Search This Blog

Showing posts with label Cyber Security. Show all posts

White House To Update U.S’s Approach To Its Maritime Cybersecurity Strategy In Coming Months

 

With hopes to upgrade the U.S. government's approach to deal with its maritime cybersecurity strategy in the coming months, the Trump administration is presently attempting to improve and further secure down the United States' ability to 'project power at sea' and guard against adversarial cyberattacks. 
Their plan incorporates re-evaluating the national approach to deal with data sharing and better emphasizing the utilization of operational technologies in ports, as per one senior administration official. 

When two officials were approached to comment they declined on revealing any particular data about the administration's plans, saying more info would be very soon be made public. 

Yet, hackers have already begun their work, they have been for long focusing on shipping firms and the maritime supply chain to steal any data associated with the U.S. government or intrude on cargo operations and activities. 

Utilizing a strain of ransomware known as Ryuk, the hackers have undermined computer networks at a maritime transportation office a year ago simultaneously disrupting tasks for 30 hours, as per the U.S. Coast Guard. 

This declaration comes in the midst of a few endeavors at the Department of Defense to test preparedness and readiness against cyberattacks in the maritime domain. 

The Pentagon's offensive unit, Cyber Command, duplicated a cyberattack a year ago on a seaport. The Army is likewise taking an interest in an activity intended to 'simulate adversaries' focusing on U.S. ports this month. 

As of late, the Trump administration has been worried about a ransomware attack focused explicitly on a transportation organization, “affected COVID-19 supply chains in Australia,” which one senior organization official said.

 “Adversaries frequently interfere with ship or navigation systems by targeting position or navigation systems through spoofing or jamming, causing hazards to shipping,” one senior administration official said.

Microsoft Suffered A Rare Cyber-Security Lapse When One of Bing's Backend Servers Were Exposed Online

 

Microsoft endured a rather rare cyber-security lapse just this month when the company's IT staff incidentally left one of Bing's backend servers exposed on the web. 

Discovered by Ata Hakcil, a security researcher at WizCase, only imparted his discoveries to ZDNet the previous week. As per Hakcil's investigation, the server is said to have exposed more than 6.5 TB of log documents containing 13 billion records coming from the Bing search engine.

Hakcil said the server was exposed from September 10 to September 16, when he initially had informed the Microsoft Security Response Center (MSRC), and the server was made secure one more time with a password. 

The Wizcase researcher had the option to check and re-check his discoveries by finding search queries he performed in the Bing Android app in the server's logs.

 
Microsoft admitted to committing this mistake and commented last week, 

"We've fixed a misconfiguration that caused a small amount of search query data to be exposed," a Microsoft spokesperson told ZDNet in an email last week. After analysis, we've determined that the exposed data was limited and de-identified." ZDNet, which was provided access to the server while it was exposed without a password, can affirm that no personal user info was made public. 

Rather, the server exposed specialized details, like search inquiries, details regarding the client's system (device, OS, browser, etc.), geo-location details (wherever accessible), and various tokens, hashes, and coupon codes.
The leaky server was distinguished as an Elasticsearch system. Elasticsearch servers are high-grade systems where organizations collect huge amounts of information to handily search and channel through billions of records easily. 

Throughout the previous four years, Elasticsearch servers have frequently been the source of numerous coincidental information leaks. 

The reasons are known to fluctuate and can go from administrators neglecting to set a password; firewalls or VPN frameworks unexpectedly going down and uncovering an organization's normally-internal servers; or organizations duplicating production data to test systems that aren't always secured as rigorously as their essential infrastructure.

The Union Government To Come Up With National Cyber Security Strategy 2020

National Security Adviser Ajit Doval announced that the Union government is set to come up with National Cyber Security Strategy 2020 for guaranteeing a safe, secured, trusted, and resilient cyberspace. 

The proposed strategy toward uniting all cybersecurity agencies for making sure about, reinforcing, and synergizing the cybersecurity ecosystem by closely connecting with businesses, citizens, and beyond.

That endeavors were being made by adversaries to exploit the crisis in the wake of the pandemic through different misinformation, fake news, and social media campaigns. 

"For our adversaries, the huge data floating around in cyberspace is a goldmine for extracting information to undermine the privacy of our citizens and add to the vulnerability of protecting data of our critical information infrastructure, “Mr. Doval said.

He said that phishing campaigns utilizing the Coronavirus theme targeted banks, defence, and critical infrastructure during this period. 

