Zwift hackers expose next generation of cycling doping


Cyber security experts proved they can hack into Zwift and boost their performance on the indoor cycling gaming platform.

The hack works by intercepting and manipulating data sent between smart trainers and Zwift.

It underscores the need to tighten security in e-racing, a growing field with UCI-sanctioned events and Olympic ambitions.

By his own admission, cyber security consultant Brad Dixon is a bit of a cycling hack. He rides his bike for fitness and recreation, but he’s better at cracking computer codes than cranking out pro-level wattage on two wheels.

Dixon’s lack of high-end fitness might keep him off the podium IRL, but his ability to game virtual reality could help him rise through the ranks in the ever-growing arena of e-sports, where cyclists compete, often for actual cash and real-world prizes, on stationary trainers via platforms like Zwift.

Last month, Dixon gave a 40-minute presentation at DEF CON, a popular computer security conference, called Cheating in eSports: How to Cheat at Virtual Cycling Using USB Hacks. He detailed how, with some standard hardware and an Xbox controller, he tricked the system into thinking he was humming around Watopia at race pace while doing nothing more strenuous than cracking open a beer.

“The game limits you to 2,000 watts of power, but for a recreational rider like me, that’s infinity,” said Dixon, who works at the New York-based consulting firm Carve Systems. “I can easily cruise around at 30-40 mph in the game at those watts, if not more.”

Such high speeds might immediately cause suspicion among anyone getting their Zwift kit blown off by a pixelated competitor. But smaller boosts, like a 5-10 watt gain here or there—enough to beat someone up a climb or to the line for a sprint—would be far less noticeable.

In the end, these numbers are all that determine how quickly your little cartoon cyclist pedals around the island. And numbers are exactly what gave Carve Systems CEO Mike Zusman, a former Cat 1 mountain bike racer, the notion for this particular hack.

Teen hacker-for-hire jailed for SIM-swapping attacks, data theft


A British teenager has been sentenced to 20 months in prison after offering hacker-for-hire services to cash in on trends including SIM-swapping attacks.

The UK's Norfolk police force said that 19-year-old Elliot Gunton, of Norwich, was sentenced at Norwich Crown Court on Friday after pleading guilty to hacking offenses. money laundering, the hacking of an Australian Instagram account, and the breach of a Sexual Harm Prevention Order.

In April 2018, a routine visit was conducted to Gunton's home with respect to the Sexual Harm Prevention Order that was imposed in 2016 for past offenses.

During the inspection, law enforcement found software which indicated the teenager may be involved in cybercrime, and the further investigation of a laptop belonging to Gunton and seized by police revealed that he had been offering himself as a provider of hacking services.

Specifically, Gunton offered to supply stolen personal information to those that hired him. This information, which could include personally identifiable information (PII) such as names, addresses, and online account details, could then be used to commit fraud and SIM-swapping attacks.

The theft and sale of PII is a commonplace occurrence today. However, SIM-swapping attacks are a relatively new phenomenon.

In order to conduct a SIM-swap, a fraudster will obtain some PII from a target and then call up their telephone subscription provider while pretending to be the true owner of the account. Social engineering then comes into the mix to convince the operator to switch the telephone number belonging to the victim to the attacker's control.

It might only be a short window in which the victim does not realize their number has been transferred, but this time frame can be enough for an attacker to bypass two-factor authentication (2FA), intercept calls and text messages, request password resets, and compromise online accounts ranging from email addresses to cryptocurrency wallets.

Hacker ordered to pay back £922k

A hacker who carried out cyber attacks on more than 100 companies has been ordered to pay back £922,978.14 of cryptocurrency.

Grant West had been jailed for fraud after carrying out attacks on brands such as Sainsbury's, Uber and Argos.

A police investigation, codename "Operation Draba", uncovered West's activity on the dark web under the moniker of "Courvoisier".

The confiscation order was made during a hearing at Southwark Crown Court.

West, from Sheerness, Kent, used phishing email scams to obtain the financial data of tens of thousands of customers.

He would then sell this personal data in different market places on the dark web, convert the profit made from selling financial details online into cryptocurrency, and store these in multiple accounts.

West, of Ashcroft Caravan Park, was jailed in May at Southwark Crown Court for 10 years and eight months.

Detectives had discovered evidence of West conducting cyber attacks on the websites of 17 major firms.

Following West's arrest, approximately £1m in cryptocurrency was seized from a number of his accounts. Taking currency fluctuations into account the currency is today valued at £922, 978.14.

