SecurityLab, [12.01.21 15:23]

The developer of the Salaat First (Prayer Times) app, which reminds Muslims when to pray, recorded and sold detailed information about their location to a data broker without the users ‘ knowledge, who in turn sold the geodata to other clients.

This was reported by the publication Motherboard.

The app sends notifications reminding users when to pray, shows them which direction to pray in by pointing to Mecca, and displays nearby mosques for users based on their current location.

The location data is collected by the French firm Predicio, which was previously linked to a data supply chain involving a U.S. government contractor that worked with U.S. Immigration and Customs Enforcement, U.S. Customs and Border Protection, and the FBI.

https://www.securitylab.ru/news/515389.php

SecurityLab, [13.01.21 04:08]

Analysts of the US Congress prepared a report in which they said that Russia is experiencing a shortage of personnel in its cyber units.

For this reason, it allegedly hires hackers on the side.

“The Russian security services, like other state structures, are experiencing difficulties in recruiting qualified personnel.

There is a competition for personnel between the private sector and rival structures.

This often forces the Russian security services to use the services of hackers from the civil and criminal spheres or to buy malware, ” the report says.

https://www.securitylab.ru/news/515404.php

SecurityLab, [13.01.21 07:43]

The US Federal Bureau of Investigation has launched an investigation after a postcard with a cartoon and the words “Hey, look, Russians” and “Putin did it!”was sent to the home address of FireEye CEO Kevin Mandia.

Thus, the hackers allegedly decided to question the company’s ability to link the cyberattacks to the Russian government.

The postcard came a few days after experts revealed a large-scale cyber attack on US federal agencies and companies.

According to the Reuters news agency, at the time of receiving the postcard, FireEye did not suspect who might be responsible for the attack.

The FBI, the US Cybersecurity and Infrastructure Protection Agency (CISA), and the US Intelligence Community (ODNI) later admitted Russia’s involvement in a hacker attack on US federal agencies.

https://www.securitylab.ru/news/515402.php

 

SecurityLab, [13.01.21 08:40]

On Tuesday, January 12, Micro$oft released the first scheduled security updates for its products this year.

The January patches fix a total of 83 vulnerabilities in Windows, cloud products, developer tools, and enterprise servers.

https://www.securitylab.ru/news/515470.php

 

SecurityLab, [13.01.21 16:10]

Representatives of the international company Mimecast, specializing in cloud-based email management for Microsoft Exchange and Microsoft Office 365, reported that cybercriminals compromised a digital certificate provided to customers for securely connecting Microsoft 365 Exchange accounts to Mimecast services.

https://www.securitylab.ru/news/515490.php

SecurityLab, [13.01.21 17:06]

The Federal Bureau of Investigation( FBI), the US Cybersecurity and Infrastructure Protection Agency (CISA) and the US Intelligence Community (ODNI) have admitted Russia’s involvement in a hacker attack on US federal agencies.

The conclusions are given in a joint statement of the special services.

Now, the solarleaks web site has been launched[.] net, which allegedly sells stolen data to Microsoft, Cisco, FireEye, and SolarWinds.

It is known that all these companies were hacked during the attack on the supply chain.

As stated on the site, the source code and Microsoft repositories are for sale for $600,000.

Microsoft representatives confirmed that the attackers gained access to their source code as a result of hacking SolarWinds.

The attackers also claimed to be selling the source code of several Cisco products, including the company’s internal vulnerability tracker.

As reported in Cisco, there is no evidence that the attackers stole their source code.

In addition, the site sells the tools of the FireEye Red Team team of information security specialists and the FireEye source code for $50,000.

Also for sale are the SolarWinds source code and a dump of the client portal for $250,000.

https://www.securitylab.ru/news/515475.php

 

SecurityLab, [14.01.21 08:20]

Recently, a large number of users have decided to abandon the use of the WhatsApp messaging platform due to the consequences of the change in the privacy policy and switch to the Signal messenger.

People were concerned that WhatsApp would start transferring data to its parent company Facebook.

https://www.securitylab.ru/news/515500.php

 

SecurityLab, [14.01.21 10:15]

Roskachestvo has warned users of the social network VKontakte about a new fraudulent scheme using social engineering techniques.

