Search This Blog

Showing posts with label Hacking. Show all posts

Impact of Covid-19 Web Threats on Cybersecurity, A Report from Beginning to End

 

Cyberattacks during the Covid-19 pandemic exposed the flawed systems of cybersecurity. We should glance at these attacks and learn new ways to strengthen cybersecurity infrastructure from experience.

Impact of cyberattacks during the pandemic- 

Until the first quarter of 2020, the FBI's cyber division reported a 3-4 times surge in cyberattacks complaints since the start of Covid-19. According to Interpol and FBI data, there has been a massive increase in ransomware, phishing, DDoS and malware attacks; since the coronavirus pandemic. Hackers used email platforms to carry out their web threats. 

Interpol reports, "Cybercriminals are taking advantage of the widespread global communications on the coronavirus to mask their activities. Hospitals, medical centers, and public institutions are being targeted by cybercriminals for ransomware attacks – since they are overwhelmed with the health crisis and cannot afford to be locked out of their systems, the criminals believe they are likely to pay the ransom. The ransomware can enter their systems through emails containing infected links or attachments, compromised employee credentials, or exploiting a system's vulnerability."  

Most of the attacks are disguised under the theme of Covid-19. Hackers copy fake organization platforms like WHO to commit frauds and target victims. Via these platforms, the hackers lure their victims into transferring money, providing banking details, stealing personal user data. All these attacks resulted in making COVID-19 themed attacks the highest in 2020. 

What can we learn from these attacks? 

Hackers use panic and fear to target their victims. The malware and phishing attacks during the Covid-19 pandemic prove that attackers use fear to intimidate their targets. In March alone, experts discovered more than 40000 high risk and 2000 malicious domains. In April 2020, Google reported around 240 million coronaviruses themed malware and spams. Google website says, "Every day, Gmail blocks more than 100 million phishing emails. During the last week, we saw 18 million daily malware and phishing emails related to COVID-19. This is in addition to more than 240 million COVID-related daily spam messages. Our ML models have evolved to understand and filter these threats, and we continue to block more than 99.9% of spam, phishing, and malware from reaching our users."

Nintendo Confirms Around 160,000 User Accounts Affected in Recent Hacks


On Friday, the Japanese gaming giant, Nintendo confirms that around 160,000 user accounts of Nintendo Switch users have been affected in the recent hacking attempts.

Nintendo's Switch game console is immensely popular among avid gamers and its demand has risen dramatically amid the lockdown forced by COVID-19 pandemic, making it out of stock almost everywhere. As the number of people turning to Nintendo is rapidly increasing, the number of hackers targeting digital accounts has also increased as a result.

In the wake of the breach, Nintendo has disabled the option of logging into a Nintendo account via Nintendo Network ID (NNID)– login IDs and passwords of the users have been acquired in an unauthentic way by some means other than Nintendo's service, the company confirmed. Notably, these attempts to access accounts illegally have been made since the beginning of April. The information compromised during the breach includes usernames, DOB, email addresses, and country.

The company has notified all the affected users of the breach through an email, alerting them to reset their passwords.
Meanwhile, the company also warned the users in case they have used a common password for their NNID and Nintendo account, and said, “your balance and registered credit card / PayPal may be illegally used at My Nintendo Store or Nintendo eShop.”

The company further recommended the users to enable two-factor authentication as some accounts are already being used to make fraudulent purchases. Affected users are advised to contact Nintendo so that the company can examine their purchase history and cancel fraudulent purchases.

"We will soon contact users about resetting passwords for Nintendo Network IDs and Nintendo Accounts that we have reason to believe were accessed without authorization," the company said.

While apologizing to the customers, Nintendo said, "We sincerely apologize for any inconvenience caused and concern to our customers and related parties,"

"In the future, we will make further efforts to strengthen security and ensure safety so that similar events do not occur." the company added.

L4NC34 Ransomware Teaches That Ransomware Attacks Ought To Never Be Trifled With




There is no denying the fact that whenever the word ransomware is mentioned computers are an instinctive afterthought to have been largely infected by the same. The impact is without a doubt an extremely serious one and so it always escapes our notice that it’s the websites also that are touched upon by this impact.

While Ransomware is normally thought to be a method wherein files are encrypted in a super-perplexing way, alongside a ransom note asking hundreds to thousands of dollars’ worth of cryptocurrency.

Typically this is kind of the reality — however, attackers aren't very similar to each other and not all may have the technical ability or would even attempt to go to such lengths.

Thus as of late, there was a case where the entire website files were apparently encrypted and had their file names changed to affix a ".crypt".

Among the files, we additionally found the ransom note one might usually discover in this type of malware, but this one was somewhat unusual — it wasn't an HTML or a .txt file. Rather, the ransom note was actually located inside a PHP file and appeared to contain actual capacities.

Here is a more critical look at the file.



The code of the malicious PHP file is as follows:

'.base64_decode('PHRpdGxlPkw0TkMzNCBSYW5zb213YXJlPC90aXRsZT4KPGx[pbmsgcmVj[REDACTED BASE64 CODE]dCBNYWlsIDogbDRuYzM0MEBnbWFpbC5jb20=').'

