Search This Blog

Showing posts with label Cyber Security. Show all posts

United States rejected Putin's offer to cooperate on cybersecurity

The US authorities for the first time publicly responded to the proposal of Russian President Vladimir Putin to resume cooperation in the field of international information security. US Assistant Attorney General for National Security John Demers called the Kremlin's initiative "nothing more than false rhetoric, cynical and cheap propaganda.” And Secretary of State Mike Pompeo said that Russia is dismissive of public security and international stability in cyberspace.

On September 25, Vladimir Putin invited the US authorities to resume cooperation in the field of international information security, which began in 2013 but was frozen due to disagreements over Ukraine and Russia's alleged interference in the 2016 US presidential election.

The President of the Russian Federation then stated that the dialogue in the cyber sphere should not be a "hostage" of political disputes, and proposed a four-point program for restoring cooperation.

In a statement, the Russian President said that "the risk of a large-scale confrontation in the digital sphere is one of the main strategic challenges of our time." "Special responsibility" for preventing cyberwarfare lies, as the Kremlin said, "on key players in the field of international information security," that is, primarily on Russia and the United States.

On October 7, in an interview with the Russia TV channel, Vladimir Putin complained that there was no response to his proposal from the United States. "Unfortunately, as with a number of our other initiatives, there is no response to this, I believe, very important topic, although there are continuing complaints against us about our hyperactivity in the information sphere, interference in elections there, and so on, which have absolutely no basis,” said Mr. Putin.

UK National Cyber Security Centre Reveals Russia’s Plan to Disrupt Tokyo Olympics

 

The UK National Cyber Security Centre recently revealed that in an attempt to completely disrupt the 'world's premier sporting event' the Russian military intelligence services were coming up with a cyber-attack on the Japanese-facilitated Olympics and Paralympics in Tokyo. 

The Russian cyber-reconnaissance work covered the Games organizers, logistics services, and sponsors and was in progress before the Olympics was delayed due to Covid-19. 

The proof is the first indication that Russia was set up to venture as far as to disrupt the summer Games, from which all Russian competitors had been prohibited on account of diligent state-sponsored doping offenses. 

The Kyodo news agency said a senior Japanese government official had specified that Tokyo would think about housing a protest with Moscow if cyber-attacks were affirmed to have been carried out by Russia. 

Japan's chief government spokesman, Katsunobu Kato, said the country would do all that is conceivable to guarantee that the postponed Games would be liberated from any and every cyber-attacks. 

“We would not be able to overlook an ill-intentioned cyber-attack that could undermine the foundation of democracy,” Kato stated, including that Japanese authorities were gathering data and would keep on imparting it to other countries. 

The UK government announced with what it reported with 95% certainty that the disruption of both the winter and summer Olympics was carried out distantly by the GRU unit 74455. 

In PyeongChang as well, as indicated by the UK, the GRU's cyber unit endeavored to camouflage itself as North Korean and Chinese hackers when it focused on the opening ceremony of the 2018 winter Games, smashing the site to stop spectators from printing out tickets and crashing the WiFi in the arena. 

The key targets additionally included broadcasters, a ski resort, Olympic officials, services providers, and sponsors of the games in 2018, which means the objects of the attacks were not simply in Korea.

The foreign secretary, Dominic Raab, stated: “The GRU’s actions against the Olympic and Paralympic Games are cynical and reckless. We condemn them in the strongest possible terms.” 

Included later that, “the UK will continue to work with our allies to call out and counter future malicious cyber-attacks.” 

These allegations of the UK are believed to be a part of an endeavor to disrupt Russia's cybersecurity threat through maximum exposure and stop any interruption of a rescheduled summer Games next year.

Common Phishing Email Malware Attachments That You Need To Avoid

 




One of the most popular ways of distributing malware is via malicious email attachments poised as invoices, payment recipes, error pages. These emails include attachments to word and excel files, that when opened can install the malware in your system. 

Recognizing these email attachments used by phishing emails could make a big difference towards a safer cyber experience.

Before these files (Word and Excel) could make changes in your system or macros, Office requires you to click on the 'Enable Editing' or 'Enable Content' button which you should never do as it'll enable them to infect your system.

The miscreants trick users by displaying a document template that displays that there is an error in viewing or displaying and ask the user to 'Enable Editing' or 'Enable Content'.

 
Here are some common phishing attachments used by malware attackers that you need to avoid- 

BazarLoader

Malware developed by the TrickBot trojan group, they remotely access your computer to deploy the Ryuk ransomware to the whole network. 

