1. India seeks discounted Windows 10 ‘for entire country’ after global ransomware attacks :
In the wake of two major ransomware outbreaks, India ‘s first cybersecurity chief is asking Microsoft to grant a massive one-time discount for the entire country in an attempt to upgrade more than 50 million machines to the better-protected Windows 10 operating system (OS. Rai said the Indian government expects Microsoft to offer Windows 10 at “throw-away prices ” and claimed that more information regarding a final deal will soon be released to the public. It remains unclear if any other governments are currently seeking deals with Microsoft to help discounted software updates for security reasons. “Incentivize the common man ” The cybersecurity chief said the government is aiming to “incentivize the common man ” to upgrade their computer systems in light of rising online threats. Up to 96% of 57 million computers in India currently run on earlier versions of Windows – with some on pirated versions of the software that is no longer supported by security updates. Rai revealed talks with Microsoft started after the WannaCry cyberattacks last month, which locked down hundreds of thousands of computers in 150 countries and demanded a ransom in Bitcoin. If Microsoft agrees to sell the business edition of Windows 10 at a discount, it could lose out on a significant amount of revenue, however if it sells the Home edition, which is supported by ads, it could potentially make some of that money back. The ransomware strains that caused chaos around the world in recent months were super-powered by computer exploits stolen from the US National Security Agency (NSA. His plea followed the Petya ransomware attack last month which infected businesses and governments in more than 60 countries. “It will be a one-time upgrade offer to Windows 10 and it will be a discounted price for the entire country “, he said.
2. ‘Five Eyes’ alliance in crosshairs as Privacy International demands release of spy secrets :
The legal filing reads: “Privacy International seeks access to the current text of the UKUSA Agreement, information about how the government implements the Agreement, and records concerning the standards and procedures for exchanging intelligence under the Agreement. ” It urged the release as “the public lacks even basic information about the Five Eyes alliance ” and demanded information regarding the US government ‘s “acquisition, storage, analysis and dissemination of Americans ‘ communications ” as part of the ancient arrangement. Initially formed in the period surrounding World War II, the ‘Five Eye ‘s collective was formalized in the UK/US Communication Intelligence Agreement, officially signed in 1946. Privacy International, a UK-based digital rights organization, has filed a federal lawsuit in the US to compel the release of information about the ‘Five Eyes ‘ alliance, a secretive intelligence sharing clique made up of the US, UK, Australia, Canada and New Zealand. Documents released by former US National Security Agency (NSA) analyst Edward Snowden showed how the vast apparatus used by intelligence agencies – including the British GCHQ – exploits digital information to scoop up communications data in bulk. “The public has a right to know what rules govern the exchange of information – which may include purely domestic communications and data – through this private pact. ” Scarlet Kim, Privacy International ‘s legal officer, added: “For years [we have] fought to shed light on the closely integrated relationship between the intelligence agencies of the Five Eyes alliance. It has made Freedom of Information (FoI) requests to the NSA, the Office of the Director of National Intelligence, the State Department and the National Archives and Records Administration. that govern intelligence sharing among the Five Eyes, it is impossible for the public to know if this secretive surveillance abides by constitutional restrictions.
3. AA data leak: Over 100,000 customers’ emails and personal information exposed after breach :
On 26 June, AA customers received password reset emails, however, the firm told Computer Weekly that an “internal error ” and “not a hack ” resulted in some customers receiving the email and that “no data has been compromised. The exposed data included 117,000 unique email addresses, full names, addresses, IP addresses, details of purchases, as well as the last four digits and expiry data of credit cards, Motherboard reported. “Any data breach is serious hence we are looking at legal action, ” King told us, adding, “we did not feel customers were at risk of fraud as this related to the AA Shop rather than insurance details. UK car insurance firm AA reportedly left over 100,000 customers personal and sensitive information exposed and failed to notify customers about their leaked data, despite having been aware of a potential breach in their systems. However, AA president Edmund King reached out to IBTimes UK to stress that customers ‘ card data was “never at risk ” and was not exposed. ” King however did acknowledge that “Data did include some things in the public domain like addresses of customers who may have bought maps. “The data incident was related to the AA Shop which is run by a third-party website supplier with no links to AA Insurance, ” King said in an email, adding that a “full independent inquiry ” is currently underway. One of Hunt ‘s followers allegedly warned AA about an insecure database exposing 13GB of data in April. “The most infuriating aspect of this incident is that the AA knew they ‘d left the data exposed, they knew it had been located by at least one unauthorized party and they knew that a six-figure number of customers had been impacted, but they consciously elected to keep it quiet and not notify anyone, ” Hunt told Motherboard.