Mr. Doval drew attention to how various conspicuous UPI IDs and web portals were produced while fake Arogya Setu applications propped up to misuse individuals' data only hours after the Prime Minister announced the launch of the PM Cares fund. 

He stated, "Malicious domains and websites to the tune of around 5,000 were registered in a short span of time. We have also witnessed an increase of 500% in cybercrime owing to people’s limited awareness and poor cyber hygiene. Financial frauds have also increased tremendously owing to the increased reliance on digital payment platforms...”

He regretted that absence of indigenous digital solutions like information-sharing facilities and social media platforms had antagonistically influenced the country's self-reliance and cybersecurity. 

He encouraged new start-ups to think of solutions linked with the nation's requirements and build-up ability to guarantee that the country's critical cyber assets were being monitored by skillful native professionals in resonance with the Prime Minister's take for Atmanirbhar.

Siemens USA Announced the Launch of Its Technologically Advanced Cyber Test Range

 

As the Coronavirus pandemic prompted an expansion in cyberattacks, this called for the need for certain facilities that would explicitly focus on prevention, discovery, and response solutions. For a similar reason, Siemens USA came up with the launch of its innovatively progressed cyber test go housed at its U.S. R&D headquarters in Princeton, New Jersey. 

The Siemens cyber test range was intended to test developing cybersecurity innovations against real-world situations to help distinguish and moderate potential weaknesses. 

The cyber range has embarked to turn into a hub where data scientists, security experts, and others can come together to perform inventive researches in the field of cybersecurity and prototype and approve new research ideas. 

Siemens' growing collection of operational innovation hardware and software components makes the range more valuable for 'a variety of industrially focused security research'.

The design of the facility was done keeping in mind the adaptability, permitting remote operation and range segments to be moved to different areas like gatherings, colleges, government research labs, and even customer environments. 

Siemens has partnered together with the Atlantic Council to utilize this cyber range to upgrade students' understanding during their 'Cyber 9/12 Strategy Challenge' arrangement through the re-enactment of cyberattacks on frameworks like advanced water treatment and power generation facilities. 

Today, Siemens and its products are upheld by a global association with more than 1,200 digital specialists. The organization's products and solutions have modern security functions that are inherent by design and empowered by default. 

Kurt John, Siemens USA's Chief Cybersecurity Office says “Cybersecurity is at the center of everything we do at Siemens. This cyber range will help Siemens continue to innovate in the field of critical infrastructure cybersecurity and build industry confidence in the secure digitalization of America’s operational technology. With this cyber range, our customers and partners can now join us on our ongoing journey to help mitigate cyberattacks and protect America’s critical infrastructure.” 

This cyber range will undoubtedly be another space for future pioneers to fabricate trust in associated foundation to shape an economical and a strong future and simultaneously for Siemens to ace the innovation foundational to a Fourth Industrial Revolution.

TikTok owner Chinese company clarifies to Microsoft that it would not be its new owner

 

Following President Donald Trump's executive order that labeled the video-sharing application TikTok as a "national emergency", its owner has a September 15 deadline decided to either sell the app to a US company or see the service banned completely banned from the US market.

Be that as it may, Microsoft had already stepped in the race before the official announcement came from the president, saying it was interested in taking up TikTok and incorporate "world-class security, privacy, and digital safety protections" to the app if it did. 

By uniting with Walmart to co-bid for the Chinese company's US, Canadian, Australian, and New Zealand operations. 

Microsoft authorities dubbed the conversations as "preliminary", highlighting that it was not planning to give any further updates on the discussions until there was a definitive result. ByteDance, the Chinese multinational internet technology, said it would exclude TikTok's algorithm as a feature of the sale, as per a South China Morning Post report, and further clarified to Microsoft that it would not be its new owner.

Sunday's blog post emphasized what Microsoft has expressed right from the beginning - that the potential procurement would have required "significant changes" to the application's present status. 

The company moreover explained in a blog post, "ByteDance let us know today they would not be selling TikTok's US operations to Microsoft, we are confident our proposal would have been good for TikTok's users while protecting national security interests." 

"To do this, we would have made significant changes to ensure the service met the highest standards for security, privacy, online safety, and combatting disinformation, and we made these principles clear in our August statement.." 

Nonetheless, following Microsoft's bid, Oracle has also started holding discussions with ByteDance, indicating its interest in the video-sharing application. 


The Wall Street Journal on Monday morning revealed that Oracle would soon be announced as TikTok's "trusted tech partner" and that the video-sharing platform's sale would not actually be organized as an acquisition. 

