Kraken Bug: Traders Buy Bitcoins and Sell Them For Almost Double?



Kraken, the world’s oldest crypto-currency exchange medium recently revealed that a bug allegedly allowed specific customers to purchase and then resell $8,000 worth Bitcoin for $12,000.

It was mentioned on Twitter that the bug was found in an “unreleased advanced order type”.

The bug caused the orders to automatically execute without having cleared the requisite liquidity. Stop orders were immediately activated and filled at market rate.

The victims of this incident were strongly advised to submit “support tickets” with their questions. Nevertheless, the exchange was vehemently condemned.

Kraken’s CEO in response tweeted that he’s not sure how a “legitimate” trade takes place for pricing reasons or at least what boundaries it exists within.

The charts tell the story that a few over-fortunate traders quickly bought for a low price and sold for a fairly higher amount but the tweets tell another story.

Resurgence in Ransomware Being Driven By a Surge of New Malware Families


A US based cyber security firm through its most recent threat report observed a 118% increase in new Ransomware strains basically in the first quarter of 2019 as compared with the last of 2018. It believes that the resurgence in ransomware is being driven by a flood of new malware families that are regularly more focused on.

The firm discovered that attackers were targeting the governments and organizations which were followed by companies in the financial, chemical, defence and education sectors. Their information corresponded with an ever expanding number of ransomware attacks standing out as truly newsworthy, especially US governments and urban communities, very much like the Texas Ransomware attack.

This new spate of ransomware attacks is said to have been a move away from 'spray and pray' ransomware strategies, in such targeted attacks, spear phishing – sending vindictive emails from an "apparently trusted person"  – is progressively being utilized to gain initial access 68% of the time.

Attackers are likewise said to have been utilizing unknown email services to oversee the ransomware crusades. The most widely recognized groups of ransomware during this period are known to be Dharma (otherwise called Crysis), GrandCrab and Ryuk.

In any case, McAfee, made some amazing disclosures also, first the cyber security firm found that culprits are turning to various attack approaches with regards to coin mining malware, like the CookieMiner malware focusing on Apple users.

Furthermore, also, it found an average of 504 'new threats per minute' in the first quarter of 2019 and noticed that more than 2.2 billion stolen account credentials were made accessible on the cybercriminal underground during the same period.

Its discoveries depend on the information accumulated from its Global Threat Intelligence cloud,, which comprises of over a billion sensors checking for different sorts of cyber dangers around the globe.

Raj Samani, McAfee fellow and chief scientist, stresses on the fact that the impact of these threats is very real and added further that “It’s important to recognise that the numbers, highlighting increases or decreases of certain types of attacks, only tell a fraction of the story. Every infection is another business dealing with outages, or a consumer-facing major fraud. And we must not forget that for every cyber-attack, there is a human cost.”


Hacking Attack Neutralized: France



A recent hacking attack was neutralized by the French government where 850,000 computers had been taken control of. The malware had been removed from the infected devices.

Retadup, a software worm was responsible for taking over of the devices in the Paris region according to sources.

The number of computers infected was massive which certainly indicates that it was a gigantic operation on the part of the hackers.

The police officials created a copy of the server which was responsible for the attack and allowed the hackers get into systems and take control.

All the infected computers were advised to uninstall Retadup malware which according to researchers had a part to play in the Monero Crypto-currency creation.

A few suggestions made by the researchers to ensure safety against malware attacks included:
·       Don’t open emails from unknown senders.
·       Don’t click attachments that pretend to offer anti-viruses for free.
·       Install and activate the anti-virus software immediately.


Windows Users Beware of the “Complete Control” Hack Attack; Update Imperative!





The hardware device drivers of Microsoft Windows due to a common design flaw left the entire systems of users compromised giving it to a recently resuscitated Remote Tojan Access (RAT).

The RAT brought about a hack attack tool with a modified format which as it turns out is absolutely free of cost.

The NanoCore RAT as it’s called, has been hovering around the dark web for quite some time now. It was sold initially for $25 which is a minimal amount for a hacking tool for Windows OS.

NanoCore’s cracked version, as soon as it appeared caused quite a commotion amongst researchers and hackers.

Initially the “premium plugins” were especially paid for privileges but the latest cracked version has it all for free.

