Israeli CERT will be hosting a FIRST-TC Conference at the David InterContinental Hotel in Tel Aviv, Israel


For the first time, CERT-IL will be hosting a FIRST-TC Conference at the David InterContinental Hotel in Tel Aviv, Israel on February 19-21, 2019.

The conference has an impressive lineup of speakers from leading global technology companies and will focus on incident response and the importance of creating an operative threat intelligence environment for an effective CERT division, as well as provide novel insights into new and emerging cyber threats.

Participants will be presented with case studies, incident response tools and challenges common in the field. In addition, the conference will place special emphasis on the importance of information sharing between CERT and its constituents, as well as with the wider global cyber community.

The conference will also include a cyber-attack simulation workshop from offensive and defensive points of view, and will include exciting previously unpublished research.

Seats are being set aside for members of the international cyber community to join the 200 already signed-up participants from leading companies located in Israel. To register for the conference, please follow the instructions on one of the following links:

FIRST members:
https://first.org/events/colloquia/telaviv2019/registration

Non-FIRST members:
https://www.gov.il/en/Departments/news/first-tc-2019

About:
Located in the city of Beersheba in the heart of southern Israel, CERT-IL is a 24/7 center, offering assistance to critical national infrastructure companies, SMB's and to the average person on the street. As part of its services, CERT-IL launched an emergency phone number for cyber incidents: 119. Any citizen or organization that thinks they are being attacked can call and receive initial assistance over the phone, and if deemed necessary, an incident response team can travel to the site of the attack, put an end to the incident, and with INCD’s Robustness Unit, help the company return to business as usual.

In order to provide tailor-made protection for Israel’s economy, the INCD has already begun to establish a SOC “city” in Beersheba. Under the umbrella of CERT-IL, and in a joint venture with the relevant ministry, special sectorial SOCs have begun operational activities. The first SOCs were in the financial, energy and government sectors, and activity has now expanded to include a public security SOC, with additional sectors to be added in the future.

The Israel National Cyber Directorate, which is under the purview of the Prime Minister’s Office, is responsible for all aspects of civilian cybersecurity. This includes formulating policies, building technological power, implementing operational defense in cyberspace and more. The INCD provides incident response services and guidance for all civilian entities and critical infrastructures in the Israeli economy, and works towards strengthening civilian cyberspace.

One of the INCD’s main goals is to assist Israeli organizations and the Israeli public-at-large deal with cyber threats—irrespective of from where the threats originate. This assistance is provided by the INCD’s CERT (CERT-IL).

CERT-IL is a National CSIRT and a member of FIRST (the Forum of Incident Response and Security Teams, http://www.first.org).


Election Commission of India (ECI) Requesting to File A FIR against Cyber Expert


The Election Commission of India (ECI) has approached the Delhi Police asking for them to file a FIR and investigate the statement made by self-claimed cyber expert Syed Shuja.

Syed claims that he was a part of the group at Electronic Corporation of India Ltd (ECIL), which planned and developed the EVMs and furthermore affirmed that the 2014 general elections in India were tampered with.

The EC has requested that the police "investigate promptly" the statement made by Shuja at an event in London on the 21st of January 2019.

A few regional leaders have taken to twitter to express genuine concerns with respect to the security aspects of the machines. They said that if EVMs can really be altered as guaranteed in the conference in London, then it ought to be completely tested as it puts our democracy and the appointive procedure in hazard.

In an electrifying case, Shuja has likewise said that senior BJP Gopinath Munde was killed on the grounds that he knew about EVMs being fixed in 2014.

The Election Commission of India was as of now examining what legitimate move could be made in regards to the question and answer session sorted out by Indian Journalists' Association and has over and over kept up that the electronic voting machines were secure.




Amazon, Apple, Spotify, Google failed to comply with GDPR






Online entertainment streaming websites like Apple, Amazon, Spotify, Google, and eight other tech giants have been accused of failing to comply with the European Union's General Data Protection Regulation (GDPR).