  • BazarLoader usually has phishing attachments containing Word or Excel documents hosted on Google Docs and Google Sheets. 

  • These documents trick the user into downloading the executable file by displaying a template with the message that preview is not available or there were some problems and a link to download the file which then installs the BazaLoader malware.

Dridex 

A trojan said to be linked with WastedLocker used to fish passwords and login credentials. 

  •  It is easy to identify Dridex attachments as they are usually more stylized with company logos and letterheads and contains text that is difficult to read (either very small or obfuscated) and ask you to 'enable editing' to see better. 

  •  They could also be stylized templates copying Delivery or Shipping recipes. 

 Emotet 

The most common email phishing chain that steals your email to send out more spam emails. Emotnet uses warning templates instead of documents like Dridex, asking to enable content to read the document. 

  •  For Example, the 'Red Dawn' template says "This document is protected," and to enable content to read it. 

  •  Another of their template says that the document could not be opened correctly as it was created on 'iOS Device', or that the document on 'Windows 10 Mobile' which has been long discontinued.

  •  Some of the other templates they use are- "Protected View", "Accept Microsoft's license agreement" and "Microsoft Office Transformation Wizard." 

QakBot 

QakBot is a banking trojan partnered with ProLock ransomware, they have very stylized and legit looking templates. 

  •  Their famous template is the 'DocuSign', it looks like a form from DocuSign and asks to 'Enable Content and Editing'. 

 Executable Attachments 

 Files that ends with these - vbs, .js, .exe, .ps1, .jar, .bat, .com, or .scr are almost always malicious and executable files that further download codes and macros in the computer. 

 If you see an email attachments with these file types, never open them and delete them immediately as they are undoubtedly malicious.

A Government-Backed Advert for Career Opportunities in Cyber Security Taken Down Mere Hours After Release

 

A campaign originally meant to draw in more individuals to career opportunities in cybersecurity has gone under hefty analysis and criticism which ultimately resulted in it being removed completely after just a couple of hours of its release.

Part of the government's Cyber First mission, the advertisement shows a young lady tying up her ballet shoes with the caption being "Fatima's next job could be in cyber. (she just doesn't know it yet)” with the slogan "Rethink. Reskill. Reboot." 

At first, it was quite unclear regarding who was behind this campaign, with it including the branding of DCMS and NCSC's Cyber First Campaign. Secretary of State for DCMS Oliver Dowden however dismissed any association with the campaign, saying “this is not something from DCMS” while agreeing that “it was crass.” 

The poster though, one of a few which highlights individuals from a wide variety of different professions has been vigorously criticized on online media.

Javvad Malik, a security awareness advocate at KnowBe4, said the poster did come across as tone-deaf.

“With any career, you want to pull people towards it and motivate them to want to choose it,” he said. “It's only when people enjoy, have an interest in, or have a passion for a role that they actually have a sense of achievement and contentment. 

The Prime Ministers official spokesperson stated: "This is part of a campaign encouraging people from all walks of life to think about a career in cybersecurity. However, this particular piece of content was not appropriate and has been removed from the campaign. The government recognizes the challenge to the cultural industry and today the culture secretary has announced £257m of funding to help support 1,385 theatres, art venues, museums, and cultural organizations across England." 

This move comes after the chancellor denied empowering laborers in the already struggling arts industry to retrain. 

Rishi Sunak has although insisted that this was a general statement made by him about the requirement for some workers to "adapt" and recommended there would be "new and fresh opportunities" accessible for the individuals who couldn't do their old jobs.

The Covid-19 Pandemic Forces Businesses To Prioritise Investment In Cybersecurity Despite The Overall IT Budget Cuts

 


As per a Kaspersky report on ‘Investment adjustment: aligning IT budgets with changing security priorities’ organizations and businesses have focused around 'prioritizing investment' in cybersecurity in spite of the general IT budget cuts in the midst of the Coronavirus pandemic. 
The report said that “Cybersecurity remains a priority for investment among businesses. This is despite overall IT budgets decreasing in both segments amid the Covid-19 pandemic, and cybersecurity cuts affecting the most economically hit SMBs,”

And further included that, “external conditions and events can influence IT priorities for businesses. As a result of the Covid-19 lockdown, organisations have had to adjust plans to meet changing business needs – from emergency digitalisation to cost optimisation.” 

