Hacking and Cyber Security News

Cable provider Volia appealed to the Cyber Police on the fact of fixing a DDoS attack on the Kharkov servers of the company, which has been ongoing since May 31. "For three days, from May 31 to today, the Volia infrastructure in Kharkov is subjected to cyberattacks. At first, they were carried out only on subscriber subsystems, later they switched to telecommunications infrastructure. As a result, more than 100,000 subscribers experienced problems using the Internet, IPTV, multi-screen platform, and digital TV," said the company. In total, the complete lack of access to Volia's services, according to the provider, lasted 12 minutes on May 31, 45 minutes on June 1. There was also an attack on the website volia.com, but it was managed to neutralize. "DDoS attacks were massive and well-organized. The type of attack is UDP flood and channel capacity overflow with the traffic of more than 200 GB. UDP is a protocol used for online streaming services - streaming, te...

German Foreign Ministry spokeswoman Maria Adebar on Friday confirmed that Germany in connection with the case of a hacker attack on the Bundestag introduces a sanctions regime,  which includes freezing accounts and restrictions on entry to the European Union.  Hackers linked to Russian intelligence are suspected of hacking emails. Moscow denies any involvement. Adebar added that this sanctions regime allows freezing assets and restricting entry not only for individuals but also for organizations. The day before, the State Secretary of the German Foreign Ministry Miguel Berger invited the Russian Ambassador to Germany Sergei Nechaev to Berlin in connection with the case of a hacker attack on the Bundestag. Berger, on behalf of his government, "strongly condemned" the attack. He also reported on Germany's plans to use the EU's cyber sanctions regime against the Russians involved in this attack, including Dmitry Badin. The reason for this, he also called a warran...

Apple is planning to invest more in streamlines and increasing its cloud-based and software services like iCloud, Newsplus, and Apple Music. The expansion will go along with devices like iPads, MacBooks, and iPhones. To be entirely sure about the reliability of the cloud-based service on all the Apple devices, the company has decided to rely on AWS (Amazon Web Services) and the cloud division. AWS, as you might know, is a subunit of Amazon that offers cloud-space solutions. According to CNBC's findings, Apple is said to pay Amazon $30 Million monthly for its cloud-based services. It also means that Apple is one of the biggest customers of AWS. Nevertheless, Apple hasn't confirmed whether it uses Amazon's cloud services besides its iCloud. According to experts, Apple also has some of its cloud services on Google. Amazon transformed the management of the data center and hosting of the applications when it brought the AWS. Being the first one to offer services like these,...

All over the world companies are making cuts, the COVID-19 has lead to a major economic downfall, and companies are struggling to stay afloat by reassessing their strategies and priorities. This has made companies realize the actual value of data science in business and things are not looking good. There have been mass cuts and layoffs in tech industries including data scientists and AI specialists and many are saying that the hype over data science is finally coming down. Over the last five years the data science field has bloomed with a soaring speed and talent in data science has increased exponentially but it is expectant of companies to let this department go as when we look at direct business value, data science, unfortunately, don't add much - they fail to make the essential need-to-be list. Hence, the demand for data scientists will significantly decrease in the foreseeable future. Dipanjan Sarkar, a Data Science Lead at Applied Materials talks about AI and lose busi...

As a major starting point for small businesses and government agencies to comprehend and address cybersecurity risk as they indulge with other risks, Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essential Toolkits following its own November 2019 release. CISA's toolkits will give greater detail, insight, and assets on every one of the Cyber Essential' six "Essential Elements" of a Culture of Cyber Readiness. The launch of the introductory "Essential Element: Yourself, The Leader" will be followed every month by another toolkit to compare with every one of the six "Essential Elements." Toolkit 1 targets on the role of leadership in fashioning a culture of cyber readiness in their organization with an accentuation on methodology and investment. CISA Director Christopher Krebs says “We thank all of our partners in government and the private sector who played an essen...

Github, a platform where every malicious software report is equally different in its place, manages to escape from a malware threat.  Github, an organization that united the world's largest community of coders and software developers, revealed that hackers exploited an open-source platform on its website to distribute malware. The hackers used a unique hacking tool that enabled backdoors in each software project, which the hackers used to infiltrate the software systems. "While we have seen many cases where the software supply chain was compromised by hijacking developer credentials or typosquatting popular package names, a malware that abuses the build process and its resulting artifacts to spread is both interesting and concerning for multiple reasons," said Github on its security blog. Fortunately, the hackers attempt to exploit the open-source platform was unsuccessful. Still, if it were, on the contrary, hackers could've secured a position in the softwares, ...

Facebook's brand image has taken a critical hit long ago falling from the top ten global brands list, the brand value has gone down by remarkable margins as the platform fell short in living up to its own standards and promises and continued making headlines for censure. Amid big scandals like Cambridge Analytica, data leaks, congressional scrutiny, the social media giant has constantly been under the radar for preferring certain gender, ethics groups, and race over others as seen in the company's allegedly flawed ad-serving algorithm.  Owing to its discriminatory ways, Facebook became a subject of critics' accusations in October 2019 when the social media giant faced a class-action lawsuit for charges of bias against gender and age. To substantiate, with the use of several advertising experiments, researchers from Northeastern University, the University of South California demonstrated in a study that Facebook has been discriminatory in ad targeting for years now and...

