Search This Blog

Latest News

'XcodeGhost' Malware Infected Around 128M iOS Users

  In a recent malware attack over 128 million iOS customers have been targeted. The malware employed by the attackers goes by the name "...

All the recent news you need to know

Ransomware Attack Shuts Down Top U.S. Fuel Pipeline Network

 

The operator of a major gasoline pipeline in the U.S. shut down operations late Friday following a ransomware attack pipeline system that transports fuel across the East Coast. The attack is unlikely to affect gasoline supply and prices unless it leads to a prolonged shutdown of the pipeline, experts said. 

Colonial Pipeline did not say what was demanded or who made the demand. Ransomware attacks are typically carried out by criminal hackers who seize data and demand a large payment in order to release it.

The company is the main source of gasoline, diesel, and jet fuel for the East Coast with a capacity of about 2.5 million barrels a day on its system from Houston as far as North Carolina, and another 900,000 barrels a day to New York. It presents a new challenge for an administration still dealing with its response to major hacks from months ago, including a massive breach of government agencies and corporations for which the U.S. sanctioned Russia last month.

President Joe Biden was briefed on the incident on Saturday morning, a White House spokesperson said and added that the federal government is working with the company to assess the implications of the attack, restore operations and avoid disruptions to the supply. The government is planning for various scenarios and working with state and local authorities on measures to mitigate any potential supply issues. 

“We’ve seen ransomware start hitting soft targets like hospitals and municipalities, where losing access has real-world consequences and makes victims more likely to pay. We are talking about the risk of injury or death, not just losing your email,” said Ulf Lindqvist, a director at SRI International who specializes in threats to industrial systems.

After the shutdown was first reported on Friday, gasoline and diesel futures edged slightly higher on the New York Mercantile Exchange. Gasoline gained 0.6% while diesel futures rose 1.1%, both outpacing gains in crude oil. Gulf Coast cash prices for gasoline and diesel edged lower on prospects that supplies could accumulate in the region.

Colonial previously shut down its gasoline and distillate lines during Hurricane Harvey, which hit the Gulf Coast in 2017. That contributed to tight supplies and gasoline price rises in the United States after the hurricane forced many Gulf refineries to shut down.

Amazon Fake Reviews Scam Exposed in Data Breach

The identities of over 200,000 people who appear to be participating in Amazon fraudulent product review schemes have been exposed by an open database. 

There is an ongoing struggle between the e-commerce giant and shady traders all over the world who want to hamstring rivals and gain an advantage by creating fake product feedback. The ways in which they function and remain under Amazon's radar differ, but an open ElasticSearch server has revealed some of their inner workings. 

Researchers from Safety Detectives reported on Thursday that the server, which was open to the public and accessible online, held 7GB of data and over 13 million documents appeared to be connected to a widespread fake review scam. It is unknown who owns the server, but due to messages written in Chinese that were leaked during the incident, there are indications that the company might be based in China. 

The database includes the user names, email addresses, PayPal addresses, links to Amazon accounts, and both WhatsApp and Telegram numbers, which also included records of direct messages between consumers willing to provide false reviews and traders willing to pay them. The leak may implicate "more than 200,000 people in unethical activities," according to the team. 

The database, as well as the messages it included, exposed the strategies used by suspicious sellers. One approach involves sending a customer a connection to the goods or products for which they want 5-star ratings, and the customer then makes a purchase. After a few days, the customer leaves a positive review and sends a message to the vendor, which will result in payment via PayPal — which could be a 'refund,' while the item is kept for free. It's more difficult to spot fraudulent, paid reviews because refund payments are held off the Amazon website. 

On March 1, an open ElasticSearch server was discovered, but the owner could not be identified. On March 6, however, the leak was detected and the server was secured. 

"The server could be owned by a third-party that reaches out to potential reviewers on behalf of the vendors [or] the server could also be owned by a large company with several subsidiaries, which would explain the presence of multiple vendors," the researchers speculated. "What's clear is that whoever owns the server could be subject to punishments from consumer protection laws, and whoever is paying for these fake reviews may face sanctions for breaking Amazon's terms of service." 

Vendors are not allowed to review their own goods or receive a "cash incentive, discount, free products, or other compensation" in exchange for positive reviews, according to Amazon's spokesperson and review policy which includes third-party organizations. However, since Amazon is such a popular online marketplace, it's likely that some vendors will continue to try to take advantage of review systems in order to increase their profits. 

