Hacking and Cyber Security News

As a major starting point for small businesses and government agencies to comprehend and address cybersecurity risk as they indulge with other risks, Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essential Toolkits following its own November 2019 release. CISA's toolkits will give greater detail, insight, and assets on every one of the Cyber Essential' six "Essential Elements" of a Culture of Cyber Readiness. The launch of the introductory "Essential Element: Yourself, The Leader" will be followed every month by another toolkit to compare with every one of the six "Essential Elements." Toolkit 1 targets on the role of leadership in fashioning a culture of cyber readiness in their organization with an accentuation on methodology and investment. CISA Director Christopher Krebs says “We thank all of our partners in government and the private sector who played an essen

Github, a platform where every malicious software report is equally different in its place, manages to escape from a malware threat.  Github, an organization that united the world's largest community of coders and software developers, revealed that hackers exploited an open-source platform on its website to distribute malware. The hackers used a unique hacking tool that enabled backdoors in each software project, which the hackers used to infiltrate the software systems. "While we have seen many cases where the software supply chain was compromised by hijacking developer credentials or typosquatting popular package names, a malware that abuses the build process and its resulting artifacts to spread is both interesting and concerning for multiple reasons," said Github on its security blog. Fortunately, the hackers attempt to exploit the open-source platform was unsuccessful. Still, if it were, on the contrary, hackers could've secured a position in the softwares,

Facebook's brand image has taken a critical hit long ago falling from the top ten global brands list, the brand value has gone down by remarkable margins as the platform fell short in living up to its own standards and promises and continued making headlines for censure. Amid big scandals like Cambridge Analytica, data leaks, congressional scrutiny, the social media giant has constantly been under the radar for preferring certain gender, ethics groups, and race over others as seen in the company's allegedly flawed ad-serving algorithm.  Owing to its discriminatory ways, Facebook became a subject of critics' accusations in October 2019 when the social media giant faced a class-action lawsuit for charges of bias against gender and age. To substantiate, with the use of several advertising experiments, researchers from Northeastern University, the University of South California demonstrated in a study that Facebook has been discriminatory in ad targeting for years now and

The Polish government announced a large-scale information attack by Russia, which is aimed at worsening relations between Warsaw and Washington, as well as the Polish army Poland announced about hacker attacks on Internet pages and posting false and manipulative information about the NATO exercises Defender Europe 2020 on Polish and foreign resources. "Poland again became the target of information attacks that coincide with the Kremlin's actions against the West, especially against NATO countries. The organizers of such actions used well-known methods: hacking, spoofing content on web pages, as well as a fake interview with an American General," said Stanislav Zharin, the speaker of the coordinating Minister in the Government of Poland for Special Services. He added that the disinformation attack coincides with the beginning of the next phase of the Defender Europe-2020 exercise and concerns military cooperation between Poland and the United States. As noted, as

Android is vulnerable anew owing it to a new vulnerability which goes by the name of “StrandHogg 2.0” That is right. StrandHogg is back and now has affected numerous Android devices putting over a Billion Android devices in jeopardy. The vulnerability is a pretty typical way aids hackers disguise illegitimate applications as legitimate ones with the ultimate aim of making them grant permissions which could end up releasing really important information. The posing applications then find a way to the users’ sensitive data that too in real-time. Surprisingly, the worst part about the vulnerability is that the users would have no idea at all that they have been attacked and they’d be completely unaware of the malicious applications on their device. This vulnerability is referenced as “CVE-2020-0096” and is known by the name “StrandHogg 2.0”. This version aids the hackers to make more sophisticated attacks. As of last year StrandHogg was already listening in on conversations an