The cryptocurrency will now be sold and the victims will receive compensation.

As well as financial data, he also sold cannabis which he shipped to customers, and "how to" guides instructing others how to carry out cyber attacks.

West also regularly used stolen credit card details to pay for items for himself, including holidays, food, shopping and household goods. West admitted conspiracy to defraud, possession of criminal property, unauthorised modification of computer material and various drugs offences.

Your home wi-fi isn't safe: Hackers know router trick to access bank accounts, card details

Next time when you connect smartphone or a laptop to relatively secure home Wi-Fi, you might actually be surprised how easy it is to hack into your home Wi-Fi network, courtesy that router installed by your Internet Service Provider (ISP). A small vulnerability in the home Wi-Fi network can give a criminal access to almost all the devices that access that Wi-Fi. This could spell trouble for bank accounts, credit card details, child safety and a whole lot of other concerns.

Trouble could come in the form of a neighbourhood kid who piggybacks on your Internet service. While he plays video games online and talks to his friends over VOIP (Internet-based) telephone service, your Internet service may become sluggish.

But an unsecured home wireless system can also be used to commit crime.

According to the US Department of Justice, law enforcement officers will come knocking on your door if someone uses your Internet connection to upload or download child pornography.

And the bad guys don't have to live next door. Powerful Wi-Fi antennas can pull in a home network's signal from as far away as over 4 kms.

According to Finnish cyber security firm F-Secure, for very little money, a hacker can rent a Cloud-enabled computer and guess your network's password in minutes by brute force or using the powerful computer to try many combinations of your password.

The US Computer Emergency Readiness Team (US-CERT) recently issued an alert about Russia-sponsored hackers carrying out attacks against a large number of home routers in the U.S.

According to Sanjay Katkar, Joint Managing Director and CTO, Quick Heal Technologies, cyber criminals are known to exploit vulnerabilities in home Wi-Fi routers by delivering a payload.

"Once infected with the malware, the router can perform various malicious activities like redirecting the user to fake websites when visiting banking or other e-commerce sites," Katkar told IANS recently.

Vulnerability in DHCP client let hackers take control of network

A critical remote code execution vulnerability that resides in the DHCP client allows attackers to take control of the system by sending malicious DHCP reply packets.

A Dynamic Host Configuration Protocol (DHCP) Client allows a device to act as a host requesting-configuration parameter, such as an IP address from a DHCP server and the DHCP client can be configured on Ethernet interfaces.

In order to join a client to the network, the packer required to have all the TCP/IP configuration information during DHCP Offer and DHCP Ack.

DHCP protocol works as a client-server model, and it is responsible to dynamically allocate the IP address if the user connects with internet also the DHCP server will be responsible for distributing the IP address to the DHCP client.

This vulnerability will execution the remote code on the system that connected with vulnerable DHCP client that tries to connect with a rogue DHCP server.

Vulnerability Details The remote code execution vulnerability exactly resides in the function of dhcpcore.dll called “DecodeDomainSearchListData” which is responsible for decodes the encoded search list option field value.

During the decoding process, the length of the decoded domain name list will be calculated by the function and allocate the memory and copy the decoded list.

According to McAfee research, A malicious user can create an encoded search list, such that when DecodeDomainSearchListData function decodes, the resulting length is zero. This will lead to heapalloc with zero memory, resulting in an out-of-bound write.

The vulnerability has been patched, and it can be tracked as CVE-2019-0547, The patch includes a check which ensures the size argument to HeapAlloc is not zero. If zero, the function exits.

You can follow us on Linkedin, Twitter, Facebook for daily Cybersecurity updates also you can take the Best Cybersecurity course online to keep yourself updated.

Bulgaria’s tax agency hacker released

A cybersecurity expert accused of hacking the data of more than 5 million Bulgarian taxpayers was released by police Wednesday after his charges were downgraded.

Kristian Boykov, a 20-year-old Bulgarian cybersecurity worker, was arrested in Bulgaria's capital Sofia last week in connection to the breach. Police raided his home and seized computers and mobile devices with encrypted information. The hacker was found by police through the computer and software used in the attack, according to the Sofia prosecutor's office.

Due to his work, which involves testing computer networks for potential vulnerabilities, some believe Boykov is a "white hat hacker" — a hacker that breaks into computer networks to expose vulnerabilities and push for the weaknesses to be fixed.