Meanwhile, Tik Tok affirms that it would launch a lawsuit against the US government concerning its ban. Any possible lawsuit, however, would not keep the company from being constrained to auction the application in the US market.

Russian cloud storage will protect user data before elections


The creation of the Russian cloud services will allow protecting confidential data of not only ministries or departments, but also of ordinary Internet users, said political analyst Yuri Samonkin.

MTS group of companies announced the launch of a cloud service with an increased level of protection. It is assumed that the new service will be in demand among government organizations, ministries, departments and private companies that carry out government orders, said Oleg Motivilov, Director of MTS cloud business. According to him, the new system meets all the requirements of the law on personal data protection.

Russia is one of the leaders in the development of Internet technologies, said Yuri Samonkin, President of the Eurasian Institute of Youth Initiatives. He believes that the current realities of the Internet dictate the need to create new digital solutions, such as cloud storage.

According to him, many Russians use Western social networks and other Internet resources. Therefore, the issue of protecting their personal data, which is often "leaked", is very relevant.

On the eve of the upcoming elections, the issue of cyber defense is becoming even more acute. It is necessary to protect from external interference not only the personal data of the voters themselves but also the servers of the relevant departments.

"State and municipal portals should be located not on Western servers, but on domestic ones. This will avoid information leakage and hacking", concluded Mr. Samonkin.

Earlier, E Hacking News reported that Russia has worsened its position in the ranking of countries with the most stable segments of the national Internet, dropping from 11th to 13th place. 

Microsoft Confirms Cyber-Attacks on Biden and Trump Campaigns

Microsoft reports breaching of email accounts belonging to individuals associated with the Biden and Trump election campaigns by Chinese, Iranian, and Russian state-sponsored hackers. 

Tom Burt, Corporate VP for Customer Security and Trust at Microsoft, revealed the occurrences in a detailed blog post after Reuters announced about a portion of the Russian attacks against the Biden camp. 

"Most of these assaults" were recognized and blocked, which is what he added later and revealed in the blog post with respect to the additional attacks and furthermore affirmed a DNI report from August that asserted that Chinese and Iranian hackers were likewise focusing on the US election process.

 As indicated by Microsoft, the attacks conducted by Russian hackers were connected back to a group that the organization has been tracking under the name of Strontium and the cybersecurity industry as APT28 or Fancy Bear. 

 While Strontium generally carried out the spear-phishing email attacks, as of late, the group has been utilizing 'brute-force' and password spraying techniques as an integral technique to breaching accounts. 

Then again, the attacks by Iranian hackers originated from a group tracked as Phosphorous (APT35, Charming Kitten, and the Ajax Security Group). 

These attacks are a continuation of a campaign that began a year ago, and which Microsoft recognized and cautioned about in October 2019. At that point, Microsoft cautioned that the hackers focused on "a 2020 US presidential campaign" yet didn't name which one. 

Through some open-source detective work, a few individuals from the security community later linked the attacks to the Trump campaign. 

What's more, only a couple of days back Microsoft affirmed that the attacks are indeed focused on the Trump campaign, yet in addition unveiled a new activity identified with the said group. The attacks were likewise identified by Chinese groups. 

While presently there are several hacking groups that are assumed to work under orders and the security of the Chinese government, Microsoft said that the attacks focusing on US campaigns originated from a group known as Zirconium (APT31), which is a similar group that Google spotted not long ago, in June. 

Microsoft says it detected thousands of attacks coordinated by this group between March 2020 and September 2020, with the hackers accessing almost some 150 accounts during that time period.


Russia has fallen to 13th place in the world ranking of the stability of Internet segments

According to Qrator Labs, a company specializing in ensuring the availability of Internet resources and countering DDoS attacks, Russia has worsened its position in the ranking of countries with the most stable segments of the national Internet, dropping from 11th to 13th place. Experts attribute this to the continuing expansion of the market of Internet operators and the slow transition to the new IPv6 protocol, which allows using more IP addresses.

The rating of the stability of the national segments of the Internet has been calculated since 2016 among 249 countries of the world. According to the rating, Russia took the 13th place this year, the year before the Russian Federation took the 11th place.

Experts believe that the use of a more advanced version of IPv6 by network operators along with the IPv4 Protocol can increase the stability of Internet segments. Then in case of problems with one Protocol, the other will work.

According to Google, just over 30% of users in the world use the new Protocol, while in Russia this figure is slightly more than 5%.