The NanoCore coder had to be arrested given the rising familiarity of the product and the fact that he was a part cybercrime!
Despite that, NanoCore thrived and generated other tool variants RAT, Surprise Ransomware, LuminosityLink and of course the free “highly modified” latest version.

The NanoCore RAT, per researchers is controlled by way of easy security measures, no particular entry troubles and a really uncomplicated interface to aid even the novice hackers.

There was an outburst of campaigns using the very malware including:
·       Remote shutdown and restart of Windows systems
·       Remote file browsing on the infected system
·       Access and control of Task Manager, mouse and Registry editor
·       Disabling webcam lights to spy
·       Taking over open webpages
·       Recovering passwords and obtaining credentials
·       Remotely operated “locker” for encryption

Owing it to the long presence of NanoCore the techniques it uses are well known to the researchers. Scripting, registry keys and malicious attachments are the three main categories that the researchers found out.


The scripting threat’s basic solution is to check Microsoft office files for macro code and “anomalous execution” of legitimate scripting programs like PowerShell or Wscript.

The registry keys should be monitored for updates and patch cycles and rigorous security implementations should be made for behavioural detection.

Windows users should immediately go ahead and get their systems updated and make sure all their applications are running the way they actually should.

Additionally, Windows 10, 8.1 and 7 users should especially keep a keen check on regular updates and patching!


Phishing Attacks: Via Scraping Branded Microsoft Login Pages!


Phishing Attacks: Via Scraping Branded Microsoft Login Pages!



The latest phishing attack attacks using the targets’ company-branded Microsoft 365 tenant login pages just to make it look more believable.

Microsoft’s Azure Blob Storage and the Azure Web Sites cloud storage solutions are also under usage for finding solutions to host their phishing landing pages.

This helps the users think that they’re seeing a legitimate Microsoft page. This aids the cyber-con to target Microsoft users and get their services credentials.

This phishing campaign is mostly about scraping organizations’ branded Microsoft 365 tenant login pages just to fool the targets.

The above observations were made as a part of s research of the Rapid7’s Managed Detection and Response (MDR) service team, say sources.

The cyber-criminals actually go through the list of validated email addresses before they plan on redirecting the victims to the phony login pages.

They put up actual looking logos of the brands that they want to copy and that’s what helps them to scrape the tenant login page.

In case the target organization doesn’t have a custom branded tenant page, the phishing kit is designed to make use of the default office 365 background.

The same campaign’s been launched at various different companies and organizations including in financial, insurance, telecom, energy and medical sectors.


There are several points at hand that hint at the phishing campaign still being active. In fact someone may be updating it for that matter at different times.

The “phisher” behind the campaign could easily be exploiting the “Lithuanian infrastructure”.

Besides the using the phony Microsoft phony page and stealing credentials the campaign also is up for exploiting cloud storage services.

For landing page hostings also, the campaign works perfectly. Phishing kits were discovered in April this year.

IPFs gateways were also abused by phishing attempts by using TLS certificates issued by Cloudflare, last year in October.

Per sources, the following advises and measures should be taken at once by organizations using the Microsoft office 365:
·       Multi-factor authentication via Office 365 or a third party solution for all employees.
·       Enrolling staff in phishing awareness training programs.
·       Training to help the employees spot and report phishing attacks.


State of Texas Hit By a Ransomware Attack; 23 Agencies Shut Down!





The state of Texas got hit recently by a cyber-attack as a result of which 23 government agencies were taken down offline.

Per the DIR (Department of Information Resources) of Texas most of the aggrieved parties were small local government agencies which are unnamed so far.

The Texas state networks however are still unharmed. The State Operations center of the state has been rigorously working towards the problem.

Sources mention that all the state and federal agencies handling the case hint at the fact that the attack was coordinated by a single actor.

The attack has been categorized as a sure shot ransomware attack. Per sources in it was a stain which was identified as “Nemucod”.

The aforemetioned ransomware generally “encrypts files and then at the end adds the .JSE extension”, a researcher mentioned.

Allegedly, the US have been the target for a lot of cyber-attacks of late. With an apparent total of 53% of the entire global number, the US have been victimized the most by cyber-attacks.

A state emergency was declared on Louisiana in July this year in response to a ransomware attack on school computer systems.

