Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Russian Hackers
Cyber Crime Cyber Crime Report Hacking News Russian Hackers

Russian hacker who hacked Dropbox and LinkedIn found guilty


Russian citizen Yevgeny Nikulin, accused of hacking LinkedIn eight years ago, was found guilty by a jury in San Francisco

The verdict in Nikulin's case was announced on Friday after a trial that began in March, which was interrupted due to the coronavirus pandemic and resumed in July.

In 2016, there were a number of large-scale data leaks, and many dumps, including MySpace, LinkedIn, Tumblr and Vkontakte, were eventually put up for sale.
In 2016, one of the hackers, Russian Evgeny Nikulin, was arrested and extradited to the United States in 2017.

Nikulin was accused of a number of articles, and all of them were connected with penetration into other people's networks and data theft. According to court documents, Nikulin hacked Dropbox, Formspring and LinkedIn in the spring and summer of 2012 and stole about 117,000,000 user records, including usernames, passwords and email addresses.

Nikulin then used the data stolen from LinkedIn to send phishing emails to employees of other companies. Authorities said that this way Nikulin managed to collect a lot of information about 68,000,000 Dropbox users, including usernames, email addresses and hashed passwords.
Similarly, Nikulin managed to get into the account of the Formspring engineer. Thus, in June 2012, he gained access to the company's internal user database, which at that time numbered more than 30,000,000 people.

According to data from Radio Free Europe journalists, his activity brought a good income. Nikulin bought expensive cars, watches and traveled a lot. For example, Nikulin admitted that he owns a Lamborghini Huracan, Bentley, Continental GT and Mercedes-Benz G-Class.

The sentence to Nikulin will be announced on September 29. The jury took less than one day to reach a verdict. Nikulin faces up to 32 years in prison and fines exceeding a million dollars.
Lawyer Arkady Bukh said that the defense intends to challenge the verdict. According to him, the psychiatrist who was appointed by the judge previously recognized Nikulin as mentally abnormal.
Nikulin always denied guilt and even called the charges revenge of the United States for providing political asylum in Russia to Edward Snowden.

Read more »
User Data
Android Cybersecurity Data Leak Malicious Campaign User Data

Welcome Chat App Harvesting User Data and Storing it in Unsecure Location


A messaging platform for Android, Welcome Chat spies upon its users and stores their data in an unsafe location that is accessible to the public. The authors of the app claim it to be available on the Google Play store, meanwhile, marketing it to be a secure platform for exchanging messages which however is not true by any means.

The website of the malicious 'Welcome Chat' app publicizes the platform as a secure communication Android solution, however, security researchers from ESET discovered the app being associated to a malicious operation having links to a Windows Trojan called 'BadPatch' which was employed by Gaza Hackers in a malicious campaign – a long-running cyber espionage campaign in the Middle-East. While the origins of the website advertising the app are unknown, the domain was registered by the developers in October 2019. Interestingly, the app doesn't only function as spyware but works perfectly as a chatting platform as well.

After downloading the app, users need to give permission for allowing installation from unknown sources as the app was not installed via the official app store. Once the Welcome Chat is activated, it asks permission to access the user's contacts, files, SMS, location details, and record audio. Although the list of permissions gets pretty exhaustive for a user to not doubt it, then again they are used to it, especially in case of a messaging platform.

As soon as the app receives all the permissions, it starts mining the victim's data which includes phone recordings, location details, SMS messages and sends it to the cybercriminals behind the malicious operation.

While giving insights about the app, Lukáš Å tefanko, researcher at ESET, told, “In addition to Welcome Chat being an espionage tool, its operators left the data harvested from their victims freely available on the internet. And the app was never available on the official Android app store.”

“We did our best to discover a clean version of this app, to make its developer aware of the vulnerability. But our best guess is that no such app exists. Naturally, we made no effort to reach out to the malicious actors behind the espionage operation,” added Å tefanko.
Read more »
Warning.
malware TrickBot Warning.

TrickBot accidentally issues infection warning to Victims


Advanced Intel’s Vitali Kremez traced a mistake by TrickBot malware, wherein it mistakingly left warning messages on the victim's machine saying that they have been attacked.


