Hacking and Cyber Security News

The demands for bringing fifth-generation (5G) technology of mobile networks in India are on a rise and the government is looking forth to begin the 5G trials, The Department of Telecommunications (DoT) has invited all applicants to show use-cases of 5G network in India, including Chinese telecom company Huawei Technologies Co. Ltd and ZTE. On Monday, telecom minister Ravi Shankar Prasad was specifically asked about Huawei, wherein he told that at this stage, all stakeholders are invited. “5G trials will be done with all vendors and operators,” telecom minister Ravi Shankar Prasad told media. “We have taken an in-principle decision to give 5G spectrum for trials.” Amid all the ongoing economic and diplomatic tensions between the US and China, the invitation for the 5G trial comes as the very first official stance taken by India on the matter. It also offered Huawei some breathing space after the global scrutiny it has been subjected to regarding network security concerns. The c

Microsoft plans to come up with two products with the advent of the New Year, Windows 10X-powered Surface Neo and Android-powered Surface Duo and this could be an indication of 2020 being the year of foldable and dual-screen devices from smartphone and PC creators. Microsoft's new operating system, Windows 10 X, is set to power the main rush a.k.a the first wave of foldable and dual-screen equipment scheduled for holiday 2020 and Surface Neo is said to have been the primary equipment to be dispatched with Windows 10 X, however, the Redmond giant is additionally preparing the OS for dual-screen PCs from accomplices. Windows 10 X is additionally expected to power the dual-screen PCs created by Microsoft OEM accomplices like HP, Dell, and Lenovo. A leak as of late affirmed that Windows 10 X will be coming to workstations and other customary PC form factors in the future, however apparently the operating system is as yet 'immature'. Anyway because of the moderate-pac

The cybercriminals have gotten all the savvier when it comes to finding out new ways of administering malware into the victims’ devices. The next in the list happens to be “Malicious USB sticks”. These are employed whenever an attacker needs a “physical” entrance to a computer or any device for that matter. The first related incident goes back a decade when the highly malicious, “Stuxnet” worm was disseminated to attack Iranian networks by means of USB sticks. An “unattended” USB flash drive might as well cause an equally malicious problem if plugged into a host network or system. These drives could be carrying viruses or even ransomware. The ultimate motive of these drives could range from easy-going hacking into systems to disrupting major businesses and their operations. These USB sticks are extremely malicious and could lead to major setbacks and cyber harm for victim organizations and their clients and other individuals at large. Reportedly, there are several other

2-step verification is an extra security measure that an application uses when connecting to a service or a device. But the 2-step authentication was avoided by a group of hackers from China known as APT20. The government, industries, and various corporations across the world are concerned about the issue. This is disturbing news for the world of cybersecurity. APT 20, a criminal hacking organization from China was able to avoid the important 2-step verification, that is used as a safety precaution by vast services on the internet such as Google, Whatsapp, Instagram, etc. But above all this, this issue is a major concern for banking institutions that rely on internet services for their conduct. The APT20 group was caught avoiding the 2-step Verification:  After successfully breaking the verification process, APT20 was able to get access to some government agencies, corporate databases, and servers of various industries. The activity was discovered by Fox-It, a Dutch security spe

Russian President Vladimir Putin signed a decree increasing the number of departments of the Ministry of Foreign Affairs of Russia from 41 to 42.  According to the Facebook page of the Department, the new 42nd Department of the Russian Foreign Ministry will deal with international information security, including the fight against the use of information technologies for military-political, terrorist and other criminal purposes. The decree came into force on December 27, 2019.  The number of employees of the Central office of the Russian Foreign Ministry increased from 3,358 people to 3,391 people.  The decree establishes a staff payroll for a year in the amount of 3,521,914.7 thousand rubles ($57,000). Employees of the Department will have to propose measures to improve legislation to make it easier to cooperate with other countries and international organizations on the topic of information security. " The main idea of the department is the development of generally accep

