to be honest, it is hard to keep up the speed at which cyber incidents are reported.
here is the latest take on “Russian IT Sec Updates”.
SecurityLab, [28.09.20 08:20]
Last month, TikTok developers rolled out multi-factor authentication (MFA) for their users, but it turned out that the new security feature was only enabled for the mobile version of the app, and not for its website.
This was reported to ZDNet by one of the TikTok users.
Multi-factor authorization in TikTok can be bypassed via the browser (https://www.securitylab.ru/news/512472.php)
SecurityLab, [28.09.20 09:00]
Twitter warned developers about a security incident that could affect their accounts.
The incident was caused by incorrect instructions sent by the site developer.twitter.com user browsers.
Twitter warned of potential API key leak (https://www.securitylab.ru/news/512473.php)
Ads: SecurityLab, [28.09.20 09:11]
[Forwarded from the Announcements of information security events]
Large online exhibition of Axoft “IT Expo 2020»
Axoft invites you to a large online exhibition “IT Expo 2020: Security Operation Center. DevSecOps. Import substitution. Compliance with regulatory requirements. IT infrastructure management and optimization”
• 30+ consultants on information technology and information security: PwC, “Kaspersky Lab”, Positive Technologies, “Akronis-Infoseite”, Red Hat, Astra Linux, Microsoft, infoteks, Palo Alto Networks, Trend Micro, Micro Focus, “Garda Technology” Astra Linux Mail.ru, SolarWinds and many others
SecurityLab, [28.09.20 10:10]
Apple has fixed a total of four vulnerabilities in macOS Catalina, High Sierra, and Mojave.
Apple fixed four dangerous vulnerabilities in macOS (https://www.securitylab.ru/news/512475.php)
SecurityLab, [28.09.20 10:20]
By modifying the firmware of the coffee machine, an Avast specialist was able to make It display a ransom demand for continued operation.
How a coffee machine can become a dangerous ransomware (https://www.securitylab.ru/news/512476.php)
Comment: X-D WOW! X-D Was it running windows? X-D
SecurityLab, [28.09.20 12:55]
The popular Pastebin site, where users can exchange small fragments of text, has received two new features that, according to information security experts, will greatly appeal to malware operators.
new features on the Pastebin site will appeal to malware operators (https://www.securitylab.ru/news/512492.php)
SecurityLab, [28.09.20 14:15]
The operators of the REvil ransomware made a Deposit of $1 million in bitcoins on a Russian-language hacker forum in order to hire experienced hackers.
REvil operators made a $1 million Deposit on a hacker forum (https://www.securitylab.ru/news/512504.php)
SecurityLab, [28.09.20 14:25]
While the world is still grappling with the COVID-19 pandemic, cybercriminals are actively taking advantage of it.
For information about security incidents related to the pandemic in one way or another during the period from 21 to 27 September this year, read our review.
overview of the most interesting events in the world of information security related to COVID-19: September 28, 2020 (https://www.securitylab.ru/news/512506.php)
SecurityLab, [28.09.20 14:50]
Google has removed 17 Android apps from the official Play Store.
Programs discovered by security researchers from Zscaler were infected with the Joker malware (also known as Bread).
Google removed 17 Android apps with Joker malware (https://www.securitylab.ru/news/512511.php)
SecurityLab, [28.09.20 15:40]
The US district court in Washington issued a temporary ban on the decree of the us President Donald trump’s administration regarding blocking the download of the TikTok app, which was supposed to take effect on September 27.
the US Federal court overturned the ban on TikTok (https://www.securitylab.ru/news/512514.php)
SecurityLab, [28.09.20 17:58]
[Forwarded from SecurityLab.ru the best materials]
This type of monitoring may seem aggressive, but keep in mind that your provider also stores this data in logs and has the right to sell the information to a third party.
Let’s say you need to find out what apps are used on your phone. If you are on the same Wi-Fi network as the target device, the task is very simple. Just run Wireshark and configure several parameters. We will use this utility to decrypt traffic encrypted using WPA2, and after analyzing it, we will find out what applications are running on the phone.
Although a network with encryption is better than one without, the difference disappears when the attacker and you are on the same network. If someone else knows the password to the Wi-Fi network you use, it’s easy to find out what you’re doing right now with WireShark. In addition, an attacker can find out all the apps running on the phone and focus on those that could potentially be vulnerable.