The Polish government announced a large-scale information attack by Russia, which is aimed at worsening relations between Warsaw and Washington, as well as the Polish army Poland announced about hacker attacks on Internet pages and posting false and manipulative information about the NATO exercises Defender Europe 2020 on Polish and foreign resources. "Poland again became the target of information attacks that coincide with the Kremlin's actions against the West, especially against NATO countries. The organizers of such actions used well-known methods: hacking, spoofing content on web pages, as well as a fake interview with an American General," said Stanislav Zharin, the speaker of the coordinating Minister in the Government of Poland for Special Services. He added that the disinformation attack coincides with the beginning of the next phase of the Defender Europe-2020 exercise and concerns military cooperation between Poland and the United States. As noted, as ...

Android is vulnerable anew owing it to a new vulnerability which goes by the name of “StrandHogg 2.0” That is right. StrandHogg is back and now has affected numerous Android devices putting over a Billion Android devices in jeopardy. The vulnerability is a pretty typical way aids hackers disguise illegitimate applications as legitimate ones with the ultimate aim of making them grant permissions which could end up releasing really important information. The posing applications then find a way to the users’ sensitive data that too in real-time. Surprisingly, the worst part about the vulnerability is that the users would have no idea at all that they have been attacked and they’d be completely unaware of the malicious applications on their device. This vulnerability is referenced as “CVE-2020-0096” and is known by the name “StrandHogg 2.0”. This version aids the hackers to make more sophisticated attacks. As of last year StrandHogg was already listening in on conversations an...

The company appealed the court decision in March, but then the founder of the messenger, Pavel Durov, announced the termination of work on the blockchain project Telegram has withdrawn an appeal against a court order banning the distribution of Gram tokens as part of proceedings with the US Securities and Exchange Commission (SEC). The decision was supported by both parties, the withdrawal was carried out using the standard form based on rule 42.1 — "leaving without consideration". The appeal was sent in March after a court banned Telegram from issuing Gram tokens.  The court ruled in favor of the SEC, which argued that the Gram tokens were unregistered securities. The court also ruled that Telegram cannot issue tokens even outside the United States since this will give US citizens the opportunity to buy these tokens outside the country as well. The founder of Telegram in an American court said that people outside the US can vote for their presidents and elect their o...

WhatsApp Messenger, a cross-platform messaging app owned by Facebook is the most popular messaging application in the world and recently it's usage increased by 40% amid lock-down. But with it's rising popularity, the users are facing security threats as a new scam has emerged on the Facebook-owned messenger that tries to steal the user's verification code. The scammers pose as WhatsApp's official account and ask the user to verify his/her identity by providing the six-digit verification code to the account. This verification code is sent to the user via SMS in order to register their device. WABetaInfo, a blog that tracks WhatsApp features shared the scam in a tweet. Dario Navarro, a Twitter user asked WABetaInfo that he got such a message and if he should reply, in response the feature tracker responded with “WhatsApp never asks your data or verification codes,”. According to the message sent to Navarro, the spammer sends the message posing as WhatsApp (w...

According to German intelligence agencies, a group of hackers from the Kremlin are targeting German infrastructures like energy, water, and power resources for a long time. The information came out the first time at the start of this year when investigating officers found evidence of cyberattacks on German companies. The names of the target companies are yet to be known. Still, a cyberattack has compromised them, says statements of German intelligence agencies that were sent to head of these infrastructures. The group of hackers has been identified as "Berserk Bear." According to the investigation, the hackers are likely to be state-sponsored by the Russian FSB intelligence agency. The hackers are suspected of using the supply chain to infiltrate into German IT infrastructures, says various investigation agencies. According to the investigation, these hackers use openly available malware to permanently infiltrate the company's I.T. network and access sensitive infor...

"Initially, the voting went as usual. At seven in the morning, a rapid increase in attempts to vote began. After some time, technical support detected a DDoS attack — attempts were made to upload votes from non-existent voter IDs to the system," commented the press service of the party. Deputy Secretary of the General Council of United Russia Sergey Perminov said that within two hours, the growth of hundreds of thousands of fake requests was stopped. At this time, there was a queue of real people who went to vote on the site. "We use the blockchain to conduct preliminary voting — accordingly, all data comes to us in encrypted form and goes through several stages of verification. All ballots are anonymous — we don't have access to the personal information of the electors who sent them, which means we can't track the attack vector. Accordingly, we process all requests without exception. Therefore, we are now increasing our capacity in order not to lose any of...