Cyber police in the Kharkiv region exposed members of a criminal hacker group who purposefully carried out attacks on private organizations and individuals to illegally gain access to their remote servers. It is established that in this way they managed to hack more than 20 thousand servers around the world. According to employees of the Department for Combating Cybercrime, the attackers sold the hacked accesses to customers. In addition, law enforcement identified all members of this group. So, it included three Ukrainian and one foreigner. All of them were well-known participants of hacker forums and carried out orders hacking remote servers located in the territory of Ukraine, Europe and the USA. Cyber police found that the criminal group had been operating since 2014. Its participants carried out bruteforce attacks on private enterprises and individuals. They used for attacks specialized software that exploited vulnerabilities of Windows-based servers. It is known that att

A twenty-two-year-old hacker has agreed that he tried to threaten Apple company by alleging that he had data of accounts of millions of iPhone users and that he would destroy these accounts if not given the ransom. The hacker is known to be Kerem Albayrak, living in North London, who scared to clear more than 300 million Apple users' iCloud accounts, demanding that the company gave him iTunes reward vouchers amounting to £76,000 ($1,00,000), as a ransom. However, while enquiring about the issue, Apple discovered that Kerem's claims were false, and he didn't jeopardize the company's safety system. Kerem has been charged with the crime of data breach and blackmailing and has been sentenced 2 years of jail imprisonment, and 300 hours of community service (unpaid). Two years back, in March 2017, Kerem e-mailed Apple company's safety unit, declaring to have hacked more than 300 Million iCloud accounts of Apple users. To strengthen his claim, Kerem showed him hacking

FaceTime, acoustic cyber 'noise,' and building system worms were among the targets of resourceful white-hat hackers this year. from Dark Reading: Attacks/Breaches

Last days of 2019 were the perfect time to spread phishing campaigns using email templates based on the Portuguese Government Finance & Tax. SI-LAB noted that Portuguese users were targeted with malspam messages that reported issues related to a debt of the year 2018. In detail, the emails are related to the Rendimento de Pessoas Singulares – IRS (annual tax declaration), and any citizen who has received the message can be misled by criminals – as the end of the year is the right time to discuss issues within this context. The malware was named ‘Lampion’ as this is the name used as part of its internal name. Regarding a broad analysis, it looks like the Trojan-Banker.Win32.ChePro family, but with improvements that make hard its detection and analysis.

The report predicts hackers will increasingly target the political scene and activists using deepfake content and other infamous cyber weapons. A top prediction on Experian’s list involves phishing, a time-tested vector favored by hackers. Another noteworthy projection is that cyber-crooks will begin leveraging deepfake content to help influence political outcomes – i.e. in nation-states with upcoming elections or ongoing political turmoil. “As this technology comes of age and becomes readily accessible it will increasingly be used by cybercriminals and nation states to foster real disruption – both in financial markets and in politics,” according to the forecast. As the technology used to create deepfakes advances rapidly, motivated threat actors will likely increasingly harness its believability to achieve a plethora of end goals, including to sow political discord in targeted nation-states.

The Development and Technology Committee of the House of Representatives today passed the Information Technology Bill ignoring the opposition of Nepali Congress lawmakers in the panel. The bill proposes a severe penalty for an offence against the state and computer hacking. The bill also provisions a fine not exceeding Rs 1.5 million or a jail term not exceeding five years, or both, for posting content on social networking sites that may pose a threat to the country’s sovereignty, security, unity or harmony. The committee proposed to impose a fine of up to Rs 50,000 or six months jail term or both on those found guilty of cyber bullying. The original bill had proposed to punish people guilty of cyber bullying with a fine not exceeding Rs 1 million or jail term not exceeding five years or both. The original bill had only stated that those found guilty of the above-mentioned crimes shall be prosecuted under offense against state laws. For those responsible for deleting or interfering wit

Automated filtering and quick takedown requirements would disrupt the volunteer model of real-time editing of information, Wikimedia has said in a letter to IT Minister Ravi Shankar Prasad. Automated filtering and quick takedown requirements would disrupt the volunteer model of real-time editing of information followed by the online encyclopaedia, the Wikimedia Foundation has said in a letter to Information Technology Minister Ravi Shankar Prasad. Short response times for removals that would essentially require the use of automatic systems would interfere with people’s ability to collaborate in real time on Wiki, the collaborative, open editing model that has been crucial to Wikipedia’s growth,” the letter said. Fulfilling mandatory content removal requirements from one country would leave problematic gaps in Wikipedia for the whole world, break apart highly context-specific encyclopedic articles, and prevent people from accessing information that may be legal in their country.”