The situation is very critical from the point of cyber-security as municipalities falling prey to such attacks and ransomware in particular is not a good sign at all.

Mass scale attacks and their increase in number are disconcerting on so many levels. Because threat actors willing to put so many efforts, like the researchers like to say, are numerous.


Hackers Can Intercept What’s Being Typed Just By The Sound Of It?




Hack Alert! Hackers could listen to the sound of typing on a person’s phone via a nearby smartphone and intercept what’s being typed.

Possibly, the acoustic signals or sound waves produced when a message is typed on a computer or a keyboard could be picked up by a smartphone.

The sound could later be processed leading an expert hacker to easily decode which keys were hit and ultimately what was it that was typed.
 
Allegedly, this trick could work in a busy hall filled with people chattering and typing as well, because researchers tried it out.

Sources mention that the researchers could intercept what’s being typed with a “41% word accuracy rate”. It might take only a couple of seconds to know what’s being typed.

The results of the research sure are disconcerting and privacy and security levels of the smartphones and their sensors have got to be taken to a higher level.

From detecting if a phone is still or in a pocket, to detecting if it’s on the move; with the enhanced technology, sensors too have come a long way.



Some sensors need permission whereas most of them are set to function as a default. Per sources, the researchers had in their analysis used the later.

All they did was develop an application that could intercept the sound of typing and detect which key exactly is hit.

According to researchers the material of the table at which the keyboard is placed, plays a crucial role in the entire process as the keys sound different on different materials.


Apps Generating Untraceable International Phone Numbers ?






Applications that generate international phone numbers that are super difficult to track are being employed by cyber criminals to rip people off.

A recent victim that had called the cyber-crime branch complained that they received a call from two spate numbers one with 001 and the other with 0063 as the country codes.

Per sources the app stores happen to contain 40 to 60 such apps through which cyber-cons could easily get these numbers.

Sources mentioned that allegedly “Dingtone” is an app via which a user can easily sift through a variety of country codes which are absolutely untraceable.

These cases according to the cyber-crime branch aren’t categorized separately but these are surely being registered and deliberated upon.



According to the cyber-security researchers a minimum of 500 cases come into existence per day in India alone with 40 cases pinning on major cities.

The police lack the technological efficiency as well as resources to possibly track the users of such applications. There is also a matter of jurisdiction.

Mostly, the above-mentioned apps are ‘not’ developed by Indian initiators but ironically originated from countries that have strict laws on removal of apps.

Information of the caller could seemingly be obtained by requesting the telecom service providers as such services are always linked together.

However, requesting the details of the callers from a telecom service provider abroad is extremely time-consuming. Besides, the CBI would require Mutual Legal Assistance Treaty with that very country.

As of now, such treaties exist with only 39 countries. In addition some countries could also demand a court order and furthermore the procedure in itself takes six to eighteen months.


SystemBC: Another Malware On The Dark Web!




A fresh malware that’s being duly advertised on the dark web is SystemBC, which installs SOCKS5 proxies on the infected systems and sends through another malware.

The malware is being advertised since April and it made its first appearance in May, as the sources cite.

Per sources, it’s being distributed as a part of Fallout and RIG exploit kits which are web-oriented systems that make use of browser-based vulnerabilities to install malware.

To mislead the users into installing the malware the above-mentioned exploits also send through malicious web-pages.

Formerly an unauthenticated malware, SystemBC is majorly a demand-based proxy component for malware operators.

It can be deployed on compromised systems to shroud the malicious traffic and other malicious activities within a system.

According to researchers the malware’s main gig is to generate a SOCKS5 proxy server so that another malware could be pushed through to “bypass the local firewalls” and “internet content filters”.

Researchers vehemently advise users to patch their systems and not use older systems that use plugins that are  vulnerable to attacks as this malware is pretty difficult to detect.


A Bunch of Loopholes in Apple’s iMessage App?


Apple’s devices could be vulnerable to attacks owing it to a few flaws that the researchers have uncovered in its iMessage app.

Where, in one case, the extent of severity of the attack happens to be so large that the only way to safe-guard the device would be to delete all data on it.

The other case saw some files being copied off the device without needing the user to do anything. The fixes were released last week by Apple.

But somehow there was a problem which couldn’t be fixed in the updates, which was brought to the attention of the company by the researchers.