The company appealed the court decision in March, but then the founder of the messenger, Pavel Durov, announced the termination of work on the blockchain project Telegram has withdrawn an appeal against a court order banning the distribution of Gram tokens as part of proceedings with the US Securities and Exchange Commission (SEC). The decision was supported by both parties, the withdrawal was carried out using the standard form based on rule 42.1 — "leaving without consideration". The appeal was sent in March after a court banned Telegram from issuing Gram tokens.  The court ruled in favor of the SEC, which argued that the Gram tokens were unregistered securities. The court also ruled that Telegram cannot issue tokens even outside the United States since this will give US citizens the opportunity to buy these tokens outside the country as well. The founder of Telegram in an American court said that people outside the US can vote for their presidents and elect their o

WhatsApp Messenger, a cross-platform messaging app owned by Facebook is the most popular messaging application in the world and recently it's usage increased by 40% amid lock-down. But with it's rising popularity, the users are facing security threats as a new scam has emerged on the Facebook-owned messenger that tries to steal the user's verification code. The scammers pose as WhatsApp's official account and ask the user to verify his/her identity by providing the six-digit verification code to the account. This verification code is sent to the user via SMS in order to register their device. WABetaInfo, a blog that tracks WhatsApp features shared the scam in a tweet. Dario Navarro, a Twitter user asked WABetaInfo that he got such a message and if he should reply, in response the feature tracker responded with “WhatsApp never asks your data or verification codes,”. According to the message sent to Navarro, the spammer sends the message posing as WhatsApp (w

According to German intelligence agencies, a group of hackers from the Kremlin are targeting German infrastructures like energy, water, and power resources for a long time. The information came out the first time at the start of this year when investigating officers found evidence of cyberattacks on German companies. The names of the target companies are yet to be known. Still, a cyberattack has compromised them, says statements of German intelligence agencies that were sent to head of these infrastructures. The group of hackers has been identified as "Berserk Bear." According to the investigation, the hackers are likely to be state-sponsored by the Russian FSB intelligence agency. The hackers are suspected of using the supply chain to infiltrate into German IT infrastructures, says various investigation agencies. According to the investigation, these hackers use openly available malware to permanently infiltrate the company's I.T. network and access sensitive infor

"Initially, the voting went as usual. At seven in the morning, a rapid increase in attempts to vote began. After some time, technical support detected a DDoS attack — attempts were made to upload votes from non-existent voter IDs to the system," commented the press service of the party. Deputy Secretary of the General Council of United Russia Sergey Perminov said that within two hours, the growth of hundreds of thousands of fake requests was stopped. At this time, there was a queue of real people who went to vote on the site. "We use the blockchain to conduct preliminary voting — accordingly, all data comes to us in encrypted form and goes through several stages of verification. All ballots are anonymous — we don't have access to the personal information of the electors who sent them, which means we can't track the attack vector. Accordingly, we process all requests without exception. Therefore, we are now increasing our capacity in order not to lose any of

Currently, while the whole world is struggling to fight against the coronavirus epidemic, cyberattacks have increased in numbers, targeting health departments like hospitals, research centers, and WHO. According to Reuters, "the Red Cross called for an end to cyberattacks on healthcare and medical research facilities during the coronavirus pandemic, in a letter published Tuesday and signed by a group of political and business figures." Due to this, a group of 42 top world leaders have come together and requested the Government to take some immediate actions on the increasing attacks against the healthcare institutions. Among the members, there is Madeleine Albright, ex U.S Secretary of State and Brad Smith, president, Microsoft. Peter Maurer, President of International Red Cross Society, says the Government should take some swift measures and step-up to stop these attacks. He hopes that the Government is willing to commit to international obligations to prevent these atta

Recently four vulnerabilities were found in Emerson OpenEnterprise and were accounted for to the vendor in December 2019 with the patches released a couple of months later. Roman Lozko, a researcher at Kaspersky's ICS CERT unit, was responsible for the identification of the flaws, and the security holes found by him have been depicted as 'heap-based cushion buffer, missing authentication, improper ownership management, and weak encryption issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Kaspersky published advisories for three of the vulnerabilities a week ago. The rest of the vulnerability was described by Kaspersky in a previous advisory. As indicated by Emerson, OpenEnterprise is explicitly intended to address the prerequisites of associations focusing on oil and gas production, transmission, and distribution. The initial two followed as CVE-2020-6970 and CVE-2020-10640 are depicted as critical, as they can allow an attacker to remotely