Each year, millions of ransomware attacks paralyze computer systems of businesses, medical offices, government agencies and individuals. As a result, although many companies cite ransomware in filings as a risk, they often don’t report attacks or describe them in vague terms, according to experts in securities law and cybersecurity. Even when companies do allude to an attack in SEC filings, they typically resort to euphemisms rather than the very word that best describes what paralyzed their business and caused millions of dollars in losses.

The Patiala police have registered over two dozen online fraud cases in the district in the past one year. Not only common man, but ministers and singers too fell prey to such frauds. On December 8, Punjabi singer Paramjit Singh alias Pammi Bai was cheated of Rs 1.09 lakh in a case of online fraud, prompting the Patiala police to register a case against one Sahil Pirzada of Faridabad, Haryana. In his complaint, Pammi said he received an invitation through an email for a recording session with ‘Coke Studio’ and a reputed TV channel at Mumbai in February. He said the accused posed himself as a public relations officer (PRO) of the TV channel. On his demand, the singer transferred Rs 26,400 as fee and Rs 26,400 as security deposit in his bank account. After four days, the accused asked him to pay 1% of the amount he is getting on YouTube for his songs, following which Pammi allegedly paid him Rs 16,000. He told police that he again deposited an amount of Rs 20,000 as security to be on air

Wyze, a company that sells smart devices like security cameras, smart plugs, smart lightbulbs, and smart door locks, confirmed today a server leak that exposed the details of roughly 2.4 million customers. Song showed his dissatisfaction with how the two parties, Twelve Security and IPVM, handled the data leak disclosure, giving Wyze only 14 minutes to fix the leak before going public with their findings. Song confirmed that the leaky server exposed details such as the email addresses customers used to create Wyze accounts, nicknames users assigned to their Wyze security cameras, WiFi network SSID identifiers, and, for 24,000 users, Alexa tokens to connect Wyze devices to Alexa devices. The Wyze exec denied that Wyze API tokens were exposed via the server. The Wyze exec said they only collected health data from 140 users who were beta-testing a new smart scale product. Either way, Wyze said it decided to forcibly log out all Wyze users out of their accounts and unliked all third-party

A new Cold War will begin in the world in 2020, it will break out in cyberspace. Fake news before the elections will become an Internet trend in politics, and companies and ordinary people need to be wary of old threats - phishing and ransomware viruses. This forecast was made by Check Point IT company in a study available to the Russian Agency for International Information RIA Novosti. According to experts, cyber attacks will increasingly be used as indirect conflicts between small states, which are supported and financed by large countries seeking to expand their spheres of influence. In addition, they predict an increase in the number of cyber attacks on utility and other critical infrastructures, explaining this by the fact that in many cases outdated technologies are used in the field of electricity and water supply. In 2020, an increase in the number of targeted attacks on authorities, specific enterprises and healthcare organizations through mobile malware and ransomwar

Attackers are taking no breaks and actually pull harder before holidays, as shown by a San Antonio mental health services provider and a New Mexico hospital impacted by malware attacks according to reports and disclosures published before Christmas. Mental health provider takes down systems The CHSC provides various mental health services to adults and children with "mental health conditions, substance use challenges and intellectual or developmental disabilities" from San Antonio, Texas. "We started at our larger clinics, and we’re bringing it up slowly and carefully to ensure that our security is still intact." Patients encouraged to monitor credit reports New Mexico's RGH issued a security incident notice on December 23 to disclose a malware infection that affected one of its radiology servers last month, on November 14. "Although it is not been confirmed that the compromise of any data actually occurred, RGH is alerting potentially affected patients and

