SecurityLab, [14.07.20 15:35]
The Electronic Frontier Foundation (EFF) has unveiled a new database demonstrating how and where us law enforcement agencies use tracking technologies.
A map of the use of tracking technologies in the United States is presented (https://www.securitylab.ru/news/510018.php)
SecurityLab, [14.07.20 16: 00]
An Israeli court has allowed spy software manufacturer NSO Group Technologies to continue exporting its technology.
The human rights organization Amnesty International, which sued NSO Group in an attempt to block the export of the company’s products, could not prove that one of the clients of NSO Group used the company’s technology to carry out espionage, reported the publication Motherboard Vice.
Israeli court allows NSO Group to export spyware (https://www.securitylab.ru/news/510019.php)
SecurityLab, [15.07.20 08: 20]
Check Point security researcher Sagi Tzadik has discovered a critical, highly dangerous worm-like vulnerability in Windows Server 2003-2019.
The vulnerability (CVE-2020-1350), called “SigRed”, allows an unauthorized remote attacker to gain domain administrator privileges on the server and take full control of the organization’s IT infrastructure.
The vulnerability was rated 10 out of 10 on the CVSS hazard rating scale.
An extremely dangerous 17-year-old vulnerability was discovered in Windows Server (https://www.securitylab.ru/news/510117.php)
SecurityLab, [15.07.20 08:40]
Pegasus: Made in Israeli: not only targeting journalists: Jeff Bezos iPhone Hacked in 2018 by Saudi Crown Prince via Israeli Spyware via mp4 Video file
“The how of the hack, according to the report, is maybe the wildest detail: A 2019 forensic analysis of Bezos’ iPhone “assessed with ‘medium to high confidence’ that his phone was infiltrated on 1 May 2018 via an MP4 video file sent from a WhatsApp account utilised personally by Mohammed bin Salman, the Crown Prince of the Kingdom of Saudi Arabia.”
“We are selling Pegasus in order to prevent crime and terror,” NSO Group CEO Shalev Hulio told “60 Minutes” in an interview last year.”
In the case of Bezos, the UN report linked his ownership of The Washington Post to being targeted by the Saudi crown prince: “This was part of a massive, clandestine online campaign against Mr. Bezos and Amazon, apparently targeting him principally as the owner of The Washington Post.””
maybe Bezos should have gotten a Pine64Phone?
- “New York Times journalist Ben Hubbard was targeted with NSO Group’s Pegasus spyware via a June 2018 SMS message promising details about “Ben Hubbard and the story of the Saudi Royal Family.”
- The SMS contained a hyperlink to a website used by a Pegasus operator that we call KINGDOM.
- We have linked KINGDOM to Saudi Arabia.
- In 2018, KINGDOM also targeted Saudi dissidents including Omar Abdulaziz, Ghanem al-Masarir and Yahya Assiri, as well as a staff member at Amnesty International.
- Hubbard is among a growing group of journalists targeted with Pegasus spyware.
- As part of our continued investigation into threats against journalists, Citizen Lab also identified evidence suggesting a Pegasus operator may have been infecting targets while impersonating the Washington Post in the weeks leading up to and after Khashoggi’s killing in 2018.
- There is no overlap between this activity and reported events surrounding the mobile phone of Jeff Bezos.” (src: citizenlab.ca)
Please note: Even when the user’s phone is secure with latest updates and all, if the phone of the other communicating party is hacked, at least this conversation can be spied on as well.
“As for surveillance, let’s be clear: We’re talking total surveillance.
Pegasus is modular malware.
After scanning the target’s device, it installs the necessary modules to read the user’s messages and mail, listen to calls, capture screenshots, log pressed keys, exfiltrate browser history, contacts, and so on and so forth.
Basically, it can spy on every aspect of the target’s life.
It’s also noteworthy that Pegasus could even listen to encrypted audio streams and read encrypted messages — thanks to its keylogging and audio recording capabilities, it was stealing messages before they were encrypted (and, for incoming messages, after decryption).” (src: kaspersky.com)
Chrysaor: the brother of the winged horse Pegasus is aiming at Android.
“The mobile phone of the speaker of the Parliament of Catalonia, Roger Torrent, was subjected to a cyber attack using spyware.
As WhatsApp experts warned the politician, criminals used SOFTWARE mainly provided to governments to track criminals and dissidents.
The phone of the speaker of the Catalan Parliament was hacked via WhatsApp (https://www.securitylab.ru/news/510118.php)
not only him, 1,400 targets!
“The intrusion into the handset of the pro-Catalan independence politician, who belongs to the Catalan Republican Left (ERC) party, was possible due to a security fault in the WhatsApp messaging service that, between April and May 2019, could be used to install the NSO spy program” (Pegasus) “in at least 1,400 cellphones across the world” (src: https://english.elpais.com)
Pegasus: “Upon clicking on a malicious link, Pegasus secretly enables a jailbreak” (on IPhones)
“Pegasus is spyware that can be installed on devices running some versions of iOS, Apple‘s mobile operating system, as well on devices running Android. It was developed by the Israeli cyberarms firm, NSO Group.
Discovered in August 2016 after a failed attempt at installing it on an iPhone belonging to a human rights activist, an investigation revealed details about the spyware, its abilities, and the security vulnerabilities it exploited. Pegasus is capable of reading text messages, tracking calls, collecting passwords, mobile phone tracking, accessing the target device’s microphone(s) and video camera(s), and gathering information from apps.”
