and fuel tanks incorporated in the wings rather than the fuselage. The researchers estimate that it will save 20% fuel compared to present-day aircraft because of its shape and weight. The aircraft was first presented at the 100th anniversary of KLM, a Dutch airline, and has been one of the supporting partners along with Airbus. 

 Flight and Landing 

The researchers had some qualms with takeoff due to issues with rotation but it was smooth sailing during the actual test. Project Leader Dr. Roelof Vos said, “One of our worries was that the aircraft might have some difficulty lifting-off since previous calculations had shown that ‘rotation’ could be an issue. The team optimized the scaled flight model to prevent the issue but the proof of the pudding is in the eating. You need to fly to know for sure.” 

But both the flight and take off was smooth with a good thirst. The landing though was a bit jerky attributing (according to the researchers) to the design of the aircraft- which the team termed as too much 'Dutchroll'. The next step for the team would be to analyze the test flight and make further improvements to the design and aerodynamics.
Read more »
Subscribe to: Comments (Atom)