Security Researcher discovered a leak within the dating app Plenty of Fish  of the data that users had specially set as "private" on their profiles. The leaked information was not straight away obvious to the app users, and the information was scrambled to make it hard to peruse. In any case, utilizing freely accessible tools intended to dissect network traffic, the researcher discovered that it was possible to uncover the data about the users as their profiles showed up on his phone. As indicated by The App Analyst, a 'mobile expert' who expounds on his examinations of mainstream applications on his eponymous blog, POF was in every case quietly restoring the users' first names and postal ZIP codes which was the primary indication that something was truly amiss with the application. In one case, the App Analyst even discovered enough data to identify where a specific user lived. As of late, law enforcement also has on multiple occasions issued admonitio

A class-action lawsuit has been filed against Amazon-owned Rings by Alabama resident John Orange. The company has been accused mainly of negligence and invasion of privacy amid other side claims namely breach of an implied warranty, breach of implied contract and violation of California’s Unfair Competition Law against false advertising as it failed to provide enough protection against hacks. Orange claimed that his internet-connected Ring camera which he bought in July 2019 was hacked and used to harass his three children aged seven, nine and ten, as per the lawsuit. Reportedly, the hacker spoke to the kids as they were playing basketball. The argument for a class-action was supported by seven other similar incidents reported by media wherein these devices were hacked as the two-way talk function was used by hackers to talk to unsuspecting children. A mother shared one such disturbing incident which made rounds on social media, it took place in Mississippi wherein the hacker

As if it wasn't enough already, the famous social networking and microblogging website Twitter has suffered yet another data vulnerability recently. In a recent data breach incident, an expert claimed that he was able to exploit a Twitter bug and used it to match more than 17 Million mobile numbers to user profiles. The list of the accounts targeted includes prominent lawmakers and officials. This hack was achieved by exploiting a bug in Twitter's Android application. According to the reports of TechCrunch, Safety expert, Ibrahim Balic discovered that it is attainable to post complete records of created contact information via the contact upload option in the Twitter app. "If you put your contact information .i.e the phone number, the app in return, retrieve user information," says Ibrahim. The users whose phone numbers were matched were from countries like Germany, France, Armenia, Iran, Greece, Turkey, and Israel. In one particular incident, the user whose numb

Maastricht University (UM) announced ransomware infected almost all of its Windows systems on Monday, December 23. “Maastricht University (UM) has been hit by a serious cyber attack. Almost all Windows systems have been affected and it is particularly difficult to use e-mail services.” reads the notice published by the UM. UM is investigating if the cyber attackers have had access to this data.” The UM is investigating the incident and is working to restore operations, it also reported the incident to law enforcement. The university did not reveal details of the attack, it is not clear the family of ransomware that infected its systems. In response to the attack, the UM has taken down its systems as a precautionary measure.  “In order to work as safely as possible, UM has temporarily taken all of its systems offline.” reads an update published by the university.

Malicious USB sticks are leveraged where an attacker needs physical access to a computer. The first notorious incident was observed back in 2010 when the notorious Stuxnet worm was distributed via USB sticks to launch attacks on the networks of an Iranian facility.

The U.S. Coast Guard (USCG) published a marine safety alert to inform of a Ryuk Ransomware attack that took down the entire corporate IT network of a Maritime Transportation Security Act (MTSA) regulated facility. "Once the embedded malicious link in the email was clicked by an employee, the ransomware allowed for a threat actor to access significant enterprise Information Technology (IT) network files, and encrypt them, preventing the facility’s access to critical files," says the USCG. Operations shut down for over 30 hours Even though the Marine Safety Information Bulletin (MSIB) doesn't mention the type of facility or its name, it's safe to assume that it must be a port seeing that the ransomware managed to infiltrate cargo transfer industrial control systems. "The virus further burrowed into the industrial control systems that monitor and control cargo transfer and encrypted files critical to process operations," adds the USCG.