At first glance, nothing looks particularly surprising here, when decoded the result is:

L4NC34 Ransomware "; } function decdir($dir){ $files = array_diff(scandir($dir), array('.', '..')); foreach($files as $file) { if(is_dir($dir."/".$file)){ decdir($dir."/".$file); }else { decfile($dir."/".$file); } } } decdir($_SERVER['DOCUMENT_ROOT']); echo "
Webroot Decrypted
"; unlink($_SERVER['PHP_SELF']); unlink('.htaccess'); copy('htabackup','.htaccess'); echo 'Success !!!'; } else { echo 'Failed Password !!!'; } exit(); } ?>

L4NC34 ransomware


Your Website Is Encrypted

Don't Change the Filename because it Can Damage the File If You Want to Return You Must Enter the Password First
Send Me $10 For Back Your Website

Bitcoin Address :


Contact Mail: l4nc340@gmail.com

Now the portions of code responsible for displaying the ransom note, along with the actual decryption process for the files are very clearly visible.

However, this code contains a few specific characteristics that are worth noting.

$input = $_POST['pass']; $pass = "9c6679accb84e3ef938b1f4c24158355"; if(isset($input)) { if(md5($input) == $pass) {


This 'snippet' basically verifies if the password inputted on the page coordinates the hardcoded md5 hash. That appears to be somewhat odd; one may expect that the alleged key was not hardcoded — yet if so, at that point there might be a purpose behind these apparently encrypted files.

This next bit is answerable for the ransomware's file decryption function:

function decfile($filename){ if (strpos($filename, '.crypt') === FALSE) { return; } $decrypted = gzinflate(file_get_contents($filename)); file_put_contents(str_replace('.crypt', '', $filename), $decrypted); unlink('crypt.php'); unlink('.htaccess'); unlink($filename); echo "$filename Decrypted !!!
";


While there really isn’t anything special or very complex about it. The decryption process just seems to take into account the actual contents of the file and then gzinflate them.

From what is clearly evident here, it’s safe to assume that the only way this hacker “encrypted” the files was to gzdeflate the files and change their file name.

This is what one of the encrypted files looked like:



Backing up to the original ransom note/script and modifying it to execute the decryption function without affecting anything else.

We can go ahead and run it either through a terminal or through the browser directly. And when done so with the following command:

$php ransom.php
Webroot Decrypted
Success !!!


What’s visible is the decrypted contents of the previous file, which look as expected.



Well, thankfully the ransomware encryption was easily and quickly reverted without paying the $10 fee.

But the question that still stands strong is that since it’s so easy to reverse this infection, ‘Did someone ever even end up paying the attacker?’

The answer to which can be found if we take a look at the bitcoin wallet address



Fortunately, it appears that there were no transactions on this wallet. Ideally, that implies that none of the infected sites wound up paying the ransom and had the option to return the malignant file without issues.

In any case, this being observed the Ransomware attacks ought to never be trifled with as in the United States alone, potential expenses surpassed $7.5 billion in 2019. What's more, much like other ransom included crimes, but still, there's no guarantee that paying a ransom will end in a positive result.

A Brand New Virus That Incorporates Mining, Hacking and Backdoor Modules


Dubbed as CrazyCoin, a brand new virus has been recently discovered by researchers, which spreads through the NSA leaked EternalBlue exploit kit. The researchers came across this new computer virus as they found that it incorporates numerous capabilities in its arsenal. 

The virus allegedly incorporates mining, hacking, and 'backdoor' modules. After it taints a user's machine, it downloads mining and data-stealing modules. Later it plants the Double Pulsar backdoor program so that every one of these modules cooperates with one another and plays out their own activities. 

As indicated by researchers from 360 Baize Labs who found the infection, “The powershell script is responsible for downloading various modules to the victim’s machine for execution.” They state that the mining module incorporated in the virus is utilized to mine Monero and HNS coins. 

Furthermore, among the data stolen by the virus' stealing module are the victim's sensitive documents, like the ID cards, passwords, bitcoin wallets and so on. 

This stolen information is later sent back to a server controlled and handled by the attackers. Exhorting the users the researchers warn them about a few certain things as CrazyCoin 'leverages' the EternalBlue endeavor to proliferate across systems. This exploit kit is known for abusing a vulnerability in SMBv1, it is important to further update security patches against it. 

The vulnerability CVE-2017-0144 exists on the grounds that the SMB version 1 server in different variants of Microsoft Windows mishandles exceptionally created packets from remote attackers, permitting them to execute arbitrary code on the targeted computer. 

The CrazyCoin virus is said to listen and receive commands on port 3611.

HACKED- Windows 10, macOS, Adobe, VMware, Apple and Oracle at The Pwn2Own 2020!


Pwn2Own is a well-known computer hacking contest which is held once every year at the CanSecWest security conference. In this contest, the contestants are tested on how well they could exploit commonly used software and mobile devices with formerly unheard of vulnerabilities.