The problem is that Russia does not have a universal program for switching to IPv6. "It is difficult to force current market participants to switch to a new Protocol, because they will have to upgrade equipment and hardware and software systems, and this is a serious expense," said Andrey Vorobyov, director of the Coordination Center for .ru / .РФ domains.

The global five countries are led by Brazil, Germany, Switzerland, Ukraine and the United Kingdom. Next in the ranking are the Netherlands, Canada, the United States, France and Liechtenstein. Four newcomers, Liechtenstein, Japan, Indonesia and Argentina, entered the top 20 this year, while Luxembourg, Czech Republic, Ireland and Bulgaria left. Hong Kong dropped eight positions in a year.

A New Set of Cybersecurity Principles Issued By the White House


A new set of cybersecurity principles were recently issued by the White House to ensure its commercial and critical infrastructure investments in space.

The short document states: “The United States considers unfettered freedom to operate in space vital to advancing the security, economic prosperity, and scientific knowledge of the Nation.” 

As the US focuses on this unfettered access critical to its future, it additionally increased the utilization of digital services and technologies delivered by satellites. The move was brought about as the focus of the White House goes beyond military operations in space.

The nation is worried about the effect of cybersecurity attacks against a scope of services delivered by satellite, for example, the global positioning systems. GPS is particularly significant, to military activities as well as regular citizen use.

The Space Policy Directive 5 details a list of suggested best practices for making sure that the information systems, netwoRk “radio-frequency-dependent wireless communication channels” that together power US space systems.

“These systems, networks, and channels can be vulnerable to malicious activities that can deny, degrade or disrupt space operations, or even destroy satellites,” the document stated.

“Examples of malicious cyber-activities harmful to space operations include spoofing sensor data; corrupting sensor systems; jamming or sending unauthorized commands for guidance and control; injecting malicious code; and conducting denial-of-service attacks.”

Among the suggested best practice principles was the utilization of “risk-based, cyber-security-informed engineering” to create and operate space systems, with persistent monitoring for vindictive action and of system configurations. 

 Other elements that will help ensure a good baseline of cybersecurity were mentioned as:
1. Protection against unauthorized access to space vehicle functions 

2. Physical protection of command

3. Control and telemetry receiver systems

4. Measures to counter communications jamming and spoofing

5. Management of supply chain risks and improved collaboration between space system owners. 

The document likewise included that such attacks could bring about the loss of mission data, damage to space systems, and loss of control over space vehicles such as satellites, space stations, and launch vehicles, which could lead to collisions that generate dangerous orbital debris.

Russian experts warn about security risks of Bluetooth on a smartphone

Associate Professor of computer science at the Russian University of Economics, Alexander Timofeev said that hackers can use Bluetooth to break into an electronic device.

"The possibility of Bluetooth hacking can endanger any information stored on the device (photos, emails, texts). In addition, an attacker can gain control of the device and send unwanted data to it,” noted Timofeev.

According to him, at the hacker festival What The Hack, which takes place in the Netherlands, experts showed how using a laptop and a special program with a directional antenna people can eavesdrop on what the driver of a passing car is talking about through a Bluetooth headset.

The head of Check Point Software Technologies Ltd. Sergey Zabula agreed that constantly enabled Bluetooth carries a significant threat to the security of the phone and its owner. Scammers are constantly improving their attack methods, and the small range of Bluetooth signal propagation is no longer a problem for them.

"Using amplifiers, hackers can get into a user's device without even asking for their permission and without knowing the secret key of the connection”, noted Mr. Zabula.

The consequences of attacks using Bluetooth can be varied. So, in just a few seconds, fraudsters can connect to a user's device, install malware, and eventually steal or delete valuable information. Moreover, via Bluetooth, hackers can listen to calls, set their forwarding, and send calls and text messages, which in turn leads to financial losses of the victim. Also, using a Bluetooth connection, fraudsters can carry out a DoS attack and completely disable the phone.

Experts recommend disabling Bluetooth as soon as it is no longer necessary, since this function, when activated, is a "godsend for scammers."

Paytm Mall Suffers Data Breach, Hackers Demanded Ransom


Paytm has allegedly suffered a huge data breach after a hacker group targeted the company's PayTM Mall database and demanded a ransom in return for the data. 
The hacker group, dubbed as 'John Wick' and has been known for hacking the database of companies under the pretense of helping them fix bugs in their frameworks. 