“Lookout provided details of the three vulnerabilities:
- CVE-2016-4655: Information leak in Kernel – A kernel base mapping vulnerability that leaks information to the attacker allowing them to calculate the kernel’s location in memory.
- CVE-2016-4656: Kernel Memory corruption leads to Jailbreak – 32 and 64 bit iOS kernel-level vulnerabilities that allow the attacker to secretly jailbreak the device and install surveillance software – details in reference.
- CVE-2016-4657: Memory corruption in the Webkit – A vulnerability in the Safari WebKit that allows the attacker to compromise the device when the user clicks on a link.”
“Apple’s bug-bounty program, which rewards people for finding flaws in its software, might not have offered sufficient rewards to prevent exploits being sold on the black market, rather than being reported back to Apple.
Russell Brandom of The Verge commented that Apple’s bug-bounty program, which rewards people who manage to find faults in its software, maxes out at payments of $200,000, “just a fraction of the millions that are regularly spent for iOS exploits on the black market”.
He goes on to ask why Apple doesn’t “spend its way out of security vulnerabilities?”, but also writes that “as soon as [the Pegasus] vulnerabilities were reported, Apple patched them—but there are plenty of other bugs left.
While spyware companies see an exploit purchase as a one-time payout for years of access, Apple’s bounty has to be paid out every time a new vulnerability pops up.”
Brandom also wrote; “The same researchers participating in Apple’s bug bounty could make more money selling the same finds to an exploit broker.”
He concluded the article by writing; “It’s hard to say how much damage might have been caused if Mansoor had clicked on the spyware link… The hope is that, when the next researcher finds the next bug, that thought matters more than the money.””
SecurityLab, [15.07.20 08:55]
On Tuesday, July 14, Microsoft released planned July security updates that fix 123 vulnerabilities in 13 products.
None of the fixed vulnerabilities were exploited in real attacks.
Microsoft has fixed 123 vulnerabilities in 13 products (https://www.securitylab.ru/news/510119.php)
SecurityLab, [15.07.20 09: 45]
The Game Boy line of handheld game consoles was produced by the Japanese company Nintendo from 1989 to 2005.
Now it is not a harmless toy, but a tool of real criminals, writes Gmail.
British police have warned car owners that a person who walks around the Parking lot with such a device can steal your car.
Most likely, in his hands is not a game console at all, but a modified Bulgarian technology company Game Boy.
Old portable Game Boy consoles turned into expensive illegal gadgets (https://www.securitylab.ru/news/510124.php)
SecurityLab, [15.07.20 10:10]
Google records users ‘ interactions with apps, even if they set its recommended settings that should block this feature.
This is reported in a statement of claim filed against the company in the district court of San Jose (California, USA) on Tuesday, July 14.
Google was sued for tracking user activity (https://www.securitylab.ru/news/510130.php)
SecurityLab, [15.07.20 11: 05]
Google has released a version of the Google Chrome 84 browser for Linux, Windows and macOS operating systems, which increases the security of users on the Internet.
The new release introduced a new Web OTP API, removed support for TLS 1.0 and TLS 1.1 standards, and blocked pop-up notifications on spam sites.
Chrome 84 now blocks Intrusive notifications on websites (https://www.securitylab.ru/news/510137.php)
SecurityLab, [15.07.20 12: 35]
The DDoSecrets (Distributed Denial of Secrets) activist group published old WikiLeaks correspondence on the AssangeLeaks website in order to “demonstrate how WikiLeaks worked behind closed doors” at a time when WikiLeaks founder Julian Assange faces criminal charges in the US.
DDoSecrets activists published old WikiLeaks correspondence (https://www.securitylab.ru/news/510138.php)
SecurityLab, [15.07.20 14: 30]
In connection with recent events in the United States, in particular with the murder of George Floyd and the resulting riots, the problem of racism in the Western world has again appeared on the crest of a wave.
Therefore, many Western SOFTWARE developers have advocated removing “racist terms” from everyday use and switching to new, inclusive alternatives.
In their opinion, such concepts as blacklist/whitelist, master/slave and blackhat/whitehat have no place in today’s equal society.
Survey: how the Russian IT industry treats “racist terminology” in SOFTWARE (https://www.securitylab.ru/news/510151.php)
SecurityLab, [15.07.20 15:50]
South Korea’s telecommunications Commission has fined Chinese video creation and sharing app TikTok 186 million won ($155 thousand) for illegally collecting data from minors.
This amount is 3% of TikTok’s annual profit.
South Korea fined TikTok for collecting children’s data (https://www.securitylab.ru/news/510160.php)
SecurityLab, [15.07.20 16: 05]
Two Illinois residents, Steven Vance and Tim Janecyk, sued Amazon, Alphabet (Google’s parent company) and Microsoft for using photos of people to train their facial recognition technologies without permission and for violating Illinois biometric privacy laws.
Tech giants are accused of illegally using photos for facial recognition systems (https://www.securitylab.ru/news/510161.php)
SecurityLab, [16.07.20 08:10]
The vpnMentor research team discovered an unsecured server of popular free VPN applications that stores user data in the public domain.
The lack of basic protection in a security product such as a VPN application is not only surprising, but also demonstrates the complete disregard of their developers for standard VPN practices, putting users at risk.
Melon users of a number of VPN applications are freely available over the Internet (https://www.securitylab.ru/news/510307.php)
SecurityLab, [16.07.20 08: 15]
Employees of the Moscow criminal investigation Department, with the assistance of Group-IB experts, detained the organizers of a criminal group that specializes in reissuing SIM cards and stealing money from customers of Russian banks.