The current share of cybersecurity in IT spending has gone up from 23 percent in 2019 to 26 percent in 2020 for especially small and medium businesses (SMBs). For enterprises though, cybersecurity's offer in spending has expanded to 29 percent in 2020 from 26 percent a year ago. 

By and large, 10% of associations agree and implement the fact that they will spend less on IT security. The principle purpose behind the decreased spending on security in the endeavour was supposed to be a conscious choice by the top management to reduce spending, seeing no reason for investing “so much money in cybersecurity in the future.” 

Alexander Moiseev, Chief Business Officer at Kaspersky, nonetheless stresses on the fact that, “2020 has put many companies in situations where they needed to respond, so they wisely concentrated all their resources and efforts on staying afloat…” 

He included later, “even though budgets get revised, it doesn’t mean cybersecurity needs to go down on the priority list. We recommend that businesses who have to spend less on cybersecurity in the coming years, get smart about it and use every available option to bolster their defences – by turning to free security solutions available on the market and by introducing security awareness programmes across the organisation. Those are small steps that can make a difference, especially for SMBs…”


India And Japan Agree on The Need for Robust and Resilient Digital and Cyber Systems

 

India and Japan finalize a cybersecurity deal as both agreed to the need for vigorous and 'resilient digital and cyber systems'. 

Their ambitious agreement accommodates participation in 5G technology, AI and a variety of other critical regions as the two strategic partners pledged to broad base their ties including in the Indo-Pacific area. 

The foreign ministers of the two nations – S Jaishankar of India and Motegi Toshimitsu of Japan – were of the view that a free, open, and comprehensive Indo-Pacific region “must be premised on diversified and resilient supply chains."

The two ministers “welcomed the Supply Chain Resilience Initiative between India, Japan, Australia, and other like-minded countries." 

Their initiative comes with regards to nations hoping to enhance supply chains out of China subsequent to Beijing suddenly closing factories and units in the repercussions of the Coronavirus pandemic, sending economic activities into a dump. 

The move hurled the subject of dependability of supply chains situated in China with nations hoping to widen the hotspots for critical procurement. In September, the trade ministers of India, Australia, and Japan had consented upon to dispatch an initiative on supply chain resilience.


Jaishankar, in a tweet, said further expansion of India-Japan cooperation in third nations centering around development projects likewise figured in the thirteenth India-Japan foreign minister's strategic dialogue.

The two “welcomed the finalization of the text of the cybersecurity agreement. The agreement promotes cooperation in capacity building, research, and development, security and resilience in the areas of Critical Information Infrastructure, 5G, Internet of Things (IoT), Artificial Intelligence (AI), among others," the statement said. 

In New Delhi, the agreement was cleared at a Cabinet meeting headed by PM Narendra Modi, as per Information and Broadcasting Minister Prakash Javadekar. 

The ministers concurred that the following annual bilateral summit between the leaders of India and Japan would be facilitated by the Indian government “at a mutually convenient time for the two Prime Ministers."

Cloudfare will now send you DDoS attack alert when your website is under attack

 

Cloudfare has announced a new feature for their paid customers to set up alert notifications for when their website or service is under a DDoS attack. 




 A DDoS that is distributed denial of service attack is when a perpetrator makes a network unavailable by flooding it with more requests than the network can handle or by disconnecting the host from the Internet. This leads to the website and server to go offline or suffer an outage. 

 Protection from DDoS has been one of Cloudfare's most demanded service but unless the administration was working on the site they would not know of an attack. With this new feature, they can get notifications when there's an attack even when they are not actively on the site. 

 Depending on the type of paid account you have - Pro, Business, and Enterprise you can get notifications on email or page duty. 

 There are two types of alert you will get- HTTPS DDoS and L3/L4 attacks based on the service you use. 

 Steps to create a Cloudflare DDoS alert 

 In order to create a Cloudflare DDoS notification, follow these steps: 

  •  Log in to the Cloudflare dashboard at https://dash.cloudflare.com.

  •  Click on the 'Notification' section, at the top of the dashboard. 

  •  In the Notifications section, go to 'Create'. Select the type of DDoS notification that you want to create an alert for. 

  •  For customers using Cloudfare for a website, only 'HTTP DDoS Attack Alert' will be seen. 

  •  After selecting the type, click on the 'Next' button. 

  •  In the next screen, the system will ask you to give a name to the notification and an optional description. Add the email address for the notification and other methods for the alert. 

  •  When you are satisfied, click on create to finish setting up the notification. 
 Now, as an alert has been created whenever Cloudfare receives that your website is under DDoS attack, it will notify you of the attack.