A cyber attack has shut down the computer network at the Center for Health Care Services, Bexar County’s largest provider of mental health and substance abuse services. CEO Jelynne LeBlanc Burley confirmed Tuesday that the company’s system was included in a larger-scale cyber attack last week that’s under investigation by federal law enforcement agencies. Burley said she doesn’t know whether the attacker demanded a ransom from the center. She said federal officials called the center last week about the attack, and that the center’s techs isolated the threat to a single computer server. Burley decided to shut down the center’s entire computer system as a precaution. “We started at our larger clinics, and we’re bringing it up slowly and carefully to ensure that our security is still intact.” CHCS operates several locations in San Antonio, including a walk-in mental health clinic and mobile crisis outreach team, substance abuse recovery facilities and programs at the homeless services cam

Hackers stole records relating to the extension unit of an unknown blockchain recently, taking cryptocurrency worth $480,000, which is known as an obscure token called NULS. The developing team working on NULS confirmed on Twitter that it suffered a hacking attack. Earlier in the morning, the company tweeted that around 2 million NULS ($4,80,000) were stolen from its account. From the amount that was stolen, the development team says that more than half the amount lost in the theft has been liquidated to other cryptocurrency forms, amounting roughly to $131,600. The company is planning to 'Hard Fork' the transaction network and blockchain, a measure that stops the cryptocurrency once and for all. Fortunately, the incident didn't have a hard effect on the price of NULS. The reason for the theft is said to be a vulnerability found in software version 2.2. The reason for having little effect on its value might be due to the value dropping down already at over 95%, follow

Connecticut Secretary of the State Denise Merrill says the state will receive about $5 million in federal funds to help protect the 2020 elections from cyberattacks. According to a news report, Merrill says the money is Connecticut’s share of a $425 million federal fund approved by Congress to enhance the integrity of electoral systems all across the country. Merrill says it will be used for cybersecurity for Connecticut’s unique election system of 169 independent towns and give voters the confidence that their ballots are secure. In addition, Merrill says she’s grateful to the state’s congressional delegation and the U.S. House of Representatives for fighting to secure the federal funds. “Without that faith in elections, we will really have a problem in 2020. Because I don’t need to tell you people are already suspicious of everything. And so we want to make sure that we can do everything we can to make sure this is the smoothest election we’ve ever had,” Merrill says.

Machines also need to authenticate themselves to each other so they can communicate securely, relying on cryptographic keys and digital certificates, which serve as machine identities. To better understand the gap between implementation of security controls for human identities and those for machine identities, Venafi evaluated responses from over 1,500 IT security professionals from the U.S., U.K., France, Germany, and Australia across a range of company sizes and industries. Just half (54%) of organizations have a written policy on length and randomness for keys for machine identities, but 85% have a policy that governs password length for human identities. Organizations will spend over $10 billion protecting human identities this year, but they are just getting started with machine identity protection. “Machine identities are a relatively new, and very effective, point of attack, but there is a huge gap between the security controls applied to human identities and those applied to m

To understand the evolving, shadowy world of cyberwarfare, start with Ukraine. “You can’t really find a space in Ukraine where there hasn’t been a [cyber] attack,” a NATO ambassador tells Wired correspondent Andy Greenberg. “Turn over every rock, and you’ll find a computer network operation.” Beginning in 2015, Ukraine was on the receiving end of vicious cyberattacks that experts later determined were launched by Russia. The attacks were ruthless, targeting every aspect of Ukrainian society: government servers, media organizations, transportation hubs. Ukrainian cyber experts watched helplessly as systems began to crash all around them. There were no public schedules or train service one day. ATMs went dark the next. The coup de grace came when the hackers targeted the electricity grid, plunging hundreds of thousands of innocent Ukrainians into darkness.

Truckstop.com, a leading provider of software-enabled services to the trucking industry suffered a malware attack that crippled the company over the Christmas holiday week. The customer fallout for Truckstop.com is likely to be short-lived assuming the company is able to fully restore services by January 6th, when most trucking companies and brokers are back in full swing. Many members of the Truckstop team worked tirelessly through the Christmas week to restore systems and resume operations, sacrificing time with friends and family. The company, which is one of the largest payment and factoring providers in trucking, processed thousands of freight bills the night before Christmas. The malware attack was first reported by FreightWaves Monday morning, with Truckstop.com providing continuous updates to customers and FreightWaves through the holiday week. Truckstop.com teams have restored most major desktop services and continue working to bring critical systems back online, including mob