The group operated for several years, the damage from its activities is estimated at tens of millions of rubles,and their victims were even those who were in prison.
The Ministry of internal Affairs and Group-IB detained fraudsters who stole money from VIP clients of banks (https://www.securitylab.ru/news/510308.php)
SecurityLab, [16.07.20 08: 20]
In 2018, US President Donald trump signed a secret order granting expanded powers to the Central intelligence Agency to carry out cyber attacks.
As reported by the Yahoo News portal with reference to former employees of the administration of the head of state, this permission allowed the CIA to conduct its own secret cyber operations, without waiting for approval from the White house.
Trump in 2018 gave the CIA more authority to carry out cyber attacks (https://www.securitylab.ru/news/510309.php)
SecurityLab, [16.07.20 08: 40]
There was a large-scale hacker attack on Twitter.
Accounts of leading politicians, businessmen and celebrities from the United States and other countries were hacked.
On their behalf, tweets were published about the free distribution of cryptocurrency.
The attackers promised to double all bitcoins that will be sent to the specified address.
The founder and CEO of Twitter, Jack Dorsey, responded to the hacking of the social network with the phrase “a hard day for us”.
“I give back to society. All bitcoins sent to the address below will be sent back in double amount! If you send $ 1000, I will refund $ 2000. Only for 30 minutes, ” Biden’s account says.
Elon Musk, bill gates, and Barack Obama’s Twitter accounts were hacked (https://www.securitylab.ru/news/510310.php)
SecurityLab, [16.07.20 09: 20]
Twitter has announced new data about an unprecedented large-scale cyber attack on the accounts of celebrities.
The unprecedented hack of Twitter could have been carried out using internal tools (https://www.securitylab.ru/news/510311.php)
SecurityLab, [16.07.20 09:55]
Member of the state Duma Committee on security and anti-corruption Anatoly Vyborny on Thursday, July 16, will send to the government a bill that can give law enforcement agencies the right to listen to calls without a court decision and get details from SIM cards that are not linked to real subscribers.
As reported by the newspaper “Izvestia”, to conduct this procedure, you will only need a complaint to the number and signature of the head of the investigative body.
The police can get the right to listen to calls from “gray” SIM cards without a court decision (https://www.securitylab.ru/news/510312.php)
SecurityLab, [16.07.20 10:10]
Just two days after the release of the patch for an extremely dangerous vulnerability, a PoC exploit appeared in SAP enterprise SOFTWARE.
The CVE-2020-6287 vulnerability, called “RECON”, allows an unauthorized remote attacker to take full control of vulnerable systems.
A PoC exploit has been published for a critical vulnerability in SAP (https://www.securitylab.ru/news/510313.php)
SecurityLab, [16.07.20 11:25]
Mozilla Firefox for Android has a problem that causes the smartphone camera to continue working even after the user switches the browser to background mode or blocks the phone screen. As a Mozilla representative told ZDNet, the fix is scheduled for release later this year in October.
Due to a bug in Firefox, the smartphone camera continues to work even after the screen is turned off (https://www.securitylab.ru/news/510315.php)
SecurityLab, [16.07.20 14: 35]
Developers of the Rust programming language revoked all API keys in the package crates.io.
Revoking keys fixes a serious vulnerability in the Rust package system that exists for two reasons.
The developers of Rust have fixed the serious security problems (https://www.securitylab.ru/news/510324.php)
SecurityLab, [16.07.20 15:10]
Representatives of the international human rights group Agora reported that the Russian authorities violated the rights of citizens to privacy, medical secrecy and freedom of movement during the coronavirus pandemic.
Human rights defenders spoke about the violation of citizens ‘ rights during the COVID-19 pandemic (https://www.securitylab.ru/news/510326.php)
SecurityLab, [16.07.20 15: 40]
Members of the information policy Committee Alexander Khinshtein and Sergey Boyarsky submitted a draft law to the Russian state Duma introducing fines of up to 15 million rubles for websites and hosting providers for failing to remove prohibited content.
The state Duma introduced a bill on fines of up to 15 million for failure to remove prohibited content (https://www.securitylab.ru/news/510330.php)
SecurityLab, [16.07.20 16:35]
Security researchers from the IBM X-Force Incident Response Intelligence Services (IRIS) team found 40 GB of data during monitoring of the virtual cloud server of the Iranian cybercrime group ITG18 (also known as APT35, Phosphorus, Charming Kitten and Ajax Security Team), including stolen information from hacked accounts and videos.
Investigators were able to access the data due to the fact that hackers did not take care of proper protection of their server by incorrectly configuring its settings.
Iranian hackers from APT35 accidentally revealed their hacking secrets (https://www.securitylab.ru/news/510331.php)
SecurityLab, [16.07.20 21:10]
Following the UK’s attempt to steal data on the vaccine, Russia was accused in the US and Canada.
This was stated by the US National Security Agency (NSA) and the communications security Center of Canada.
Three countries have accused Russian hackers of trying to steal covid-19 vaccine formulas (https://www.securitylab.ru/news/510332.php)
SecurityLab, [16.07.20 21:25]
Recently, several companies have announced solutions with a power of 100-125 W, which are able to fully charge the smartphone in a couple of dozen minutes.
New “BadPower” attack puts hundreds of millions of devices at risk
SecurityLab, [17.07.20 08:10]
On the night of Thursday, July 16, residents of the Republic of Belarus faced a massive failure in the work of Telegram, and suspected that this may be due to testing the blocking of the messenger on the territory of the country.