TrickBot is a notorious malware usually distributed via spam mails; after infecting the system it downloads various files and modules to run and seize domain's Active Directory Services database, harvest browser passwords, and cookies, steal OpenSSH keys. It is also known to often give access to ransomware operators like Ryuk and Conti on the infected network.

This mistake by TrickBot occurred during the testing of their password-stealing "grabber.dll", this particular strain steals passwords, browser credentials, cookies from browsers like Google, Internet Explorer and Microsoft Edge. During the testing of this grabber.dll module, this particular warning message was issued on the attacked system revealing that some information has been gathered from the browser defeating the purpose.

Warning
"You see this message because the program named grabber gathered some information from your browser. If you do not know what is happening it is the time to start worrying. Please, ask your system administrator for details."


Kremez believes these modules are from TrickBot as they are coded in their fashion and that they were testing the new model and forgot to remove the warning while releasing. 

This isn't TrickBot's first stunt, rather this malware has made headlines quite a few times in 2020 itself. In mid-June, TrickBot ran a fake Black Lives Matter email campaign that installed the malware. In another case, Conti and Ryuk ransomware were also found to be running TrickBot structure 

 To the victims who received this warning message, Kremez advices them to disconnect their machine from the network immediately and then perform a virus scan. Once the malicious malware is eliminated they should change all the login credentials that were saved on the browser.
Read more »
Telegram
Apple Information Security News IT Security Pavel Durov Technology Technology News Telegram

Pavel Durov called on Apple to oblige to install different application stores


Apple should allow users to install apps not only from its own App Store. This opinion was expressed by the founder of Telegram messenger Pavel Durov. According to him, Tim Cook (CEO of Apple) should be obligated to this at the legislative level.

The day before, high-ranking Telegram Manager, Vice President of the company founded by Pavel Durov, Ilya Perekopsky, spoke at a panel discussion with Russian Prime Minister Mikhail Mishustin and representatives of the IT industry in Innopolis. He said that Apple and Google are holding back the development of startups by charging a tax of a 30 percent Commission from app developers. Almost simultaneously with Perekopsky's speech, Durov published an article in which he called for Apple to be legally obliged to install an alternative App Store on the iPhone.

Durov is sure that if this is not done, then app developers, in particular, from Russia, will be forced to sell their startups for little money. At the same time, Apple's capitalization will only grow.
“Preventing two supranational corporations from collecting taxes from all of humanity is not an easy task. Corporations employ thousands of lobbyists, lawyers, and PR agents, and their budgets are unlimited. At the same time, app developers are scattered and scared, as the fate of their projects depends entirely on the favor of Apple and Google," wrote Pavel Durov.

The head of the TelecomDaily information and analytical agency Denis Kuskov noted that changing the market is quite difficult because these two companies are leading it. Therefore, Durov needs to accept this fact.

Durov recalled that in 2016, Apple banned the Telegram team from launching its own game platform: "We had to remove the telegram games catalog that we had already created and almost the entire platform interface, otherwise Apple threatened to remove Telegram from the AppStore." According to Durov, in a similar way the iPhone manufacturer does with many other developers.
Read more »
Telegram
Russia Technology Technology News Telegram

Telegraph service was unblocked in Russia


Russia stopped blocking the popular Telegram messenger almost a month ago. However, the related Telegraph service continued to be blocked. Now Russia has also unblocked the Telegraph platform for publishing and creating articles. 

The Telegraph platform was launched by the Telegram team in November 2016. It is designed to quickly create and publish articles, notes, and other similar content, a link to which can then be easily shared. Registration is not required for publication.

The blocking of the Telegra[.]ph service in Russia began at the end of 2018, a little later than the Telegram messenger.

According to the Roskomsvoboda resource, which closely monitors the registry of blocked sites, all pages with the Telegra.ph domain, which were blocked in Russia by the decision of a particular authority, are now excluded from the blocking registry. The last two similar pages were removed from the blacklist only on July 11.

It is interesting to note, according to Press Secretary of the President of Russia Dmitry Peskov, the cancellation of restrictions on access to the Telegram messenger in Russia is perceived positively in the Kremlin, as it is in line with the course of President Vladimir Putin on the development of the high-tech industry.