An issue as grave as the Coronavirus pandemic has clearly not affected the spirits of the Pwn2Own 2020 hacking competition which got done with its first two days.

On Day 1, security researchers and participants bagged a handsome amount of over $180,000 for exploiting the Windows 10, Ubuntu Desktop and macOS, mention sources.

Reportedly, a “team from the Georgia Tech Systems Software and Security Lab succeeded in exploiting a kernel privilege escalation to execute code on macOS” by way of Safari. The attack mechanism that ended up winning for the team $70,000 was comprised of 6 vulnerabilities.

Per the event page (thezdi.com), Georgia Tech employed a “6 bug chain to pop calc and escalate to root”.

The team that has won several preceding editions of the hacking contest, Team Fluoroacetate, won themselves a victorious $40,000 after they employed a “local privilege escalation exploit” meant for the Windows 10.

Reports mention that one of the two members of the aforementioned team also won himself a smashing amount of $40,000 for yet another privilege escalation exploit pursuing Windows 10.

As per sources, the RedRocket CTF team got themselves a win, owing to it to one of their members, Mafred Paul, who bagged an attractive amount of $30,000 for a local privilege escalation exploit focused on Ubuntu Desktop. The hack was about the manipulation of the ‘Input validation bug’.

On Day 2, The Fluoroacetate successfully targeted the Adobe Reader with a local privilege escalation by employing a pair of UAFs, mentioned sources and grabbed an amount of $50,000.

Per reports, the Synacktiv team targeted the VMware Workstation but unfortunately to no avail in the given duration of time. There also were special demonstrations of the Zero Day Initiative against the Oracle VirtualBox.

This was the very first time the organizers allowed “conditional remote participation” in the Pwn2Own hacking contest, understandably because of the increased concerns of people about traveling due to the Coronavirus outbreak.



Encryption Flaws Allow Hackers to Steal Vehicles without Leaving a Trace


New vulnerabilities were revealed earlier this week in the encryption frameworks utilized by immobilizers, the radio-enabled gadgets within cars that usually communicate at short range with a 'key fob' to easily unlock the car's ignition and permit it to start as discovered by researchers from KU Leuven in Belgium and the University of Birmingham in the UK. 

Issues were particularly identified in Toyota, Hyundai, and Kia who utilize and further implement a Texas Instruments encryption system called DST80. Aside from these, a couple of other influenced vehicles incorporate Camry, Corolla, and RAV4; Kia Optima, Soul, and Rio; the full rundown of vehicles that the researchers have found to have the cryptographic defects in their immobilizers is below:


In spite of the fact that the list likewise incorporates the Tesla S, the researchers announced the DST80 vulnerability to Tesla a year ago, and the company pushed out a firmware update that blocked the assault. Toyota has affirmed that the cryptographic vulnerabilities the researchers discovered are genuine. 

Be that as it may, their technique likely isn't as simple to pull off as the "relay" attacks that thieves have utilized over and overused to steal luxury cars and SUVs. Those, by and large, require just a couple of radio devices to expand the range of a key fob to open and start a victim's vehicle. One can pull them off from a reasonable distance, even though the walls of a structure. 

The researchers built up their key cloning technique by purchasing an assortment of immobilizers' electronic control units from eBay and reverse engineering the firmware to break down how they communicated with key fobs. They regularly saw it far as too simple to even consider cracking the secret value that Texas Instruments DST80 encryption utilized for authentication. 

Anyway, the issue lies not in DST80 itself however in how the carmakers implemented it: The Toyota fobs' cryptographic key depended on their serial number, for instance, and furthermore openly transmitted that serial number when checked with an RFID reader. What's more, Kia and Hyundai's key fobs utilized 24 bits of randomness instead of the 80 bits that the DST80 offers, making their secret values simple to figure. At the point when the affected carmakers and Texas Instruments were reached out for comments, Kia and Texas Instruments didn't respond. 

Be that as it may, Hyundai noted in a statement that none of its affected models are sold in the US. Toyota reacted in an explanation that “the described vulnerability applies to older models, as current models have a different configuration." 

In any case, the researchers have chosen to distribute their findings to uncover the genuine condition of immobilizer security and permit car owners to choose for themselves if it's sufficient. Protective car owners with hackable immobilizers may choose, like whether or not to utilize a steering wheel lock or not.

Hackers made $82 Million through Bug Bounties in 2019


Hacking as a profession has now become a viable option for the hackers out there. Yes, you've heard it right, ethical hackers have made more than $82 Million in Bug Bounties held at HackerOne. To top that, the ethical hacking community on HackerOne has now reached over 600,000, with around 850 new hackers joining every day. According to a '2020 Hacker Report' published by HackerOne, a Bug Bounty platform in San Francisco, around 18% of the members are full-time hackers, whose job is to find vulnerabilities and assure that internet becomes a safe place for everyone.


On the HackerOne platform, hackers from across the world, 170 countries to be accurate, which includes India too, are working every day to ensure the cybersecurity of 1700 organizations, which include Zomato and OnePlus also. The US tops the 2109 list in the earnings made by hackers through Bug Bounty with 19%, India comes second with 10%, Russia has 8%, China a 7%, Germany 5%, and at last Canada with 4%. These countries are the top 6 highest earning ones on the list.