Patients of Roosevelt General Hospital in Portales, New Mexico are told to monitor their credit reports after the healthcare unit discovered malware on a digital imaging server used in radiology that contained patient information. Although it’s unclear if any patient data was compromised in the hack, RGH is alerting potentially affected patients and offering assistance in monitoring their information, local news outlet The Roosevelt Review reports. Information contained on the server included names, addresses, date of birth, driver’s licenses numbers, Social Security numbers, phone numbers, insurance information, medical information and gender, the hospital said in its advisory. RGH says its IT staff “secured and restored” the server and patient information as soon as the breach was identified, suggesting the infection may have damaged the data – i.e. a ransomware contagion. RGH Marketing and Public Relations Director Jeanette Orrantia advises patients who receive a notice to monitor t

Billy Altidor, 29, and Evanie (Eva) Louis, 27, admit that in 2014 and 2015, they stole Social Security benefits owed people old enough to be their grandparents. As part of a conspiracy, the defendants accessed, or attempted to access, My Social Security online accounts belonging to more than 1,400 people, prosecutors said. To gain access, they used stolen data called “personally identifiable information.” That's sensitive data such as Social Security numbers, dates and places of birth, and mothers’ maiden names — information that fraudsters covet since it fuels a long list of crimes. People complained of unauthorized changes to their addresses or bank accounts, according to the SSA's Office of Inspector General (OIG), a government entity that investigates waste, fraud and abuse in the agency's programs and operations. It's a theft of benefits via the redirection of the payment from the account of the beneficiary to the fraudster,” Gail S. Ennis, the inspector general fo

CCPA is regarded by data privacy advocates as one of the most sweeping data privacy regulations in the US to date. CCPA is somewhat similar to the General Data Protection Regulation (GDPR), the data privacy law in the European Union, in that companies are required to disclose to their users what personal data of theirs is being collected, whether it is sold, and to whom. While I applaud Microsoft, Google, and other companies for leading the way with ambitious data privacy policies, I also have a healthy dose of skepticism about the motivations for doing so, and also about their ability to actually execute on this. In an early Dark Reading column, I explored the ramifications of the British Airways data breach involving an orchestrated phishing campaign that compromised the personal data of almost 500,000 customers of the airline. This includes making companies minimize the data they collect about people, specify the purposes for which they are collecting and using people's data, a

This gives Firefox users more options as to which DoH provider they use for secure DNS lookups. When Mozilla announced that they would be testing the DoH implementation solely with Cloudflare DNS servers, users were concerned that using a single provider decreased user's privacy and gave that provider too much data about Firefox's users. In a blog post, Firefox has announced that they have vetted NextDNS through their Trusted Recursive Resolver Program and that they will be an additional DoH provider that users can select in Firefox. The Trusted Recursive Resolver Program requires DNS providers to adhere to certain security and privacy practices before being approved by Mozilla. In Firefox Nightly 73, if users go to the Firefox options > General > Settings under Network Settings > Enable DNS over HTTPS, they can now select NextDNS as a DoH provider. NextDNS as a DoH Provider in Firefox Giving users more options and choices is a far better approach than testing with

 KATHMANDU: Nepal police on Tuesday detained 122 Chinese men and women in what seems like the biggest crime gig by foreigners. A police officer, Hobindra Bogati, said the Chinese embassy was aware of the raids and have fully supported the detentions. The chief of police of capital Kathmandu stated that the suspects were raided on Monday when the police got info that some Chinese visa holding foreigners were engaged in suspicious activity. The police chief, Uttam Subedi said, “This is the first time that so many foreigners have been detained for suspected criminal activities." These people were suspected of various cyber crimes like hacking into bank cash machines and more. These 122 men and women are held in different police stations with their passports and laptops confiscated. Another police officer, Hobindra Bogati, told that the Chinese embassy in Nepal was aware of the raids and have fully supported the detentions. Chinese Foreign Ministry spokesman Geng Shuang, in Be

The pace of change in cybersecurity is quickening as technologies like 5G and artificial intelligence enable new services, products, and modes of communication. Though varied in their uses—from consumer goods and smart cities to the Industrial Internet of Things—and in their level of maturity, nearly all are defined by growing connectivity and the risks and opportunities inherent therein. Threat actors will use BYOD policies to perform cross-platform campaigns that leverage both mobile and traditional desktop malware. In fact, recent research discovered significant nation state-based mobile cyber espionage activity from the four mentioned above and state-sponsored groups in Vietnam. These types of attacks are likely to proliferate further in 2020. That will make it more difficult for governments and enterprises seeking to attribute these attacks as they face a growing number of actors and endpoints on a larger scale. from Cyware News - Latest Cyber News https://ift.tt/2ER028p