SecurityLab, [28.09.20 19:50]
The actions of the administration of the social network Twitter in relation to Russian media accounts are an act of censorship and discrimination.
This statement was made by the Russian foreign Ministry on Monday, September 28.
the Russian foreign Ministry accused Twitter of censoring Russian media (https://www.securitylab.ru/news/512524.php)
SecurityLab, [28.09.20 20:55]
“It contains data on ship commanders, sailors, engineers and other persons associated with the Maritime units of Azerbaijan,” the group said in a statement.
Armenian hackers broke into the database of the Azerbaijani Navy (https://www.securitylab.ru/news/512528.php)
SecurityLab, [28.09.20 21:05]
A new hacker group that supports the Lukashenka regime has appeared on the Internet.
Hackers have hacked they have hacked the KYKY website and are threatening “cyber Partisans”.
On the hacked resource among other things the text of the message reads: “We know about your development of a facial recognition system that allows you to deanomize employees of law enforcement agencies, as well as about hacking their accounts,” it is clarified, ” the security Forces earned this money by honest work.
We do not accept this outrage and want to restore justice.”
In Belarus, a group of cyber-counter-partisans appeared (https://www.securitylab.ru/news/512529.php)
SecurityLab, [29.09.20 03:00]
Cyber police stopped the illegal activities of a company that created an online casino.
The company provided services for creating and maintaining a turnkey online casino.
The activity of its resources is blocked.
The minimum package of services cost $20,000, while the company’s monthly profit was more than $500,000, the press service of the cyber police reported.
cyber Police shut down an online casino development company (https://www.securitylab.ru/news/512526.php)
SecurityLab, [29.09.20 08:35]
Police officers neutralized a group of telephone fraudsters who were engaged in the theft of funds from Bank cards of citizens.
The amount of damage from the actions of attackers is estimated at more than 1 million rubles.
In St. Petersburg, fraudsters who stole money from Bank cards were detained (https://www.securitylab.ru/news/512530.php)
SecurityLab, [29.09.20 08:50]
Cybersecurity researchers from the Indian firm Quick Heal have discovered an ongoing cyber espionage campaign targeting defense units and personnel of the Indian armed forces.
The campaign has been ongoing since at least 2019, and the goal of cybercriminals is to steal confidential military information.
revealed a cyber espionage campaign against the Indian army (https://www.securitylab.ru/news/512531.php)
SecurityLab, [29.09.20 10:05]
Over the weekend, one of the largest private companies in the United States, Universal Health Services (UHS), which provides health services, was forced to shut down its computer systems due to a cyber attack.
UHS manages more than 400 medical facilities in the United States and the United Kingdom, and provides medical services to about 3.5 million patients each year.
One of the largest providers of medical services in the United States was the target of a cyber attack (https://www.securitylab.ru/news/512536.php)
SecurityLab, [29.09.20 10:10]
Deputies of the state Duma on information policy, technology and communications are developing a draft law based on expert proposals that will toughen penalties for Internet companies for violations of Russian legislation in terms of storing personal data, deleting illegal content and non-payment of taxes from activities on the territory of the country.
the state Duma will tighten the responsibility of foreign Internet companies (https://www.securitylab.ru/news/512537.php)
SecurityLab, [29.09.20 11:35]
During the next check for the presence of illegal electricity consumption, employees of the rosseti Center Lipetsk branch discovered an operating illegal cryptomining farm on the territory of one of the bases in the village of Nikolskoye in the Usman district.
Underground cryptominers stole electricity in the amount of 22 million rubles ($286,947) (https://www.securitylab.ru/news/512553.php)
Comment: Yes this mining costs A LOT OF ENERGY, bad for the climate as well.
SecurityLab, [29.09.20 13:55]
Almost half of all fraudulent call centers are in prison.
The total income of attackers reaches more than 75 million rubles a month. ($978,229)
Almost half of all fraudulent call centers are located in prisons (https://www.securitylab.ru/news/512563.php)
SecurityLab, [29.09.20 14:15]
Employees of the cyber Police of Ukraine, with the assistance of law enforcement agencies of other countries, detained members of a cybercrime group that was engaged in stealing funds from Bank accounts of foreign citizens.
the cyber Police neutralized a group that stole money from Bank cards of foreigners (https://www.securitylab.ru/news/512564.php)
SecurityLab, [29.09.20 15:25]
Roskomnadzor has asked the Federation Council and the State Duma to introduce measures to protect Russian citizens from censorship on foreign Internet platforms.