According to Luke Tucker, who is the Senior Director of Global Hacker Community, Hackers are a global power working for a good cause to ensure the safety the connected society on the internet. The motivations for hacking may differ, but it is good to see that global organizations are embracing this new change and providing hackers a new platform to compete and grow as a community, making the internet a safe place for everyone, all together. Hackers from various countries earned a lot more than compared to what they did last year.

Hackers from Switzerland and Austria made more than 950% earnings than last year. Similarly, hackers belonging to Singapore, China, and other Asian countries made more than 250% compared to their earnings of 2018. Competitions like these Bug Bounty programs have helped Hackers land into respectful expert knowledge, as 80% of the hackers use this experience to explore a better career or jobs. According to the reports, these hackers spent over 20 hours every week to find vulnerabilities.

Hackers Gain Access to Sensitive Data; Release Veterans’ Stolen Data Related To PTSD Claims


Hackers become increasingly serious in their game as they begin targeting sensitive data that incorporates pain diary entries from veterans' very own physical injury cases. Breaching a few law firms, the local government databases and other organizations, demanding payments for data recuperation and deletion Maze, a hacking and ransomware group, as a major element of a ransomware attack against U.S. law firms released V.A documents, patient care records, legal fee agreements, and privacy consent forms. 

Screenshot of a VA claims document released in a data dump by hacking group Maze as part of a ransomware attack against U.S. law firms. (Screenshot/Brett Callow)

Two of those hacks focused explicitly on Texas-based law firm Baker Wotring in November and Woods and Woods LLC in Evansville, Indiana, this month. As per Brett Callow, a threat analyst with Emsisoft, Maze hacks an organization's servers, informs them of the breach and demands ransom payments to prevent data dumps and if the group doesn't receive what it demanded, it proceeds to publish small quantities of compromised information — "proofs" — online, open to anybody with internet access. 

And the group has actually done it. After previously demanding payments ranging from $1 million to a few million dollars, if the payment isn't received, Maze has released additional sensitive information on a 'staggered basis'. 

Screenshot of a pain diary document released in a data dump by hacking group Maze as part of a ransomware attack against U.S. law firms. The image has been redacted by Military Times. (Screenshot/Brett Callow)

According to Callow, the Ransomware group has already released a part of individual archives from Woods and Woods, and the group professes to have more data. Aside from this, it has likewise posted the compromised information on a Russian hacker forum. While other hackers utilize the stolen data to target and demand ransom from individual patients or clients, Maze doesn't do that. 

The hacking group works a bit differently here as they themselves write on their site, “Use this information in any nefarious way that you want.” 

Nonetheless as per Bleeping Computer, keeping in mind the current developments from the group the Federal Bureau of Investigation (FBI) has issued a Flash Alert just a month ago to privately owned businesses in order to advise them of expanded Maze ransomware exercises, as a prudent step.

Hacked! SCPI Protocol Vulnerabilty; Measurement Instruments Could be Hacked!


A leading cyber-security firm recently alerted all the netizens about a vulnerability discovered in the measurement tools that support the Standard Commands for Programmable Instruments (SCPI) protocol, mentioned reports.

According to sources, SCPI is an ASCII-based standard especially crafted out for the purposes of testing and measurement machines that came into existence in 1990.

SCPI still happens to be used quite a lot given its easy and user-friendly interface and the inclusion of commands that could help alter any setting on the devices.

In recent times, most of the measurement devices are connected to networks and in some cases even to the internet. Hence, SCPI’s holding no authentication mechanism is a matter of risk and insecurity for all its users.

Per sources, when one of the major cyber-security research firms ran analytic research on SCPI they uncovered all the devices that use it and therefore are vulnerable to cyber-crime.

Per reports, the aforementioned measurement devices encompass of multimeters, signal analyzers, oscilloscopes, data acquisition systems, and waveform generators.

The researchers carried forward their analysis on different brands and different products of the same type and came across the fact that all the vendors’ products could be equally susceptible to cyber-attacks of similar nature if they used SCPI.

A multimeter was analyzed by the researcher wherein they found that its web and other interfaces were quite easily available and were very easy to get to as they were neither password-protected nor had any security functions by default.

Therefore, any cyber-attack that even a basic attacker plans could have a high possibility of success as the “configuration panel” could be very easily accessed and the password could be changed to anything in accordance with the attacker’s whims.

And as if all this wasn’t enough, the attacker could actually configure the measurement instruments to cause physical harm to people. The devices could be set to show illogical and unsystematic text any number of times, as well.

Per sources, the memory of the measurement instruments could be written for a definite number of times but incessant writing could lead to the devices’ physical distortion which couldn’t be reversed without changing the parts.

The power supply units of the devices could also be easy targets for attackers, according to sources, and could trigger DoS leading to physical corruption of the device.