Spending on information security in Russia will increase eightfold

Russia intends to sharply increase the cost of information security, and mainly on cryptography, and not on personal data protection

According to the published draft of the Federal budget for the next three years, it was decided to increase the expenditures on information security in the amount of 2 billion rubles (25 million dollars) initially laid down for 2022–2023 to 16 billion rubles (204 million dollars). This is the most significant increase in the budget in comparison with other Federal projects included in the Digital Economy direction.

The authorities plan to pay the greatest attention to the development of domestic cryptography, the functioning of cyber polygons, filtering Internet traffic and countering computer attacks. At the same time, the creation and operation of the national center for the introduction of modern cryptography methods can take over more than half of the total budget of the Federal project.

Budget money should also be used to analyze the security of state systems. However, the largest expenditures are allocated for the technical implementation of various project areas: equipment, specialized software, and staffing and production support.

The disadvantage of the project is the lack of measures aimed at preventing data leaks and protecting the personal information of Russians. Analysts pointed out that it would be logical to allocate part of the funds to system security in matters of interaction between the state and citizens on digital platforms. In addition, according to market participants, specialized education and training of qualified specialists receive insufficient funding.

Ivan Mershkov, technical Director of NGRSOFTLAB, said that it is critically important to envisage measures to increase digital literacy among the population. The number of phishing attacks shows explosive growth, which will only increase with the increase in digital consumption.

Nevertheless, the increase in funding for this federal project was seen as a good sign, indicating that the issue of cybersecurity is coming to the fore in Russia.

Russian experts warned about the dangers of smart watches

 Smart watches, which are gaining popularity among Russians, are among the Internet of things (IoT) devices, which means that by hacking them, an attacker can get confidential user information, listen to their conversations and track their movement, said Ilyas Kireev, a leading promotion Manager at Crosstech Solutions Group.

According to him, the main problem of IoT devices is weak security mechanisms. The small product lifecycle means that there are no regular security updates and the device may have dangerous vulnerabilities.

"Vulnerabilities in IoT devices create favorable conditions for hackers to create large-scale botnets like Mirai and the most powerful DDoS attacks on the Internet," said he.

"Data can leak both via the Internet and via Bluetooth. Critical Bluetooth vulnerabilities allow executing arbitrary malicious code on the device and gain full control over the device's system, as well as carry out a man-in-the-middle attack (MiTM), which leads to the unauthorized interception of user data," added Mr. Kireev.

"An attacker can find out the PIN code from your card, passwords, your daily routine, and much more, which will give them full control over all your operations. For example, if a smart watch manufacturer uses centralized systems for storing and processing data, then one attack is enough to get all the data of customers," warned the expert.

According to Mr. Kireev, to protect yourself and your loved ones, you need to constantly update the software, not enter the CVV of bank cards and control the information transmitted.

It is interesting to note that lawmakers around the world have long expressed their concerns about the fact that smart watches can act as a spy that is always on the wrist. So, the German Federal Network Agency, which regulates the telecom industry, introduced a ban on the sale of smartwatches for children back in 2017. The agency said that devices with a built-in tracking function violate German law.

RBI's new guidelines for Debit and Credit Cards, effective today



To combat the ever increasing financial frauds and to make online payments safer, RBI (Reserve Bank of India) has issued new guidelines for debit and credit cards effective from 1st October 2020.


 The new guideline for Debit and Credit Card by RBI-

  •  International Transactions to be Optional-

According to this users can now either opt in Or opt out for International Transactions. The bank can disable old cards for international payments or issue new cards for the customers choosing to indulge in international exchange. 

Gaurav Chopra, CEO, IndiaLends says, “For new cards being issued, the users will only be able to use these services after registering for them. The main reason for this is to prevent card fraud and misuse and give the consumer better power to manage his or her finances. With spend and withdrawal caps, even if an individual becomes a victim of cyber or ATM fraud, the damage will be limited.” 

  • Disable cards that have never been used for online payment- 

RBI has directed banks to disable the online payment service for all those debit and credit cards that have never been used for online money exchange. This does not include gift cards or prepaid cards.

Rajesh Mirjankar, MD and CEO, InfrasoftTech, says, “RBI has mandated banks to incorporate risk-mitigation features in customers’ debit cards and credit cards from 1st October. With this new feature, consumers can set up a limit on their credit cards and debit cards. Cardholders will have the option to switch on and off their debit and credit cards for any facility – ATM, NFC, POS, or eCommerce (card-not-present) transaction.” 