This was reported by the TASS news Agency.
RKN asks the authorities to protect Russians from censorship on foreign platforms (https://www.securitylab.ru/news/512565.php)
SecurityLab, [29.09.20 15:40]
The human rights organization Amnesty International has released new versions of the well-known FinSpy spyware produced by the German company FinFisher, designed for devices based on macOS and Linux.
Although FinFisher representatives assure that FinSpy’s tracking technology is intended exclusively for law enforcement agencies, in the past few years the product has repeatedly appeared in reports about the surveillance of authoritarian governments of their opponents, in particular, dissidents, journalists and activists.
Similar campaigns were observed in Bahrain, Egypt, Ethiopia, Turkey, the United Arab Emirates
AI discovered variants of FinSpy spyware for macOS and Linux (https://www.securitylab.ru/news/512568.php)
Comment: Yeah same as weapons producers, they don’t really care who uses their weapons and for what, as long as the customer pays in cash.
SecurityLab, [29.09.20 16:20]
Microsoft has released driver updates for Windows 10, which caused some problems for users.
According to forum posts, the tech giant distributes old and unsuitable drivers for some devices.
Microsoft distributes old drivers for Windows 10 (https://www.securitylab.ru/news/512569.php)
Comments: M$ Win10 will bring issues with updates – AGAIN!
SecurityLab, [29.09.20 20:10]
Amazon One technology is considered promising: the company is confident that in the future it will go beyond the retail network and will be used to identify people in office buildings, stadiums, etc.
Amazon has introduced its own palm recognition technology (https://www.securitylab.ru/news/512570.php)
SecurityLab, [30.09.20 08:25]
A Federal court in the Northern district of California has sentenced Russian Yevgeny Nikulin, who is accused of cybercrime in the United States, to 88 months in prison (approximately 7 years and 4 months).
The Prosecutor’s office recommended that Nikulin be sentenced to 12 years in prison.
hacked LinkedIn and Dropbox Russian sentenced to 7 years in prison (https://www.securitylab.ru/news/512573.php)
SecurityLab, [30.09.20 08:40]
Hackers organized a large-scale and sophisticated malware campaign aimed at the computer networks of Washington state government agencies.
This was reported by sources of the Bloomberg news Agency.
hackers attacked Washington state government offices (https://www.securitylab.ru/news/512574.php)
SecurityLab, [30.09.20 09:18]
[Forwarded from the Announcements of information security events]
On October 7, at 16.00, the talk show ANTI-APT ONLINE 2.0 will be held, dedicated to the always relevant topic of protection against targeted attacks and zero-day attacks. The online event will bring together representatives of 4 vendors to answer the moderator’s “sharp” questions:
· Email: sieve or sieve?
· Online web analysis. Profanation or does it really work?
· ANTI-APT and file STORAGE, is this really necessary?
· I already have an antivirus, why do I need EDR?
You will find answers to these questions and more on our talk show ANTI-APT ONLINE 2.0. each participant OF the online event will HAVE the opportunity to speak out, argue and tell where they are beating the competition. Register for the event and prepare a portion of your “hot” questions for participants: https://events.webinar.ru/jet/antiapt2
SecurityLab, [30.09.20 10:10]
Microsoft has updated the recommendations for fixing the Zerologon vulnerability (CVE-2020-1472), clarifying the order of measures that users can implement to protect vulnerable
Windows Server servers from attacks that exploit this problem.
Microsoft explained the procedure for fixing the Zerologon vulnerability (https://www.securitylab.ru/news/512576.php)
SecurityLab, [30.09.20 10:15]
Microsoft has released a report Microsoft Digital Defense (“Microsoft Digital protection”), which described the main cyber threats detected over the past two years.
Attacks by some ransomware operators take less than 45 minutes (https://www.securitylab.ru/news/512577.php)
SecurityLab, [30.09.20 11:30]
The world’s largest watchmaker, Swatch Group, shut down its IT systems after detecting a cyberattack.
As representatives of the company told BleepingComputer, they discovered a cyber attack over the weekend and disabled IT systems in order to prevent the spread of malware.
The largest watchmaker Swatch was the victim of a cyber attack (https://www.securitylab.ru/news/512587.php)
SecurityLab, [30.09.20 12:00]
British authorities are investigating the hacking of the foreign office’s computer systems, which resulted in unknown attackers stealing hundreds of secret documents related to the UK’s propaganda programs in Syria.