Telegram and VPN blocking tests are being conducted in Belarus (https://www.securitylab.ru/news/510334.php)
SecurityLab, [17.07.20 08: 35]
Specialists from CheckPoint reported that a vulnerability was discovered in the popular Zoom video conferencing software.
The vulnerability in Zoom allows attackers to impersonate legitimate organizations, deceiving their employees or business partners in order to steal personal or other confidential information through social engineering.
The vulnerability in Zoom allows you to impersonate employees of legitimate organizations (https://www.securitylab.ru/news/510335.php)
SecurityLab, [17.07.20 08: 45]
The leader of Republicans in the House of representatives of the US Congress, Kevin McCarthy, is preparing a bill against “Russian hackers”.
The Congressman announced this on his Twitter page on Friday, July 17.
In the US Congress, a law is being prepared against “Russian hackers” (https://www.securitylab.ru/news/510336.php)
SecurityLab, [17.07.20 10: 15]
Specialists of F-Secure found fake versions of Cisco Catalyst 2960-X Series switches in the network of an unnamed company that allow bypassing standard authentication procedures.
Fake Cisco switches undermine the security of organizations (https://www.securitylab.ru/news/510339.php)
SecurityLab, [17.07.20 10: 55]
For security reasons, Twitter has blocked all accounts whose owners have tried to change their password in the past 30 days.
This is how the social network reacted to the hacking of users ‘ pages.
Twitter blocked accounts for trying to change passwords in the last 30 days (https://www.securitylab.ru/news/510343.php)
SecurityLab, [17.07.20 11:10]
An employee of the financial organizations Arkhangelsk-Voskresenskiy and Alfa-Bank sold customer data, which was then used for criminal purposes.
An employee of Alfa-Bank in Arkhangelsk sold customer data (https://www.securitylab.ru/news/510344.php)
SecurityLab, [17.07.20 12: 15]
The European Commission has launched an antitrust investigation into large companies that manufacture IoT devices.
Voice assistants such as Apple’s Siri and Amazon’s Alexa were also in the spotlight.
EU Supervisory authorities are concerned that tech giants may use data collected by voice assistants for unfair competition purposes.
The EC has launched an antitrust investigation against manufacturers of IoT devices (https://www.securitylab.ru/news/510345.php)
SecurityLab, [17.07.20 14: 55]
The Department of homeland security’s cybersecurity and infrastructure security Agency (DHS CISA) has issued an emergency Directive (ED 20-03) requiring all government agencies to install a fix or implement measures to prevent the exploitation of the Critical SigRed vulnerability (CVE-2020-1350) in Windows Server within 24 hours.
CISA called on government agencies to urgently apply a fix for The SIGred vulnerability
SecurityLab, [17.07.20 15:10]
According to a global survey by Kaspersky Lab, 18% of users worldwide have experienced problems accessing financial services at least once due to information they posted on social networks.
Moreover, a third of this group (32%) were young people aged 25-34 years, i.e. active Internet users.
25% people in the world has experienced the consequences of social ratings (https://www.securitylab.ru/news/510355.php)
SecurityLab, [17.07.20 15: 50]
In June this year, one of the largest DDoS attacks in history disabled 15% of the world’s Internet for half an hour.
This was reported to the UNIAN news Agency by employees of the National cybersecurity coordination center under the national security and defense Council (NSDC) of Ukraine.
One of the largest DDoS attacks in history disabled 15% of the world’s Internet for half an hour
SecurityLab, [17.07.20 16: 00]
Microsoft has fixed 123 vulnerabilities in 13 products, including The critical sigred vulnerability (CVE-2020-1350), as part of its planned July security updates.
SigRed affects the DNS component of Windows Server, and its operation allows you to take full control of the enterprise’s IT infrastructure and automate attacks, allowing them to spread throughout the corporate network.
The vulnerability received a maximum rating of 10 points on the CVSS scale and affects all versions of Windows Server.
Vulnerability overview for the week: July 17, 2020 (https://www.securitylab.ru/news/510363.php)
SecurityLab, [18.07.20 08: 40]
As a result of Twitter’s security review by the us Federal trade Commission (FTC), the company could face a large fine.
This was reported by Bloomberg on July 17, citing sources.
Twitter will be fined for mass hacking of celebrity accounts (https://www.securitylab.ru/news/510365.php)
SecurityLab, [18.07.20 11: 45]
Earlier, the social network Twitter faced a large-scale cyber attack.
Accounts of leading politicians, businessmen and celebrities from the United States and other countries were hacked.
Messages about free distribution of cryptocurrency were published on their behalf. As representatives of Twitter reported, during the cyberattack, someone deceived or forced an employee to provide access to internal tools for social network administration.
Security researcher Brian Krebs shared his suggestions about who might have been behind the attack.
Who could be responsible for a cyberattack on Twitter? (https://www.securitylab.ru/news/510367.php)
SecurityLab, [18.07.20 13: 40]
Google will ban ads that promote conspiracy theories around the coronavirus, as well as remove ads from pages that promote these theories.
Google will block conspiracy about coronavirus (https://www.securitylab.ru/news/510366.php)
SecurityLab, [19.07.20 08: 40]
Microsoft has admitted another unpleasant error in the new version of Windows 10 (2004 or May 2020 Update).
The problem is that on some PCs, an incorrect warning is issued about problems with connecting to the network.
Users complain about a frightening yellow triangle that appears in the notification area and irritatingly informs them that there is no Internet Access.