Google’s Project Zero Team was established in July 2014 with an aim to dig all the “previously undocumented cyber vulnerabilities”.

Samaung, Microsoft, Facebook and a few others were warned off by this team regarding the problems in their code.

The unrepaired flaw, according to Apple’s own sources could aid the hackers to crash an app or execute commands of its own accord on iPads, iPhones and iPod Touches.

Installation of new version of the iOS (iOS 12.4) has been strongly advised by the organization. The attacks/dangers could be easily handled by keeping the software up-to-date.


Chinese Banking Has A New Edge; Jack Ma Behind The Latest Developments!




Jack Ma is associated with one of the leading economies of the world.The risk management system employed by Jack Ma’s banking endeavors analyses over 3,000.

Per sources his company has lent around $290 billion to over 15 million small companies where the borrowing party could receive the cash almost immediately, with just a few taps.

The entire process requires no human forces and gets completed in around 3 minutes with a default rate of around 1%.

Earlier the small borrowers were rejected but thanks to MYbank and its associates the new form of payments is coming in real handy.

With the slow pace of China’s economy it gets imperative to keep a check on the risks and defaults.
Around two-third of the country’s small businesses couldn’t access loans, according to National Institution for Finance & Development.

But thanks to Jack Ma’s initiatives the lending and borrowing procedures of China are now seeing monumental growth.

Mybank’s lending app has created a real difference. By allowing the bank to access the store transaction data, some small loans have been covered.


Free Scheme, 'The No More Ransom Project' Saving Thousands from Ransomware Attacks


A free scheme known as, 'The No More Ransom project' which was founded by Europol, police in the Netherlands, and McAfee is recorded to have prevented cyber-attack victims from paying heavy ransoms and assisted over 200,000 people in saving approximately $108m (£86m).

Along with advice and recommendations, the project delivers software which is configured to recover computer files that get encrypted during ransomware attacks.

With the introduction of 14 new tools in the year 2019 itself, the project having over 150 global partners can now decrypt a total of 109 variants of infection.

Referencing from the explanation given by, Steven Wilson, head of Europol's European Cybercrime Centre (EC3), “When we take a close look at ransomware, we see how easy a device can be infected in a matter of seconds. A wrong click and databases, pictures and a life of memories can disappear forever. No More Ransom brings hope to the victims, a real window of opportunity, but also delivers a clear message to the criminals: the international community stands together with a common goal, operational successes are and will continue to bring the offenders to justice.”

The project made determined and successful efforts to take down various ransomware campaigns including  GandCrab, which is amongst one of the most hostile ransomware campaigns of all time.

GandCrab continued making headlines in 2018 and in 2019, the cyber world saw an upsurge in the number of ransomware attacks targeting large organizations.

Commenting on the matter, Mr. Woser told BBC, "Projects like No More Ransom have been crucial when it comes to fighting ransomware on a global level, with pretty much all major parties cooperating on a global and daily basis, sharing intel[igence] in real-time - except for the US.

"The US should consider the success of the No More Ransom Project to be a call to action.

"Better cooperation between the private sector and law enforcement could result in fewer ransom demands being paid.

"That would make cyber-crime less profitable and, consequently, reduce the financial incentive for groups to commit cyber-crime."





Cyber-Crime On Rise; One of A Kind Ransomware Hits Cloud Computing Giant iNSYNQ!







iNSYNQ, the cloud hosting giant recently was targeted by a ransomware attack which led to the company’s servers being shut down to confine the damage.

The Microsoft, Sage, and Intuit host provides customers with cloud-based virtual desktops aimed at hosting business applications.

The attack was executed by an unknown party and affected the iNSYNQ clients making the data inaccessible, as was mentioned in a citing from the sources.

The servers of the infected organization were immediately shut down and the next step was to safeguard the clients’ data and backup.

Cyber-security experts have been hired by the organization to help restore the infected data and eradicate any further possibility of such attacks.

The backups aren’t yet available to the customers despite repeated requests for them. The company’s doing everything in their control to mitigate the situation.


The clients’ data backups were on the unaffected servers but on the same network nevertheless.

The problem is not related with stolen data it is actually about the data being encrypted and hence being inaccessible.