The scheme is to force users to provide attackers with their password by entering it on a phishing site.

https://www.securitylab.ru/news/515504.php

 

SecurityLab, [14.01.21 14:55]

A vulnerability in Microsoft Windows 10 allows attackers to damage an NTFS-formatted hard drive with a single-line command.

A single-line file can be hidden inside a Windows shortcut, ZIP archive, batch files, or various other vectors to cause hard disk errors that instantly damage the file system index.

https://www.securitylab.ru/news/515526.php

 

SecurityLab, [14.01.21 18:21]

The reason lies in the latest updates of Android and iOS, which provide for the function of dynamic replacement of MAC addresses.

Because of it, you will not be able to get unique phone addresses.

The project staff has not yet found a way out of the situation – most likely, the project will be curtailed.

The Moscow Traffic Management Center, which acted as the customer, said that it was not aware of plans to wind down the project.

The Moscow authorities decided to spend 152.9 million rubles on the purchase of agro-industrial complex for collecting MAC addresses.

The complexes in the framework of the experiment had to be put first on 220 stops and pedestrian steles, later the idea was planned to be scaled to the entire city.

The press service of the city hall then said that the service is being developed based on the practice of Singapore, London and Berlin, and the analysis of the data will help “to maximize the quality of pedestrian movements and the work of urban transport.”

https://www.securitylab.ru/news/515529.php

SecurityLab, [15.01.21 06:30]

Micro$oft, Oracle, and Salesforce, along with a number of other companies, are working to create a single digital vaccination passport.

The developers believe that this project should become a standard for the return of society to normal life.

https://www.securitylab.ru/news/515535.php

 

SecurityLab, [15.01.21 09:30]

The ongoing controversy over TikTok escalated on Thursday, January 14, when the service was accused of spying on millions of users of Android devices using technology banned by Google.

https://www.securitylab.ru/news/515537.php

SecurityLab, [15.01.21 10:40]

The US Department of Defense has added several new organizations to the list of companies allegedly linked to the Chinese military sector, including mobile device manufacturer Xiaomi.

https://www.securitylab.ru/news/515539.php

SecurityLab, [15.01.21 11:25]

The Federal Communications Agency of the Russian Federation is interested in licensing Skype, Viber, WhatsApp and other messengers that allow you to make calls over the Network to landline and mobile phones in the Russian Federation.

The license could make it easier for security agencies to control such services.

https://www.securitylab.ru/news/515540.php

SecurityLab, [15.01.21 17:32]

The investigative Department of the Russian IC for the city of Krasnogorsk in the Moscow region demanded that the local police “ensure the appearance” of 43,386 YouTube visitors who watched the broadcast of retired Colonel Mikhail Shendakov.

He is accused in the case of extremism, because during the stream he called on viewers to attack the FSB officers.

According to the documents that were at the disposal of the journalists, the senior investigator Preobrazhenskaya L. O. sent a request to the head of the Ministry of Internal Affairs of Krasnogorsk to “ensure the appearance” of the viewers of Shendakov’s video in the investigative department.

The request indicates that the video was viewed by more than 43,000 YouTube users.

https://www.securitylab.ru/news/515558.php

SecurityLab, [16.01.21 07:45]

American technology corporations, “feeling a taste for power, allowed themselves to freely manipulate news and facts based on their political preferences”

“What is this, if not rampant censorship? And what is it, if not the specter of digital totalitarianism, which is gradually filling the society.

It deprives him (and potentially the whole world) of the opportunity to objectively navigate what is happening” the deputy head of the Security Council believes.

“For America, and for the whole world, such corporate censorship at this level is truly extraordinary.”

“The question arises, who are these top judges who have decided that they can at will, according to the rules they know only, and, in fact, because of their political preferences, deprive the president of the country of the opportunity to communicate with a multi-million audience?” – Medvedev continued.

According to Medvedev, these corporations, dictating their terms, “began to replace state institutions, invade their area of responsibility, began to actively impose their position on a huge number of people, deprive them of the opportunity to choose.”

https://www.securitylab.ru/news/515569.php

SecurityLab, [16.01.21 09:59]

[Poll : How do you feel about blocking Trump’s social media accounts? ]

– Negative, private companies tell presidents what to say and what not to say

– Negatively, this is a manifestation of digital totalitarianism, to which only the state has the right

– Negative (another reason)

– Positively, social networks care about the protection of citizens

– Positively, social networks have the right to censor content in favor of their interests

– Positive (another reason)

“I don’t care

SecurityLab, [16.01.21 11:30]

The administration of the instant messaging service WhatsApp has postponed the introduction of its new policy, according to which users must share data with the social network Facebook.