Hackers stole propaganda materials from the British foreign office (https://www.securitylab.ru/news/512595.php)
SecurityLab, [30.09.20 12:40]
Vasily Shpak, Director of the Department of radio-electronic industry of the Ministry of industry and trade of Russia, told reporters that foreign-made irons with built-in wiretapping were found in Russia.
“There are bookmarks. We saw a couple of irons with microphones. An ordinary iron. With microphone. Accordingly, in order to throw something somewhere from this microphone, you need some (method of communication),” Shpak said.
According to him, bookmarks in electrical engineering are not fiction.
In 2013, a batch of small household appliances was randomly discovered in St. Petersburg, which had a special electronic radio circuit built into it based on a special chip that can connect to unprotected Wi-Fi networks available within range.
Once connected to the network, this scheme spreads malicious applications, viruses, and spam.
The culprits of such “spy” tactics were Chinese engineers who assemble irons, kettles and mixers at manufacturing plants.
In Russia, once again discovered spy irons (https://www.securitylab.ru/news/512598.php)
SecurityLab, [30.09.20 13:50]
More than 247,000 Microsoft Exchange servers are affected by the remote code execution vulnerability (CVE-2020-0688).
247 thousand Microsoft Exchange servers are vulnerable to attacks (https://www.securitylab.ru/news/512612.php)
SecurityLab, [30.09.20 15:10]
It is believed that the lock icon or the “safe” mark in the address bar of the site indicates its security, however, according to information security experts, such visual prompts should not be blindly trusted, since hackers also use them to deceive users. (https://www.securitylab.ru/news/512616.php)
SecurityLab, [01.10.20 08:00]
With the purchase of TikTok’s American operations by Oracle Corporation and their separation into a separate company, everything was not so simple.
The fact is that currently the parties to the transaction have different interpretations of preliminary agreements.
For example, the Chinese company ByteDance, which still owns TikTok, wants to retain 80% of the shares of the new company TikTok Global, while the us authorities demand full control over the application code.
The US authorities want to gain full control over the code TikTok (https://www.securitylab.ru/news/512634.php)
SecurityLab, [01.10.20 09:25]
A Windows developer under the alias NTDEV was able to successfully compile Windows XP and Windows Server 2003 from the code that leaked to the Network last week.
Recall that recently in one of the topics of the anonymous forum 4chan were published links to the archives of the alleged source code of Windows XP SP1 , Windows Server 2003, MS-DOS, Windows CE and Windows NT.
Immediately after the leak, NTDEV was able to compile Windows XP and Server 2003 from the leaked source code.
As a confirmation, the developer posted videos on YouTube, but they were blocked at the request of Microsoft as violating its copyright.
Comment: Win XP is now unofficially Open Source X-D and may as well be shared by M$ on their Github. But then: who needs it at all? If there is Linux.
SecurityLab, [01.10.20 10:30]
In early September 2020, ClearSky specialists discovered a unique malicious RTF file uploaded to VirusTotal from Belarus.
The file name and content are written in Russian and represent a variety of forms to fill out concerning persons accused of various crimes.
The RTF file executes arbitrary code from the C&C server.
Code execution can be used to further download malware, steal data, and perform various malicious actions.
In this case, the RTF file downloads an exploit for the vulnerability in Internet Explorer (CVE-2020-0968).
The exploit loads a payload, but the file is encrypted and needs to be decrypted for execution.
According to experts, attackers began to actively exploit this vulnerability in attacks.
RCE vulnerability in Internet Explorer is actively exploited in attacks (https://www.securitylab.ru/news/512642.php)
SecurityLab, [01.10.20 10:40]
Information security is as much a public good as clean drinking water.
This was announced on Thursday, October 1, by the assistant chief of the cybersecurity Agency of Singapore, Brigadier General Gaurav Keerthi at the Black Hat Asia conference.
The Singapore authorities suggested treating is as a public good (https://www.securitylab.ru/news/512644.php)
SecurityLab, [01.10.20 11:06]
[Forwarded from the Announcements of information security events]
Solar JSOC: key cyber attack vectors for April — September 2020
Over the past six months, the activity of cybercriminals has increased significantly. The active use of the coronavirus theme in phishing mailings, the exploitation of vulnerabilities in remote desktop protocols — all this was just the tip of the iceberg. The attackers refined the tools, modified the VPO, and looked for new ways to bypass infrastructure protection.