The Press Secretary of the Head of State also noted as a positive fact the participation of heads of the company that owns the messenger in government events on the development of the IT industry.
Recall that in Russia since April 2018, Telegram was blocked for non-compliance with the requirements for providing encryption keys, but during the coronavirus pandemic, the government began to use the messenger to distribute official information. In this regard, the State Duma even introduced a bill to unblock Telegram.  On June 18, Roskomnadzor decided to remove restrictions on access to the messenger, the creator of which, Pavel Durov, congratulated the Russians on this event.
Read more »
Zoom
Remote Code Execution Vulnerabilities and Exploits Zero Day Zero-day vulnerability Zoom

Zoom Zero-Day Allowed Remote Code Execution, Patch Issued


Video and audio conferencing software, Zoom patched a zero-day vulnerability that was affecting users running old versions of Windows: Windows 7, Windows Server 2008 R2 and earlier. The flaw was detected on Thursday and later published in a blog post by security research organization ACROS Security.

 The vulnerability that was previously unknown, allowed a remote attacker to execute arbitrary code on targeted user’s system on which one of the supported versions of Zoom Client for Windows is installed; in order to set the attack into motion, the attacker manipulates the victim into carrying out some typical action (Opening a received doc. file) and reportedly, there is no security warning displayed to the user as the attack takes place.

 After disclosing the zero-day vulnerability to Zoom, ACROS released a micropatch for its 0patch client in order to safeguard its own clients against attack till the time Zoom came out with an official patch. In the wake of various security flaws, the company halted the production of new features for a while so that the major privacy-related concerns that are threatening user security can be treated with much-needed attention. However, this ‘feature freeze’ period ended very recently i.e., on July 1, last week itself, and the zero-day was detected a few days later.

 In conversation with Threatpost, 0patch’s co-founder, Mitja Kolsek said, “Exploitation requires some social engineering – which is practically always the case with user-side remote code execution vulnerabilities,”

 “While a massive attack is extremely unlikely, a targeted one is conceivable." “Zoom Client features a fairly persistent auto-update functionality that is likely to keep home users updated unless they really don’t want to be,” he wrote.

 “However, enterprise admins often like to keep control of updates and may stay a couple of versions behind, especially if no security bugs were fixed in the latest versions.”

“Zoom takes all reports of potential security vulnerabilities seriously. This morning we received a report of an issue impacting users running Windows 7 and older. We have confirmed this issue and are currently working on a patch to quickly resolve it,” said Zoom, while addressing the issue initially.

A few days later, on July 10, a fix was released by the company and the officials said, "Zoom addressed this issue, which impacts users running Windows 7 and older, in the 5.1.3 client release on July 10. Users can help keep themselves secure by applying current updates or downloading the latest Zoom software with all current security updates from https://zoom.us/download.”
Read more »
Trojan
Backdoors malware Security Analytics Trojan

Trojans, Backdoors and Droppers the Top Three Malware Globally?



According to a few recent surveys and analysis conducted by some well-known and influential cybersecurity agencies, there are approximately 3 top malwares that the users should be aware of. 

'Gate-crashing' enterprises and users globally are Trojans, Backdoors, and Droppers which comprise 72 percent of the total cyber-attacks across the globe, as per anonymized statistics from free requests from Kaspersky Threat Intelligence Portal. 

The statistics likewise show that the different sorts of malware that researchers most frequently examine and investigate don't harmonize with the most widespread ones. 

By and large, submitted hashes or dubious uploaded files ended up being Trojans (25 percent of requests), Backdoors, a malware that gives an attacker remote control over a computer (24 percent), and Trojan-Droppers (23 percent) that install different malignant objects. 

Denis Parinov, Acting Head of Threats Monitoring and Heuristic Detection explains "We have noticed that the number of free requests to the Kaspersky Threat Intelligence Portal to check viruses or pieces of code that insert themselves in over other programs, is extremely low less than one percent, but it is traditionally among the most widespread threats detected by endpoint solutions," 

Later added, “Viruses are rarely of interest to researchers, most likely because they lack novelty compared to other threats." 

Despite the fact that Trojans are typically the most widespread type of malware, however, Backdoors and Trojan-Droppers are not as common as they just make up 7 percent and 3 percent of every malevolent file blocked by the Kaspersky endpoint products. 