The error occurs when the device is correctly connected to the router, but the system does not seem to be able to connect.
Windows 10 2004 causes network connection problems (https://www.securitylab.ru/news/510368.php)
SecurityLab, [20.07.20 09:10]
Microsoft-owned project hosting service GitHub has placed an archive of all currently active repositories in the physical Arctic Code Vault in the northernmost part of Norway – Svalbard island.
As explained by representatives of GitHub, this was done in order to preserve the open source SOFTWARE for future generations, placing it in an archive that should last a thousand years.
GitHub has placed an archive of all projects in a physical repository in the Arctic (https://www.securitylab.ru/news/510376.php)
SecurityLab, [20.07.20 10:25]
ATM manufacturer Diebold Nixdorf has warned banks about a new type of black box (“black box”) attacks that have recently been recorded in Europe.
Diebold Nixdorf’s warning is related to the results of an investigation into a series of attacks on ATMs in Belgium in June 2020.
Belgian savings Bank Argenta was forced to disable 143 ATMs after two attacks.
Diebold Nixdorf has warned of a new type of black box attacks on ATMs
“Black box attacks are a form of jackpotting. As part of a “black box” attack, an attacker unlocks the outer casing of an ATM to access its ports, or cuts a hole in the casing to directly access internal wiring or other hidden connectors. Using the access point data, an attacker connects a “black box” device (usually a laptop or raspberry Pi card) to the internal components of the ATM, which are used to send commands and steal funds.
Attacks such as black box have been carried out for more than a decade and are extremely popular among criminal groups, because this method is cheaper and easier to execute than using skimming equipment for ATMs, cloning cards and money laundering.
Experts have discovered a new variant of “black box” attacks, which were used by criminals in some European countries against ProCash 2050xe ATMs.
“In recent incidents, attackers damaged parts of ATM faceplates in order to gain physical access to internal wiring. Then they connected a USB cable between the CMD-V4 distributor and special electronics to send malicious commands, ” the specialists explained
While attackers usually use malware or proprietary code to interact with ATM components, during recent attacks, attackers appear to have obtained a copy of the ATM’s embedded software and used it to interact with the ATM. Experts believe that hackers could have connected to an ATM and discovered that the software was stored on an unsecured hard drive.
Jackpotting is a type of attack that involves attackers using external electronic devices, or malicious software that allows them to gain control over the hardware component of an ATM.”
SecurityLab, [20.07.20 10: 30]
A Cypriot citizen was extradited to the United States on charges of hacking “The ripoff Report complaints” portal, extorting and selling access to its server to third parties.
According to the press service of the us Department of justice, 21-year-old resident of Nicosia (Cyprus) Joshua Polloso Epifaniu was taken to new York last week and will appear in the Northern district of Georgia court on Monday, July 20, for formal arraignment.
Cyprus ‘SEO hacker’ delivered to US (https://www.securitylab.ru/news/510381.php)
SecurityLab, [20.07.20 12: 15]
The FBI (Federal Bureau of investigation) used information obtained from the travel company Sabre to conduct surveillance.
As reported by Forbes, employees of the Department asked the company to “actively spy” on individuals, even when they were traveling.
The FBI used travel company data for surveillance (https://www.securitylab.ru/news/510384.php)
SecurityLab, [20.07.20 14: 40]
One of the largest and most dangerous malicious botnets Emotet returned after a five-month break with a large-scale campaign to send malicious spam to install ransomware, Bank Trojans and other malware.
The Emotet botnet resumed activity after a five month hiatus (https://www.securitylab.ru/news/510391.php)
SecurityLab, [20.07.20 14: 45]
Last week, the problem of cyber threats associated with the COVID-19 pandemic was again on the front pages of the news – it became known that the acclaimed APT-group Cozy Bear (APT 29) attacked the leading developers of the coronavirus vaccine in a number of countries around the world.
Read about these and other events in the world of IB over the past week related to the COVID-19 pandemic in our review.
Overview of the most interesting events in the world of IB related to COVID-19: July 20, 2020 (https://www.securitylab.ru/news/510398.php)
SecurityLab, [20.07.20 15: 45]
The Israeli authorities reported two more attacks that would target the management of water resources.
According to officials, the attacks occurred in June and did not cause any damage to the attacked organizations.
Hackers carried out two more cyber attacks on the Israeli water system (https://www.securitylab.ru/news/510401.php)
SecurityLab, [20.07.20 15: 50]
The Online genetic genealogy service Gedmatch, which played a key role in the capture of a serial killer who remained unidentified for half a century, was temporarily disabled by the parent company Verogen.
The site has been disabled while an investigation is underway, during which the company intends to find out how the police got access to the DNA profiles of its clients.
The DNA of users of the genealogical site Gedmatch has become available to the police (https://www.securitylab.ru/news/510402.php)
SecurityLab, [20.07.20 19:55]
A group of Republican congressmen on Monday sent a letter to US President Donald Trump calling for action against “China-linked hackers,” including by imposing sanctions, TASS reports.
Republicans demand to impose sanctions against China in response to cyber attacks (https://www.securitylab.ru/news/510404.php)
SecurityLab, [20.07.20 23: 00]
Artem Kiryanov, first Deputy Chairman Of the Commission of the Public chamber for the examination of socially significant bills and other legal initiatives, suggested creating an Internet Prosecutor’s office and an Internet police.
This was reported by RIA Novosti on July 20.