Global cyber intelligence agency Cyble stated that the John Wick hacker group had 'unhindered' access to Paytm Mall's whole production database through indirect access, which potentially influences all accounts and related info at Paytm Mall.

An official update Cyble states, “According to the messages forwarded to us by our source, the perpetrator claimed the hack happened due to an insider at Paytm Mall. The claims, however, are unverified, but possible. Our sources also forwarded us the messages where the perpetrator also claimed they are receiving the ransom payment from the Paytm mall as well. Leaking data when failing to meet hacker's demands is a known technique deployed by various cybercrime groups, including ransomware operators. At this stage, we are unaware that the ransom was paid..” 

The volume of info breached is presently unknown however, Cyble claims that attackers have made demands for 10 ETH, which is equivalent to USD 4,000. 

Paytm Mall spokesperson comments, "We would like to assure that all user, as well as company data, is completely safe and secure. We have noted and investigated the claims of a possible hack and data breach, and these are absolutely false. We invest heavily in our data security, as you would expect. We also have a Bug Bounty program, under which we reward responsible disclosure of any security risks. We extensively work with the security research community and safely resolve security anomalies." 

Nonetheless, 'John Wick' is known to have been broken into numerous Indian companies and collected ransom from different Indian organizations including OTT platform Zee5, fintech startups, Stashfin, Sumo Payroll, Stashfin, i2ifunding, through different aliases, like 'South Korea' and 'HCKINDIA'.

The Ministry of Internal Affairs of Bashkortostan intends to cooperate with white hackers to reduce cyber crime

The Ministry of Internal Affairs of Bashkortostan is ready to cooperate with white hackers and programmers to solve Internet crimes together with them. Law enforcement agencies want to attract volunteers-experts from among students-programmers to solve cybercrimes.

According to Major General of Justice, Deputy Minister, Head of the Main Investigation Department of the Ministry of Internal Affairs of the Republic of Bashkortostan Oleg Oleinik, the regional department of the Ministry of Internal Affairs is working together with the Regional Center of the Volunteer Movement and the police already have experience in cooperation with young programmers.

Recall that in the last two years, the number of cybercrimes in Bashkortostan has grown by almost 2.5 times: if in 2018, 2,500 cybercrimes were recorded, in 2019 – 6,300, then in the seven months of 2020, 6,500 cases have already been opened. Fraudsters use social engineering methods and debit money from cards of victims without any special technical means.

The Bashkortostan police said that they are ready to cooperate with IT companies that are also interested in eliminating cyber fraud. 

The interim head of the Department for Disclosure of General Criminal Frauds and Theft Committed Using Information and Telecommunication Technologies of the Criminal Investigation Department of the Ministry of Internal Affairs Marat Guzairov said that the crime is especially developed in the DarkNet, where databases are uploaded, weapons, drugs are sold, and pornography is distributed. Violation of the law occurs with the help of messengers, as well as resources blocked by Roskomnadzor, which can be accessed using certain programs.

According to the police, many young people are aware of this and could transfer their knowledge to law enforcement agencies.


Microsoft's new report suggest a rapid transformation in cyber security due to the pandemic

 In just two months of the pandemic, the digital world went through "two years worth of digital transformation" according to Microsoft and to compute these changes the company did a survey of 800 leaders from companies with more than 500 employees from the United States, United Kingdom, India, and Germany. The report circumcises the pandemic threat landscape, the long term cybersecurity, budget, staffing, and the adjustments companies did to update their security.


The crux of the matter remains that the pandemic bought on a  multitude of attacks and scams but the very thing strengthened the need for better cybersecurity and many businesses realized this and overall we saw a grave change where digital security is concerned.

According to Microsoft's report following are the changes bought on in cybersecurity by the global pandemic in the long term-

Security as a prime factor in Digital Empathy
With scales of business going WFH (work from home), business leaders quickly realized better security is more productive and drives a better end-to-end experience. For most business leaders the main aim was to improve user experience and productivity thus investing in cybersecurity with VPNs and Multi-factor authentications. The reports show a considerable increase in cybersecurity investments in the surveyed countries since the beginning of the pandemic.

Zero Trust Journey
According to csooonline.com, "Zero Trust is a security concept centered on the belief that organizations should not automatically trust anything inside or outside its perimeters and instead must verify anything and everything trying to connect to its systems before granting access." Earlier, this Zero Trust capability was an option, now this has become the priority and everyone's on it for a much secure and private environment inside the database of the company.