"We want Amazon customers to shop with confidence, trusting that the reviews they read are genuine and appropriate," a spokesperson for the company said. "We have clear policies for both reviewers and selling partners that forbid the misuse of our community features, and we suspend, ban, and taint people who break them," states the company.

A Russian specialist warned of the deadly dangers of the smartphone

 The most frequently smartphones of the company Samsung are exploded. There are also known cases when Apple products exploded in the hands of users

The leading analyst of Mobile Research Group Eldar Murtazin warned about the lethal danger that can occur when buying non-original chargers and other accessories for smartphones.

According to him, non-original chargers can ignite during use. So, a charger bought from an unfamiliar seller could turn out to be fake, which could lead not just to battery failure and wear, but also to the device igniting and breaking down.

"These are not empty words, it happens every year, and in Russia, several people die from it every year," warned the specialist.

In addition, the use of a smartphone in a bath, when it is on recharge, poses a danger, the analyst emphasized.

Also, the danger can threaten if the user decides to disassemble his smartphone.

"If you do disassemble the device, never touch the battery, because if you break its shell, it can ignite," said Murtazin.

Cheap smartphone accessories, such as headphones or cases, can also be dangerous to health, as they can cause allergic reactions or skin burns.

At the same time, Mark Sherman, managing partner of the B&C Agency communications agency, stressed that the smartphone itself can not be dangerous, but if it happens, it may be the fault of the user.

"If the smartphone breaks, you need to take it to specialists, rather than trying to fix the device yourself", added Mr. Sherman.

Earlier, Pavel Myasoedov, partner and director of Intellectual Reserve, said that contact with water, a blow or prolonged charging can lead to an explosion. According to him, most often explode smartphones of Samsung, which even had to recall all phones Galaxy Note 7 from sale on a wave of panic. There are also known cases when Apple products exploded in the hands of users.

SolarWinds Hack Alarms US Spy Agencies to Inspect Software Suppliers' Ties with Russia

 

US intelligence agencies have started to study supply chain threats from Russia, a top official within the Justice Department confirmed on Thursday 6th of May, in the wake of the far-reaching hacker operations that used software developed by SolarWinds as well as other suppliers. 

SolarWinds Inc. is an American multinational that creates software to help companies manage their IT infrastructure, systems, and networks. It is based in Austin, Texas, and has distribution and product development branches at several US locations and other countries.

According to John Demers, Assistant Attorney General for National Security, the examination will concentrate on any supply chain vulnerabilities arising from Russian businesses—or US businesses operating in Russia. 

“If there’s a back-end software design and coding being done in a country where we know that they’ve used sophisticated cyber means to do intrusions into U.S. companies, then maybe … U.S. companies shouldn’t be doing work with those companies from Russia or other untrusted countries,” Demers stated during a Justice Department-hosted cybersecurity conference. 

Demers stated that any information gathered from the Commerce Department would be passed on to the FBI and the other intelligence officials to determine whether more actions are required to remove suppliers from the U.S. supply chains or not. 

The White House accused the Russian SRV foreign intelligence agency of the spying operation which used the software of SolarWinds and penetrated at least nine U.S. federal agencies. Russian technology firms have also been endorsed by the management of Biden to finance the cyber operations of Russian intelligence agencies. Though the allegations were rejected by Moscow. 

However, the United States intelligence analysis reveals that the Biden administration is also looking into how potential spying operations will mimic whatever the SVR is supposed to use weak points in US tech companies' networks. 

An extensive range of US government and businesses were exposed to infiltration by allegedly Russian hacking. Initially, SolarWinds, stated that the malicious code had been downloaded by 18,000 customers. However, the original target list of spies was made up of 100 corporations and, as per the White House, at least nine federal agencies. 

Concerns of American officials regarding exposures to the supply chain have indeed increased in recent weeks as certain hacks arose. 

Whereas a 2019 executive order signed by then-President Donald Trump appears to approve the supply chain inspection, that forbids US telecommunications companies from using hardware that constitutes a national security risk. 

Although the executive order was widely seen as an effort to further limit the Chinese telecommunications company Huawei's access to US markets, it can also be applied to various other technologies from other countries. U.S. intelligence officers are tasked with constantly reviewing international supply chain threats and providing for additional "rules and regulations" to recognize innovations or nations that may pose a danger. 

In the supply chain screening, the US intelligence officials have long expressed fears that Moscow could use the Russian suppliers' technology to spy on America.