4. Are NotPetya hackers back? Cybercriminals clean out bitcoin wallet, hike ransom demand to $255,000 :
Hours before the bitcoin wallet tied to NotPetya was emptied, a new message reportedly appeared demanding that victims pay 100 bitcoins ($255,000, £197,000) in exchange for a private key that allegedly decrypts all files encrypted with the NotPetya ransomware. Despite the hackers now having reportedly decrypted a file, researchers are still of the opinion that this may not be enough evidence that all NotPetya-encrypted files can now be recovered. It was also reported that some of the hackers associated with NotPetya successfully decrypted a 200KB Word file as proof that they are in possession of a decryption key. Earlier in the week, hackers believed to be associated with the NotPetya attacks reportedly resurfaced to clean out their bitcoin wallet. Researchers previously found that NotPetya was not a regular ransomware, but functioned as a wiper malware – thus encrypted files were destroyed and could not be decrypted. 2017 ‘s second massive ransomware attack, dubbed NotPetya, that affected computers all over the world is continuing to pose a puzzle, mainly due to the apparent erratic behavior of hackers allegedly linked to the attack. Motherboard reported that although the message failed to specify where victims could send their money, the hackers have set up a new bitcoin wallet not associated with the one that was previously collecting ransoms. “They already put people in a situation where they can ‘t recover their files and data even if the private key is released. “They already f***ed people even if they release the private key, ” Suiche said. This only goes to further obscure the matter, given that several security experts previously indicated that the motive of the attacks was not to make money but to create havoc.
5. Hackers spreading WannaCry ransomware copycat for Android arrested by Chinese police :
Chinese police have been cited as saying that the ransomware affected less than 100 victims and that the malware ‘s distribution was limited because the hackers operating it didn’t ‘t have the tools and experience required for widespread distribution. Chinese police have arrested two men for distributing a variant of the SLocked Android ransomware, customized to look similar to WannaCry, the Windows wormable malware that spread across the globe in May, infecting numerous businesses and organizations in over 150 countries. Bleeping Computer reported that the two ransomware developers spread their customized ransomware via Chinese forums. According to security researchers at Trend Micro, the ransomware was spread via a cheating tool for a popular Chinese gaming app called King of Glory. The payments however, were tracked by the Chinese police, leading to the arrest of the duo. The hackers reportedly asked victims to send them 40 Chinese renminbi ($6, £4. A Chinese security firm reportedly played a major role in helping authorities apprehend the cybercriminals. The two cybercriminals were arrested on 7 June, just five days after security researchers first spotted the Android ransomware campaign. While the former was charged with creating the ransomware, the later is suspected to have been in charge of distribution. Chinese authorities said they found 34 malware samples on various phones and tech devices.
6. Has AlphaBay pulled an exit scam? Dark web market goes mysteriously offline sparking fears of heist :
One of the most prominent dark web marketplaces, AlphaBay, which is also known as the “new Silk Road ” has reportedly mysteriously gone offline, sparking fears among users of a potential exit scam that could have resulted in the administrators of the site making away with millions of dollars in Bitcoin. Although the administrators claimed that the site was hacked, users speculated that the timing of the hack suggested an exit scam, given that the site ‘s bitcoin wallet was stolen. Although it is not uncommon for such sites to go offline when undergoing maintenance, there reportedly was no alert or warning from the dark web site ‘s administrators about the outage. Speculation has since been rife about what could have caused the outage, with some Reddit users claiming that the site may have been shut down as part of an elaborate exit scam to steal the bitcoins stored. “These exit scams are often the first assumption when a marketplace goes offline, however there are alternatives including intrusions from other criminals, DDoS attacks from competitors, law enforcement interdictions, and even unannounced site maintenance. The dark web marketplace ‘s website reportedly went offline on 5 July at around 7am GMT (3am EDT. However, Next Web reported that on Wednesday evening, despite AlphaBay remaining down, a Reddit user associated with the site going by the pseudonym Big_Muslces said that the “servers are under update ” and that the site “will be back online soon . These exit scams are one of the risks when conducting business in criminal marketplaces, ” Holland told us. In May, the dark web marketplace Outlaw went offline. “Dark web exit scams are nothing new and are quite common.
7. UK’s new ‘cyber nerve centre’ tackled 480 major incidents in its first 8 months :
“This increase in major attacks is mainly being driven by the fact that cyberattack tools are becoming more readily available, in combination with a growing willingness to use them, ” he said, as reported by ComputerWeekly. The existence of the NCSC has coincided with a spike in the reporting of digital crimes over the past few months, John Noble, a director of incident management at the agency, told attendees at the Cyber Security Summit in London on Tuesday 4 July. ” Martin was speaking a month after US intelligence published its analysis of the hacking campaign that targeted the 2016 US presidential election, believed to be the work of two cybercrime units, dubbed Fancy Bear (APT28) and Cosy Bear (APT29), each with alleged links to Russian spies. In its first month of operation alone, the NCSC responded to nearly 70 hacking incidents including seven cases of ransomware. Most recently, the NCSC was forced to respond to an attempted hack against the British parliament, with attackers using brute-force tactics to try and force their way into politicians ‘ email accounts. Ciaran Martin, head of the NCSC, told The Sunday Times in a rare interview that some of the incidents involved state-sponsored hackers vying for government secrets. In February this year officials revealed the UK was being hit with roughly 60 significant cyberattacks every month. The UK ‘s new National Cyber Security Centre (NCSC) had a busy first eight month of operation contending with a total of 480 major incidents, from global ransomware outbreaks to smaller breaches at British businesses. “There has been a step change in Russian aggression in cyberspace, ” he said at the time. Conservative MP Mike Penning said at the time the UK is “regularly targeted by criminals, foreign intelligence services and other malicious actors.