In Russia, it is proposed to create an Internet police and an Internet Prosecutor’s office (https://www.securitylab.ru/news/510405.php)
SecurityLab, [21.07.20 08: 15]
An exploit for the zero-day vulnerability in Internet Explorer 11 is for sale on an underground hacker forum.
This is evidenced by screenshots published on the Shadow Intelligence Twitter page dedicated to data leaks, malware and cybercrime.
Hacker forums sell exploits for 0day in IE and Excel (https://www.securitylab.ru/news/510409.php)
SecurityLab, [21.07.20 08: 30]
Security researcher Daniel Gebert discovered that a legitimate tool wsreset.exe the Windows Store can be used by hackers to delete arbitrary files.
The Windows Store tool lets you disable antivirus SOFTWARE protection (https://www.securitylab.ru/news/510410.php)
SecurityLab, [21.07.20 09: 00]
On Tuesday, July 20, the Republican leader in the us House of representatives, Kevin McCarthy, will present a bill that will allow punishing foreign hackers who try to steal data on the development of a coronavirus vaccine from American organizations.
The US Congress has prepared a bill to protect COVID researchers from hackers (https://www.securitylab.ru/news/510411.php)
SecurityLab, [21.07.20 10: 05]
Microsoft has set an official date for ending support for insecure versions of the Transport Layer Security (TLS) Protocol 1.0 and 1.1 in Office 365.
According to the message number MC218794 in the Microsoft 365 administrative center, support for TLS 1.0 and 1.1 in Office 365 will be discontinued on October 15 this year.
Microsoft has set a date for ending support for TLS 1.0 and 1.1 in Office 365 (https://www.securitylab.ru/news/510414.php)
SecurityLab, [21.07.20 10: 50]
The lawsuit was filed in the U.S. district court in San Francisco on behalf of Frank Russo and the firms Koonan Litigation Consulting and Sumner M. Davenport & Associates.
Microsoft is being sued for transferring Office 365 user data to Facebook (https://www.securitylab.ru/news/510415.php)
SecurityLab, [21.07.20 11:10]
The Ministry of economic development of the Russian Federation has developed a draft law that removes the processing of personal data of citizens from certain norms of a number of laws.
In particular, it is proposed to remove the processing of personal data from the scope of the laws “on communications”, “on personal data” and “on the basics of public health protection” in connection with the adoption of the Federal law “on experimental legal regimes in the field of digital innovation in the Russian Federation” (in terms of the development of artificial intelligence and big data technologies).
The Ministry of economic development has proposed to remove restrictions on the processing of personal data (https://www.securitylab.ru/news/510416.php)
SecurityLab, [21.07.20 12: 40]
Despite growing investment in critical infrastructure security, many automated process control panels used by public and private enterprises in the United States are not secure and can easily be hacked by cybercriminals.
According to the research team of the CyberNews resource, automated process control systems are publicly available, and they can easily be accessed by any attacker.
Many access points to APCS in the US are vulnerable to hacking (https://www.securitylab.ru/news/510418.php)
SecurityLab, [21.07.20 14:55]
Employees of the cyber police of Ukraine stopped the criminal activity of a local resident.
The attacker created malicious software that encrypted the data of users ‘ computers and government institutions in Austria.
Ukrainian encrypted data of foreign users and state institutions (https://www.securitylab.ru/news/510425.php)
SecurityLab, [21.07.20 15:55]
On Tuesday, July 21, the UK Parliament’s intelligence and security Committee published a report on the “Russian threat” to the country’s national security.
The UK has published a report on the “Russian threat” (https://www.securitylab.ru/news/510429.php)
SecurityLab, [21.07.20 16:25]
The ransomware attacked the internal network of Telecom S. A., one of the largest telecommunications companies in Argentina, which provides local, long-distance and international calls, as well as Internet access.
The attackers demanded a ransom of $7.5 million for access to encrypted files, El Periodista reported.
Presumably, the attack was carried out by the operators of the extortionate software REvil (Sodinokibi).
Extortionists demanded $7.5 million from the largest Argentine Internet provider (https://www.securitylab.ru/news/510432.php)
Elon Musk: Human Machine interface: “Biosymbiosis with AI”
(src: Presentation in 2019-07 Youtube.com)
SecurityLab, [21.07.20 21: 00]
Tesla CEO Elon Musk has revealed the benefits of chipping people.
His words on his Twitter account are quoted by LAD Bible.
“CEO of Tesla Elon Musk has revealed the benefits of chipping people. His words on his Twitter account are quoted by LAD Bible.
On August 28, a presentation of the company Neuralink is scheduled, where its founder Elon Musk will talk about the latest advances in brain-chipping technology.
Meanwhile, the American billionaire could not resist commenting on Twitter and said about one of the potential opportunities of this technology.
In a conversation with another user, Elon Musk confirmed that with the help of Neuralink technology, it will be possible to control the production of various hormones, for example, oxytocin and serotonin, reducing stress levels in people suffering from PTSD.
In addition, according to Musk, the chip will allow you to listen to music that will be sent directly to the brain. “A great feature,” commented scientist Austin Howard.
When asked by another user if Neuralink devices could stimulate the release of oxytocin, serotonin and other chemicals when needed, the entrepreneur gave a positive answer.
In may, Musk said that his company Neuralink is ready to introduce a chip into the human brain in the near future.
According to him, within a year, work will be completed on creating an implant that will allow patients to restore vision, hearing or limb mobility lost due to brain damage.
The billionaire explained that the implant is installed under the bones of the skull, connects to the brain with the help of electrodes and begins to perform the functions of a human organ.”