He has made news in Bulgaria before. In 2017, he hacked the Bulgarian education ministry's website to expose its vulnerabilities. In a television interview, he described the work as "fulfilling my civic duty."

Sofia prosecutors claim they tracked one of the stolen files from the latest data breach to a username used by Boykov. Boykov and his lawyer reject the allegations against him and say he was not involved in the incident.

The hack of the nation's tax agency database is believed to be the largest data breach in Bulgaria's history. Nearly every working adult in Bulgaria was impacted. In a country of 7 million, more than 5 million people had personal data such as social security information, addresses, incomes and names leaked and made easily accessible on the Internet.

Boykov was initially charged with a computer crime against critical infrastructure, with a maximum sentence of eight years in jail. Those charges were dropped and he was given a lesser charge of crime against information systems, which has a maximum jail sentence of three years.

The initial hack is believed to have happened in June. The breach remained undetected until an email from a Russian email address was sent to Bulgarian news outlets last week claiming responsibility for the attack. In the email, the sender claimed to be a Russian hacker, gave downloadable links to the stolen information and mocked Bulgaria's cybersecurity efforts.

Flaws in LTE can allow hackers to spoof presidential alerts


Last year, the United States performed the first public test of the national Wireless Emergency Alert (WEA), an alert system designed to send messages to smartphones, TVs, and other systems simultaneously. The test was specifically for the 'Presidential Alert,' a new category that can't be opted out of (like AMBER alerts). It turns out these types of alerts can be easily spoofed, thanks to various security vulnerabilities with LTE towers.

Researchers figured out a way to exploit the system that sends presidential emergency alerts to our phones, simulating their method on a 50,000 seat football stadium in Colorado with a 90 percent success rate.

A group of researchers at the University of Colorado Boulder released a paper that details how Presidential Alerts can be faked. An attack using a commercially-available radio and various open-source software tools can create an alert with a custom message.

Why it matters: The Wireless Emergency Alert (WEA) system is meant to allow the president to promptly broadcast alert messages to the entire connected US population in case of a nationwide emergency. It can also send out bad weather or AMBER alerts to notify citizens in a particular region or locality, thus making its operation critical. However, the exploitation of LTE networks used in it can enable the transmission of spoofed messages that can cause wide spread of misinformation and panic among the masses.

The researchers didn’t perform an actual attack on a live crowd at the stadium or on actual mobile devices, Eric Wustrow, a researcher on the paper, told Gizmodo in an email. The tests performed were instead done in isolated RF shield boxes, Wustrow said, “and our analysis of Folsom Field was a combination of empirically gathered data and simulation.”

First, alerts come from a specific LTE channel, so malicious alerts can be sent out once that channel is identified. Second, phones have no way of knowing if an alert is genuine or not. Adding digital signatures to alerts could potentially solve the latter problem, but the task would require device manufacturers, carriers, and government agencies to work together.

Asia Pacific is No 1 hunting ground for hackers

Global data from last year found that 64 per cent of all FireEye-managed detection and response customers were targeted again by the same or similarly motivated attack group -- up from 56 per cent in 2017 and Asia Pacific tops the list of malware report for 2019.

As organisations get better at detecting data breaches, hackers have become increasingly persistent, retargeting the firms they earlier broke into, US-based cybersecurity firm FireEye said on Monday.

A US-headquartered firm, Malwarebytes estimated an increase of 270% of malware detections amongst business in the Asia-Pacific region.

The financial services sector was seen to have the largest number of retargeted victims in 2018, particularly in the Asia-Pacific region, revealed the "FireEye 2019 Mandiant M-Trends Report". This trend is particularly relevant for the Indian market, given last year's cyber attack incidents at Cosmos Bank and State Bank of Mauritius.

Among the top ten countries that pose the biggest threat to malware, Asia Pacific tops the list with five countries.

Country                                          Biggest Threat

1. United States                              Information Theft
2. Indonesia                                    Backdoors
3. United Kingdom                         Information Theft
4. France                                         Information Theft
5. Malaysia                                     Backdoors
6. Thailand                                      Backdoors
7. Australia                                     Cryptomining
8. Germany                                     Information Theft
9. Brazil                                          Adware
10. Philippines                                Information Theft

"I encourage Indian firms to reassess their security posture and determine whether they can quickly detect and respond to intrusions," said Steve Ledzian, Vice President and APAC CTO, FireEye.