  • NFC (Near Field Communication) Or Contactless payment will also be optional- 

Users will now be able to switch on and off their NFC payment whenever they want. Suppose on a trip to Korea they switched on NFC, they can opt out of it on returning to India. Cardholders can also set a limit to NFC payment, earlier it was Rs.2000 per day now they can increase or decrease as per to their preference.

 Mirjankar, of InfrasoftTech, says “The apps that banks have already rolled out with these features allow customers to set separate limits for each channel such as ATM, PoS, card-not-present, and NFC, in addition, to be able to revise downward their overall card limit.”

Cyber Security Solutions for Enterprises Launched by Bharti Airtel


Bharti Airtel Ltd recently dispatched a 'suite of cybersecurity solutions' for large, medium and small businesses as they move on to digital and cloud platforms, expanding the need to protect information from online attacks.

Airtel Secure, the suite, will have a security intelligence centre, a best in class infrastructure with admittance to cutting edge innovation and artificial intelligence tools. 

The telco has put about ₹100 crore in Airtel security intelligence centre situated in the National Capital region (NCR), the chief executive Gopal Vittal said in a press conference.

“… Cybersecurity is a critical requirement. Airtel Secure has been built to serve this need. It combines Airtel’s robust network security with cutting-edge solutions delivered through global partnerships to deliver end-to-end managed security services," he added further. 

The telco has also collaborated with global firms Cisco, Radware, VMWare, and Forcepoint who will together give digital protection solutions under the product, Airtel Secure. 

Cisco's solutions will be accessible for enterprises just as governments.

The solutions under Airtel Secure have been 'beta tested' by 20 huge organizations who are now utilizing the security intelligence centre, Vittal stated, including later that the telco will soon begin building them for medium and small businesses with low spending plans.

“Smaller businesses may not have the budgets that larger companies do, so we are engineering a product portfolio that can be bundled for our smaller enterprises to protect their information as well," Vittal said. 

However, he included later that the whole portfolio of the security intelligence centre, in any case, can't be accessed by those with lower spending plans, yet they will hold of the essentials, like a 'secure internet, data and remote access'.

The official website of the Ministry of Internal Affairs of Belarus resumed its work after 19 days

The official website of the Ministry of Internal Affairs of Belarus, which has not worked for 19 days, is again available for Internet users, reported the press service of the Ministry of Internal Affairs.
Interruptions on the department's website began on September 3. At the same time, screenshots of the website of the Ministry of Internal Affairs appeared in various Telegram channels,  which show that the data of the President of Belarus Alexander Lukashenko and the Minister of Internal Affairs Yuri Karaev were posted in the wanted notice.

The press secretary of the Ministry of Internal Affairs of Belarus Olga Chemodanova announced the next day that the site was not working for technical reasons, and did not exclude a hacker attack. It was noted that an attempt was made to introduce malicious programs that block or modify the operation of the information resources of the Ministry of Internal Affairs.

"The official website of the Department, which was suspended for technical reasons, is now functioning again. We apologize for the temporary inconvenience,” said the Ministry of Internal Affairs in a Telegram channel.

At the same time, the Department expressed confidence that "the number of users of the Internet resource will grow, and everyone will be able to use its full capabilities in the usual mode.”
It is worth noting that cyber partisans have announced an all-out war against the state structures of Belarus starting yesterday.  It must be admitted that hacker attacks can cause significant harm to the regime.

Recall that the union of hackers and IT-developers of Belarus has threatened President Alexander Lukashenko to bring down the tax, energy, and banking systems if security forces continue to detain protesters. The protesters are demanding Lukashenko's resignation and new fair elections. 

Meanwhile, the State Customs Committee faced technical failures in the work of information systems at internal points of customs clearance.

Windows Source Code leaked Online


The source code for Windows XP SP1 was leaked online today as a torrent. The person behind the leak claims he spent two months collecting the 43GB source code and leaked it today on the 4chan forum as a torrent.

The leaked file contains not only Windows XPs code but also Windows Server 2003 and other older versions. 

 Files in the torrent include:
  •  MS-DOS 3.30
  •  MS-DOS 6.0
  •  Windows 2000
  •  Windows CE 3
  •  Windows CE 4
  •  Windows CE 5 
  • Windows Embedded 7
  •  Windows Embedded CE 
  • Windows NT 3.5 
  • Windows NT 4

The torrent file also contains some videos regarding conspiracy theories about Bill Gates. There's also a smaller zip version of the file containing just the source code is being distributed over the Internet. 