This decision was made due to numerous complaints and criticism from users and competitors.

https://www.securitylab.ru/news/515570.php

 

SecurityLab, [16.01.21 15:22]
[Forwarded from Announcements of the best information security events]
[ Photo ]
Course “Web Application Security” from xakep.ru
Start on January 18, 17: 00

– How to conduct exploration, use tools to automate the pentest, and make out the found CVEs
– Source code audit, vulnerability exploitation automation, privilege escalation, and other pentest skills
– Certificate of successful web application audit in the course “Web Application Security»

Leads: certified pentester, two-time PHDays winner and medalist, well-known information security specialist, author of the NO OFFENSE YouTube channel Alexander “Twost” Pushkin. The course is designed for 38 academic hours.

 

SecurityLab, [17.01.21 10:25]

The Eurasian Economic Commission has received statements from the Association of Copyright Holders, Licensors and Licensees for the Protection of Copyright on the Internet (AZAPI) about signs of violation of antitrust laws in the actions of Yandex.

https://www.securitylab.ru/news/515571.php

 

SecurityLab, [17.01.21 10:30]

According to the issue notice on GitHub, the vulnerability in the system was discovered by two children who were just playing on their father’s computer.

The children pressed random keys on both the physical and on-screen keyboard, which eventually caused the Linux Mint splash screen to crash and allowed them to access the desktop.

According to Linux Mint lead developer Clement Lefebvre, the problem was eventually discovered in the on-screen keyboard component libcaribou, which comes with the Cinnamon desktop interface used by Linux Mint.

https://www.securitylab.ru/news/515572.php

 

SecurityLab, [18.01.21 07:55]

The administration of the largest trading platform in the darknet, Joker’s Stash, specializing in the sale of compromised payment data, announced its intention to wind down its operations on February 15, 2021.

The site’s operator, someone under the pseudonym JokerStash, told a Russian-language cybercrime forum that “it’s time for us to leave for good” and “we will never open again.”

https://www.securitylab.ru/news/515574.php

 

SecurityLab, [18.01.21 11:48]

Recent advances in artificial intelligence (AI) have posed several ethical dilemmas, one of which is whether humanity will be able to control autonomous machines.

An international team of researchers has warned of the potential risks of creating software that is too powerful and self-contained.

Using a series of theoretical calculations, the scientists came to the conclusion that it is impossible to fully control such an AI.

Scientists have experimented with two ways to control artificial intelligence.

One of them is to isolate the AI from the Network and other devices, limiting contact with the outside world.

The problem is that this method will significantly reduce the ability of the AI to perform the functions for which it was created.

https://www.securitylab.ru/news/515578.php

 

SecurityLab, [18.01.21 13:55]

You can hack the site of one of the most popular first-level Olympiads, which is held in MEPhI, in just one second.

This was reported to Izvestia by a “source from hacker circles”.

https://www.securitylab.ru/news/515598.php

 

SecurityLab, [18.01.21 15:15]

The Washington-based nonprofit organization Coalition for a Safer Web sued Apple to remove the Telegram messenger from the App Store for failing to stop extremist conversations in the run-up to the storming of the Capitol in Washington on January 6 this year.

As reported in the lawsuit, the administrators of Telegram did not take the necessary measures to prevent the spread of such messages.

https://www.securitylab.ru/news/515603.php

SecurityLab, [18.01.21 18:35]

SQLi vulnerability for sale on the darknet Pickpoint.ru

The vulnerability is put up for sale by several sellers on the shadow forum and is sold for $1000.

The database is said to be running MS SQL Server 2012 with ASP technology.Net 4.0.

Also put up for sale is a database with 4 million records of personal data, presumably of the company’s customers, containing full names, dates of birth, phone numbers, addresses, email addresses, hashed (MD5) passwords, etc.