More Database, Better Threat Intelligence
The pandemic highlighted the advantages of cloud backups and threat tracking. Microsoft tracked around 8 Million threats daily from around the world due to the diverse and large data input. With the help of automated tools, human insights, and large data, many threats could be tracked and stopped before they reached the user. 

Cyber reliance key to business operations
Cyber Security is fundamental for efficient business operations and cyber resilience. For that remote workplace, businesses need to constantly update their security plans and threat assessment as well as employ end to end security solutions.

Microsoft reports, "More than half of cloud forward and hybrid companies report having cyber-resilience strategy for most risk scenarios compared to 40% of the primarily on-premises organization. 19% of companies relying primarily upon on-premises technology do not expect to maintain a documented cyber-resilience plan."

Cloud Security Solutions as Inevitable 
Nearly, 40% of organizations invested in cloud security solutions, followed by Data and Information Security (28%), Network Security(27%), and Anti-phishing tools (26%). Cloud not only protects data but also helps track security issues and provides overall integrated security.





  

Uber's Former Chief Security Officer Charged for Covering up A Massive Data Breach

Uber's former chief security officer, Joe Sullivan, was very recently charged by the federal prosecutors in the United States for covering up an enormous data breach that the company had endured in 2016.

Sullivan "took deliberate steps to conceal, deflect, and mislead the Federal Trade Commission about the breach" that additionally included paying hackers $100,000 ransom to keep the incident a secret, according to the press release published by the U.S. Department of Justice. 

It said, "A criminal complaint was filed today in federal court charging Joseph Sullivan with obstruction of justice and misprision of a felony in connection with the attempted cover-up of the 2016 hack of Uber Technologies.” 

The 2016 Uber's data breach exposed names, email addresses, phone numbers of 57 million Uber riders and drivers, and driving license numbers of around 600,000 drivers. 

The company revealed this data out in the open almost a year later in 2017, following Sullivan's exit from Uber in November. 

Later it was reported for, that two hackers, Brandon Charles Glover of Florida and Vasile Mereacre of Toronto, were the ones responsible for the incident and were the ones to whom Sullivan ‘approved’ paying cash in return for the promises to delete information of the clients that they had stolen.

The problem initially began when Sullivan, as a representative for Uber, in 2016 was reacting to FTC inquiries with respect to a previous data breach incident in 2014, and at the same time, Brandon and Vasile reached him in regards to the new data breach. 

"On November 14, 2016, approximately 10 days after providing his testimony to the FTC, Sullivan received an email from a hacker informing him that Uber had been breached again and his team was able to confirm the breach within 24 hours of his receipt of the email. Rather than report the 2016 breach, Sullivan allegedly took deliberate steps to prevent knowledge of the breach from reaching the FTC." 

As indicated by court archives, the ransom amount was paid through a bug bounty program trying to document the blackmailing payment as ‘bounty’ for white-hat hackers who highlight the security issues however have not compromised information. 

The federal prosecutors said, “After Uber personnel were able to identify two of the individuals responsible for the breach, Sullivan arranged for the hackers to sign fresh copies of the non-disclosure agreements in their true names. The new agreements retained the false condition that no data had been obtained. Uber's new management ultimately discovered the truth and disclosed the breach publicly, and to the FTC, in November 2017." 

However just last year, the two hackers were pleaded guilty to a few counts of charges for hacking and blackmailing Uber, LinkedIn, and various other U.S. corporations. In 2018, English and Dutch data protection regulators had likewise fined Uber with $1.1 million for neglecting to secure its clients' personal data during a 2016 cyber-attack.

As of now, if Sullivan is found guilty of cover-up charges, he could expect at least eight years in prison along with potential fines of up to $500,000.

Expert Malnev gave tips on detecting Keylogger

Alexey Malnev, head of the Jet CSIRT Information Security Monitoring and Incident Response Center of Jet Infosystems, spoke about how to detect a Keylogger.

According to the expert, this can be done by scanning the computer with antivirus software, as well as thanks to the built-in EDR (Endpoint Detection and Response) system that analyzes the processes and their memory operation within the operating system.

In the case of corporate devices, a traffic inspection system will help, which can detect a connection over a suspicious Protocol or to a suspicious server on the Internet. The presence of an incident monitoring center in an organization can help detect an entire cyber operation of attackers on its infrastructure, or targeted attacks.

According to the expert, the presence of Keylogger can be considered a symptom of a complete hacking of the user's computer, and this is very bad news for the user. The fact is that modern malicious software most often uses Keylogger as one of many modules.