Microsoft has yet to say anything on the matter publicly but Bleepingcomputer.com asked the tech giant and they said they "are investigating the matter". Apparently, this is not the first time a source code of Microsoft was leaked- the alleged to leak the source code claims that the Windows XP code had been with hackers for years now but never publicly shared until now.

 "The source code for Windows 10 internal builds was leaked online in 2017, and just recently Microsoft private GitHub repository was hacked and private projects leaked", reports Bleepingcomputer.com. 
Does the leak raises security issues? 

Even though Windows XP was released 20 years ago, if any code is used in the present versions of Windows then it could very well be threatening. With the source code, it becomes easier to know how the Windows is run and if a big issue exists in XP and the same code is used in Windows 10, then hackers could exploit this vulnerability.

Then again, released source code could give birth to replicas but for some enthusiasts, it might just be a way to learn more about Microsoft Windows All in all, the risk is low but extant.

White House To Update U.S’s Approach To Its Maritime Cybersecurity Strategy In Coming Months

 

With hopes to upgrade the U.S. government's approach to deal with its maritime cybersecurity strategy in the coming months, the Trump administration is presently attempting to improve and further secure down the United States' ability to 'project power at sea' and guard against adversarial cyberattacks. 
Their plan incorporates re-evaluating the national approach to deal with data sharing and better emphasizing the utilization of operational technologies in ports, as per one senior administration official. 

When two officials were approached to comment they declined on revealing any particular data about the administration's plans, saying more info would be very soon be made public. 

Yet, hackers have already begun their work, they have been for long focusing on shipping firms and the maritime supply chain to steal any data associated with the U.S. government or intrude on cargo operations and activities. 

Utilizing a strain of ransomware known as Ryuk, the hackers have undermined computer networks at a maritime transportation office a year ago simultaneously disrupting tasks for 30 hours, as per the U.S. Coast Guard. 

This declaration comes in the midst of a few endeavors at the Department of Defense to test preparedness and readiness against cyberattacks in the maritime domain. 

The Pentagon's offensive unit, Cyber Command, duplicated a cyberattack a year ago on a seaport. The Army is likewise taking an interest in an activity intended to 'simulate adversaries' focusing on U.S. ports this month. 

As of late, the Trump administration has been worried about a ransomware attack focused explicitly on a transportation organization, “affected COVID-19 supply chains in Australia,” which one senior organization official said.

 “Adversaries frequently interfere with ship or navigation systems by targeting position or navigation systems through spoofing or jamming, causing hazards to shipping,” one senior administration official said.

Microsoft Suffered A Rare Cyber-Security Lapse When One of Bing's Backend Servers Were Exposed Online

 

Microsoft endured a rather rare cyber-security lapse just this month when the company's IT staff incidentally left one of Bing's backend servers exposed on the web. 

Discovered by Ata Hakcil, a security researcher at WizCase, only imparted his discoveries to ZDNet the previous week. As per Hakcil's investigation, the server is said to have exposed more than 6.5 TB of log documents containing 13 billion records coming from the Bing search engine.

Hakcil said the server was exposed from September 10 to September 16, when he initially had informed the Microsoft Security Response Center (MSRC), and the server was made secure one more time with a password. 

The Wizcase researcher had the option to check and re-check his discoveries by finding search queries he performed in the Bing Android app in the server's logs.

 
Microsoft admitted to committing this mistake and commented last week, 

"We've fixed a misconfiguration that caused a small amount of search query data to be exposed," a Microsoft spokesperson told ZDNet in an email last week. After analysis, we've determined that the exposed data was limited and de-identified." ZDNet, which was provided access to the server while it was exposed without a password, can affirm that no personal user info was made public. 

Rather, the server exposed specialized details, like search inquiries, details regarding the client's system (device, OS, browser, etc.), geo-location details (wherever accessible), and various tokens, hashes, and coupon codes.
The leaky server was distinguished as an Elasticsearch system. Elasticsearch servers are high-grade systems where organizations collect huge amounts of information to handily search and channel through billions of records easily. 

Throughout the previous four years, Elasticsearch servers have frequently been the source of numerous coincidental information leaks. 

The reasons are known to fluctuate and can go from administrators neglecting to set a password; firewalls or VPN frameworks unexpectedly going down and uncovering an organization's normally-internal servers; or organizations duplicating production data to test systems that aren't always secured as rigorously as their essential infrastructure.