“Recall that in early December unknown hackers attacked the network of postamats PickPoint, as a result of which their operation failed. A total of 2,732 mailboxes were opened, or 25% of the existing ones in the network. The attack put at risk 49 thousand orders totaling 150 million rubles, and as a result, more than 1,000 orders were stolen .

As reported in the press service of Pickpoint, “in the wake of the cyberattack, the activity of fraudsters who are trying to sell non-existent data has begun. PickPoint doesn’t have any user names, birthdays, or passwords in its database. This information is not transmitted to us by online stores, we do not request it from recipients to issue orders, and PickPoint users do not have a personal account. This is a provocation on the part of scammers who use all possible methods to cash in.”

https://www.securitylab.ru/news/515612.php

 

SecurityLab, [19.01.21 07:40]

The (pro Trumpism) social networking site Parler has resumed its work.

But so far, it only has a message from the company’s CEO, John Matze.

The social network apps are still inactive.

https://www.securitylab.ru/news/515617.php

 

SecurityLab, [19.01.21 09:15]

Specialists who want to get a job at the New York-based information security company Red Balloon Security must complete an unusual task as part of the interview – to unlock a hard drive with bitcoins.

https://www.securitylab.ru/news/515620.php

 

SecurityLab, [19.01.21 11:05]

IObit “clean & speedup your PC” was the victim of a large-scale cyberattack aimed at spreading the extortionate software DeroHE among the participants of its forum.

https://www.securitylab.ru/news/515626.php

PS: the best way to clean & speedup a PC is by installing GNU Linux 🙂 (Debian 10 imho)

SecurityLab, [19.01.21 15:15]

One of the protesters who attacked the Capitol on January 6, 2021, may have stolen Speaker Nancy Pelosi’s laptop with the intention of selling it to the Russian government, according to an FBI affidavit on the attack.

According to one of the witnesses, Riley June Williams (Riley June Williams) illegally entered the US Congress building during the assault.

https://www.securitylab.ru/news/515637.php

 

SecurityLab, [20.01.21 01:40]

The hacker group Global ++ will compensate the studio Niantic in the amount of $5 million for hacking games.

As reported, in 2019, the studio filed a lawsuit against hackers, accusing them of creating modified versions of their games.

https://www.securitylab.ru/news/515642.php

 

SecurityLab, [20.01.21 09:35]

Bugs in Signal, Google Duo, and Facebook Messenger allowed the caller’s device to transmit audio before they answered the call.

Vulnerabilities in a variety of mobile applications for video communication allowed attackers to listen to the surrounding sounds without the user’s permission even before he picks up the phone.

https://www.securitylab.ru/news/515723.php

 

SecurityLab, [20.01.21 10:45]

Security researchers from the information security firm Malwarebytes have confirmed that the cybercriminals responsible for the attack on the SolarWinds supply chain were able to access the company’s email.

https://www.securitylab.ru/news/515727.php

 

SecurityLab, [20.01.21 15:35]

US President Donald Trump has signed an executive order requiring US cloud companies to keep records of foreign customers in order to help US authorities track people who commit cybercrime.

https://www.securitylab.ru/news/515774.php

SecurityLab, [21.01.21 08:40]

Information security specialists from Micro$oft shared details about how hackers who attacked the SolarWinds supply chain managed to remain unnoticed and hide their malicious activities inside the networks of hacked companies.

https://www.securitylab.ru/news/515781.php

SecurityLab, [21.01.21 09:20]

The newly updated website of the US White House has a vacancy for a technical specialist, but only those who have good technical skills can see the ad.

https://www.securitylab.ru/news/515782.php

 

SecurityLab, [21.01.21 15:50]

Hackers stole at least 1 thousand logins and passwords for authorization in corporate accounts of Office 365.

Hackers who attacked thousands of organizations around the world as part of a large-scale phishing campaign forgot to protect their “catch”, as a result of which it became available through Google search.

The phishing campaign, which lasted more than six months, used dozens of domains with fake Microsoft Office 365 authorization pages. Despite using very simple techniques, the attackers managed to successfully bypass the security filters for emails, thanks to which they collected at least 1 thousand logins and passwords for authorization in corporate Microsoft Office 365 accounts.

