Search This Blog

Latest News

United States Charged Six Russian Intelligence Officers with Involvement in An Unrestricted Huge Hacking Campaign

  With involvement in an 'unrestricted huge hacking campaign', which incorporates the famous Petya ransomware attacks which hav...

All the recent news you need to know

Expert opinion: how the digital currency of the Bank of Russia will change the future of the country

Announcing the possible appearance of the digital ruble, the Russian Central Bank joined dozens of world Central banks that have begun research and experiments in the field of creating national digital currencies.

Yevgeny Marchenko, Director of E. M. FINANCE, was one of the first to share his opinion on the issue. The expert is sure that the introduction of the digital ruble is necessary to increase the convenience of payments for citizens.

Also, among other advantages for citizens and banks, the introduction of the electronic ruble will allow the Bank of Russia to better regulate the country's economy.

The official representative of the Garantex cryptocurrency exchange, Tatyana Maksimenko, noted that it will be increasingly difficult to conduct gray and black schemes since cash flows will be under control — both foreign and domestic.

According to independent expert Leonid Khazanov, the digital ruble is primarily beneficial to the Bank of Russia and the Federal Tax Service. According to him, it will be possible to more effectively control the movement of cash flows in the country and it will be easy to identify any user who has an electronic wallet, which means complete transparency of all transactions. And no one can create several accounts or disguise themselves in any way, each legal entity and individual can only have one e-wallet.

Experiments by Central banks in a number of countries with the national digital currency reveal unsolved problems: for example, the inability to control cross-border movements or the potential use of anonymizers that make it difficult to track payments. The fate of digital currencies, including the ruble, depends on whether regulators will be able to close these gaps.

Iranian Hacker Group Using New Tools to Target Government Agencies of Broader Middle East Region

 

In the part of their attacks on companies and government agencies in the broader Middle East region, an Iranian cyberattack group has begun utilizing new tools, including a custom download utility and commodity ransomware, as per Broadcom's Symantec division. 

Dubbed as Seedworm, the group gives off an impression of being deploying a few variations of a new downloader, known as PowGoop, to the recent targets.

The utilization of the noxious program doesn't demonstrate a shift to ransomware-based cybercrime for the group, yet rather a reception of a more extensive variety of strategies for countering defensive measures. 

The software downloads and decrypts 'obfuscated' PowerShell scripts to run on compromised frameworks, utilizing the basic utility as an approach to execute code. 

The researchers additionally state that the group is sending ransomware, known as Thanos, which previously appeared available to be purchased not long ago and gives off an impression of being utilized by Seedworm for its 'destructive capacities'.

"Looking at Seedworm's history, it is apparent they've been focused on Middle East-based government organizations for years," "We don't believe that they are directly focused on monetary gain. From our standpoint, the Thanos victim organizations [represent] very few [targets] — just a handful at the most," says Vikram Thakur, Symantec's technical director. 

The researchers were moderately sure, nonetheless, in ascribing PowGoop to the Iranian state actor.

"Seedworm has been one of the most active Iran-linked groups in recent months, mounting apparent intelligence-gathering operations across the Middle East," Symantec researchers stated in their analysis.  
"While the connection between PowGoop and Seedworm remains tentative, it may suggest some retooling on Seedworm's part. Any organizations that do find evidence of PowGoop on their networks should exercise extreme caution and perform a thorough investigation." 

"There is nothing sophisticated about PowGoop aside from it being custom-made and that it uses multiple layers of encoded PowerShell scripts to effectively download and execute PS-based payloads," Thakur added later.

PowGoop has additionally been identified by various other companies. Security firm Palo Alto Networks associated PowGoop with two ransomware attacks on companies in the Middle East and North Africa at the beginning of September.

United States rejected Putin's offer to cooperate on cybersecurity

The US authorities for the first time publicly responded to the proposal of Russian President Vladimir Putin to resume cooperation in the field of international information security. US Assistant Attorney General for National Security John Demers called the Kremlin's initiative "nothing more than false rhetoric, cynical and cheap propaganda.” And Secretary of State Mike Pompeo said that Russia is dismissive of public security and international stability in cyberspace.

On September 25, Vladimir Putin invited the US authorities to resume cooperation in the field of international information security, which began in 2013 but was frozen due to disagreements over Ukraine and Russia's alleged interference in the 2016 US presidential election.

The President of the Russian Federation then stated that the dialogue in the cyber sphere should not be a "hostage" of political disputes, and proposed a four-point program for restoring cooperation.

In a statement, the Russian President said that "the risk of a large-scale confrontation in the digital sphere is one of the main strategic challenges of our time." "Special responsibility" for preventing cyberwarfare lies, as the Kremlin said, "on key players in the field of international information security," that is, primarily on Russia and the United States.

On October 7, in an interview with the Russia TV channel, Vladimir Putin complained that there was no response to his proposal from the United States. "Unfortunately, as with a number of our other initiatives, there is no response to this, I believe, very important topic, although there are continuing complaints against us about our hyperactivity in the information sphere, interference in elections there, and so on, which have absolutely no basis,” said Mr. Putin.

Mobile Versions of Several Browsers Found Vulnerable to Address Bar Spoofing Flaws

 

Several mobile browsers including Firefox, Chrome, and Safari were found vulnerable to an ‘address bar spoofing’ flaw which when exploited could allow a threat actor to disguise a URL and make his phishing page appear like a legitimate website, according to a report published by cybersecurity company Rapid7 which reportedly worked in collaboration with Rafay Baloch - an independent security researcher who disclosed ten new URL spoofing vulnerabilities in seven browsers. 
 
The browsers were informed about the issues in August as the vulnerabilities surfaced earlier this year; some of the vendors took preventive measures - patching the issues beforehand while others left their browsers vulnerable to the threat. 
 
Notably, the Firefox browser for Android has already been fixed by Mozilla, and for those who haven’t updated it yet make sure you do it now. While Google’s Chrome Browser on both Android and iOS is still vulnerable to the threat and is unlikely to be patched until September. Other affected browsers include Opera Touch, UC Browser, Yandex Browser, RITS Browser, and Bolt Browser. 

In order to execute an address bar spoofing attack, the attacker alters the URL which is displayed onto the address bar of the compromised web browser which is configured to trick victims into believing that the website they are browsing is monitored by an authenticated source. However, in reality, the website would be controlled by the attackers carrying out the spoofing attack. The attacker can trick his victims into providing their login details or other personal information by making them think as they are connected to a website like Paypal.com. 
 
“Exploitation all comes down to, "Javascript shenanigans." By messing with the timing between page loads and when the browser gets a chance to refresh the address bar, an attacker can cause either a pop-up to appear to come from an arbitrary website or can render content in the browser window that falsely appears to come from an arbitrary website”, the report explained. 
 
“With ever-growing sophistication of spear-phishing attacks, exploitation of browser-based vulnerabilities such as address bar spoofing may exacerbate the success of spear-phishing attacks and hence prove to be very lethal,” Baloch further told.