At the webinar, experts from Rostelecom-solar, the largest center for monitoring and responding to cyber attacks, Solar JSOC, will tell how the activities of attackers with different skill levels have changed in the period from April to September 2020.
The program of the webinar:
1. Trends of the past six months: types and purposes of the attacks
2. The attack vectors and tools typical of criminals
3. Activities advanced cybergraphic
4. attack methods for the new TinyScouts group
5. practical examples: exploiting vulnerabilities, masking cryptographers, phishing emails, a new Trojan shell, and much more
After the event, all participants will be sent a new Solar JSOC report “Key attack vectors for April — September 2020” and given access to the webinar recording.
• Artem Kildyushev, presale analyst of Solar JSOC of Rostelecom-solar
• Asker Jamirze, expert on technical investigation of incidents of Solar JSOC CERT of Rostelecom-solar»
Participation is free of charge. Register using the link https://events.webinar.ru/RostelekomSolar/6359367
Waiting for you!
SecurityLab, [01.10.20 11:45]
GitHub, a Web service for hosting IT projects and their joint development, has introduced a new security feature called “Code Scanning” for all users, both paid and free.
GitHub introduced a new security feature for code scanning (https://www.securitylab.ru/news/512648.php)
SecurityLab, [01.10.20 14:15]
Researchers from Bitdefender in their report “10 out of 10” summed up the results of a survey of 6,724 information security specialists in large organizations in the United States, Europe, the Middle East and Africa, and the Asia-Pacific region.
While there has been some improvement in understanding key cybersecurity issues in recent years, there are gaps in knowledge about new threats, as well as a gap between the speed with which companies need to adapt and their level of cybersecurity.
67% of is experts are ready for a potential cyber war (https://www.securitylab.ru/news/512662.php)
SecurityLab, [01.10.20 14:45]
The TA2552 APT group uses OAuth2 and other token-based authorization technologies to attack Office 365 users in order to steal their email correspondence and contacts.
hackers attack Office 365 users via OAuth2 (https://www.securitylab.ru/news/512668.php)
SecurityLab, [01.10.20 15:35]
The APT-C-23 cybercrime group (other names Two-Tailed Scorpion and Desert Scorpion) has armed itself with a new version of spyware for Android devices with an updated C&C strategy and expanded spy functionality for tracking WhatsApp and Telegram users.
Details: It is not yet known how the new version of the malware is distributed. Previous versions were distributed through apps in a fraudulent Android store called DigitalApps. Along with legitimate apps, this store also offered users fake SOFTWARE that was passed off as AndroidUpdate, Threema, and Telegram. However, the fake WeMessage messenger is not distributed via DigitalApps.
a new version of spyware for Android monitors Telegram users (https://www.securitylab.ru/news/512669.php)
SecurityLab, [01.10.20 15:40]
Cybersecurity researchers from OTORIO have discovered critical vulnerabilities in popular industrial remote access systems.
Their operation allows you to prohibit access to production halls, hack corporate networks, forge data and steal confidential information.
Critical vulnerabilities found in industrial remote access systems (https://www.securitylab.ru/news/512670.php)
SecurityLab, [01.10.20 18:36]
The digital educational environment, when implemented in schools, will record in the digital biography all the successes and failures of the student, show his progress, said the Minister of education Sergey Kravtsov.
Digital biographies of schoolchildren will appear in Russian schools (https://www.securitylab.ru/news/512671.php)
SecurityLab, [01.10.20 22:45]
The Federal penitentiary service (FSIN) at the next meeting of the Russian security Council will propose a plan to eliminate fake Bank call centers that operate from prisons and colonies.
Rostec reported that about 3 million rubles will be needed for equipment that will allow jamming the signal of mobile operators.
the Federal penitentiary service plans to eliminate prison call centers (https://www.securitylab.ru/news/512672.php)
SecurityLab, [02.10.20 03:55]
The authorities refused to impose a delay on the transfer to Russia of servers that store data of Russians, follows from the approved economic recovery plan.
Earlier, the draft document proposed to set a delay until October 30, 2022 to meet the requirement for mandatory transfer of servers to the territory of the country.
Facebook and Twitter refused to postpone the transfer of servers to Russia (https://www.securitylab.ru/news/512673.php)
SecurityLab, [02.10.20 08:25]
Security researchers from Interstrust analyzed 100 publicly available mobile apps for iOS and Android in the healthcare sector across a range of categories, including telemedicine, medical equipment, healthcare trade, and tracking the spread of coronavirus infections (COVID-19) in order to identify the most dangerous threats.