Hackers who attacked thousands of organizations around the world as part of a large-scale phishing campaign forgot to protect their “catch”, as a result of which it became available through Google search.

https://www.securitylab.ru/news/515802.php

SecurityLab, [21.01.21 17:25]

The actual implementation of the law, which obliges manufacturers of smartphones, computers and smart TVs to pre-install domestic applications and services on devices, may not meet the expectations of the document developers and software creators. With a high probability, these programs can be easily ignored.

Users will be able to see the domestic software only in the selection window during the activation of the new device. In this case, the installation can be easily skipped.

https://www.securitylab.ru/news/515810.php

SecurityLab, [21.01.21 19:45]

On January 28, the Day of Personal Data Protection, “RosKomSvoboda” @roskomsvoboda together with Digital Rights Center and Privacy Accelerator will hold the annual thematic conference Privacy Day 2021 (https://privacyday.ru/).

The conference program includes panel discussions, where participants will discuss the growth in the volume of user data collected by government agencies and media corporations, as well as raise issues of privacy in the pandemic world.

At the end, Privacy Accelerator will present the projects in the field of privacy and openness that were implemented within the first set of the program.

📍 Where and when?

January 28 at 11: 00 (Moscow time)
Online broadcast on the Privacy Day website and in the YouTube channel (https://www.youtube.com/watch?v=9LaOJUYQKfc&feature=youtu.be) RosKomSvobody.

 

SecurityLab, [21.01.21 20:20]

Apple is developing a technology that will differentiate smartphone users using a completely new technology.

We are talking about the so-called heat map of the face, which, like fingerprints, is unique.

It will be almost impossible to deceive this protection system.

Apple’s development compares favorably with the existing face unlock system, which has become impractical amid the coronavirus pandemic.

Users are forced to wear masks, and for the authentication process it is necessary to remove it every time.

Otherwise, you will have to enter the password on the smartphone screen.

While scanning the face of a new user, the smartphone will make a grid on which the temperature of a particular area of the skin will be displayed.

A unique heat map will be created based on the collected information.

The Face ID biometric sensor appeared in Apple smartphones in 2017, along with the release of the iPhone X.

At the moment, it is installed in all current devices of the company, except for the iPhone SE presented in the spring of 2020

https://www.securitylab.ru/news/515815.php

SecurityLab, [22.01.21 08:05]
[Forwarded from Announcements of the best information security events]
[ Photo ]
How to strengthen the NGFW functionality and strengthen protection

Do you choose or already use NGFW?

Would you like to know how to strengthen the protection and expand the functionality?

Palo Alto Networks and Axoft invite you to an online event on NGFW and its subscriptions, to learn about:

* Advanced protection features with NGFW
•The composition of subscriptions and what works out of the boxes
-Threat Prevention. IPS+IDS+AntiVirus
-WildFire. Anti-APT by subscription
-GlobalProtect. Identifying and quarantining compromised nodes
-URL Filtering
-DNS Security Service
•What has changed in OS 10
* New IoT, SD-WAN, DLP subscriptions
The event will be most interesting for managers and information security specialists of medium and large companies.
We are waiting for you at the online event on February 2 (Tuesday) at 10.00! The link to participate will be announced to registered participants.
Pre-registration is required.

SecurityLab, [22.01.21 10:00]
A batch of laptops provided to British schoolchildren by the UK Department for Education as part of the government’s Get Help With Technology (GHWT) scheme contained pre-installed Gamarue malware. (https://t.me/iv?url=https://www.securitylab.ru/news/515822.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515822.php

SecurityLab, [22.01.21 11:35]
The US Federal Trade Commission has decided to destroy the artificial intelligence developed by Paravision (formerly known as Everalbum), which is able to recognize people’s faces in photos. (https://t.me/iv?url=https://www.securitylab.ru/news/515824.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515824.php

SecurityLab, [22.01.21 15:25]
Google Australia managing director Mel Silva has threatened to block the search engine from Australia, and Facebook-to block news in the social network feed for all Australian users, if the Australian authorities adopt a code for media market players, forcing companies to pay Australian media to post news content.

(https://t.me/iv?url=https://www.securitylab.ru/news/515858.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515858.php

SecurityLab, [23.01.21 07:50]
[Forwarded from Announcements of the best information security events]
[ Photo ]
A career springboard from Linux knowledge: only for sysadmins with experience

All PRO admins go to ” Administrator Linux. Advanced” – an online course for system engineers with experience!