Currently, while the whole world is struggling to fight against the coronavirus epidemic, cyberattacks have increased in numbers, targeting health departments like hospitals, research centers, and WHO. According to Reuters, "the Red Cross called for an end to cyberattacks on healthcare and medical research facilities during the coronavirus pandemic, in a letter published Tuesday and signed by a group of political and business figures." Due to this, a group of 42 top world leaders have come together and requested the Government to take some immediate actions on the increasing attacks against the healthcare institutions. Among the members, there is Madeleine Albright, ex U.S Secretary of State and Brad Smith, president, Microsoft. Peter Maurer, President of International Red Cross Society, says the Government should take some swift measures and step-up to stop these attacks. He hopes that the Government is willing to commit to international obligations to prevent these atta...

Recently four vulnerabilities were found in Emerson OpenEnterprise and were accounted for to the vendor in December 2019 with the patches released a couple of months later. Roman Lozko, a researcher at Kaspersky's ICS CERT unit, was responsible for the identification of the flaws, and the security holes found by him have been depicted as 'heap-based cushion buffer, missing authentication, improper ownership management, and weak encryption issues. The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Kaspersky published advisories for three of the vulnerabilities a week ago. The rest of the vulnerability was described by Kaspersky in a previous advisory. As indicated by Emerson, OpenEnterprise is explicitly intended to address the prerequisites of associations focusing on oil and gas production, transmission, and distribution. The initial two followed as CVE-2020-6970 and CVE-2020-10640 are depicted as critical, as they can allow an attacker to remotely...

Bank of Costa Rica (BCR) has been receiving threats from the threat actors behind Maze ransomware who have stolen credit card details from the bank, the ransomware gang started publishing the encrypted financial details this week. The Banco de Costa Rica is one of the strongest state-owned commercial banks operated in Costa Rica, starting from humble origins of mainly being a private commercial bank, it expanded to become a currency issuer and one of the most renowned baking firms in Central America contributing largely in the financial development of the nation. The hacker group behind the data leak have demanded a ransom from Banco de Costa Rica at various occasions, however, to their dismay they observed a lack of seriousness in the way the bank dealt with these previous leaks and it served as a primary reason that motivated the latest data leak, according to an interview with Maze ransomware operators. As per the claims made by the attackers, Banco de Costa Rica's netw...

Sandeep Gupta from California, a technology manager is taking an online course in artificial intelligence as a way “to try to future-proof your working life.” Dr. Robert Davidson, an emergency-room physician from Michigan took up an online master’s degree course in public health. Online learning has seen a rise in children and college students as a way to keep up with their studies during lockdown but interestingly they are not the only ones to turn to online education. Millions of adults working in various fields have subscribed to online courses as a way to stay ahead and make use of leisure time. This period could mark a renaissance for online learning business. Coursera, an online learning platform developed by Stanford University saw 10 million new users from March to May, seven times in comparison to last year(according to pace). Other websites like Udacity and edX also saw a jump in users.  “Crises lead to accelerations, and this is the best chance ever for onlin...

Another notorious crypto-currency mining malware has surfaced which allegedly has been infecting the systems of countless organizations. The group with the control of operations goes by the code name of “Blue Mockingbird”. The researchers who discovered it have reasons to believe that the Blue Mockingbird has been active since 2019’s last month. Per them, it also targets “public-facing servers” that run “ASP.NET” apps that use the “Telerik framework” for their User Interface (UI) aspect. Reportedly, the vulnerability that the hackers exploit in the process is the “CVE-2019-18395” vulnerability which is then employed to embed a web shell on the target’s server. Per the same report, later on they employ a version of “the Juicy Potato technique” to obtain the admin-access and alter the server settings to get access to the “(re)boot persistence”. After having obtained complete access to a system, sources mention, the malware group installs a version of XMRRig which is a famous cry...

Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than half an hour to penetrate the local network. Such conclusions were made by experts from Positive Technologies in their research. "It took an average of four days to penetrate the local network, and at least 30 minutes. In most cases, the complexity of the attack was estimated as low, that is, a low-skilled hacker who possesses only basic skills could also carry it out," said experts. Positive Technologies experts analyzed information dated 2019 on the protection of corporate information systems of 28 companies from external intruders and pentest (the penetration test). As part of external pentests, specialists managed to penetrate the local networks of 93% of organizations. In some cases, there were several ways to overcome network protection. According to experts, every sixth company showed signs of hacker attacks, malicious links on official ...

People’s Bank of China (PBoC), China's central bank issued a public notice on April 29, 2020, “In order to implement the FinTech Development Plan (2019-2021), the People’s Bank of China has explored approaches to designing an inclusive, prudent and flexible trial-and-error mechanism. In December 2019, a pilot programme was launched in Beijing. To intensively advance the trial work of fintech innovation regulation, the PBoC supports the expansion of the pilot program to cover the cities of Shanghai, Chongqing, Shenzhen, Hangzhou, Suzhou, as well as Xiong’an New Area of Hebei, by guiding licensed financial institutions and tech companies to apply for an innovation test.” After five years in making China's digital yuan is ready to be made public. While the world is battling Corona and settling the blame over China, the republic pushes out China’s central bank digital currency (CBDC), Christened Digital Currency Electronic Payment (DCEP) will be made available via mobile walle...