8. Hackers steal ‘billions’ from huge South Korean ethereum and bitcoin exchange :
An internet watchdog in South Korea is probing a cyberattack against Bithumb, one of the country ‘s dominant cryptocurrency exchanges, after data relating to more than 30,000 users was exposed and more than a billion won, the local currency, allegedly drained from accounts. In April this year, another South Korean cryptocurrency exchange called Yapizon lost what equated to millions of US dollars after hackers were able to infiltrate its computer network and steal more than 3,800 bitcoin from users. According to BraveNewCoin, Bithumb is the largest bitcoin and Ethereum exchange in South Korea, and one of the five largest bitcoin exchanges in the world. In this case, one victim told cryptocurrency outlet BraveNewCoin that an attacker “posed as an executive at Bithumb ” via a phonecall to claim the firm found suspicious foreign activity on an account. The hackers reportedly used ‘voice phishing ‘ (vishing) tactics to gain full entry to accounts. Tech website Motherboard pointed towards Naver, South Korea ‘s version of Reddit, which featured updates from furious Bithumb members complaining about losing digital currency after the cyberattack. It is currently one of the biggest ethereum exchanges in the country by volume, reportedly accounting for more than 44% of South Korea ‘s overall trading in that form of currency alone. The state-run Korea Internet and Security Agency (KISA) was first contacted by Bithumb on 30 June to report that personal data had leaked from its systems after an employee ‘s home PC was hacked. The firm claimed the number of impacted customers was roughly 3% of its userbase. One alleged victim there claimed 7,100,000 won (£4,770, $6,000) was drained from an account.
9. WWE data breach: Over 3 million fans’ personal data exposed in massive leak :
Researcher Bob Dyachenko, from security company Kromtech, told Forbes that he had uncovered a database that contained millions of users ‘ data, including their home and email addresses, birth dates, educational background, ethnicity, earnings, children ‘s age ranges, and genders. WWE said it is currently investigating a “vulnerability of database ” after a security firm revealed it had discovered a massive, unprotected database containing the data of over 3 million users. However, he also noted that another database on Amazon ‘s hosting service contained European fans ‘ data including names, telephone numbers and addresses. “Although no credit card or password information was included, and therefore not at risk, WWE is investigating a vulnerability of a database housed on Amazon Web Services, which has now been secured, ” the company said. Dyachenko noted that anyone who knew which web address to search could access the leaked database, stored in plain text, on an Amazon Web Services S3 server without username or password protection. WWE acknowledged the breach in a statement posted on the company’s website on Thursday and said it is working with Amazon Web Services and security firms Smartronix and Praetorian to investigate the issue. “WWE utilizes leading cybersecurity firms Smartronix and Praetorian to manage data infrastructure and cybersecurity and to conduct regular security audits on AWS. However, he suspects it could have come from one of the company’s marketing teams since it included troves of social media tracking data including posts from both the WWE stars and fans. We are currently working with Amazon Web Services, Smartronix and Praetorian to ensure the ongoing security of our customer information. ” The company did not specify when the database was leaked or who may be responsible for the breach.
10. ‘CopyCat’ malware infected 14 million Android devices and generated $1.5m for hackers :
Typically, legitimate advertisers are paid for displaying ads that lead to the installation of certain apps but in this case the malware was designed to let the hackers generate funds by allegedly scamming a leading analytics service called Tune, Check Point said. In short, the malware used two tactics to steal ad revenue: displaying fraudulent ads for clicks and stealing referrer IDs of apps installed from Google Play – the official Android marketplace. Old exploits, new tricks “CopyCat successfully rooted over 54% of the devices it infected, which is very unusual even with sophisticated malware, ” the researchers wrote, adding that all exploits used were “both widely used and very old ” – with some being issued patches way back in 2013. In a lucrative cybercrime scheme, hackers were able to use a strain of mobile malware to infect 14 million Android devices and generate roughly $1. In a 13-page analysis this week (6 July), researchers from cybersecurity firm Check Point said the malware – dubbed CopyCat – was able to successfully give hackers “full control ” over roughly 8 million devices in an “unprecedented ” campaign between April and May last year. To stay protected from Android malware of this nature, experts advise users only download apps from official marketplaces and ensure all devices have the latest security updates installed. 4m infected devices were used to “steal credit ” for Google Play referrals. In its blog, Check Point admitted it’s possible the hackers “used MobiSummer ‘s infrastructure ” without the firm ‘s knowledge. “We called it [CopyCat] because it takes credit for installations it didn ‘t initiate, which is the big technological innovation it presents, ” Daniel Padon, Check Point threat researcher, told eWEEK. The exploits remained effective because “users patch their devices infrequently, or not at all.