Bank of Costa Rica (BCR) has been receiving threats from the threat actors behind Maze ransomware who have stolen credit card details from the bank, the ransomware gang started publishing the encrypted financial details this week. The Banco de Costa Rica is one of the strongest state-owned commercial banks operated in Costa Rica, starting from humble origins of mainly being a private commercial bank, it expanded to become a currency issuer and one of the most renowned baking firms in Central America contributing largely in the financial development of the nation. The hacker group behind the data leak have demanded a ransom from Banco de Costa Rica at various occasions, however, to their dismay they observed a lack of seriousness in the way the bank dealt with these previous leaks and it served as a primary reason that motivated the latest data leak, according to an interview with Maze ransomware operators. As per the claims made by the attackers, Banco de Costa Rica's netw

Sandeep Gupta from California, a technology manager is taking an online course in artificial intelligence as a way “to try to future-proof your working life.” Dr. Robert Davidson, an emergency-room physician from Michigan took up an online master’s degree course in public health. Online learning has seen a rise in children and college students as a way to keep up with their studies during lockdown but interestingly they are not the only ones to turn to online education. Millions of adults working in various fields have subscribed to online courses as a way to stay ahead and make use of leisure time. This period could mark a renaissance for online learning business. Coursera, an online learning platform developed by Stanford University saw 10 million new users from March to May, seven times in comparison to last year(according to pace). Other websites like Udacity and edX also saw a jump in users.  “Crises lead to accelerations, and this is the best chance ever for online le

Another notorious crypto-currency mining malware has surfaced which allegedly has been infecting the systems of countless organizations. The group with the control of operations goes by the code name of “Blue Mockingbird”. The researchers who discovered it have reasons to believe that the Blue Mockingbird has been active since 2019’s last month. Per them, it also targets “public-facing servers” that run “ASP.NET” apps that use the “Telerik framework” for their User Interface (UI) aspect. Reportedly, the vulnerability that the hackers exploit in the process is the “CVE-2019-18395” vulnerability which is then employed to embed a web shell on the target’s server. Per the same report, later on they employ a version of “the Juicy Potato technique” to obtain the admin-access and alter the server settings to get access to the “(re)boot persistence”. After having obtained complete access to a system, sources mention, the malware group installs a version of XMRRig which is a famous cry

Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than half an hour to penetrate the local network. Such conclusions were made by experts from Positive Technologies in their research. "It took an average of four days to penetrate the local network, and at least 30 minutes. In most cases, the complexity of the attack was estimated as low, that is, a low-skilled hacker who possesses only basic skills could also carry it out," said experts. Positive Technologies experts analyzed information dated 2019 on the protection of corporate information systems of 28 companies from external intruders and pentest (the penetration test). As part of external pentests, specialists managed to penetrate the local networks of 93% of organizations. In some cases, there were several ways to overcome network protection. According to experts, every sixth company showed signs of hacker attacks, malicious links on official

People’s Bank of China (PBoC), China's central bank issued a public notice on April 29, 2020, “In order to implement the FinTech Development Plan (2019-2021), the People’s Bank of China has explored approaches to designing an inclusive, prudent and flexible trial-and-error mechanism. In December 2019, a pilot programme was launched in Beijing. To intensively advance the trial work of fintech innovation regulation, the PBoC supports the expansion of the pilot program to cover the cities of Shanghai, Chongqing, Shenzhen, Hangzhou, Suzhou, as well as Xiong’an New Area of Hebei, by guiding licensed financial institutions and tech companies to apply for an innovation test.” After five years in making China's digital yuan is ready to be made public. While the world is battling Corona and settling the blame over China, the republic pushes out China’s central bank digital currency (CBDC), Christened Digital Currency Electronic Payment (DCEP) will be made available via mobile walle