Amazon Chief’s Phone Hacked by the Saudi Arab Crown Prince



Referring to anonymous sources, a British daily newspaper came up with reports on details regarding Amazon Chief Jeff Bezos' cell phone being hacked in the wake of accepting a message from the Saudi Arabian crown.

Theft of information from Bezo's cell phone, however, is said to have been started in 2018 with a contaminated video file sent by means of WhatsApp from the personal account of Mohammed bin Salman, according to the previously mentioned British daily.

The report apparently comes about a year after the unexpected announcement that Bezos and his wife, MacKenzie, would separate following 25 years of marriage. The National Enquirer along these lines uncovered an extramarital affair between Bezos and Lauren Sanchez, a former TV anchor, in a progression of reports that depended, to some degree, on some intimate text messages sent by Bezos.

Bezos in this way distributed an extraordinary blog entry blaming the newspaper for taking steps to distribute all the more humiliating text messages and photographs except if he freely attested that there was no political motivation or outside force behind the newspaper's coverage.

Gavin de Becker, a security consultant for Bezos, later said he believed the Saudi Arabian government had gained access to Bezos' phone before the Enquirer uncovered the whole affair. He didn't give any immediate evidence to back up his claims, which he said originated from "our investigators and a few experts." De Becker referred to the Enquirer's business association with the Saudis, just as the intense coverage of the homicide of a critic of the Saudi regime by the Bezos-owned Washington Post, as reasons why bin Salman may look to harm the Amazon founder.

The newspaper reported a year ago that the Central Intelligence Agency connected the crown prince to the 2018 murder of Post Columnist Jamal Khashoggi. De Becker declined to remark past the rather lengthy statement a year ago, which was posted on the news site The Daily Beast.

The Saudi embassy didn't quickly react to a message looking for more inputs. In spite of the fact, it's still extremely unclear whether the supposed hack of Bezos' phone got to any sensitive Amazon corporate information.

While the company is yet to remark on the issue in the nine months since de Becker's allegation, the company representatives haven’t yet returned the messages seeking comment on the 21st of January.

52 Hackers get into the US Army system in the last 5 weeks


Last year, during October and November, 52 hackers were able to hack the US army. "It only strengthens our security systems as the hackers who hacked our systems did it on ethical principles, as the participants of second 'Hack the Army' event that is taking place since the year 2016," says the spokesperson of the US Department of Defense Defense Digital Service.



In today's world of cyber attacks and hacking, it is right to assume that inviting hackers to try and invade your system's security is not safe, not even for the US army. The hackers don't need a mere invite to hack into any organizations' cybersecurity. This statement raises a bit of doubt as lately, the US government warned users to update specific Virtual Private Network (VPN), or suffer from persistent cybersecurity attacks. Also, recently, the New York airport and New Orleans city suffered a cyberattack.

But still, there exists a plan in this obvious cyber insanity. 'Hack Army 2.0' was a mutual undertaking between the U.S. Army, a bug bounty program called 'HackerOne,' and the Defense Digital Service.

What is HackerOne?
In simple words, HackerOne is a platform where various exploits or vulnerabilities can be tested by hackers. This platform has allowed some of its best hackers to win millions of dollars. Surprisingly, one hacker was even able to hack the program itself. This reflects the caliber and potential of the hackers, who register in HackeOne.
Therefore, the whole reason for organizing 'Hack Army 2.0' is to find out any threats or vulnerabilities that might affect the security of the US army. This is crucial as it ensures the US army from other unethical hackers and national threats, for instance, Iran.

146 bugs detected, the Army pays $275,000-
The results after this drill revealed that a total number of 60 open US army assets were under the potential threat of hacking. The US army rewarded the hackers a total amount of $274,000 for their efforts. "The assistance of hackers can be helpful for the Army to increase its defense systems exceeding fundamental agreement lists to attain maximum security," said the spokesperson Alex Romero.

Email Server of Special Olympics of New York Hacked; Later Used To Launch a Phishing Campaign


A nonprofit organization committed towards competitive athletes with intellectual inabilities, The Special Olympics of New York as of late at the Christmas holidays had their email server hacked which was later utilized to dispatch a phishing campaign against past donors.

Promptly as the issue surfaced a notification was sent by the nonprofit to reveal the security episode to the people influenced, asking the donors to dismiss the last message received and clarifying that the hack just affected the "communications system" that stores just contact information and no financial information.

"As you may have noticed, our email server was temporarily hacked. We have fixed the problem and send our sincerest apologies," email notification from Special Olympics New York told donors.


The phishing messages conveyed by the attackers were 'camouflaged' as an alert of an approaching donation transaction that would consequently debit $1, 942, 49 from the target's account within two hours.

Utilizing such a brief span outline enabled the phishers to initiate a 'sense of urgency' intended to make the Special Olympics NY donors click on one of the two installed hyperlinks, links that would, as far as anyone knows, divert them to a PDF rendition of the transaction statement.

The phishing email used a Constant Contact tracking URL that redirected to the attackers' landing page. This page has since been brought down, however, it was in all likelihood used to steal the donors' credit card subtleties.


