Hackers targeting GitHub developers with stealthy and self-destructing Dimnie Trojan: Hackers are targeting developers sharing code on GitHub with a malicious email campaign designed to infect victims with a stealth malware called Dimnie. Given the malware’s stealth features and its ability to mask communications behind regular network traffic, the researchers have been unable to pinpoint when this fresh and updated version of Dimnie was developed and first launched in attacks. However, reports speculate that one of the reasons why the attackers may have gone after GitHub developers, many of whom likely work for various organizations, may have been to gain access to the victims workplace computer networks. The researchers claimed.
Over 3.7 million Hong Kong voters’ personal info stolen days after chief executive elections: Days after the people of Hong Kong elected their new chief executive, the registration and electoral agency has reported the disappearance of two laptops that contained over 3 million. It also contained the personal information of 1,200 electors on the Election Committee who selected Carrie Lam Cheng Yuet-ngor as Hong Kong’s chief executive just a few days back. A similar data breach was reported in September 2016 when a laptop containing over 3,675 patients personal information was stolen from the University of Hong Kong’s department of medicine. The agency says the data on both laptops was encrypted so it may be difficult to access, and so far there has been no report of any data breach. The theft of the data, which is seen as the largest ever for Hong Kong, included the names of voters along with their detailed addresses, phone numbers and voter identity card numbers. However, if the laptops fall into the hands of professional hackers, it should not be too difficult to encrypt the data.
Double Agent: Critical zero-day security flaw turns all antivirus software against you: Cybersecurity researchers have discovered a zero-day vulnerability that would enable attackers to gain access to many major antivirus software brands on the market today and use the software to hijack a user’s computer. Instead of trying to hide from antivirus software, the technique enables attackers to seize control of the antivirus and install malware that hijacks the user’s machine to do pretty much anything the hacker wants, from installing backdoors to sending data out to the hacker’s server or stealing and encrypting user data. Malwarebytes, AVG, Trend Micro, Kaspersky Lab, ESET and Avast have all issued statements that they have patched the bug, while Comodo and Symantec claim that their products were either not vulnerable or provide protections able to negate such an attack. Researchers from Israel-based cybersecurity firm Cybellum have found that a 15-year-old legitimate feature of Windows called Microsoft Application Verifier that exists in every single version of the operating system can be exploited to enable hackers to inject malicious code into computers.
Is eBay putting users’ security at risk by ‘downgrading’ to text-based authentication?: eBay, one the most popular online marketplaces, is reportedly asking its users to sacrifice security for convenience on their accounts by ditching a popular method of two-factor authentication in favour of text-based sign-ins, according to cybersecurity expert Brian Krebs. A statement read: “Our product team is constantly working on establishing new short-term and long-term, eBay-owned factors to address our customers’ security needs. Two-factor, however, bolsters security even more by needing a physical piece of hardware to work. “eBay continues to work on advancing multi-factor authentication options for our users, with the end goal of making every solution more secure and more convenient. It stated: “We’re going to make two-step verification more convenient by texting you a Pin instead of having you use your token. There are two main types of security verification: two-step and two-factor. “To that end, we’ve launched SMS-based 2FA as a convenient 2FA option for eBay customers who already had hardware tokens issued through PayPal. It has become a widely-held belief in the cybersecurity world that two-step authentication via text message is weaker than other forms of account verification.
Hackers Threaten to Remotely Wipe 300 Million iPhones Unless Apple Pays Ransom: It has been found that a mischievous group of hackers claiming to have access to over 300 million iCloud accounts is threatening Apple to remotely wipe data from those millions of Apple devices unless Apple pays it $75,000 in crypto-currency or $100,000 worth of iTunes gift cards. However, the story seems inconsistent, as on its Twitter account, the group claims to have access to 200 million iCloud accounts, while in one of the emails, it says to access 300 million Apple email accounts and in another, the number gets almost double to 559 million. The screenshots of email exchange indicate that when Apple security team asked for a sample list of hacked account to verify the claims, the group only provided a YouTube video demonstrating access to one of the allegedly hacked accounts and remotely wiping all content from the device. Motherboard broke this story on Tuesday after a hacker claiming to represent the alleged hacking group shared screenshots of alleged emails between the group and Apple’s security team with the publication. Unless its demands are met, the group are going to start remotely wiping victim’s Apple devices and reset iCloud accounts. The hacking group has given Apple a deadline on payments.