"There is a high probability that there is already a whole set of other potential problems: theft of confidential files from the hard disk, interception of account data, hidden audio and video recording (if there are a microphone and video camera), the potential destruction of data (if there is a malicious ransomware encryption module), full remote access,” said he.

In such cases, users should immediately disconnect the computer from the local network and the Internet, and then, without restarting it, hand it over to specialists in cybercriminalism. According to Malnev, it is more important to determine how the computer was attacked.

Indian Prime Minister Announces a New Cyber Security Policy for the Country


On the celebration of India's 74th Independence Day, the Prime Minister of India Narendra Modi announced his plans about bring up a new cybersecurity policy for the country. 

While addressing the nation, in his speech he highlighted the threats radiating from cyberspace that could affect India's society, economy, and development. 

He emphasized the fact that dangers from cyberspace can jeopardize every one of these parts of Indian life and they shouldn't be taken for granted. The prime minister's comments come against the ever-increasing cyber threats and psychological warfare radiating from nations like Pakistan and China. 

As per news reports, during the border tensions at Ladakh, China and Pakistani social media activists had apparently joined hands to dispatch fake news and misinformation campaigns against India. 

At the point when the conflict happened along the Pangong Lake on 5-6 May, Weibo, the Chinese version of Twitter, had featured images of Indian fighters tied up and lying on the ground, with correlations made to Bollywood's 'muscular portrayal' of the Indian Armed forces.

 "The government is alert on this," Modi reassured the nation, later adding that the government will soon come out with a strong policy on this.

Apart from this, phishing attacks offering info on Covid-19 and equipment, or free testing with the aim to steal personal information have additionally been on a steady rise in India over the last few months. 

As indicated by a Kaspersky report, there is a 37% increase in cyber-attacks against Indian companies in April-June quarter, when compared with January-March quarter, with the reason being the implementation of a nationwide lockdown from March which made organizations and companies permit their employees to work from home.

Security Experts gave tips on how to protect online conferences from hackers

Video conferencing services attracted the attention of hackers because they gained huge popularity during the coronavirus pandemic. 

On Thursday, attackers disrupted a court hearing in the case of a Florida teenager accused of organizing the hijacking of a number of Twitter accounts. The hearing was held via the Zoom video conference service. The attackers disguised their names as CNN and the BBC and gained access to the conference, after which they began broadcasting pornographic videos and swearing. After that, the court session was postponed.

According to Artem Gavrichenkov, technical director of Qrator Labs, the phenomenon of Zoom-bombing, when attackers identify vulnerable conferences and enter them with the aim of espionage and hooliganism, became widespread in April, and by May-June it became widespread.

“To limit the access of attackers to sensitive content, all conferences should be password protected, and this password should be provided only to a limited number of people,” advised Gavrichenkov.

Denis Gavrilov, the consultant of the information security Center of Jet Infosystems, also recommends setting up a "waiting room" if there is such functionality in the platform, this will limit user access to the conference without the approval of the organizer.

Kaspersky Lab cybersecurity expert Dmitry Galov noted that it is necessary to download the program for a computer only from the official website, and for a smartphone - from official app stores.

"As our experts found out, in the spring of this year, the number of malicious files whose names contain references to popular services for online conferences (Webex, Zoom, etc.) has almost tripled compared to last year,” said he.

Anastasia Barinova, Deputy head of the Group-IB, advises using Zoom analogs at all. "To minimize the risks, I would recommend considering Zoom analogs: Google Meet, GoToMeeting, or Cisco's WebEx service," advised she.

Earlier E Hacking News reported that Russia will develop a similar Zoom platform for video communication by the beginning of the new school year.


A hack that fools Face Recognition AI into false identification


Face recognition AI is increasingly being used at Airports and at other security outlets, especially during a pandemic to heed to proper security measures of identifying people while maintaining social distancing but a recent discovery by McAfee, a cybersecurity firm has proved that these Face Recognition systems are not all that perfect.

Researchers at McAfee tested a face recognition system similar to the ones used at Airports for passport verification- they fed the system an image created by machine learning that looks like one person but is recognized as someone else by the face recognition software. This could allow someone to board a flight (who is on the no-flight list) as someone else who has the booking.

“If we go in front of a live camera that is using facial recognition to identify and interpret who they're looking at and compare that to a passport photo, we can realistically and repeatedly cause that kind of targeted misclassification,” said the researcher, Steve Povolny.