85% of applications for tracking the spread of COVID-19 allow data leaks (https://www.securitylab.ru/news/512677.php)
SecurityLab, [02.10.20 09:40]
On Thursday, October 1, the US Treasury Department published a guide for victims of ransomware programs to pay a ransom if the payment may violate US sanctions imposed on individuals/groups.
the US Treasury has provided guidance on paying ransom to extortionists without violating sanctions (https://www.securitylab.ru/news/512682.php)
Local government agencies have also been heavily-hit by ransomware. At least 67 US government bodies have suffered ransomware attacks in 2020 alone, at a rate of one to two agencies falling victim to ransomware attacks per week, according to an Emsisoft tally.
SecurityLab, [02.10.20 09:45]
Facebook’s Facebook security team members revealed details about one of the most sophisticated malware campaigns ever to target Facebook users at the Virus Bulletin 2020 security conference.
The cybercrime group, dubbed SilentFade, used malware to buy ads on behalf of hacked users from late 2018 to February 2019.
Chinese hackers stole $4 million from Facebook users (https://www.securitylab.ru/news/512685.php)
SecurityLab, [02.10.20 10:00]
German authorities have fined the Swedish company H&M 35 million euros for leaking user data as a result of an internal incident that took place in a service center in Nuremberg.
German authorities fined H&M 35 million euros for violating the GDPR (https://www.securitylab.ru/news/512688.php)
SecurityLab, [02.10.20 10:09]
[Forwarded from the Announcements of information security events]
Identify vulnerabilities and protect critical business segments
Today, the Internet is an integral part of doing business and functioning of most companies. This is actively used by cybercriminals who, at the request of competitors or for their own benefit, attack critical segments of companies – for some organizations these are websites, for others – web applications for customers.
Often, an attack begins with exploiting vulnerabilities that exist in almost any application or infrastructure.
To effectively counter cybercriminals, it is necessary to identify vulnerabilities and properly build protection. This is the only way to protect your business and customers.
On October 9, at 11:00, Rostelecom-solar experts will tell you how to identify vulnerabilities and quickly protect critical business segments.
The program of the webinar
1. The landscape of cybercrime
2. Why does cybercrime affect you
3. How to quickly identify vulnerabilities
4. How to protect the network perimeter and employees
5. How to protect web apps, sites, and clients
6. Summing up the results
7. The answers to the questions
The webinar will be of interest to company managers, as well as heads of it and information security departments of retail, retail chains, banks, insurance organizations, government agencies and educational institutions.
The total duration of the webinar is approximately 1.5 hours.
• Maxim Avdonin – head of service control vulnerabilities
• Alexander Barinov – head of cybersecurity services
• Ivan Miroshnichenko – head of the web application security services development group
SecurityLab, [02.10.20 11:25]
Blackbaud, a provider of cloud-based CRM systems, admitted that it was a victim of ransomware operators, and information about customers ‘ Bank accounts was stolen by criminals.
However, Blackbaud executives have previously denied the cyberattack.
Provider of cloud computing have acknowledged the fact of ransomware attacks (https://www.securitylab.ru/news/512696.php)
SecurityLab, [02.10.20 13:15]
Italian information security company TG Soft has launched a new service “Have I Been Emotet”,
which allows individual users and entire organizations to find out whether their domains or email addresses are used in Emotet spam campaigns.
the new service allows you to check the presence of your address in Emotet campaigns (https://www.securitylab.ru/news/512707.php)
SecurityLab, [02.10.20 14:30]
The United States is entitled to more than $5.2 million in proceeds from the sale of a book by former national security Agency contractor Edward Snowden, according to a ruling by the U.S. Department of (In)justice.
the US (gov) will receive $5.2 million from Edward Snowden’s income (https://www.securitylab.ru/news/512718.php)
- Permanent Record (2019) ISBN 9781529035650
- DO NOT BUY THIS BOOK ANYWHERE rather run this search and get it for free
SecurityLab, [02.10.20 15:15]
Creating ransomware for a cybercrime group requires the participation of a number of specialists from various fields.
The question arises: can we identify the developers of malicious code by studying it?