"Please review and confirm that all is correct if you have any questions, please find my office ext number in the statement and call me back," the phishing emails said. "It is not a mistake, I verified all twice. Thank you, have a great weekend."

Shockingly so, this isn't the first, historically speaking, episode where such a ‘mishappening’ was recorded, as the Tokyo 2020 Summer Olympics staff additionally gave an admonition cautioning of a phishing campaign that conveyed emails intended to look like they had originated from the Tokyo Organizing Committee of the Olympic and Paralympic Games (Tokyo 2020).

And additionally said that the malignant emails probably diverted the beneficiaries to landing phishing sites or tainted the victim's PCs with malware whenever opened.

Hackers Bypass the 2-step Verification to Invade Government Systems and Industries


2-step verification is an extra security measure that an application uses when connecting to a service or a device. But the 2-step authentication was avoided by a group of hackers from China known as APT20. The government, industries, and various corporations across the world are concerned about the issue. This is disturbing news for the world of cybersecurity. APT 20, a criminal hacking organization from China was able to avoid the important 2-step verification, that is used as a safety precaution by vast services on the internet such as Google, Whatsapp, Instagram, etc. But above all this, this issue is a major concern for banking institutions that rely on internet services for their conduct.



The APT20 group was caught avoiding the 2-step Verification: 

After successfully breaking the verification process, APT20 was able to get access to some government agencies, corporate databases, and servers of various industries. The activity was discovered by Fox-It, a Dutch security specialist, when it received a complaint from one of the victims and upon investigation, it was able to identify the criminal group responsible for the attack. The corporations hit by the attack are spread over 10 nations and different sectors, some of which include Germany, Britain, France, the US, and China. The sectors affected are flight, architecture, banking, power, security, transportation, HR services, etc. The attack, however, doesn't affect the general public, as it focuses much on the corporations.

What is a 2-step verification?

Today, 2-step verification has become an official security order and is used worldwide by the users as an assurance of security (even if the users are unaware, their systems rely on this method). The safety method comes along with an extension to the typical login-password credentials process. 2-step verification operates when the user enters his credentials while logging into a device, following which he is sent a temporary code.

The 2-step verification asks the user a temporary code that he has to enter while logging in to the device. For instance, Google systems like Gmail retrieves the user back to his device for confirming the identity. Only after making sure that the user is authenticated and not a fraud, he is allowed access into the specified device. After filling in the code, the user verifies his identification to the system.   

Development Team Suffers Cryptocurrency Theft Worth $4,80,000


Hackers stole records relating to the extension unit of an unknown blockchain recently, taking cryptocurrency worth $480,000, which is known as an obscure token called NULS. The developing team working on NULS confirmed on Twitter that it suffered a hacking attack. Earlier in the morning, the company tweeted that around 2 million NULS ($4,80,000) were stolen from its account. From the amount that was stolen, the development team says that more than half the amount lost in the theft has been liquidated to other cryptocurrency forms, amounting roughly to $131,600.



The company is planning to 'Hard Fork' the transaction network and blockchain, a measure that stops the cryptocurrency once and for all. Fortunately, the incident didn't have a hard effect on the price of NULS. The reason for the theft is said to be a vulnerability found in software version 2.2. The reason for having little effect on its value might be due to the value dropping down already at over 95%, following the all-time high before the incident was exposed. The users that use NULS are requested by the company to update their software to the latest version available, as to prevent themselves from any hacking issue.

Similar to the incident when Ethereum also 'Hard Forked' to retrieve its taken cryptocurrency:
The acknowledgment of the NULS team to this issue of theft is nostalgic for how core developers of Ethereum countered the problem of 'DAO' hacking incident in the year 2016. The DAO (Digital Decentralized Autonomous Organization) was supported by active agreements that worked likewise to an enterprise funds stock but was driven by the investor. Certainly, following the incident in which Ethereum worth $40 Million was stolen by the hackers from the DAO, Ethereum development divided the blockchain separately into 2 divisions.

In the 1st division, the users stirred by the theft could recover the Ethereum funds. Meanwhile in the 2nd division resumed upholding the initial variant of the block-chain record known as 'Ethereum Classic.' To this day, that specific Hard Fork incident is still a controversy amid the critics, practicing it as evidence of the unification concerning Ethereum‘s administration. Fortunately, NULS is not as popular as Ethereum, so the hard forking step won't cause much of a controversy for the company.

Latest "incorruptible" Privacy Method that makes your VPN Out-of-Date


A unique chip that allows computers to send information using a 1-time 'indestructible' connection.

"Experts have made a unique unhackable safety system that is bound to transform the information secrecy," says the University of St Andrews, King Abdullah University of Sciences and Technology (KAUST) and the Center for Unconventional Processes of Sciences (CUP Sciences). The global organization of experts has built a new optical chip that enables the message to be transmitted from the sender to another receiver using a 1-time untraceable transmission that can accomplish 'absolute privacy' as private information is secured as one of the safest means, thanks to the experts. The experts' designed method utilizes silicon chips that carry compact arrangements that are permanently modified to transfer data in a one-time-key that can't be formed again or hijacked by the hackers.