Elon Musk is ready to implement chips in the human brain (https://www.securitylab.ru/news/510440.php)
PS: what can possibly go wrong? X-D Of course it will have bluetooth 3.0 and of course it will be hacked.
the “in brain ipod” could develop into a severe security problem threatening the health of the wearer.
But digital dictators will love it, finally properly control “the Androids”.
SecurityLab, [21.07.20 22: 45]
The Moscow metro will spend 1.4 billion rubles to equip a quarter of all cars with a facial recognition system.
Gender, age, income level, social status and even the phone number of a passenger in the subway can already be found out thanks to the personal communications system, the BBC found out.
SecurityLab, [23.07.20 09:10]
Group-IB, presented an analytical report revealing the main beneficiaries of pirated online cinemas and pirated sports streaming.
The main conclusions of the study were data on the financing of the pirate industry of the online casino Lucky Partners and Welcome Partners, the bookmaker 1xBet, as well as technical support from legal hosts “Mnogobayt” and “DDOS-GUARD”, which provide server capacity to pirates.
Despite the fact that most of the beneficiaries of the pirate business are located in Ukraine, they use Russian banks and payment systems for financial transfers, without encoding payments, as required by international norms.
Copies of the report were sent to Russian and international law enforcement agencies.
With blackjack and dinghies: the shadowy investors of Internet piracy are revealed (https://www.securitylab.ru/news/510470.php)
SecurityLab, [23.07.20 09: 20]
Companies encrypt firmware images on their devices in order to prevent reverse engineering attempts by competitors and hackers, as well as attempts by customers to flash the device with custom SOFTWARE.
Usually, decryption requires either a special decryption key or a means to break the encryption algorithm.
According to BleepingComputer, security researchers Nick Starke and Rick Sanchez independently discovered a way to decrypt firmware images in D-Link routers.
D-Link firmware image decryption method detected (https://www.securitylab.ru/news/510471.php)
SecurityLab, [23.07.20 13: 45]
Google intends to make the Android Go version mandatory for new devices with RAM of 2 GB or less.
This was reported by the resource XDA-Developers with reference to a leaked copy of the company’s document “Guidelines for configuring devices for Android 11 Go”, dated April 24, 2020.
Google intends to stop supporting smartphones with a small amount of RAM (https://www.securitylab.ru/news/510484.php)
SecurityLab, [23.07.20 15:25]
Security researchers at Cisco Talos reported on a new botnet that uses the Microsoft Windows SMB Protocol to distribute cryptocurrency miners in corporate networks.
Prometei botnet uses SMB for cryptocurrency mining (https://www.securitylab.ru/news/510485.php)
SecurityLab, [23.07.20 15: 30]
Dozens of unsecured databases available on the Network have been the victims of automated cyber attacks.
Hackers replace all indexes in the public databases Elasticserch and MongoDB with a random set of characters with the word meow at the end.
Mysterious hackers destroyed the records of dozens of unsecured databases (https://www.securitylab.ru/news/510486.php)
SecurityLab, [23.07.20 15: 50]
Cybercriminals hacked the entrance turnstiles and security cameras of the stadium, almost disrupting the English Premier League match, and also tried to steal 1 million pounds for the transfer of an athlete.
Cybercriminals almost disrupted an English Premier League match (https://www.securitylab.ru/news/510487.php)
SecurityLab, [24.07.20 08:10]
Last week, users of two of the largest genealogical services became victims of cybercriminals.
Users of GEDmatch and MyHeritage have become victims of cybercriminals (https://www.securitylab.ru/news/510495.php)
SecurityLab, [24.07.20 08: 30]
A darknet user using the alias frankknox put access to government and commercial networks in the UK and Australia up for sale on an underground trading platform, a group of Shadow Intelligence specialists reported.
Hacker sells access to the networks of government institutions in the UK and Australia (https://www.securitylab.ru/news/510496.php)
SecurityLab, [24.07.20 09:10]
Apple co-founder Steve Wozniak, along with 17 other plaintiffs, this week sued Google and its YouTube service for aiding fraud using his name and images.
Steve Wozniak filed a lawsuit against Google for aiding and abetting fraud (https://www.securitylab.ru/news/510497.php)
SecurityLab, [24.07.20 10:15]
Facebook engineers have developed a method to help them detect and prevent malicious user behavior, such as spam, fraud, or the purchase and sale of weapons and prohibited substances.
Experts can use artificial intelligence bots to simulate the actions of hackers in a “parallel version” of Facebook.
Facebook simulates malicious user behavior using AI (https://www.securitylab.ru/news/510498.php)
SecurityLab, [24.07.20 10: 30]
The manufacturer of smart watches and wearable gadgets Garmin was forced to disable a number of its online services due to an attack of ransomware that encrypted its internal network and some production systems.
Smart watch manufacturer Garmin was the victim of a cyber attack (https://www.securitylab.ru/news/510499.php)
SecurityLab, [24.07.20 12: 15]
A team of researchers from the Ruhr University in Bochum (Germany) has discovered new methods of attacks on signed PDF files.
The so-called Shadow Attack technique allows a hacker to hide and replace content in a signed PDF document without affecting the digital signature.
A new method for spoofing content in signed PDF files has been discovered (https://www.securitylab.ru/news/510512.php)
SecurityLab, [24.07.20 13: 50]
Microsoft has provided its corporate customers with a preview of a new option that allows users to monitor Windows 10 diagnostic data.