European Union's data regulation law give customers the right to access a copy of the personal data that companies hold about them.

A data privacy activist Max Schrems and director at Noyb, requested them about his private data, however companies let people download a copy of their data, but some of the data was "intelligible and difficult to understand by people.

"No service fully complied," Noyb said in its statement.

The Austrian watchdog Noyb filed complaints against the tech giants with the Austrian authority on behalf of ten users.

 Schrems said: "In most cases, users only got the raw data, but, for example, no information about who this data was shared with.

"This leads to structural violations of users' rights, as these systems are built to withhold the relevant information."

The companies could be fined up to 20 million euros (£17.7m) or 4% of a company's global turnover as per the GDPR.

However, Spotify released a statement stating: "Spotify takes data privacy and our obligations to users extremely seriously. We are committed to complying with all relevant national and international laws and regulations, including GDPR, with which we believe we are fully compliant."

West African Financial Institutions Attacked by Hackers via Living off the Land Tactics



Employing ‘living off the land’ tactics and generic malware, an unidentified hacker group is reported to have attacked financial institutions of West Africa.  ‘Living off the land’ tactics make use of legitimate network administration tools or operating system features to gain unauthorized access to the targets’ networks.
The hackers attacked the organizations based in Equatorial Guinea, Cameroon, Ivory Coast, Congo (DR) and Ghana. Notably, the attack was from 2017 and the latest one is reported to be in December 2018.
A total of four different attack campaigns which compromised the network of various West African financial institutions have been observed by the security researchers at Symantec.
Four Variants of Attack
In the first attack campaign, hackers made use of infected word documents which belonged to West African bank. The victims were attacked via Nanocore malware which was executed through the Microsoft Sysinternals tool PsExec on victims’ devices.
The second attack campaign made use of a hacking tool known as Mimikatz, a malware called Cobalt Strike and a remote administration tool named UltraVNC.
Referencing from the report by Symantec, the hackers employed PowerShell scripts to corrupt networks by the attacks which they probably executed in late 2017, they used Mimikatz for credential surfing and for remote administration they resorted to UltraVNC. Besides, Cobalt Strike was employed for backdooring and to secure a connection with the C&C server in order to download additional playloads.
The third variant of attack involved usage of Remote Manipulator System R AT, hacking tool – Mimikatz and RDP (Remote Desktop Protocol). This variant of attack targeted organizations based in Ivory Coast, hackers stole the credentials through Remote Manipulator System RAT and Mimikatz tool which allowed them to establish a remote desktop connection.
The fourth variant of the attack employed stealer Imminent Monitor RAT, it dealt with stealing information from compromised computers and downloading additional malware. It is reported to have originated in the month of December, last year.



Customer data of lending firm breached

New age data-driven technology companies are always prone to attack on their data storage facilities, more so if they are in the fintech domain.

Last week, an early-stage lending startup Rupee-Redee discovered vulnerabilities in its data stack stored on the Amazon cloud. A data security enthusiast who goes by the name of Gareth on Twitter pointed out that RupeeRedee was ‘leaking’ customer details because of some vulnerability on its cloud storage facilities. What could be accessed was customer scanned copies of Aadhaar or Pan cards which are usually submitted by applicants during KYC.

On being pointed out by ET, after some redacted files were put out in the public domain, the company swiftly got the leak sealed with help of professionals by late Friday.

“A potential isolated vulnerability in one of our data storage block (Amazon) was brought to our attention by a data surveillance enthusiast. Thankfully the vulnerability was recognized and fixed within a few hours thereby preventing any compromise of our systems or customer data. It is noteworthy that we have been audited by Certified Information Systems Auditor (CISA) in the recent past and continue to be committed to maintaining highest standards in data security and privacy,” said Jitin Bhasin, director, RupeeRedee in an official comment to ET.

RupeeRedee, is a subsidiary of Digital Finance International, which serves millions of customers across 16 countries. It is a digital platform, headquartered in Haryana, India. It enhances its services through technology to provide short-term lending, aiming to do so easily and efficiently.