The researchers say, "This difference can be explained by the fact that researchers are often interested in the final target of the attack, while endpoint protection products are seeking to prevent it at an early stage," 

Nonetheless, in order to develop response and remediation measures, security analysts need to distinguish the objective of the attack, the root of a malignant object, its prominence, and at the end, the report specified that it's the security researchers who need to identify all components within the dropper.

Read more »
Sift
Content Abuse Cyber Fraud. Payment Fraud Sift

How Content Abuse is giving rise to online Frauds, explains SIFT


A report from Sift on 'Content Abuse and the Fraud Economy' explores the rising arena of online frauds and content abuse in 2020, detailing how content abuse tricks users for falling for the fraud and giving it an air of legitimacy.


The report also exposes a fraud ring in Russia that tested credit cards and wallets on e-commerce websites and posted false content.

Content Abuse 

The data used in the report came from 34,000 sites and with a survey of over 1000 users by Sift on Content Abuse.

Understanding the "Fraud Supply Chain: A Network of Content Abuse, Account Takeover (ATO) and Payment Fraud" -

As a market works on a proper chain of demand and supply similarly these fraud rings have a proper network where content abuse works as a bridge between Payment fraud and account takeover.

Account Takeover exposes financial credentials and includes stolen cards and debits or wallets that can be used for performing payment fraud whereas content abuse works as a cushion and bridges account takeover and payment fraud. It convinces users to share details or send money through fake messages, reviews, phishing, or romance scams. Payment fraud then is the goal of the above two where buying and selling could occur via the cards and info collected by Account Takeover and Content Abuse.

 According to the report fake content can be found in plenty on the Internet and the numbers are shocking. Consumers find 70% of content on social media fake, 40% on classified, 21% on travel sites, and 15% on Job Boards.

 The Bargaining Bear

Sift's data science team in June also discovered a fraud ring on an e-commerce market place that exploited account takeover and content abuse to check the credentials of stolen debit cards and wallets to see if they worked and how much were they worth.

 "To test dozens of stolen cards, they “sold” the items to each other, after “haggling” those prices down to $1.00 USD— a typical price used to test hijacked payment details. Each listing was uncharacteristic for this marketplace, purchased on the same day, and included several fake reviews to strengthen the appearance of authenticity.", stated the report. 

 The team working from Russia, made various sellers profiles (with the same IP address) and sold stuff at cheap prices and bought the materials themselves leaving fake content listings that gave a legitimate reputation to the seller for easy card testing.
Read more »
Hackers News
Armenia Armenia Cyber Security Azerbaijani Hackers Cyber Attacks Hackers News

Azerbaijani hackers obtained information from the Armenian Ministry of Defense


Passport data of several hundred Armenian citizens, including military personnel, as well as documents related to the Republic's military units, were leaked to the network by Azerbaijani hackers over the past three days. This was stated by media expert and information security specialist Samvel Martirosyan on July 8.

The expert noted that over the past month personal information of Armenian citizens infected with the coronavirus was leaked to the network six times. According to him, the criminals may have much more information than they published.

This is an extremely dangerous situation because among the documents there is such information as the number of vehicles in the military unit, and passport data can be used by fraudsters to issue loans.
Martirosyan believes that Azerbaijani hackers get access to official information mainly through email, taking advantage of the low level of computer literacy of the Armenian population. A significant amount of this information is sent via personal emails, which hackers can easily hack. To solve the problem, the expert suggests developing clear instructions on how to use the information and train people.

The National Security Service (NSS) of the Republic noted that they do not have information on the last data leakage but confirmed the fact of the previous two.

Earlier it became known that Azerbaijani hackers once again posted the data of Armenian citizens infected with Covid-19. On June 24, two files with names, addresses and mobile phones were published, but without passport data. Two weeks earlier, Azerbaijani hackers distributed the data of about 3,500 Armenian citizens with confirmed coronavirus infection, as well as residents of the Republic who were in contact with patients. "The e-mail of one of the outpatient regional medical centers was hacked and there was an attempt to extract information," said the NSS.

Read more »
Technology
Coronavirus Drones Smart City Technology

The Need for Smart Cities in the Post-Pandemic World


Due to coronavirus pandemic, there has been a lockdown worldwide, and it seems, the streets and the normal life has been put on hold. While many people have complained about not getting to go out and enjoy, some people have also cherished their times at home and say it is a good thing, as it has caused the betterment of the environment and planet earth. Going through this current phase, the common question is, 'What happens after all this ends?' And more importantly, 'The concept of smart cities making these improvements permanent.'