Domestic malware is spreading Android malware with pseudo base stations: Like HummingBad malware, the use of Swearing malware attacks is expected to spread to other countries around the world, especially the use of BTS equipment to trick users into the installation of malicious software payload will further promote this spread trend. Swearing malware is expected to spread on a global scale These APKs contain “Swearing” Trojans, which are a comprehensive threat that collects personal data from infected devices, sends phishing messages to collect login credentials, and intercepts SMS messages to bypass the double Factor authentication system or other one-time code system. Although the Chinese authorities had arrested some of the members of the Swearing malware group last year, however, the attacker’s use of Swearing malware and cellular base station attacks occurred. TenCent said that in some cases, swearing malware groups will use different themes for SMS trick, such as sending spouses outbound photos of links or videos, or according to the latest hot events to send celebrity actress Pornographic links and so on. According to foreign media reports, Chinese malware developers are using pseudo-base stations (BTS) to send malicious messages that contain Android malware links.
CIA leaked the second bullet “Dark Matter”: WikiLeaks released the second wave of Vault 7 leaked the file, called “Dark Matter”. This leaked document is mainly related to the CIA invasion of Apple Mac and iOS devices with the technology and tools. These intrusion tools and technologies are developed by CIA’s embedded development division EDB. The document mentioned, CIA has the ability to infect Apple firmware, macOS and iOS devices to continue to monitor, even if the system reload is useless. One of the NightSkies 1.2 intrusion tools for iPhone is even ashamed: it is said that CIA at least from the beginning of 2008 to the iPhone supply chain, this tool factory has been installed on some of the iPhone – is said to be specific Is infected during transport. There are tools like DarkSeaSkies, infected with MacBook Air EFI firmware, long-term presence. Let’s take a look at what specific tools are. Leaked documents mentioned in a variety of tools, namely: Sonic Screwdriver,Der Starke,Triton,DarkSeaSkies,NightSkies,SeaPea.
UK Demands Encryption Backdoor As London Terrorist Used WhatsApp before the Attack: Following last week’s terrorist attack in London, the UK government is accusing technology firms to give terrorists “a place to hide,” saying Intelligence agencies must have access to encrypted messaging applications such as WhatsApp to prevent such attacks. The government has once again started asking for backdoor in encrypted services, arguing that it cannot give enough security to its citizens because the terrorists are using encrypted apps to communicate and plot an attack. According to Rudd, the government did not yet intend to force the companies with new legislation, but she confirmed that they have invited major tech companies, including Google and WhatsApp’s owner, Facebook, on Thursday to set up an industry board to address this issue. However, such encryption backdoor demand has once again fueled an ongoing debate over whether tech companies, like Facebook and Apple, should create backdoors into their encryption services for government. Besides these countries, the French government also tried to put million dollars of fine on tech companies like Apple and Google each time they refused to help investigators extract data from a suspect’s smartphone in terrorism cases.
US Senate Just Voted to Let ISPs Sell Your Web Browsing Data Without Permission: In October, the Federal Communications Commission ruled that ISPs would need to get consumers explicit consent before being allowed to sell their web browsing data to the advertisers or other big data companies. Since the Senate used the Congressional Review Act (CRA) to overturn the privacy rules, if the repeal is passed, it would not only roll back the FCC’s privacy rules but also prevent the regulatory body from making similar privacy regulations in the future if the. “All actors in the online space should be subject to the same rules, and the federal government shouldn’t favor one set of companies over another,” FCC said in a statement. “Therefore, he has advocated returning to a technology-neutral privacy framework for the online world and harmonizing the FCC’s privacy rules for broadband providers with the FTC’s standards for others in the digital economy. The US Senate on Wednesday voted, with 50 Republicans for it and 48 Democrats against, to roll back a set of broadband privacy regulations passed by the Federal Communication Commission (FCC) last year when it was under Democratic leadership. Ajit Pai argued that the rules, which are regulated by FTC, unfairly favored companies like Google, Twitter, and Facebook.