A technology of the future- 
While the present conventional encryption methods permit messages to be transferred instantly, the information can, however, be hacked by quantum algorithms and computers of the future. But, as per the experts' claim, the latest developed technique for encoding information is solid and utilizes present transmission systems. The newly devised method also occupies limited storage on the present computer systems compared to conventional encoded interactions.

“Due to the arrival of more robust and quantum machines and future computers, all present encodings would be deciphered without taking much time, revealing the confidentiality of our existing and past transmission networks that hold much importance. For example, a hacker can save a piece of encoded information that is available now and he can expect the appropriate systems and technologies that can be availed shortly to decrypt the information. Executing large and cost-effective means of world-class safety is a universal enigma," says Dr. Andrea Fratalocchi, Associate Professor, Electrical Engineering at KAUST and Director of the Research.

He further says: Our research, however, has the caliber to resolve the problems of privacy for every individual across the globe. If by any chance this new technique could be executed across the world universally, the hackers would have a hard time trying to break into someone's personal information and would be seeking jobs elsewhere. For the moment, the groups of experts are currently planning to develop business apps for their trademarked technique and are planning to do a demo very soon.

Twitter Followers of the Epilepsy Foundation Targeted by a Mass Strobe Cyber attack


A series of mass cyber-attack occurred during the National Epilepsy Awareness Month, as the hackers circulated videos and pictures of 'flashing strobe lights' to a huge number of Twitter followers of the Epilepsy Foundation and obviously aimed to trigger seizures in those suffering with the disorder.

The foundation revealed 30 similar attacks in the first seven day stretch of November, and said it had documented complaints with law enforcement authorities, also including with the US Lawyer's Office in Maryland, where the group's headquarters are situated. It was very indistinct what number of users tapped on the videos and animated images known as GIFs.

In that attack, a Marine Corps veteran from Maryland, John Rayne Rivello, was accused for utilizing Twitter to send a GIF with a blinding strobe light to an epileptic author, Kurt Eichenwald, who had expressed his views through his writings fundamentally on Donald J. Trump and his supporters during the 2016 presidential campaign.

The journalist Kurt Eichenwald was sent a strobing image over Twitter that caused him to have an epileptic seizure

Mr. Eichenwald, who was a correspondent for The New York Times from 1986 to 2006, had composed an opinion piece in Newsweek featured as "How Donald Trump Supporters Attack Journalists."  and in his writing he portrayed the death threats he had received on the grounds that he had 'written critically' on Mr. Trump.

In December 2016, after production of the Newsweek piece, Mr. Eichenwald told the investigators that he once came across such a message from somebody distinguished as @jew_goldstein, which contained a strobe light GIF and an assertion in capital letters: "You deserve a seizure for your posts."

Looking at the strobe caused an immediate seizure that kept going around eight minutes.

Investigators discovered several digital clues which drove them to Mr. Rivello, including a message he had sent to some other Twitter users that read, "I hope this sends him into a seizure." They likewise found a screenshot on Mr. Rivello's iCloud account demonstrating Mr. Eichenwald's Wikipedia page with a 'fake' date of death just as a screenshot of a list of epilepsy seizure triggers that had been duplicated from an epilepsy data site.

Nonetheless Mr. Eichenwald filed a lawsuit against Mr. Rivello in the federal court in Maryland for battery and various other claims. The defense moved to reject it, contending to some degree that the battery claim couldn't be bolstered on the grounds that Mr. Eichenwald didn't claim that any physical contact had happened.

Be that as it may, Chief Judge James K. Bredar of the United States District Court in the District of Maryland allowed the lawsuit to continue, further writing that the “novelty of the mechanism by which the harm was achieved" didn't make the supposed activities any lesser degree of an unjust act.

Online Payments for Water Services Intercepted By Hackers


The City of Waco warns residents that their online payments for water services may have been impeded by hackers who stole credit card details.

As per a spokesperson for the City of Waco, the Click2Gov portal for water bill payments was breached by vindictive hackers who had the option to plant pernicious code that redirected sensitive data between August 30th and October 14th.

Security researchers have been following these attacks against Click2Gov's payment portals for two or three years now, with numerous reports of breaches including the urban areas extending across the United States and Canada, bringing about a thousands of payment card details being traded on the dark web.

The core of the issue is said to have been the third-party online payment software that Waco and a few other urban communities and regions use to let residents pay their bills, pay parking fines, just as make other financial transactions. CentralSquare Technologies, the creators of Click2Gov, counters that lone a "limited number" of Click2Gov customers have announced unauthorized access by hackers and that a vulnerability they recognized in the portal has now been closed.

As indicated by media reports, on account of the latest breach including water utility payments, the City of Waco was informed regarding the issue with the Click2Gov software on November 8, 2019.

City representative Larry Holze says, “Of the 44,000 water customers, typically we receive 12,500 payments online each month. During the period identified, a little over 8,000 customers were mailed letters. Payments made with a credit card inside the water office (not online) are not involved in this incident.”

