1. What is Operation Cobalt Kitty? Notorious hacker unit OceanLotus Group’s inner workings revealed :
OceanLotus Group used customised tools in attack To conduct the attacks, the hackers used a combination of publicly available hacking tools (which they modified to fit their attack strategy), as well as 6″undocumented custom-built tools,” which according to Cybereason researchers are the group’s “signature tools. OceanLotus Group attempted to steal proprietary data from an unspecified major Asian firm, but was caught in the act by security researchers, who then tracked and studied the group’s entire attack life-cycle to understand how such an advanced hacking unit works “under the hood. Researchers noted that the hacker group was highly adaptive and continued to update its attack to avoid security detection. Security researchers uncovered the OceanLotus Group targeting the top management of the Asian firm in a campaign titled “Operation Cobalt Kitty. The inner workings of a proliferate cyberespionage group known as the OceanLotus Group or APT 32, known to target major private firms and international governments, has been laid bare by security experts. Despite the fact that many aspects about the hacker group still remain a mystery, one thing is clear – the OceanLotus Group is a very advanced player in cyberspace. “According to a report by Wired, the OceanLotus Group has been active since 2012, and has predominantly targeted Asian organisations across China, Vietnam and Philippines. “The threat actor targeted the company’s top-level management by using sophisticated spear-phishing attacks as the initial penetration vector, ultimately compromising the computers of vice presidents, senior directors and other key personnel in the operational departments,” Cybereason researchers said in a report. ” The group hacked into 40 computers and servers belonging to the company over the course of a year, before the attacks were detected. But we felt that once we go public with it more security companies and maybe government agencies will notice it.
2. Russia hacks Gmail: Kremlin hackers abused Google services to target Putin critics:
“Although Citizen Lab researchers could not conclusively link the espionage campaign to a specific Russian government agency, the firm said “there is clear overlap between our evidence and that presented by numerous industry and government reports concerning Russian-affiliated threat actors. Russian state-sponsored hackers attacked over 200 Gmail users, including journalists, activists critical of the Kremlin and those connected with the Ukrainian military as part of a massive espionage and disinformation campaign. Security experts at Citizen Lab said that the hackers abused Google\’s own services, and used phishing to gain access to the users’ credentials. “The list includes a former Russian prime minister, members of cabinets from Europe and Eurasia, ambassadors, high ranking military officers, CEOs of energy companies, and members of civil society,” Citizen Lab researchers said in a report. The espionage campaign targeted over 200 Gmail users across 39 countries, according to researchers at Citizen Lab. “Researchers also noted that the hacked and stolen content from Satter’s Gmail were leaked on a blog run by a self-professed Russian hacktivist group called CyberBerkut. Citizen Lab used the term “tainted leaks” to highlight how hackers deliberately spread false information by stealing authentic content and altering them to include fake data. “After government targets, the second largest set (21%) are members of civil society including academics, activists, journalists, and representatives of non-governmental organizations. The emails targeting Satter were sent by the infamous Fancy Bear hacker group, which has previously been linked to the DNC hack and is widely considered to be a part of the Russian intelligence outfit GRU. The analysis led the researchers to a larger, more elaborate campaign by the hackers.
3. Trump Organization cyberattack: FBI investigating overseas attempt to hack the company’s computers:
The Wi-Fi networks at Trump’s Mar-A-Lago resort, Trump International Hotel in Washington DC, Trump National Golf Club in Virginia and Trump National Golf Club in New Jersey were found with weak, outdated or absent security settings. The FBI is reportedly investigating an attempted cyberattack by overseas hackers on the Trump Organization. ” Richard Frankel, a retired senior official with the FBI’s New York office said if there was an attempted cyberattack targeting Trump Organization, it would be “at the top of the list of investigations. In a statement to the New York Times, Trump Organization spokeswoman Amanda Miller suggested that the company has been targeted by cyberattacks in the past as well. Eric, Trump’s younger son and executive vice president of the Trump Organization, denied that the family company was breached. “We absolutely weren’t hacked,” Trump told ABC News. The meeting took place at the FBI’s New York headquarters on 8 May, a day before Trump’s controversial firing of FBI director James Comey, anonymous law enforcement officials told ABC News. “To be clear, the Trump Organization was not hacked. Details regarding how or when the attempted hack occurred, who were the perpetrators, or where the attack originated from are still unclear. Sources said that the meeting focused on a suspected cyberattack targeting the international real estate holding companý’s computer systems.
