Election Commission of India (ECI) Requesting to File A FIR against Cyber Expert

The Election Commission of India (ECI) has approached the Delhi Police asking for them to file a FIR and investigate the statement made by self-claimed cyber expert Syed Shuja.

Syed claims that he was a part of the group at Electronic Corporation of India Ltd (ECIL), which planned and developed the EVMs and furthermore affirmed that the 2014 general elections in India were tampered with.

The EC has requested that the police "investigate promptly" the statement made by Shuja at an event in London on the 21st of January 2019.

A few regional leaders have taken to twitter to express genuine concerns with respect to the security aspects of the machines. They said that if EVMs can really be altered as guaranteed in the conference in London, then it ought to be completely tested as it puts our democracy and the appointive procedure in hazard.

In an electrifying case, Shuja has likewise said that senior BJP Gopinath Munde was killed on the grounds that he knew about EVMs being fixed in 2014.

The Election Commission of India was as of now examining what legitimate move could be made in regards to the question and answer session sorted out by Indian Journalists' Association and has over and over kept up that the electronic voting machines were secure.

Amazon, Apple, Spotify, Google failed to comply with GDPR

Online entertainment streaming websites like Apple, Amazon, Spotify, Google, and eight other tech giants have been accused of failing to comply with the European Union's General Data Protection Regulation (GDPR).

European Union's data regulation law give customers the right to access a copy of the personal data that companies hold about them.

A data privacy activist Max Schrems and director at Noyb, requested them about his private data, however companies let people download a copy of their data, but some of the data was "intelligible and difficult to understand by people.

"No service fully complied," Noyb said in its statement.

The Austrian watchdog Noyb filed complaints against the tech giants with the Austrian authority on behalf of ten users.

 Schrems said: "In most cases, users only got the raw data, but, for example, no information about who this data was shared with.

"This leads to structural violations of users' rights, as these systems are built to withhold the relevant information."

The companies could be fined up to 20 million euros (£17.7m) or 4% of a company's global turnover as per the GDPR.

However, Spotify released a statement stating: "Spotify takes data privacy and our obligations to users extremely seriously. We are committed to complying with all relevant national and international laws and regulations, including GDPR, with which we believe we are fully compliant."

West African Financial Institutions Attacked by Hackers via Living off the Land Tactics

Employing ‘living off the land’ tactics and generic malware, an unidentified hacker group is reported to have attacked financial institutions of West Africa.  ‘Living off the land’ tactics make use of legitimate network administration tools or operating system features to gain unauthorized access to the targets’ networks.
The hackers attacked the organizations based in Equatorial Guinea, Cameroon, Ivory Coast, Congo (DR) and Ghana. Notably, the attack was from 2017 and the latest one is reported to be in December 2018.
A total of four different attack campaigns which compromised the network of various West African financial institutions have been observed by the security researchers at Symantec.
Four Variants of Attack
In the first attack campaign, hackers made use of infected word documents which belonged to West African bank. The victims were attacked via Nanocore malware which was executed through the Microsoft Sysinternals tool PsExec on victims’ devices.
The second attack campaign made use of a hacking tool known as Mimikatz, a malware called Cobalt Strike and a remote administration tool named UltraVNC.
Referencing from the report by Symantec, the hackers employed PowerShell scripts to corrupt networks by the attacks which they probably executed in late 2017, they used Mimikatz for credential surfing and for remote administration they resorted to UltraVNC. Besides, Cobalt Strike was employed for backdooring and to secure a connection with the C&C server in order to download additional playloads.
The third variant of attack involved usage of Remote Manipulator System R AT, hacking tool – Mimikatz and RDP (Remote Desktop Protocol). This variant of attack targeted organizations based in Ivory Coast, hackers stole the credentials through Remote Manipulator System RAT and Mimikatz tool which allowed them to establish a remote desktop connection.
The fourth variant of the attack employed stealer Imminent Monitor RAT, it dealt with stealing information from compromised computers and downloading additional malware. It is reported to have originated in the month of December, last year.

Customer data of lending firm breached

New age data-driven technology companies are always prone to attack on their data storage facilities, more so if they are in the fintech domain.

Last week, an early-stage lending startup Rupee-Redee discovered vulnerabilities in its data stack stored on the Amazon cloud. A data security enthusiast who goes by the name of Gareth on Twitter pointed out that RupeeRedee was ‘leaking’ customer details because of some vulnerability on its cloud storage facilities. What could be accessed was customer scanned copies of Aadhaar or Pan cards which are usually submitted by applicants during KYC.

On being pointed out by ET, after some redacted files were put out in the public domain, the company swiftly got the leak sealed with help of professionals by late Friday.

“A potential isolated vulnerability in one of our data storage block (Amazon) was brought to our attention by a data surveillance enthusiast. Thankfully the vulnerability was recognized and fixed within a few hours thereby preventing any compromise of our systems or customer data. It is noteworthy that we have been audited by Certified Information Systems Auditor (CISA) in the recent past and continue to be committed to maintaining highest standards in data security and privacy,” said Jitin Bhasin, director, RupeeRedee in an official comment to ET.

RupeeRedee, is a subsidiary of Digital Finance International, which serves millions of customers across 16 countries. It is a digital platform, headquartered in Haryana, India. It enhances its services through technology to provide short-term lending, aiming to do so easily and efficiently.

Hackers carried out a massive cyberattack on Russian Banks

The international company Group-IB recorded the first major cyberattack since the beginning of the year. The hacker group Silence made about 80 thousand malicious mailings to employees of Russian Banks, credit and financial institutions and payment systems.

Rustam Mirkasymov, Expert on cyber intelligence in Group-IB, believes that at the moment Silence is one of the most dangerous Russian-speaking groups, actually standing on a par with Cobalt and MoneyTaker.

On January 16, hackers started sending phishing emails on behalf of "Forum iFin-2019" with an attached ZIP archive, inside of which there is an invitation to the banking forum, as well as a malicious attachment Silence.Downloader aka TrueBot.

In Group-IB emphasize that this malware is used only by hackers Silence.

Hackers used a real announcement at the XIX International Forum "Electronic Financial Services and Technologies", which will be held in Moscow on 19 and 20 February. An interesting fact is that the organizers announced the financial forum by e-mail a few hours before the hacker.

Recall that in November last year, the hacker group Silance conducted a massive cyber attack on Russian banks from the fake address of the Central Bank of Russia. At the same time, at the plenary session of the XI St. Petersburg International Innovation Forum it was stated that every eight seconds in Russia there is one cyber attack on the servers of companies and Banks. The average damage from one hacker attack is 30 million rubles. The majority of hacks and attacks occur during the night time when security systems are most vulnerable.