On a mysterious note, the twitter account of iNSYNQ seems to have disappeared and is no longer accessible.

The data will take a good amount of time to reach the clients’ because after it’s retrieved it will be needed to be checked for any residual traces of the malware.

The company though, did not forget to mention that the kind of malware that hit them was of a new kind and had never been detected before.

Due to security reasons the organization can’t reveal much about the complexities of the attack and the entire situation because it might lead to the customers’ data being in danger.

With the help of leading experts the process of backing the data up is on full speed and the organization’s trying their hardest to get their clients’ data back to them.


Google’s Trying to Buy Faces For as Less as $5?







After already owning lots of information about the people who use it, Google’s up for trying to own people’s faces, that too just for $5!

Allegedly, individuals from Google are meeting up with people and are asking them to use the “selfie” mode in various angles.

Many teams of Google representative across several different cities are panning out people to collect “facial” data.

When asked the say that they are collecting data to “improve the next generation of facial recognition” while unlocking the phone.

What does that person get in exchange for their valuable face? Merely a gift card worth $5 to Starbucks or Amazon.



After the person agrees to participate in this new development initiative, a relatively large phone is handed out in an inconspicuous looking case that hides its shape.

Also, the participant then is apparently asked to sign a waiver. 

It is being conjectured that the device given to the participants is a pre-release version of Google’s Pixel 4s still in its testing stage.

The data that gets fed into the prototype machine apparently gets worked into an algorithm to recognizes faces by way of a varied assortment of sensors.

As is in the air already, Google’s all set for losing its 2D face recognition sensors and is about to embrace official support for 3D face unlock.

Between all these assumptions, suppositions and surmises Google haven’t officially uttered a word.


Cyber Extortionist Pretends To Be From US Police; Demands $2000 in Bitcoin To Delete Evidence!







A cyber extortionist acts to be a US State Police detective and promises to delete child porn evidence for $2,000 in Bitcoins including a phone number which could be used to contact the scammer.

“Sextortion” emails have become quite common where the sender cites that the recipient’s computer has been hacked with the recording of them while on the adult sites.

On the other hand extortionists pretend to be hitmen and asking for money to call off the hit, bomb threats and tarnishing website’s reputation.


The aforementioned extortionist accuses the victim of child pornography and that the evidence could be deleted if they pay the sender $2,000 in Bitcoins.

Florida, Minnesota, Georgia, Tennessee, California and New York are a few of the states where the victims mentioned that the mails they got were from.

Per sources, the email sent by the extortionists pretending to be from the Tennessee State Police included the following phrases:
·       “Do not ignore the important warning”
·       “I work in the Bureau of Criminal Investigation, detective branch Crime Prevention with child abuse.”
·       “You uploaded video child-porno to websites”
·       “not possible to prove you didnt this”
·       “I retire in next month and want to earns some money for self”
·       “Pay me to Bitcoin wallet”
·       “This is anonymous money I want 2000$”
·       “Send transfer to my wallet”
·       “My temporary phone to contact”
·       “After receiving payments, I delete All materials”
·       “If you don’t pay me, I sending materials to The Tennessee Crime Laboratory.”

All the emails happen to be the same, the same Bitcoin address 17isAHrP2cZSY8vpJrTs8g4MHc1FDXvAMu


 but just the state’s name different.

The attacker(s) is/are using a data breach dump which contains both email and home address so that the state in the email could be matched up with the target’s state of residence.

Extortion scams don’t usually contain the scammers contact number and matching the state of residence with that in the email is surely a nice touch there.

But whenever an email turns up where the sender asks for money it’s obviously to be aborted.


Ransomware and their Proliferation; Major Cyber-Crime Hazards In View





Per latest reports, all around the globe, only last year we faced a hike in losses that occur due to malicious activities or cyber-crime.

Only earlier this year, cities Baltimore and Maryland of U.S. were attacked by a ransomware where computer networks got locked up and made making transactions impossible.

The administrators denied the demands for a ransom of $76,000 in exchange for unlocking systems but now have been encumbered with an estimate of $18 million to rebuild and/or restore the city’s’ computer networks.

Usually when hit by ransomware or any other malicious agent there are some pretty hard-hitting choices that the victim organizations have to face.

Two Florida cities had to pay a sum total of $1 million as ransom this year after which the same malicious group attacked the state court of Georgia.