The developers call it "Spectra." This assault neutralizes "combo chips," specific chips that handle various kinds of radio wave-based remote correspondences, for example, Wi-Fi, Bluetooth, LTE, and others. The attack system is set to release in August at the Black Hat Security Conference in a virtual session. The full academic paper with all details will also be published in August. The researchers teased a few details about the attack in an upcoming Black Hat talk, "Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access." The Spectra assault exploits the coexistence mechanism that chipset merchants incorporate within their devices. Combo chips utilize these systems to switch between wireless technologies at a quick pace. Specialists state that while this coexistence mechanism speeds execution, they likewise give a chance to attackers for side-chan

A Boston, Massachusetts based company, LogMeIn that provides software as a service and cloud-based remote connectivity services for collaboration, IT management and customer engagement has fallen prey to the scammers targeting companies' work from home schemes set up due to the ongoing pandemic, the campaign impersonates the remote access tool (RAT) LogMeIn and mines the unsuspecting users' account credentials. As the number of people working from home increased rapidly, scammers saw it as a golden opportunity to carry out impersonations of remote tools such as Zoom and LogMeIn more blatantly than ever; the first incident being spotted in the month of May confirms the attributions made by the researchers in regard to COVID-19. In this particular attack, the phishing email appears to be coming from LogMeIn, cautioning the user at the receiving end, of a zero-day exploit present in the LogMeIn Central and LogMeIn Pro- two of the company's products. It goes unsaid that

With just £270 ($300) of home television equipment an Oxford University-based security researcher caught terabytes of real-world satellite traffic including sensitive information from “some of the world’s largest organizations.” The news comes as the number of satellites in the orbit is said to have an increment from around 2,000 today to more than 15,000 by 2030. James Pavur, a Rhodes Scholar and DPhil student at Oxford will detail the attack in a session at the Black Hat security conference toward the beginning of August. Alongside it Pavur will demonstrate that, "under the right conditions" attackers can easily hijack active meetings by means of the satellite link, a session overview revealed. While full details of the attack won't be uncovered until the Black Hat conference, a 2019 conference paper published by Pavur gives a 'sneak peek' into a small part of the challenges of security in the satellite communications space. It seems to all come down

Russian parliamentarians have developed a package of bills that assume administrative and criminal responsibility for the use of cryptocurrencies. Experts believe that such measures can lead to the destruction of the blockchain industry in Russia. "People who currently own cryptocurrency will be forced to get rid of it before the law comes into force, or risk "going underground", and this is a loss or risk," said Dmitry Kirillov, a senior tax lawyer at Bryan Cave Leighton Paisner. Based on the amendments, mining or exchanging 3.5 bitcoins will lead to criminal liability. Penalties are provided for any use of digital assets, from the organization of a crypto exchange and mining farm, attempts to pay with cryptocurrency on the Internet.  Fines range from 500 thousand rubles ($7,000) for individuals and up to 2 million rubles ($28,000) for legal entities. Founder of the stable cryptocurrency platform Stasis.net Gregory Klumov called the new amendments "pu

As per several reports, Facebook was imitated by an Israeli security company that is known as the “NSO Group” to get the targets to install their “phone-hacking software”. Per sources, a Facebook-like doppelganger domain was engineered to distribute the NSO’s “Pegasus” hacking contrivance. Allegedly, serves within the boundaries of the USA were employed for the spreading of it. The Pegasus, as mentioned in reports, if installed once, can have access to text messages, device microphone, and camera as well as other user data on a device along with the GPS location tracking. NSO has denied this but it still happens to be in a legal standoff with Facebook, which contends that NSO on purpose distributed its software on WhatsApp that led to the exploitation of countless devices. Another allegation on NSO is about having delivered the software to spy on journalist Jamal Khashoggi before his killing, to the government of Saudi Arabia, citing sources. Facebook also claimed that NSO w

Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like usernames, contact numbers, email addresses, Facebook and Twitter access tokens, DOBs, location, gender, and MD5 hashed passwords. Researchers have confirmed the authenticity of the data that has found to be accurate – belonging to the users who have used the app. It could be used by attackers to carry out various malicious activities such as phishing campaigns, identify thefts, credential stuffing attacks, and account takeovers. Wishbone is a mobile survey app that provides users a social platform to compare social content, the app hasn't disclosed its total user count in recent times, Wishbone has been enlisted as one of top 50 most popular social networking apps in iOS App Store for years now, also making it to the top 10 in its prime. This breach came as the second-largest security incident in the last three years for the app, earlier in 2017, hac

Stanislav Kuznetsov, Deputy Chairman of the Board of the Bank, said that fake Internet recruiting agencies that offer employment have become more active. An applicant should fill out a form with personal data. Then a letter arrives that he was hired, and he needs to transfer money for some equipment urgently. In the end, no money, no work. VTB specialists reported cases of fraud when hackers place job ads and get access to mobile phones while communicating with candidates. Then, using remote access, hackers get to the client's personal account and can withdraw money. Hackers are looking for candidates without experience, for example, for the position of mobile app tester. Those who responded to the ad, they are asked to pass testing and install remote access programs to their computer or smartphone for control. Fraudsters can use them to log in to their personal account and withdraw funds. The VAT refund scheme is also gaining popularity among fraudsters. Attackers publish

The press center of the Security Service of Ukraine announced the arrest of a world-famous hacker who operated under the nickname Sanix. Last January, Forbes, The Guardian, and Newsweek wrote about the cybercriminal. TV channel Italia 1 dedicated a separate story to it since the database put up for sale by an unknown person was the largest in the history of the stolen database. The hacker Sanix turned out to be a 20-year-old resident of the small town of Burshtyn. The guy graduated from high school and college, has no higher education. At the beginning of last year, Sanix attracted the attention of the world's leading cybersecurity experts. On one of the forums, a hacker posted an ad for the sale of a database with 773 million email addresses and 21 million unique passwords. According to the portal Wired, this event should be considered the largest theft of personal data in history. SBU experts claim that the hacker also sold pin codes for bank cards, electronic wallets wi

A vulnerability in DNS servers that can be exploited to launch DDoS attacks of huge extents was as of late discovered by a team academics from Israel, the attack as indicated by them impacts recursive DNS servers and the procedure of DNS delegation. In a research paper published, the academics from the Tel Aviv University and The Interdisciplinary Center in Herzliya, Israel, said they figured out how to abuse this delegation procedure for DDoS attacks.  The NXNSAttack technique has various aspects and varieties, yet the fundamental steps are detailed below: 1) The attacker sends a DNS query to a recursive DNS server. The solicitation is for a domain like "attacker.com," which is overseen through an attacker-controlled authoritative DNS server.  2) Since the recursive DNS server isn't approved to resolve this domain, it forwards the operation to the attacker's malicious authoritative DNS server.  3) The malignant DNS server answers to the recursive DNS s

Of late a phishing attack was found to be stealing confidential user data that was stored on the cloud. As per sources, this is the work of a new phishing campaign that dodges the Office 365 Multi-Factor Authentication (MFA) to acquire the target’s cloud-stored data and uses it as bait to extract a ransom in Bitcoin. Per reports, researchers discovered that the campaign influences the “OAuth2 framework and OpenID Connect (OIDC) protocol”. It employs a malicious “SharePoint” link to fool the targets into giving permission to “rogue” applications. MFAs are used as a plan B in cases where the users’ passwords have been discovered. This phishing attack is different because it tries to fool its targets into helping the mal-actors dodge the MFA by giving permissions. This campaign is not just about gaining ransoms via exploiting the stolen data it is that and the additional threat of having sensitive and personal information at large for others to exploit as well. Extortion and bla