Experts were able to find a link between 16 exploits and their developers (https://www.securitylab.ru/news/512719.php)
SecurityLab, [02.10.20 16:15]
Cisco Systems has fixed a number of vulnerabilities (CVE-2020-3141 and CVE-2020-3425) in its IOS XE software.
Their exploitation allowed a remote attacker to increase privileges on the system.
Overview of vulnerabilities for the week of: October 2, 2020 (https://www.securitylab.ru/news/512720.php)
SecurityLab, [07.10.20 14:10]
The Chinese government uses TikTok to create dossiers on Americans.
This was announced on Wednesday, October 6, by the US President’s national security adviser Robert o’brien at the annual summit organized by the Senator from Utah, Republican Chris Stewart.
Trump adviser called TikTok a tool for creating dossiers on Americans (https://www.securitylab.ru/news/512823.php)
SecurityLab, [07.10.20 14:45]
Security researchers from the Talos division of Cisco reported a malicious campaign in which hackers secretly hacked the IT networks of the Azerbaijani government and gained access to the diplomatic passports of some officials.
Hackers broke into the IT systems of the Azerbaijani government (https://www.securitylab.ru/news/512831.php)
SecurityLab, [07.10.20 15:45]
Vulnerability in Internet-connected men’s chastity belts allows outsiders to remotely control the gadget, including blocking it, making it impossible for the wearer to remove it.
Hackers can permanently block Internet-connected loyalty belts (https://www.securitylab.ru/news/512833.php)
SecurityLab, [07.10.20 15:50]
Specialists of the online service for working with git repositories GitLab checked the security of their clients ‘ software projects and found many vulnerabilities.
GitLab discovered many vulnerabilities in the source code of its clients ‘ projects (https://www.securitylab.ru/news/512834.php)
SecurityLab, [07.10.20 18:35]
According to Wheely, its competitors is unlawful to share information about customers with the capital Diptrans, according to Forbes.
For violating the GDPR, the company can receive a fine of up to €20 million or 4% of the violator’s global revenue for the previous year.
The maximum penalty directly from DDPA is lower — €1 million, according to Forbes, citing a study by consultants Dentons.
SecurityLab, [07.10.20 22:15]
Russia has received the first engineering sample of the Elbrus-16S microprocessor.
This was reported by the press service of the Russian private company-developer of the MCST.
The processor was developed by MCST.
The new product belongs to the sixth generation of Elbrus chips.
Model Elbrus-16S — 16-nuclear.
The overall performance reaches 1.5 TFlops.
The platform has built-in 10 and 2.5 Gbit/s Ethernet controllers, 32 PCI-Express 3.0 lines, four SATA 3.0 channels, and eight DDR4-3200 ECC memory channels.
The new Elbrus supports combining up to four processors with a total amount of RAM up to 16 TB in multiprocessor systems.
The MCST claims that the processor was the first 16-nm chip designed in Russia and based on Russian technologies that works without overclocking at a frequency of 2 gigahertz.
Development of Elbrus-16S should be completed in 2021.
The first 16-core Elbrus-16C processor is presented in Russia (https://www.securitylab.ru/news/512837.php)
Every country should have their own hardware in development, many use US-Israel or Chinese hardware which (of course) makes those countries spy-able, sabotage-able and thus control-able.
SecurityLab, [08.10.20 02:30]
Hackers from Azerbaijan hacked a number of Armenian state websites (https://www.securitylab.ru/news/512838.php)
SecurityLab, [08.10.20 04:40]
Following Twitter and Facebook, another social network has introduced a new practice.
At the same time, only accounts of Russian publications received a special label.
On the day of its tenth anniversary, Instagram (Facebook) marked posts and media accounts with special marks (https://www.securitylab.ru/news/512839.php)
SecurityLab, [08.10.20 08:10]
Guardicore specialists discovered a number of vulnerabilities in the XR11 remote control for subscribers of Xfinity (a subsidiary of the American telecommunications Corporation Comcast).
According to them, with the help of vulnerabilities, attackers can turn the TV remote into a spy device.
Experts turned the TV remote into a spy device (https://www.securitylab.ru/news/512840.php)
SecurityLab, [08.10.20 08:30]
The Android security update, released in October 2020, fixes a total of 48 vulnerabilities, including several critical ones.
The most dangerous issues affect Qualcomm’s closed-source components.
Fixed vulnerabilities in the core (1 vulnerability), MediaTek components (5), Qualcomm components (4), and Qualcomm closed source components (18).
Six vulnerabilities in Qualcomm’s closed source components were assessed as critical.