The Indian businesses must also determine whether "they know who is likely to attack them and how, and whether they have tested their security against human attackers in a red team scenario to try to spot weaknesses before their real world adversaries do," Ledzian said in a statement.

Singapore, a prized target

In Singapore alone, Malwarebytes saw a 180% increase in malware detections amongst the business sectors.

In the meantime, organisations appear to be getting better at discovering breaches internally, rather than being notified by an outside source such as law enforcement.

New attack lets hackers run bad code despite users leaving web page

Academics from Greece have devised a new browser-based attack that can allow hackers to run malicious code inside users' browsers even after users have closed or navigated away from the web page on which they got infected.

This new attack, called MarioNet, opens the door for assembling giant botnets from users' browsers. These botnets can be used for in-browser crypto-mining (crypto jacking), DDoS attacks, malicious files hosting/sharing, distributed password cracking, creating proxy networks, advertising click-fraud, and traffic stats boosting, researchers said.
The MarioNet attack is an upgrade to a similar concept of creating a browser-based botnet that was described in the Puppetnets research paper 12 years ago, in 2007.

The difference between the two is that MarioNet can survive after users close the browser tab or move away from the website hosting the malicious code.
This is possible because modern web browsers now support a new API called Service Workers. This mechanism allows a website to isolate operations that rendering a page's user interface from operations that handle intense computational tasks so that the web page UI doesn't freeze when processing large quantities of data.

Technically, Service Workers are an update to an older API called Web Workers. However, unlike web workers, a service worker, once registered and activated, can live and run in the page's background, without requiring the user to continue browsing through the site that loaded the service worker.

MarioNet (a clever spelling of "marionette") takes advantage of the powers provided by service workers in modern browsers.

The attack routine consists of registering a service worker when the user lands on an attacker-controlled website and then abusing the Service Worker SyncManager interface to keep the service worker alive after the user navigates away.

The attack is silent and doesn't require any type of user interaction because browsers don't alert users or ask for permission before registering a service worker. Everything happens under the browser's hood as the user waits for the website to load, and users have no clue that websites have registered service workers as there's no visible indicator in any web browser.

" Narcos " helping users to potentially curb Cybercrime




The dark web isn't only a market for illicit drugs and stolen Visa or credit card numbers but rising underneath the surface of this already uncertain market place is a growing economy flourishing on stolen identities.

There is a developing interest for favoured user logins on the dark web, and the outcomes could indeed have devastating consequences for organizations and businesses around the world.
It is as comparative as the famous Netflix original series "Narcos" which recounts the story of former drug chieftain Pablo Escobar, who in his prime made as much profit trafficking cocaine in a year than the entire total national output of Colombia. And keeping in mind that there were many components and factors that prompted and later led to the rise of Escobar, the most critical was the developing worldwide demand.

Amidst all this a simple formula is followed from consumer credit card logins to iOS administrator credentials.

The more access someone has to a system, the more valuable their identity is on the dark web.

Experts estimate that stunning revenue of $800,000 a day by AlphaBay, which was taken down in July, demonstrates that the money made on the black market can overshadow what many best and no doubt the top security organizations—who are in charge of protecting these identities—acquire every year.

Today almost 80 per cent of all cyber security breaches involve privileged login credentials according to Forrester Research.

In the wrong hands those privileged logins can wreak destruction and havoc on a business either through an arranged inward attack or by closing a framework (system) down for ransom.
In a current illustration featured in a report from BAE systems and PwC, a group called APT10 focused solely on the privileged credentials of managed IT service co-ops (MSPs) that further permitted the hacker unprecedented potential access to the intellectual property and sensitive information of those MSPs and their customers all around.

The dark web is lucrative to the point that anybody with software engineering abilities and a wayward good compass can endeavour to trade out; therefore one cannot avoid and ward off every 
attempt to break into their system.

Understanding and realising that, we must ensure that no user has full, uncontrolled and unregulated access to our networks and systems. As it turns out to be certain that the most ideal approach to avert hackers, hoping to offer your privileged credentials on the dark web is to debase them however much as could be expected.

To bring this back around to "Narcos," if cocaine clients amid Escobar's rule as a narco-trafficker all of a sudden ended up being noticeably invulnerable to the forces of the  drug, the market demand—and the fortune Pablo Escobar was hoarding—would have long dried up.


 Similarly on the off chance that we could check the straightforwardness or the ease at which culprits can utilize privileged credentials we can possibly control the cybercrime. The same is valid for offering and selling credentials and certifications alike, on the dark web.