Romanian law enforcement officials stopped the activities of the cybercriminal group PentaGuard, which was preparing to carry out attacks on Romanian hospitals using ransomware. Four hackers were arrested, and searches were conducted at their place of residence (at three addresses in Romania and one address in Moldova). According to the Romanian Directorate for Investigating Organized Crime and Terrorism (DIICOT), hackers had various malicious programs at their disposal, including Trojans for remote access, ransomware, as well as tools for defacing sites and SQL injections. In addition, hackers developed malicious computer applications for use in computer attacks, such as rasomware-cryptolocker and RAT (Remote Trojan Access). Such malicious attacks were directed against several state institutions, as in Bucharest. During the investigation, it became clear that cybercriminals planned to attack hospitals. The attackers intended to send phishing emails on the subject of COVID-19

'Human-operated ransomware' has been on a rise with the emergence of ProLock in the month of March, the new ransomware came as a successor to 'PwndLocker', another variant of malware targeting all the major industries from finance, retail to healthcare and governmental organizations as well. Notably, in late April, the attack targeting the largest ATM provider in the United States, Diebold Nixdorf was the first major attack carried by ProLock where the attackers only compromised the company's corporate network while their ATMs and customer networks were left untouched, according to the media reports. In order to acquire access to targets' networks, ProLock has joined hands with financial malware primarily targeting businesses, QakBot. Since its initial online fraud attacks, the banking trojan has constantly evolved to specialize in SOCKS proxy, anti-research capabilities and to effectively steal victims' online banking credentials. The malware has been

There is absolutely no room for doubt that Chinese manufacturers offer an excess of affordable gadgets with extraordinary specs to boot, in fact,  Xiaomi would most likely be among the brands that you would consider when searching for a decent deal. However, a few recent revelations put its privacy practices into question. Security researchers Gabriel Cirlig and Andrew Tierney while speaking to Forbes guaranteed that Xiaomi's web browsers gather an 'over the top' amount of information even in incognito mode. This purportedly incorporated all URLs and search queries made in the stock MIUI browser, just as Mi Browser Pro and Mint Browser. When combined, these programs have in excess of 15 million downloads on the Google Play Store. As per Forbes, “The device was also recording what folders had been opened and to which screens the user swiped, including the status bar and the settings page.” Tierney later following up on Xiaomi's blog post with a Twitter thread

Sergey Solonin, one of the founders of the Russian payment service Qiwi Group, decided to re-loan his investment in the blockchain project of Pavel Durov, the founder of Telegram and Vk, Telegram Open Network (TON), giving him a loan. In 2018, he invested $17 million in this project. Recall that in 2018, the co-founder of Qiwi invested $17 million in TON. At that time, 175 investors participated in the project, who invested a total of $1.7 billion. The founder of the blockchain project stated that any project based on TON developments or using this name will not be related to Telegram. On May 12, Durov announced the closure of the TON blockchain platform project and the Gram cryptocurrency blaming the American court. The TON blockchain platform was supposed to start working in October 2019, but then the U.S. Securities and Exchange Commission (SEC) initiated legal proceedings, demanding to recognize that the Gram cryptocurrency is securities, and therefore could not be registere

COVID-19 has become a hotspot of cyber attacks and spams as the majority of employees are working from home. These growing numbers of attacks have made security firms and tech industries quite concerned. But Microsoft has come to the rescue, rolling out a new COVID-19 threat intelligence. Microsoft announced on its blog a new move that will improve security and can be availed easily. The company has introduced a COVID-19 threat intelligence made available from May 14, sharing feeds for Azure Sentinel customers and publicly available for everyone on GitHub. So, even if you are not a Microsoft customer worry not, you can still protect yourself from these COVID-19 based attacks. This data is only available for a limited period only until the pandemic threat looms over our heads. “Microsoft processes trillions of signals each day across identities, endpoints, cloud, applications, and email, which provides visibility into a broad range of COVID-19-themed attacks, allowing us to detec