Consumers affected by the breach can hope to get a letter from the city the previous week informing them about the occurrence and advising them whenever required on the means that ought to be taken to secure against such fraud.

“We’ve sent out letters to all those people who they’ve been able to give us that have been compromised, in some fashion, asking them to be careful and watch their statements and make sure something doesn’t show up,” said spokesman Holze.

The city has additionally set up a hotline for residents with inquiries regarding the breach, accessible from Monday to Friday on 833-947-1419.7

Intel Chips Now Exploitable? Sensitive Data Could Be Compromised By Reducing Chips' Voltage!



Hackers can now allegedly, exploit Intel chips via voltage alterations which could lead to a messed up flow of electricity only to weaken the security mechanisms of the chips.

Two research teams from Europe and America had realized that this disruption in the voltage could cause sensitive information stored on the Intel chips to leak using the “Secure Guard Extensions” feature.

The researchers were asked to keep these facts concealed for the last half-year. Intel then sent out updates of its firmware to thwart any possibilities of attack.

“Plundervolt”, per source is the technique named by the researchers which comprises of planting malicious software on the target device to temporarily reduce the voltage of its electrical flow to the Intel chip.

The drop in voltage referred to as “undervolting” generally lets genuine users to conserve power when not needed and to vary the voltage to “overclock” the processor for more strenuous tasks.

But reportedly, by transitorily “undervolting” a processor and timing it accordingly could easily aid a hacker to make the chip dance to their tunes and falter, in turn revealing sensitive data stored within the “SGX enclave”.

Per the researchers, the CPU voltage when reduced could cause a “computation” error in the Intel chips. A “bit-flip” or a “fault injection” in the chips can change a “zero” to “one” on the SGX enclave.

In these potentially exploitable chips, if cryptographic computations are done, the “secret key” could be easily discover-able. The entire chip’s security would become times weaker, leading the data to decipher easily.

The attack in question is undoubtedly not easy to execute. It requires the target computer to already have the malware installed on it by the attacker. The SGS feature of Intel which was vastly advertised as corruption and threat proof in terms of sensitive data. This attack happens to present a startling position of compromise.

ARM Chips other than Intel’s were also experimented upon by artificially fluctuating their voltage much like “Plundervolt” to destabilize the security of the processors.

Intel chips haven’t always had a good record in ensuring security if the processors. Per reports, previous attacks “Spectre” and “Foreshadow” also abused the “speculative execution feature” of the chips way before the patched were released.

“Return-oriented programming” is another technique that could be used to exploit the chips which could make an “already planted” malware invisible to the anti-virus software.

Intel though, did send out an update for its Chips’ firmware which helps the user to freeze the voltage settings to cancel out any further possibilities of the above-mentioned attack.

Although, the way of counteracting the issue of “over-clocking” and the details as to the elaborate details of the update haven’t been sent out by Intel, yet. All that could be said is that keep the processors well updates and all patched up.

SGS Servers Compromised In a Data Leak; Customers in Jeopardy!



Firms including MG Motors, Shell India and Daimler India commercial vehicles got in jeopardy as the servers of SGS Group got compromised.

The private data saved on those servers was up for sale for a mere amount of $10,000 on ‘Dark Web’ or on the private internet forums.

Per sources, the data includes quality reports of the few very prominent oil and gas firms and truck manufacturers.

The firm in question mentioned that the leak’s been plugged, the anomalies have also been corrected and all the possible measures have been taken. Also the clients have been informed.

The firm’s Korean division which contains over 6,000 reports and French division were also under attack outing thousands of user data and test reports of its clients.

SGS servers are probably going to have quite a financial impact for its clients and customers.

“The SGS company servers have laid bare legitimate reports and it’s bound to have serious implications as hackers have all the access to the kind of files on the DarkWeb”, said J Prasanna, CEO, Cyber Security and Privacy Foundation Pte Ltd, Singapore.

According to him the situation clearly points to the actual storage devices being compromised.

The concerned firms were questioned about the damage to which Shell replied that they are strongly focused on ensuring high standards for its customers.

JPMorgan hacker to plead guilty next week in New York




One of the key suspects in the enormous JPMorgan Chase hack in 2014, a Russian hacker Andrei Tyurin, is all set to plead next week in New York.

He was one of the several people charged for the case in 2015, and was on the loose until Georgian officials caught hold of him a year ago. Gery Shalon, the supposed instigator of the conspiracy, was arrested in Israel in 2015 and handed over to the US as he has allegedly been in touch with American authorities.

During Tyurin's first New York court appearance; it was proposed that his associations in the criminal world may enable specialists to examine the Russian endeavours to disrupt the 2016 US presidential election through cyber-attacks and hacking.

Tyurin was first produced in a US court in September the previous year after he was handed over from the Republic of Georgia and he had pleaded not guilty to charges including hacking, wire fraud, identity theft and conspiracy.

From that point forward, various hearings for his situation have been cancelled as prosecutors and defence attorneys worked through for an agreement and just last week, the Manhattan US attorney's office endeavoured to solidify his New York case with one in Atlanta, in which he is one of the few accused for hacking E*Trade.