A deeper look uncovered that the attacker abused the DLL search order to load their own malicious DLL. What makes this executable even more attractive in the eyes of an attacker is the fact that it is started from a built-in scheduled task named FODCleanupTask, thereby minimizing the footprint on the machine and reducing the chances of detection even further. The loader file name is WinBio.dll (note the uppercase characters) and is placed by the attacker alongside the executable in the same folder (“WinBioPlugIns"), thus leveraging the default DLL search order. When the executable is started by the task scheduler it doesn’t have command line arguments and the malware works as follows: The worker process loads and executes the payload DLL in-memory. Solutions This malware uses a common, yet stealthy and effective, method to execute its payload in the context of legitimate processes.  Countermeasures should be in place to detect this malicious behavior. from Cyware News - Latest

The Unified Carrier Registration Plan (UCR) has reported that the tax identification numbers of registrants may have been exposed during March due to a website vulnerability that existed in its online National Registration System. The UCR is an independent interstate compact responsible for developing, implementing and administering the National Registration System, established by Congress in 2005. The program requires individuals and companies that operate commercial motor vehicles in interstate or international commerce to register their business with a participating state and pay an annual fee based on the size of their fleet. According to a UCR statement, "From March 1 through March 28, a UCR registrant’s Tax ID number was displayed in the status bar of the web browser of the receipt created upon completion of the registration process in the National Registration System. Immediately upon learning of the website vulnerability on March 28, the UCR eliminated the website vulnerab

Disposing of old tech isn’t a one-click solution; there are multiple things you have to consider before moving on to greener pastures The post How to get rid of your old devices safely appeared first on WeLiveSecurity from WeLiveSecurity https://ift.tt/2Q1dtZG

The city has seen a sharp spike in know your customer (KYC) fraud in an e-wallet and at least seven to eight complaints have been registered in the last two days, according to cyber crime police. Senior police inspector Jayram Paigude of the cyber crime police station, said, “The sleuths of the Pune cyber crime have found a sudden spurt in the number of KYC-related frauds in a particular e-wallet. In the past two days alone, we received seven to eight complaint applications.”In one of the cases, a fast food business owner in his 40s got a text message about his KYC which provided him with a phone number to call.  When he called the number,  the receiver told the complainant that the KYC was about to end and that his online wallet account will stop working at the end of the period. To update the KYC information, the man on the call asked the complainant to share details like name, phone number, Aadhaar card, PAN card, among others and put his call on hold, according to the police.“As so

A new version of the Ryuk Ransomware was released that will purposely avoid encrypting folders commonly seen in *NIX operating systems. Blacklist *NIX Folders The list of Ryuk blacklisted *NIX folders are: bin boot Boot dev etc lib initrd sbin sys vmlinuz run var At first glance, it seems strange that a Windows malware would blacklist *NIX folders when encrypting files. Even stranger, Kremez told us that he has been asked numerous times whether there was a Unix variant of Ryuk as data stored in these operating systems have been encrypted in Ryuk attacks. With the rising popularity of WSL, the Ryuk actors likely encrypted a Windows machine at some point that also affected the *NIX system folders used by WSL. It is new to me and might explain why Ryuk and how Ryuk affects NIX machines via WSL," Kremez told BleepingComputer. As the goal of most successful ransomware is to encrypt a victim's data, but not affect the functionality of the operating system, this change makes sense Wi

The antivirus company ESET conducted a comprehensive study on the state of information security in Russian companies, interviewing dozens of IT Directors and business owners. According to the study, 90% of Russian companies faced external cyber threats and about 50% faced internal ones. Among external cyber threats spam (65%), malware (47%) and encryptors (35%) are leading. The distribution of malicious software is closely linked to the activity of spammers and phishers who seek to lull the employee's vigilance and force him to follow a malicious link or download a dangerous file. At the same time, many respondents noted that often viruses, Trojans and other malware got on devices because of the human factor - employees used unverified external drives or installed unwanted software. In addition, 7% of respondents experienced the loss of corporate smartphones, tablets or laptops with confidential information by employees. It is worth noting that specialists from the CIS oft