4. Nearly ‘half a million’ fake anti-net neutrality comments spammed to FCC:
There is significant evidence that a person or organisation has been using stolen names and addresses to fraudulently file comments opposing net neutrality, said Evan Greer, director of Fight for the Future. “Whoever is behind this stole our names and addresses, exposed our private information in a public docket without our permission, and used our identities to file a political statement we did not sign,” the letter stated, warning the full scope of the incident remains unclear. Joel Mullaney, one of the signatures on the letter to Pai, said: “In my nearly 30 years of being an Internet user, I’ve been extremely judicious about using my real name online. Nearly half a million fake anti-net neutrality comments have been spammed to the US Federal Communications Commission (FCC) and the victims are demanding answers, sending a letter to chairman Ajit Pai requesting an investigation be urgently launched. More than 450,000 fraudulent comments now have been posted to the FCC’s net neutrality consultation page using the names and identities of unwitting citizens. The letter to Pai calls for the FCC to inform all impacted victims, remove the comments, publicly disclose any information on the culprit of the incident and launch a full investigation. He hit the headlines after opening a public consultation and pledging to reverse Obama-era net neutrality legislation which forces internet companies to treat all data equally. Even though they are clearly fake, both Pai and the FCC have been accused of not taking adequate steps to remove them from the website. Fight for the Future launched a website which lets people check if they were impacted in the data theft. To see my good name used to present an opinion diametrically opposed to my own view on Net Neutrality makes me feel sad and violated.
5. What is XData? New ransomware spreading faster than WannaCry sparks concerns:
“The infections with XData across Ukraine have been increasing so rapidly it has raised XData to the second most active ransomware strain, second to the ever dominant Cerber,” security researchers at Emsisoft said. Although XData comes with a standard ransom note, warning victims to not use decryption tools or contact “data recovery companies,” a salient feature missing from the ransom note is the specific ransom amount. Emsisoft researchers said in just one day of XData being active in Ukraine, the ransomware “made four times as many victims when compared with the total for the entire week of WannaCry’s reign. “As it spread that fast in the Ukraine, it is not unlikely that it will spread fast outside of Ukraine, too,” German security researcher Matthias Merkel told Wired. Researchers have spotted a new ransomware variant, dubbed XData, rapidly spreading across Ukraine. MalwareHunter speculated that the cybercriminals behind XData may likely set ransoms on an individual basis, which means that victims could likely receive demands for varying amounts of ransom, Wired reported. Security researchers with ESET suggest that the ransomware authors may be using social engineering techniques to spread XData. However, in comparison, XData ransomware racked up three times more infections than WannaCry did last week in Ukraine. ESET researchers also said XData makes use of a tool called Mimikatz “to extract admin credentials,” which essentially allows the ransomware to infect an entire network. According to a security researcher MalwareHunter, who works with the MalwareHunterTeam group and was the first to detect the ransomware. XData already had 94 unique detections and the number of infections was on the rise.
6. ‘Judy’ could be the largest malware campaign ever found on Google Play Store:
Security experts have uncovered a massive malware campaign spreading through Google Play, the marketplace used to download applications to phones and tablets. It continued: “We also found several apps containing the malware, which were developed by other developers on Google Play. All updated within the last few months, other apps titles included Fashion Judy: Snow Queen Style, Fashion Judy: Vampire style, Chef Judy: Character Lunch and Fashion Judy: Frozen Princess. The “Judy” campaign also displays a large amount of advertisements on selected apps which leaves the user with no option other than clicking. Researchers from Check Point, a cybersecurity firm, claimed this week (25 May) it could be “possibly the largest” malware campaign found on Google Play. ” Kiniwini, registered on Google Play as EniStudio, develops smartphone apps for both Android and Apple iOS. “After Check Point notified Google about this threat, the apps were swiftly removed. On its website (translated via Google) the company published a statement informing users the app was removed but claimed new software will be released within two months. “Users cannot rely on the official app stores for their safety,” Check Point warned. “Unfortunately, existing games can no longer be downloaded from Google Play.
7. Fake apps on Google Play Store posing as WannaCry ransomware protection:
The official Google Play Store, used by Android users to download apps for smartphones and tablets, is being overrun with fake software posing as ‘protectors’ and ‘scanners’ for the WannaCry strain of ransomware that recently infected more than 200,000 machines in 150 countries. “One case is the package WannaCry Ransomware Protection, which we classified as a potentially unwanted program because we see no value in an app that offers fake features and tricks unwary users into downloading an app loaded with ads. It continued: “We also found several apps containing the malware, which were developed by other developers on Google Play. Security experts have uncovered a massive malware campaign spreading through Google Play, the marketplace used to download applications to phones and tablets. ” Kiniwini, registered on Google Play as EniStudio, develops smartphone apps for both Android and Apple iOS. Other available apps had titled such as “Anti Ransomware WannaCry” and “WannaCry Scanner. Another piece of software openly available to Android users, WannaCry Scanner, stated: “To ensure the safety of your phone, download and test immediately if your phone contains the WannaCry virus and you need (sic) to avoid losing money and information unfairly. “Some developers are taking advantage of the uproar and possible confusion to promote apps that promise to protect Android devices,” said Fernando Ruiz, a security expert at McAfee, who was among the first to spot the suspicious — and potentially malware-ridden — applications. On its website (translated via Google) the company published a statement informing users the app was removed but claimed new software will be released within two months. “While searching for ‘WannaCry’ on Google Play we found several new apps,” Ruiz said in a blog post.