This lockdown showed the importance of technology during times of crisis and has raised the question about the future of smart cities. In Singapore, drones were used to ensure people followed the social distancing protocol. Whereas in North Carolina, drones had delivered emergency health supplies to hospitals and people at home. Daniel Rus, a scientist at MIT, and her lab designed a robot used to disinfect food banks in Boston.

In an interview with BBC News, Daniel said that robots are playing a vital role in the fight against the pandemic. According to her, robots might play an essential role in the future when smart cities are built. In the present times, the cities gather data from sensors all over the city, such as traffic lights, lamp posts, or cameras. The data obtained helps determine the AQI (Air Quality Index) and the traffic situation in an area, all of which allows the human life. The lockdown made people realize the importance of such data. For instance, for the first time, people want to know the transport that has come in and went out of the city. They want to know whether the people around them are healthy or not.

Therefore, the post coronavirus world should consider whether they need such technology or not; that is, should the electric vehicles mandated in cities as they offer a better environment? Companies are starting to think about the "Work from Home" concept, as they have realized the additional resources and money that is spent on offices.
Read more »
Zoom
Coronavirus Microsoft 365 Phishing emails Technology Zoom

Microsoft Office 365 Users Targeted By a New Phishing Campaign Using Fake Zoom Notifications



As people across the world struggle to survive the onslaught of the corona pandemic by switching to the work-from-home criteria, the usage and demand of cloud-based communication platform providing users with audio and videoconferencing services have seen a sudden upsurge.

Zoom is one such platform that has from the beginning of 2020 has seen an extremely high increase of new monthly active users after a huge number of employees have adopted remote working.

However recently Microsoft Office 365 users are being targeted by a brand new phishing campaign that utilizes fake Zoom notifications to caution the users who work in corporate environments that their Zoom accounts have been suspended, with the ultimate goal of stealing Office 365 logins.

Reports are as such that those targeted by this campaign are all the more ready to believe in such emails during this time since the number of remote workers participating in daily online meetings through video conferencing platforms, as Zoom has definitely increased because of stay-at-home orders or lockdowns brought about by the pandemic.

 As of now the phishing campaign mimicking automated Zoom account suspension alerts has received by more than 50,000 mailboxes based on details given by researchers as email security company Abnormal Security who recognized these continuous attacks.

The phishing messages spoof an official Zoom email address and are intended to imitate a real automated Zoom notification.

Utilizing a spoofed email address and an email body practically free from any grammar blunders or typos (other than a self-evident 'zoom' rather than 'Zoom account') makes these phishing messages all the more persuading and conceivably more viable.

The utilization of a lively "Happy Zooming!" toward the end of the email could raise a few cautions however, as it doesn't exactly fit with the rest of the message's tone.




As soon as the users click the "Activate Account" button, they are redirected to a fake Microsoft login page through 'an intermediary hijacked site'.

On the phishing landing page, they are asked to include their Outlook credentials in a form intended to exfiltrate their account subtleties to attacked controlled servers.

On the off chance that they succumb to the attackers' tricks, the victims' Microsoft credentials will be utilized to assume full control for their accounts and all their data will be ready for the picking, later to be utilized as a part of identity theft and fraud schemes like the Business Email Compromise (BEC) attacks.

Despite the fact that the US Federal Bureau of Investigation (FBI) had warned of BEC abusing popular cloud email services, like Microsoft Office 365 and Google G Suite through Private Industry Notifications issued in March and in April.

Even after this, Office 365 users are continuously targeted by phishing campaigns with the ultimate objective of reaping their credentials.

Regardless Microsoft has warned of phishers' ongoing movement to new types of phishing strategies, like consent phishing, other than conventional email phishing and credential theft attacks.

Microsoft Partner Group PM Manager Agnieszka Girling says, "While application use has accelerated and enabled employees to be productive remotely, attackers are looking at leveraging application-based attacks to gain unwarranted access to valuable data in cloud services,"

The company additionally has made a legal move to destroy some portion of the attack infrastructure used to host malignant 365 OAuth apps utilized in consent phishing to seize victims' Office 365 accounts.

Read more »
Subscribe to: Comments (Atom)