The October update for Android fixed 48 vulnerabilities (https://www.securitylab.ru/news/512841.php)
Comment: this proofs once again, android smart phones (and even iphones) in it’s current form are “unmaintainable” in a software-update-security-problematic kind of way.
it would be way more clever for Google & Apple & Co to simply adapt mainstream-debian (https://www.debian.org/ports/arm/) to run on the phones, so it can be kept security wise up to date by a simple: apt update; apt upgrade;
Anything else is just as catastrophic as IoT devices with hard-coded passwords, forcing users “to pray” every day, that their smart phones won’t get hacked the second the user turns on mobile data or logs into WIFI networks.
SecurityLab, [08.10.20 09:10]
European law enforcement agencies are fully loaded with cases of online materials related to child abuse.
This is reported in the Europol report “assessment of the threat of organized crime on the Internet”published this week.
Europol has run out of resources to investigate child porn online (https://www.securitylab.ru/news/512843.php)
Details: According to the report, the rapid increase in the number of child pornography materials on the Web may be somewhat related to changes in the abuser communities themselves.
If earlier darknet communities and rapists in the real world existed separately from each other, now online communities increasingly require their users to shoot videos and publish their own materials. Afraid of being “banned” and seeking to increase their rating, abusers comply with the requirements of community administrators.
There is a great concern about the growing number of pornographic materials created by children themselves, who spend more time on the Internet because of the quarantine. In addition, during the period of isolation and closed borders, the number of “live” broadcasts of child pornography has increased rapidly. According to Europol experts, this is due to the fact that during the quarantine, rapists significantly reduced their ability to find victims in the real world, and they switched to live-streams.
Comment: child porn criminals: catastrophic, catastrophic, catastrophic! and a very difficult topic.
Those would be the cases where the intelligence community could flex their surveillance muscles and shine and proof that they are actually trying to make this world a better place, by relentlessly cracking down on those perpetrators (unlike Europol they have almost unlimited resources, money and employees, so use it for good not evil) and working hand-in-hand with the police to honestly persecute sick criminals and lock them away, so those perverts are no threat to nobody anymore, ever again.
There were shocking cases and some success of the police to infiltrate and arrest child porn criminals but they need the support of the IC community.
The legislators should make sure IC community supports the police in those investigations with all means possible, while at the same time, trying to spot possible sabotage.
Except for bitcoin’s catastrophic CO2 balance, trades of illegal hard and software would severely damage the credibility of bitcoin as an currency intended to be used for good not evil.
there have been many catastrophic cases, never again!
SecurityLab, [08.10.20 10:20]
The FSB and the Ministry of Finance require the installation of domestic cryptographic protection on 5G network equipment for certification of base stations and smartphones.
However, manufacturers of this equipment do not intend to modify devices to meet local requirements, which may cause obstacles to the deployment of new-generation networks.
Requirements of the Federal security service and the Ministry of Finance hinder the development of 5G networks in the Russian Federation (https://www.securitylab.ru/news/512851.php)
Comment: This is clever too!
instead of generally forbidding 5G (USA) or blindly installing it (EU), it would be important for experts to thoroughly investigate the possible security and privacy problems that come with the latest Chinese-5G systems and thus develop requirements for it’s operation (like certified honest end-to-end encryption of devices etc).
vice versa: it would be NO problem to use gmail.com, if all the mails uploaded and send via gmail.com are encrypted right there on the client’s PC (nobody in-the-middle can read and AI analyze it).
problem: Micro$oft Outlook will NEVER implement end-to-end-encryption (and if yes it will be an NSA-got-the-master-keys kind of system)
unfortunately by M$ market dominance and some default-windows-hardcore-fans “unwillingness” (laziness, nothing-to-hide-argument) to switch over to Thunderbird + Enigmail (which can be setup very fast)
end-to-end encryption will stay a fantasy in the pretty security wise catastorphic mail world.
SecurityLab, [08.10.20 10:25]
Tesla management has notified employees of its Fremont, California, plant of the dismissal of an employee who “deliberately sabotaged” the operation of part of the plant last month.
This is reported by Bloomberg journalists, who have read the internal order of the Tesla management.
InfoSec: the Tesla team prevented sabotage at one of the plants (https://www.securitylab.ru/news/512852.php)
Comment: Holy crap knew it! This sabotage guy probably was paid by GM & Ford or US-oil-companies X-D