Have time to take a seat — the start of classes on January 27. The clustering and virtualization skills you will master will help you simplify your work with hundreds of servers and take you to a new career level.

Take the entrance test to join the course with a discount of 15,000 rubles: https://otus.pw/MZuQK/

SecurityLab, [23.01.21 07:50]
The Russian agreed to a prison sentence of up to 10 years, as well as the need to pay a fine of up to 250 thousand dollars (more than 18.5 million rubles). Now this agreement with the investigation will soon be approved by the court, after which Firsov will be sentenced.

(https://t.me/iv?url=https://www.securitylab.ru/news/515872.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515872.php

SecurityLab, [23.01.21 08:10]
The Russian government has approved new categories of “hardware”, which will have to be built on domestic central microprocessors to be considered Russian computing equipment-which has the right to be in the register of Russian products under the Ministry of Industry and Trade. It is this register that government agencies and some state-owned companies are now guided by in case of thematic purchases.

(https://t.me/iv?url=https://www.securitylab.ru/news/515873.php&rhash=d7509243d58aec)https://www.securitylab.ru/news/515873.php

SecurityLab, [23.01.21 10:15]
In the work of Twitter in the Russian Federation, there was a massive failure, according to data from the Downdetector service.

Reports of problems with access to Twitter began to arrive after 11: 00, mainly from users from Moscow.

At the same time, users of the operator “Beeline” also reported problems in its work. Users in Moscow, St. Petersburg, Tyumen, Chelyabinsk, Yekaterinburg, Voronezh, Krasnodar, Rostov-on-Don, and Saratov had problems with the connection.

https://www.securitylab.ru/news/515875.php

SecurityLab, [24.01.21 10:36]
Telesforo Aviles, a 35-year-old home security technician, admitted hacking into customers ‘ home video cameras and spying on them. The maximum term that a man can get is five years.

Aviles said he had accessed customers ‘ cameras more than 9,600 times in more than four years. The hack affected 220 customers living in Texas. The former ADT employee admitted that he followed the lives of women who attracted him, watched his clients undress, sleep or have sex.

https://www.securitylab.ru/news/515878.php

SecurityLab, [24.01.21 17:31]
The manufacturer of hardware security solutions SonicWall has published an urgent notification about the penetration of hackers into its internal systems through a zero-day vulnerability in its VPN products.

In its notice, SonicWall, which specializes in the production of firewalls, VPN gateways and enterprise-level network security solutions, said that attackers exploited a previously unknown vulnerability in the Secure Mobile Access (SMA) VPN device and the NetExtender VPN client to carry out a” sophisticated ” attack on its internal systems.

https://www.securitylab.ru/news/515877.php

SecurityLab, [25.01.21 08:10]
Security researcher John Page has launched a web portal to publish vulnerabilities in the code of common malware. Page hopes that other security specialists will use them to disable and remove malware from infected systems as part of security incident response operations. (https://t.me/iv?url=https://www.securitylab.ru/news/515886.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515886.php

SecurityLab, [25.01.21 08:17]
[Forwarded from Announcements of the best information security events]
Solar Dozor 7.3. Neural networks, identifying retiring employees, and something else…

Protecting sensitive user data is one of the key tasks of DLP, which most solutions are able to handle. But how to protect the confidential information displayed in the photo: pages of your passport, bank card, or company seal?

And how do you know in advance that an employee is going to leave the company, if he did not tell anyone about it?

On February 3, Solar Dozor implementation analyst Era Novikova will answer these questions and talk about other features of the new version of the Solar Dozor DLP system.
The webinar will be especially interesting for managers and specialists of the information security and IT departments of the FOIV and ROIV, large holdings, financial sector organizations and medium-sized businesses.

Webinar program:

1. Protection of confidential data in graphic formats
2. Identifying signs of employee dismissal at an early stage
3. Other features of Solar Dozor 7.3
4. Demonstration of the system
5. Answers to questions

The total duration of the webinar is approximately 1 hour.