Windows 10 users will be given control over diagnostic data (https://www.securitylab.ru/news/510519.php)
SecurityLab, [24.07.20 14: 05]
Rostelecom-solar has announced the release of a new version of the application security analyzer Solar appScreener 3.6.
the System allows testing software for vulnerabilities and NDV to meet the fourth assessment level of confidence (OUD4) in accordance with the requirements of The Bank of Russia regulations.
New IB solutions of the week: July 24, 2020 (https://www.securitylab.ru/news/510520.php)
SecurityLab, [24.07.20 14: 50]
A method that allows you to hide malicious files from “any antivirus”is for sale on cybercrime forums.
As reported on the Shadow Intelligence Twitter page dedicated to security incidents and malware, its cost is $50 thousand.
A hacker forum sells a method for hiding files from antivirus programs (https://www.securitylab.ru/news/510527.php)
SecurityLab, [24.07.20 15: 45]
As of early 2020, more than a thousand Twitter employees and contractors had access to internal tools that allowed them to change user account settings and transfer control to others, thereby weakening the social network’s cybersecurity.
More than 1,000 Twitter employees may have contributed to the cyber attack (https://www.securitylab.ru/news/510528.php)
SecurityLab, [24.07.20 22: 50]
Digital security experts from the United States and Europe have investigated and discovered a vulnerability in the application that controls flying drones of the Chinese company Da Jiang Innovations (DJI).
Dji suspected of tracking users (https://www.securitylab.ru/news/510529.php)
SecurityLab, [25.07.20 10:05]
The Spanish railway company Adif has fallen victim to the REvil ransomware.
Adif is a state-owned firm that oversees railway infrastructure, manages railway traffic, and charges railway operators.
REvil stole 800 GB of data from the Spanish railway state company Adif (https://www.securitylab.ru/news/510531.php)
SecurityLab, [25.07.20 12: 45]
Microsoft has confirmed the transition to a new stage of distribution of the last major update of Windows 10.
As a result, Windows 10 May 2020 Update has started to be distributed to a much wider range of devices, including older computers.
Microsoft will forcibly update older versions of Windows (https://www.securitylab.ru/news/510532.php)
SecurityLab, [25.07.20 21:15]
In November 2018, US President Donald trump signed the National quantum initiative Into law. In February 2020, representatives of 17 national laboratories discussed the key points of the plan to create an Internet network based on the principles of quantum physics.
The project of a secure quantum Internet was presented in the USA (https://www.securitylab.ru/news/510533.php)
SecurityLab, [26.07.20 11: 05]
Developer of mobile banking app, technology company-“unicorn” Dave.com, confirmed the data leak of 7.5 million of its users.
According to the company’s blog, the leak occurred at its former service provider Waydev.
Passwords of 7.5 million users of the Dave app are available for free download (https://www.securitylab.ru/news/510534.php)
SecurityLab, [26.07.20 19:05]
The number of crimes using the latest information technologies and the Internet in Russia has increased more than twenty times over the past seven years, said the representative of the Investigative Committee of Russia (TFR) Svetlana Petrenko.
According to her, in 2019, this indicator has almost doubled in comparison with 2018.
Earlier, the interior Ministry reported that in the first half of 2020, the number of cybercrimes increased by 91.7%.
IC RF: for 7 years, cybercrime in Russia has increased 20 times (https://www.securitylab.ru/news/510536.php)
SecurityLab, [27.07.20 08: 20]
California-based insurer First American Title Insurance, which inadvertently left tens of millions of user records available Online, became the first company to be accused by the new York Department of financial Services (DFS) of violating cybersecurity rules.
The American insurance campaign leaked 850 million user data (https://www.securitylab.ru/news/510539.php)
SecurityLab, [10.08.20 10:45]
A small US company linked to the US military and intelligence community has embedded a tool in hundreds of mobile apps to track the movements of millions of users around the world.
“According to the Wall Street Journal, we are talking about an American government contractor, Anomaly Six, which provides “us government units and private clients” with data on the location of people around the world. According to its marketing materials, Anomaly Six “can get location data from over 500 mobile apps” using its own set of development tools (SDKs) embedded directly in the SOFTWARE. However, as representatives of Anomaly Six told reporters The Wall Street Journal, the company has limited the sale of data on movements obtained from smartphones, and now sells them only to private customers.
According to a number of American government organizations, the activity of Anomaly Six is completely legal. Data received from mobile phones is anonymized by assigning alphanumeric identifiers that are not associated with their names to users. However, over time, this data can be easily linked to a specific person (for example, if they travel the same route to work every day).”
A US government contractor tracks millions of users on their smartphones (https://www.securitylab.ru/news/510951.php)
SecurityLab, [10.08.20 12:29]
The world court in Moscow imposed a fine of 1.5 million rubles on Google for insufficient filtering of prohibited content in the Russian Federation in the search engine.
Google was fined 1.5 million rubles for poor quality filtering of prohibited content (https://www.securitylab.ru/news/510952.php)
SecurityLab, [10.08.20 10:40]
The British Office of the information Commissioner’s Office (ICO) initiated an investigation against Barclays Bank on suspicion that the financial organization carried out surveillance of employees using software, the daily Telegraph reported.
Barclays was accused of spying on employees
liked this article?
- only together we can create a truly free world
- plz support dwaves to keep it up & running!
- (yes the info on the internet is (mostly) free but beer is still not free (still have to work on that))
- really really hate advertisement
- contribute: whenever a solution was found, blog about it for others to find!
- talk about, recommend & link to this blog and articles
- thanks to all who contribute!