8. Were WannaCry ransomware attacks the work of Chinese hackers? :
The researchers dug deeper to find that the sample messages contained language configuration files with translated ransom messages for an array for languages starting from English, Chinese, Dutch, German, Greek to Bulgarian, Romanian, Russian, Slovak and of course Korean. This version was used as the source text for translating the note into other languages as the accuracy of English to other languages translation is much better on Google compared to translating Chinese to any other language. Although it is possible that the Chinese notes were used to mask the identity of the hackers, what’s for certain is that the creators of the notes are fluent in Chinese – both simple and traditional, the firm said. Google Translate does not have good track record in translating Chinese to English and English to Chinese, and often produces inaccurate results. The research analysed each note individually for content, accuracy and style, and compared them to previous ransom messages associated with other ransomware samples. Linguist experts said that the two Chinese ransom notes differed substantially from other notes in content, format, and tone. Several researchers have suspected that North Korean-affiliated “Lazarus Group” was behind the attack due to similarities in the malware execution code, but Flashpoint analysts say linguistic review of the 28 ransom messages can help determine the native tongue of the hackers. Some characters on the Chinese notes also indicate it may have been written using a Chinese-language input system. According to the research, English and Chinese notes were most likely written by a human. The WannaCry ransomware hackers have still not been identified, but a new research indicates the perpetrators may be Chinese and not North Korean as was previously suggested by some experts.
9. Critical flaw in Twitter’s code could let hackers take over your account:
“We want to emphasise that this information can’t directly be used to access your account, and we have no information indicating that it has been misused,” Twitter’s email to Vine users stressed. The hacker, known as kedrisch, reported the flaw via Twitter’s bug bounty service – a programme managed by the organisation HackerOne which lets researchers disclose bugs in exchange for rewards. In a statement, Twitter said: “The reporter discovered a flaw in the handling of Twitter Ads Studio requests which allowed an attacker to tweet as any user. Most recently, Twitter issued a warning to users of its Vine service that a bug potentially exposed users’ email addresses and phone numbers to unnamed third parties. In an email sent to all impacted Vine users, it said the bug affected the Vine Archive for “less than 24 hours. He said the flaw could give cybercriminals the ability to “publish entries in Twitter-network by any user of this service. A security researcher discovered a critical vulnerability in the advertising code of Twitter, the most popular micro-blogging website in the world, which if exploited could let hackers publish updates from any other account without needing access to the victim’s profile. Last December, kedrisch was awarded $1,120 (£864) for finding a less critical flaw which could let a hacker change comments on Twitter’s official forums. ” Charlie Miller, a security expert well-known for being part of the collective which remotely hacked a 2014 Jeep Cherokee, tweeted: “As former appsec [Application Security] tech lead for Twitter, I’ll just say I’m not shocked this was in code from the ads team. “By sharing media with a victim user and then modifying the post request with the victim’s account ID the media in question would be posted from the victim’s account.
10. Russian scientists develop world’s first quantum-proof blockchain:
A copy of the blockchain is held by all the computers on a network (known as “nodes”), and as transactions occur, the blockchain is constantly updated and verified by the network with the data time-stamped into blocks, so no one person or computer can control any transaction on the blockchain. Russian computer scientists have developed the world’s first blockchain that is so secure not even a quantum computer will be able to hack into it. And if a quantum computer can crack current encryption methods, this means it could also crack the blockchain – a technology used to secure virtual currencies that is now of great interest to banks and the finance industry. A hacker could then generate a fake message that looks like it comes from Alice, requesting that the blockchain transfer all the bitcoins in her account to the hacker, and there would be no way for Alice to prove that she didn’t send the message. Alice wants to send Bob five bitcoins over the blockchain, secured using the digital signature, which contains a private key. Digital signatures are a sequence of bits with the single binary value of 0 or 1 that a blockchain user attaches to their transaction message to authenticate themselves. To prevent this, researchers from the Russian Quantum Center had to start from scratch and invent a blockchain with a completely new architecture that takes away all of the security vulnerabilities of the current blockchain technology. A blockchain is a shared ledger of transactions in a database used to verify all transactions relating to the virtual currency bitcoin. Their paper, entitled “Quantum-secured blockchain”, is published on Cornell University Library’s open source database. However, a quantum computer would be so clever that it would be able to figure out Alice’s private key simply by looking.