SecurityLab, [25.01.21 09:25]
At the end of the last century, everyone was afraid of the so-called “problem 2000” or “Y2K error”, which was supposed to lead to a global computer system failure with the onset of January 1, 2000, but the millennium came, and no disaster occurred. However, 21 years have passed, and on January 12, 2021, many critical applications stopped working when Adobe Flash support ended. In particular, the railway in the Chinese city of Dalian went offline for 20 hours. (https://t.me/iv?url=https://www.securitylab.ru/news/515894.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515894.php

SecurityLab, [25.01.21 15:35]
The Iranian government has blamed bitcoin and other cryptocurrencies for massive power outages across the country. According to Business Insider, most of Tehran, as well as other major cities including Mashhad, Tabriz and Urmia, were repeatedly left without electricity this month. Twitter was flooded with videos showing how motorists are forced to move through unlit streets. (https://t.me/iv?url=https://www.securitylab.ru/news/515919.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515919.php

SecurityLab, [25.01.21 15:36]
Security researcher from the company ESET Lukas Stefanko (Lukas Stefanko) reported on a new malware for Android devices, automatically spreading through messages in WhatsApp. The main purpose of malware is to force users to fall for fraud with advertising software or subscriptions.

“The malware is distributed through the victim’s WhatsApp app by automatically sending responses to any WhatsApp messages containing a link to the malicious Huawei Mobile app,” Stefanko said.

https://www.securitylab.ru/news/515914.php

SecurityLab, [25.01.21 19:05]
More than 30 million WhatsApr users have abandoned the messenger since the beginning of the year. This was reported by the British edition of The Guardian.

(https://t.me/iv?url=https://www.securitylab.ru/news/515928.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515928.php

SecurityLab, [26.01.21 09:20]
A thirty-year-old resident of Bobruisk (Republic of Belarus) “earned” hundreds of thousands of dollars on the sale of hacked user accounts in the darknet of web resources that allow you to create personal accounts.

According to the Ministry of Internal Affairs of Belarus, the man purchased specialized software for bruteforce attacks on hacker forums and, after completing it, successfully hacked large numbers of accounts, including users of Walmart, eBay, Minecraft, Sony Play Station, Fortnite and cryptocurrency exchanges. He then sold the hacked passwords and usernames on underground Internet trading platforms. In some cases, the criminal transferred money from users ‘ accounts to their own Kiwi and WebMoney wallets or exchanged it for bitcoins. Thus, he was able to enrich himself by $500 thousand.

https://www.securitylab.ru/news/515936.php

SecurityLab, [26.01.21 09:55]
Earlier this month, SecurityLab wrote about a vulnerability in Microsoft Windows 10 that allows attackers to damage an NTFS-formatted disk with a single-line command. A single-line file can be hidden inside a Windows shortcut, ZIP archive, batch files, or various other vectors to cause disk errors that instantly damage the file system index. (https://t.me/iv?url=https://www.securitylab.ru/news/515939.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515939.php

SecurityLab, [26.01.21 12:37]
Elon Musk claimed that in five years, artificial intelligence will be significantly smarter than humans, and “the situation will become unstable or strange.” The basis for such thoughts gives him work on the autopilot “Tesla”. And one of the five main trends of Gartner Hype Cycle 2020 is “Not only silicon”, i.e. data will soon be processed using DNA and biochemistry instead of silicon.

The “dangerous future” is coming very quickly, so we decided to monitor the news flow weekly with the help of the editor-in-chief Securitylab.ru Alexander Antipov. What if they include the news that we are already in the matrix? We must somehow prepare for this! In the first issue, Alexander will tell you:

– how cybercriminals use artificial intelligence in attacks on businesses

– why, according to scientists, people will not be able to control AI

– how the AI will protect the drones from new attacks.

– where, as a test task, it is necessary to decrypt the hard disk with bitcoins

– Why did the White House hide an ad for a tech specialist on its website

– and how two kids who were just playing on their father’s computer hacked Linux Mint.

SecurityLab, [26.01.21 16:00]
On one of the cybercrime forums, access to a database with the phone numbers of Facebook users is offered for sale. For more convenience, the seller also offers customers to search for these numbers using an automated Telegram bot. (https://t.me/iv?url=https://www.securitylab.ru/news/515968.php&rhash=d7509243d58aec)

https://www.securitylab.ru/news/515968.php

SecurityLab, [26.01.21 17:10]

According to Apple, the twelfth version of the iPhone creates electromagnetic interference, which in turn affects the operation of the pacemaker implanted in the heart.