To trick the face recognition algorithm the researchers at McAfee used CycleGAN, which is an image translation algorithm that could transform your picture to make it look like something painted by Monet or make a summer picture look like a winter one.

The team used 1,500 photos of the project leads to be transformed by CycleGAN and after hundred of tries, CycleGAN created an image that the face recognition recognized as someone else instead of whom the human eye perceived.

But there are two concerns with the study- first, that the researchers had a similar face recognition system as they do at the airport security but not the same.“I think for an attacker that is going to be the hardest part to overcome, where [they] don’t have access to the target system” said Povolny. Second, CycleGAN takes time to create such an image and the software requires a high-end system to work functionally.

 The researchers aimed at the study to point out the vulnerability of Face recognition systems and the dangers of relying solely on these checks.

"AI and facial recognition are incredibly powerful tools to assist in the pipeline of identifying and authorizing people,” Povolny says. “But when you just take them and blindly replace an existing system that relies entirely on a human without having some kind of a secondary check, then you all of a sudden have introduced maybe a greater weakness than you had before.”

Online Michigan Bar Exam Hit by a Distributed Denial of Service (DDoS) Attack



The recently conducted online Michigan bar exam was briefly taken down as it was hit by a rather "sophisticated" cyberattack. 

The test had been hit by a distributed denial of service (DDoS) attack, which includes a hacker or group endeavoring to bring down a server by overpowering it with traffic according to ExamSoft, one of the three vendors offering the exam that certifies potential attorneys. 

The incident marked the first DDoS attack the organization had encountered at a network level, ExamSoft said, and it worked with the Michigan Board of Law Examiners to give test-takers more time to take the test after it was ready for action once more. 

The company noted that "at no time" was any information compromised, and that it had the option to “thwart the attack, albeit with a minor delay” for test-takers. 

The Michigan Supreme Court tweeted preceding the organization's statement that a "technical glitch" had made the test go down, and those test takers were “emailed passwords and the test day will be extended to allow for the delay for some test takers to access the second module.” 

As per the court, those taking the test with provisions from the Americans with Disabilities Act were not affected by the episode.

 “All exam takers were successfully able to start and complete all modules of the Michigan Bar exam,” the organization wrote. 

“This was a sophisticated attack specifically aimed at the login process for the ExamSoft portal which corresponded with an exam session for the Michigan Bar,” ExamSoft said in a statement on Tuesday. 

United for Diploma Privilege, a national gathering of law students, graduates, professors, and lawyers pushing for the bar exam to be postponed during the COVID-19 pandemic, raised worries about data privacy issues associated with the cyberattack.  

Numerous states have opted to offer the bar exam in-person this month, while others will offer the test online in early October. 

A spokesperson for the National Conference of Bar Examiners (NCBE), which drafts a segment of the test, told 'The Hill' just earlier this month that states and jurisdiction could decide to offer the test through vendors such as ExamSoft, Extegrity and ILG Technologies.


Firefox expected to release a fix for their "Camera active after phone locks" bug this October


A bug in Mozilla Firefox enabled websites to keep the smartphone camera active even after leaving the browser or locking the phone. The company is working on fixing the bug and are planning to release the fix around October this year.


The bug was first reported by Appear TV, a video delivery platform last year in July. The bug activates when a user opens a video streaming app from their Mozilla Firefox browser in their Android smartphone.

It was first noticed by Appear TV when the video kept playing in the background even when it should have stopped that is the video kept playing in the background even when the user moved out of the browser or pushed it to the background or locked the phone. This raised concerns over user's privacy and bandwidth loss. "From our analysis, a website is allowed to retain access to your camera or microphone whilst you're using other apps, or even if the phone is locked," said a privacy app, Traced in talks with ZDNet. "While there are times you might want the microphone or video to keep working in the background, your camera should never record you when your phone is locked".

On Fixing the Issue

 "As is the case with dedicated conferencing apps, we provide a system notification that lets people know when a website within Firefox is accessing the camera or microphone, but recognize that we can do better, especially since this gets hidden when the screen is locked," a Mozilla spokesperson said in a statement.

"This bug [fix] aims to address this by defaulting to audio-only when the screen is locked," Mozilla added. "[The fix] is scheduled for release at the platform-level this October, and for consumers shortly after."

Mozilla has been working on a next-generation browser Firefox Nightly with more focus on privacy to replace their current browser for Android. The update is out for testing.

"Meanwhile, our next-generation browser for Android, now available for testing as Firefox Nightly, already has a prominent notification for when sites access this hardware as well," said Mozilla.