The Union Government To Come Up With National Cyber Security Strategy 2020

National Security Adviser Ajit Doval announced that the Union government is set to come up with National Cyber Security Strategy 2020 for guaranteeing a safe, secured, trusted, and resilient cyberspace. 

The proposed strategy toward uniting all cybersecurity agencies for making sure about, reinforcing, and synergizing the cybersecurity ecosystem by closely connecting with businesses, citizens, and beyond.

That endeavors were being made by adversaries to exploit the crisis in the wake of the pandemic through different misinformation, fake news, and social media campaigns. 

"For our adversaries, the huge data floating around in cyberspace is a goldmine for extracting information to undermine the privacy of our citizens and add to the vulnerability of protecting data of our critical information infrastructure, “Mr. Doval said.

He said that phishing campaigns utilizing the Coronavirus theme targeted banks, defence, and critical infrastructure during this period. 

Mr. Doval drew attention to how various conspicuous UPI IDs and web portals were produced while fake Arogya Setu applications propped up to misuse individuals' data only hours after the Prime Minister announced the launch of the PM Cares fund. 

He stated, "Malicious domains and websites to the tune of around 5,000 were registered in a short span of time. We have also witnessed an increase of 500% in cybercrime owing to people’s limited awareness and poor cyber hygiene. Financial frauds have also increased tremendously owing to the increased reliance on digital payment platforms...”

He regretted that absence of indigenous digital solutions like information-sharing facilities and social media platforms had antagonistically influenced the country's self-reliance and cybersecurity. 

He encouraged new start-ups to think of solutions linked with the nation's requirements and build-up ability to guarantee that the country's critical cyber assets were being monitored by skillful native professionals in resonance with the Prime Minister's take for Atmanirbhar.

Siemens USA Announced the Launch of Its Technologically Advanced Cyber Test Range

 

As the Coronavirus pandemic prompted an expansion in cyberattacks, this called for the need for certain facilities that would explicitly focus on prevention, discovery, and response solutions. For a similar reason, Siemens USA came up with the launch of its innovatively progressed cyber test go housed at its U.S. R&D headquarters in Princeton, New Jersey. 

The Siemens cyber test range was intended to test developing cybersecurity innovations against real-world situations to help distinguish and moderate potential weaknesses. 

The cyber range has embarked to turn into a hub where data scientists, security experts, and others can come together to perform inventive researches in the field of cybersecurity and prototype and approve new research ideas. 

Siemens' growing collection of operational innovation hardware and software components makes the range more valuable for 'a variety of industrially focused security research'.

The design of the facility was done keeping in mind the adaptability, permitting remote operation and range segments to be moved to different areas like gatherings, colleges, government research labs, and even customer environments. 

Siemens has partnered together with the Atlantic Council to utilize this cyber range to upgrade students' understanding during their 'Cyber 9/12 Strategy Challenge' arrangement through the re-enactment of cyberattacks on frameworks like advanced water treatment and power generation facilities. 

Today, Siemens and its products are upheld by a global association with more than 1,200 digital specialists. The organization's products and solutions have modern security functions that are inherent by design and empowered by default. 

Kurt John, Siemens USA's Chief Cybersecurity Office says “Cybersecurity is at the center of everything we do at Siemens. This cyber range will help Siemens continue to innovate in the field of critical infrastructure cybersecurity and build industry confidence in the secure digitalization of America’s operational technology. With this cyber range, our customers and partners can now join us on our ongoing journey to help mitigate cyberattacks and protect America’s critical infrastructure.” 

This cyber range will undoubtedly be another space for future pioneers to fabricate trust in associated foundation to shape an economical and a strong future and simultaneously for Siemens to ace the innovation foundational to a Fourth Industrial Revolution.

TikTok owner Chinese company clarifies to Microsoft that it would not be its new owner

 

Following President Donald Trump's executive order that labeled the video-sharing application TikTok as a "national emergency", its owner has a September 15 deadline decided to either sell the app to a US company or see the service banned completely banned from the US market.

Be that as it may, Microsoft had already stepped in the race before the official announcement came from the president, saying it was interested in taking up TikTok and incorporate "world-class security, privacy, and digital safety protections" to the app if it did. 

By uniting with Walmart to co-bid for the Chinese company's US, Canadian, Australian, and New Zealand operations. 

Microsoft authorities dubbed the conversations as "preliminary", highlighting that it was not planning to give any further updates on the discussions until there was a definitive result. ByteDance, the Chinese multinational internet technology, said it would exclude TikTok's algorithm as a feature of the sale, as per a South China Morning Post report, and further clarified to Microsoft that it would not be its new owner.