In addition, the developers reported that due to the magnets built into the MagSafe accessories, other medical devices may also fail.

https://www.securitylab.ru/news/515972.php

SecurityLab, [26.01.21 21:40]

Checkpoint found a flaw in the “Find Friends” feature in TikTok.

If left unchecked, this vulnerability will allow attackers to gain access to personal data in user profiles, including the phone number associated with the account, nickname, unique user ID, profile photo, as well as some settings, including the ability to hide the profile and manage subscriptions.

The information obtained by the attackers can be used for criminal purposes.

https://www.securitylab.ru/news/515983.php

SecurityLab, [27.01.21 08:10]

Apple has released fixes for three vulnerabilities in iOS, iPadOS and tvOS, which could already be used by hackers in real attacks.

The nature of the attacks, their scale and who is the organizer, Apple does not specify.

https://www.securitylab.ru/news/515989.php

SecurityLab, [27.01.21 10:10]

The support team for the Sudo utility, which allows Linux administrators to delegate limited superuser rights to other users, has released a fix for a serious vulnerability.

https://www.securitylab.ru/news/515992.php

PS: that’s why it is better to use su – root, instead of sudo imho

SecurityLab, [27.01.21 16:00]

In order to prevent people from becoming “living robots” in the not-so-distant future, it is already necessary to deal with the legal regulation of new technologies in general and artificial intelligence (AI) in particular.

This was announced on Wednesday, January 27, at a meeting of the Federation Council by Speaker Valentina Matvienko.

https://www.securitylab.ru/news/516007.php

SecurityLab, [27.01.21 16:05]

Senators of the Federation Council proposed to develop an international convention regulating the activities of global Internet companies.

According to the senators, the actions of global American Internet companies for political reasons, without legal grounds and contrary to the norms of international law restrict freedom of speech in social networks.

https://www.securitylab.ru/news/516008.php

SecurityLab, [27.01.21 19:50]

According to the head of cyberdrug Andrey Zamyatin, the group members will surf on social networks and complain about the mat to administrators and moderators.

“We search for destructive content on the Internet, view everything manually, without any software, and mostly use hashtags.”

“Our goal is to protect our native Russian language, the culture of speech, ” Zamyatin said.

“In case of finding entries with obscenities, we will write to the community administrator with a request to delete them. If there is no response, we will complain to the administration of the social network, ” he said.

https://www.securitylab.ru/news/516009.php

 

SecurityLab, [28.01.21 08:35]

Gref stressed that fraudsters in cyber attacks also almost always use AI artificial intelligence – in particular, deepfake technologies.

“They can call from your phone number and speak in your voice.”

“This is a huge threat, it is difficult for a normal person to fight this and powerful protection systems must come to the rescue” the head of Sberbank said.

https://www.securitylab.ru/news/516022.php

 

SecurityLab, [28.01.21 09:50]

The infrastructure of the most dangerous botnet to date, Emotet, was disabled as part of a coordinated operation by Europol and Eurojust.

Thanks to the joint efforts of the law enforcement agencies of the Netherlands, Germany, the United States, Great Britain, France, Lithuania, Canada and Ukraine, the specialists managed to seize control of the botnet’s servers, disable all its infrastructure and stop malicious activity.

https://www.securitylab.ru/news/516023.php

 

SecurityLab, [28.01.21 14:10]

The US National Security Commission on Artificial Intelligence (NSCAI) has recommended that the US government not join any international treaties prohibiting the use of weapons systems with artificial intelligence (AI) technologies.

https://www.securitylab.ru/news/516040.php

 

SecurityLab, [28.01.21 18:39]

Apple has published a report A Day in the Life of Your Data, illustrating how companies track user data on websites and apps.

The document also explains how the privacy features in Apple products provide users with greater transparency and control to protect their personal information.

On average, the apps include six trackers from other companies, whose sole purpose is to track users and collect their personal information. Most popular Android and iOS apps have built-in trackers.

https://www.securitylab.ru/news/516044.php

backup: A_Day_in_the_Life_of_Your_Data.pdf

admin