The above data of losses generating from ransomware attacks rising by 60% was cited by the Internet Society’s Online Trust Alliance.

Since 2013, around 170 county, city and state government networks have been victims with 22 incidents being only this year.

The cities are not prepared against cyber-crime and hence are being repeatedly attacked as mentioned by a researcher at Stanford.

To pay or not to pay? This is a raging question when it comes to ransoms. FBI warns against it but researchers say that there is no clear side that could be chosen by victims who have their important data locked.

It hence becomes obvious that what needs to be done is what happens to be the best for the organization which means considering paying ransom in some cases.

To or not to pay is secondary where primary issue still happens to be with the software updates and lack of backups and security measures the users take.



Russian cyber security specialists massively quit from Russian banks



The Central Bank’s requirements for information security, which have dramatically increased over the past year, led to the departure of specialists in this field from banks to other industries. This situation has risks for banks and their customers. Experts noted that hackers who in 2019 refocused the attack from banks to government offices and industrial companies, can come back.

The banking market is in a dangerous situation, because the leading information security experts leave banks, finding application in other industries.

According to Alexander Vinogradov, the former head of the information security service at Zlatkombank, only among his acquaintances, 11 important Bank security officers who held senior positions resigned from credit institutions and found work in other areas — Telecom, retail, etc.

"The guys are just tired: the load on information security specialists has increased many times over the past year, the requirements have increased many times, many do not stand the load,” he said.

"The maximum responsibility and requirements with a very dubious return," — said Denis Malygia, the former head of the service of the Bank "Garant-invest", commenting on his decision to leave the post.

According to the information security experts, there is another problem, it is the unwillingness of banks to allocate budgets, which is why the risks of successful hacker attacks increase. Specialists of Group-IB said that 74% of the banks are not ready for hacker attacks.

Experts believe that the departure of information security specialists from banks is a dangerous trend. Maria Voronova, the Director of Consulting at InfoWatch Group of Companies, said that personnel risks, in particular, shortage of personnel, are one of the main operational risks in the field of information security.

According to experts, it is rather difficult to find a replacement for those who quit the bank. It may take about six months to find a new head of information security service.

It is interesting to note that in the first quarter of 2019, cyber attacks on the financial sector amounted to 6% of the total number of attacks on legal entities. State institutions (16%), medical (10%) and industrial companies (10%) became the most popular among hackers. If the bank security system will be more vulnerable, hackers can switch to this area.

CDSCO Warns Users and Providers against Potentially Hack-able Insulin Pumps!





The wireless communication between Medtronic’s Minimed insulin pumps and other remote controlled related devices like blood glucose meters. These have a high risk of being hacked.

Central Drug Standard Control Organization (CDSCO), the apex drug regulator issued an alert about a few of Medtronic PLC’s insulin pumps being hack-able in response to US FDA flagging the theme.

No complaints of the sort have been received so far from the market, but nonetheless it happens to be an essential issue that needs looking into and hence CDSCO alerted the medical professionals.

Due to the aforementioned alleged cyber-security issues, (nevertheless potential in nature) few of the insulin pumps from the Medtronic Minimed have been recalled.

The US drug regulator recommends people to swap their insulin pumps for different models due to the potential risks related with the communication between these pumps and other devices like glucose meters and CareLink USB device used with them.





An insulin pump is a medical device specifically designed to help  diabetics control their glucose levels. The device pumps insulin in the user’s body in continuous doses.

Every insulin pump from Medtronic’s Minimed has a serial number which according to CDSCO should never be shared.

Per the CDSCO’s alert, the insulin pumps which are susceptible to potential hacking, namely are, MiniMed Paradigm 715, 712, 722 and 754 with software versions 2.6A or lower.

According to sources, Medtronic is pre-emptive about informing the users, regulators and medical professionals about the potential cyber-hazards of the insulin pumps.

They are also readily working with researchers to aid the patients, users, doctors and stakeholders, find answers to any questions they may have.

Medtronic alluded to it that with the evolution of technology will “continue to collaborate with industry researchers and regulators and develop high quality therapies that will positively impact lives”.

The company also remarked that over the years many models of these insulin pumps have been launched where their quality has been focused upon with utmost seriousness and concern.