Sunday's blog post emphasized what Microsoft has expressed right from the beginning - that the potential procurement would have required "significant changes" to the application's present status. 

The company moreover explained in a blog post, "ByteDance let us know today they would not be selling TikTok's US operations to Microsoft, we are confident our proposal would have been good for TikTok's users while protecting national security interests." 

"To do this, we would have made significant changes to ensure the service met the highest standards for security, privacy, online safety, and combatting disinformation, and we made these principles clear in our August statement.." 

Nonetheless, following Microsoft's bid, Oracle has also started holding discussions with ByteDance, indicating its interest in the video-sharing application. 


The Wall Street Journal on Monday morning revealed that Oracle would soon be announced as TikTok's "trusted tech partner" and that the video-sharing platform's sale would not actually be organized as an acquisition. 

Meanwhile, Tik Tok affirms that it would launch a lawsuit against the US government concerning its ban. Any possible lawsuit, however, would not keep the company from being constrained to auction the application in the US market.

Russian cloud storage will protect user data before elections


The creation of the Russian cloud services will allow protecting confidential data of not only ministries or departments, but also of ordinary Internet users, said political analyst Yuri Samonkin.

MTS group of companies announced the launch of a cloud service with an increased level of protection. It is assumed that the new service will be in demand among government organizations, ministries, departments and private companies that carry out government orders, said Oleg Motivilov, Director of MTS cloud business. According to him, the new system meets all the requirements of the law on personal data protection.

Russia is one of the leaders in the development of Internet technologies, said Yuri Samonkin, President of the Eurasian Institute of Youth Initiatives. He believes that the current realities of the Internet dictate the need to create new digital solutions, such as cloud storage.

According to him, many Russians use Western social networks and other Internet resources. Therefore, the issue of protecting their personal data, which is often "leaked", is very relevant.

On the eve of the upcoming elections, the issue of cyber defense is becoming even more acute. It is necessary to protect from external interference not only the personal data of the voters themselves but also the servers of the relevant departments.

"State and municipal portals should be located not on Western servers, but on domestic ones. This will avoid information leakage and hacking", concluded Mr. Samonkin.

Earlier, E Hacking News reported that Russia has worsened its position in the ranking of countries with the most stable segments of the national Internet, dropping from 11th to 13th place. 

Microsoft Confirms Cyber-Attacks on Biden and Trump Campaigns

Microsoft reports breaching of email accounts belonging to individuals associated with the Biden and Trump election campaigns by Chinese, Iranian, and Russian state-sponsored hackers. 

Tom Burt, Corporate VP for Customer Security and Trust at Microsoft, revealed the occurrences in a detailed blog post after Reuters announced about a portion of the Russian attacks against the Biden camp. 

"Most of these assaults" were recognized and blocked, which is what he added later and revealed in the blog post with respect to the additional attacks and furthermore affirmed a DNI report from August that asserted that Chinese and Iranian hackers were likewise focusing on the US election process.

 As indicated by Microsoft, the attacks conducted by Russian hackers were connected back to a group that the organization has been tracking under the name of Strontium and the cybersecurity industry as APT28 or Fancy Bear. 

 While Strontium generally carried out the spear-phishing email attacks, as of late, the group has been utilizing 'brute-force' and password spraying techniques as an integral technique to breaching accounts. 

Then again, the attacks by Iranian hackers originated from a group tracked as Phosphorous (APT35, Charming Kitten, and the Ajax Security Group). 

These attacks are a continuation of a campaign that began a year ago, and which Microsoft recognized and cautioned about in October 2019. At that point, Microsoft cautioned that the hackers focused on "a 2020 US presidential campaign" yet didn't name which one. 

Through some open-source detective work, a few individuals from the security community later linked the attacks to the Trump campaign. 

What's more, only a couple of days back Microsoft affirmed that the attacks are indeed focused on the Trump campaign, yet in addition unveiled a new activity identified with the said group. The attacks were likewise identified by Chinese groups. 

While presently there are several hacking groups that are assumed to work under orders and the security of the Chinese government, Microsoft said that the attacks focusing on US campaigns originated from a group known as Zirconium (APT31), which is a similar group that Google spotted not long ago, in June. 

Microsoft says it detected thousands of attacks coordinated by this group between March 2020 and September 2020, with the hackers accessing almost some 150 accounts during that time period.