PayPal scam goes after account info, payment card data PayPal customers are being hit with a phishing scam designed to steal their login credentials and other PII through a series of well-crafted emails and fraudulent websites. An incident begins with an email stating that there has been some unusual activity on the person’s PayPal account that requires immediate attention in order to properly secure the account, ESET recently reported . The email contains a link to a fake PayPal page that contains the proper logos and branding. Despite the good work done on the page’s design, ESET researchers noted a few tells indicating that something is amiss. First, the wording on the page tries to enhance the perceived danger to the account by creating a sense of urgency. The next indicator is the site’s URL, which uses poor English and is not related to PayPal. The malicious actors took the extra step of obtaining and applying a security certificate for the fake w

So 2019, was quite a year for hackers and security breaches. Countless malware, trojans, ransomware and data breaches attacked the business and financial sector leaving our security and information more exposed and feeble. And these hackers have moved from targeting the rich and high profile to the common people and the consequences can be right down scary. And that's why it becomes imperative that we protect ourselves from these attacks. It may seem like impossible feet but a few simple habits can go a long way to keep us cyber safe and cyber secure. Let's take a look- 1. Antivirus software  Leaving your computer exposed without any antivirus means you are gladly inviting virus and malware into your system. Installing an antivirus is the first line of defense and quite simple. Using anti-virus software is the foundation from which all your other online safety habits are built.  2.Thinking free means safe  Always be aware of freebies on the internet and cyberspace be i

Multiple Vulnerabilities are affecting the Intel products Cyber Security Companies recently reported a new kind of vulnerability affecting various Intel products. Intel, in full Intel Corporation, the inventor of the x86 series of microprocessors has recently noted multiple vulnerabilities affecting some Intel products. These vulnerabilities allow the local attacker to expand privileges, cause denial of service (DoS) conditions and may grab sensitive information by targeting a system. Name of the Common Vulnerabilities and Exposures (CVE) 1. CVE-2019-14568:Local access is needed to approach this attack. A single authentication is necessary for the misuse. Just by sending a specially-crafted request, an attacker could exploit this vulnerability to gain exalted privileges. This vulnerability was named CVE-2019-14568 since 08.03.2019. 2. CVE-2019-14608:The vulnerability grants a local user to escalate privileges on the target system. The vulnerability exists in the firmware for Inte

“Hornet's Nest”: A six-in-one malware The six malware found were a mix of cryptominers, info stealers, cryptostealer, and a backdoor. Researchers warn that owing to its destructive attack strategy, it might be a threat designed especially for enterprises. Researchers have uncovered a new malware campaign targeting organizations in the U.S. and Europe with an attack that deploys a six-in-one malware. They dubbed the malware as “Hornet’s Nest.” About the malware Researchers from Deep Instinct have discovered this nasty arsenal. The six malware found were a mix of cryptominers, info stealers, cryptostealer, and a backdoor. The primary payload dropper and is written in MS Visual C++ 8 and bears the signs of active modifications. It is suspected that it may have been developed by a Russian speaker as the code shows a few traces of comments and UI written in Russian. Researchers said, “Such volume and variety are uncommo

Russian hackers from the group Evil Corp, which the British intelligence services call the most dangerous in the world, can be associated with crime, in particular, with the thief in law Vyacheslav Ivankov, better known as Yaponchik ("the little Japanese"). On December 9, it became known that Maxim Yakubets, the alleged leader of the group, was married to Alena Benderskaya, who is the daughter of Eduard Bendersky, a veteran of the FSB special forces Vympel. Journalists wrote that Benderskaya is the founder of companies associated with the security business of her father, as well as co-owner of two stores of the Italian brand Plein Sport. It's sportswear stores that Yakubets and his friends from Evil Corp liked to wear. According to the database, the share in these stores belongs to Otari Sadov. Journalists call him "the son of an authoritative businessman Leni Assiriysky, the right hand and nephew of Yaponchik." According to a source familiar with the