Search This Blog

Showing posts with label Information Security. Show all posts

Moscow metro launched a new secure Wi-Fi network


MaximaTelecom launched a closed network in the Moscow metro, which will be free for users who agree to watch ads. Most likely, the company, operating in the metro for seven years, decided to do it after the scandal with the data leak.

It should be noted that MaximaTelecom is the Russian telecommunication company engaged in the development and commercialization of public wireless networks since 2004; the operator of Europe's largest public Wi-Fi network.

The company MaximaTelecom begins open testing of the closed Wi-Fi network in the Metropolitan using Hotspot 2.0 technology. Since January 2019, testing of this network was available only to employees of the company.

According to Boris Volpe, MaximTelecom CEO, Wi-Fi in the Moscow metro will become the largest secure public network in Europe after the introduction of Hotspot 2.0 technologies. Open technology testing will take three months.

According to a company representative, this network has protection against automatic connection to phishing points. In addition, the Hotspot 2.0 technology includes radio encryption. Thus, the user is protected from traffic interception between the access point and the client device.

It is interesting to note that the launch of the new network could be a delayed reaction of the company to the scandal with the leak of user data. Recall that in April programmer Vladimir Serov reported a major vulnerability in Wi-Fi of MaximaTelecom. According to him, it allowed attackers to obtain phone numbers of all connected passengers, as well as unencrypted data about users, such as phone number, gender, age.

MaximaTelecom recognized the existence of the vulnerability and reported that it was promptly closed turning off the option to store data on the movement of users between stations. Roskomnadzor sent a request to find out details, but violations of the rights of users were not recorded.

"With the development of LTE services by mobile operators, the need for Wi-Fi services in the subway, encrypted or not, is reduced," commented MForum expert Alexei Boyko.

Earlier E Hacking News reported that it was found out that Tele2 is monitoring subscribers using a dangerous script. The company gets access to the data due to the mass implementation of scripts via CDN.

Ransomware Attack Leaves Johannesburg without Power




A key electricity supplier for the largest South African city, Johannesburg, experienced a massive ransomware attack which led to the shutdown of the city's computer systems on Thursday.

In a series of tweets, City Power announced that the ransomware virus encrypted all their databases, applications and networks; all of which is being reconstructed by their ICT department.

They further told that the customers may not be able to access their website and may not be able to purchase electricity units until the issue has been sorted out by their ICT department.

As the website continued to be offline, the victims resorted to social media in order to report the issues occuring with their electricity supplies.

The type of ransomware employed in the attack is still a matter of question, however, with the magnitude, the power of this cyber power attack can be gauged. Besides, restricting customers from buying pre-paid electricity, it also affected the attempts made by City Power to respond to localized blackouts.

Commenting on the matter, a spokesman for City Power said, for the people affected, "These are the people on the pre-paid system[s] and would at any given day buy electricity,"

"Those people were not able to access the system." he added.




The Cyber Attack Response Center opened in Nizhny Novgorod


In the Russian city Nizhny Novgorod the largest Regional Cyber Attack Response Center was opened. The Center was established by Rostelecom-Solar, a subsidiary of Rostelecom, which is the operator of the systems supporting the operation of the public services portal and biometric identification in banks.
Solar JSOC Centers are already operating in other Russian cities such as Moscow, Samara and Khabarovsk. These subdivisions protect more than 110 largest Russian organizations from hacker attacks.  Federal agencies, regional administrations, financial organizations, energy companies apply to Rostelecom-Solar for information security.
The Center in Nizhny Novgorod has become the largest regional Center for monitoring and responding to cyber attacks.  The organization employs more than 70 information security professionals. The Center will be responsible for the security of all regional clients around the clock. The average response time to eliminate cyber attacks is 30 minutes.
This is a serious team of highly qualified experts in information security, able to provide customers with full protection against cyber threats, – said Igor Lyapunov, Vice President of Rostelecom for information security, General Director of Rostelecom-Solar.
All this work is impossible without qualified personnel.  This was one of the reasons why Nizhny Novgorod was chosen to create the Solar JSOC. The city has a number of universities that train IT specialists.
According to Igor Nosov, the Deputy Governor of the Nizhny Novgorod Region, today the Nizhny Novgorod Region ranks third in Russia in terms of the number of IT professionals. "We are proud of our IT companies. Today, about 700 such companies operate in the region, including the world's leading companies. And the fact that we are leaders in the IT sphere makes the problem of information security even more urgent for us.”
It is planned that the Regional Center will work closely with universities, implement internship and employment programs. Every year, more than 70 graduates and senior students participate in the Solar JSOC internship program, about 30 of them receive a job offer.

It is worth noting that now, cyber attacks are in the top 5 largest and most serious challenges facing Russia. Moreover, hacker targets are changing. Previously, the task was to seize cash, now hackers are going to gain control over the management of information systems. EhackingNews recently reported on a DDoS attack during the Presidential Straight Line.

Chinese Hackers Attacked Eight Major Technology Service Providers




Eight largest technology service providers were attacked by the hackers of China’s Ministry of State Security; they attempted to access sensitive commercial information and secrets from their clients across the world.

In December, last year, a vicious operation was outlined in formal charges filed in the U.S.; it was designed to illegally access the Western intellectual property with motives of furthering China’s economic interests.

According to the findings made by Reuters, the list of the compromised technology service providers include Tata Consultancy Services, Dimension Data, Hewlett Packard Enterprise, Computer Sciences Corporation, HPE’s spun-off services arm, IBM, DXC Technology, Fujitsu and NTT Data.

Furthermore, various clients of the service providers such as Ericsson also fall prey to the attack.
However, IBM previously stated that it lacks evidence on any secret commercial information being compromised by any of these attacks.

Referencing from the statements given by HPE, they worked diligently for their “customers to mitigate this attack and protect their information.” Meanwhile, DXC told that it had, “robust security measures in place” in order to keep their clients secure.

Commenting on the matter and denying the accusations and any sort of involvement in the attacks, the Chinese government said, “The Chinese government has never in any form participated in or supported any person to carry out the theft of commercial secrets,”

“While there have been attacks on our enterprise network, we have found no evidence in any of our extensive investigations that Ericsson’s infrastructure has ever been used as part of a successful attack on one of our customers,” a spokesperson of Ericsson told as the company said, it doesn’t comment on specific cybersecurity matters.



A new type of fraud was discovered in WhatsApp


The Russian edition Cnews reported that ESET experts warned users of WhatsApp messenger about a new type of fraud.

At this time, users began to receive a message with a special offer on the occasion of the tenth anniversary of the messenger. The attackers promise 1 TB of free Internet traffic, moreover, this traffic can be used without Wi-Fi.

Users must follow simple steps to get a huge amount of free traffic: follow a special link, answer a number of questions, and send the same survey to his 30 contacts.

ESET experts believe that the ultimate goal of attackers is to distribute intrusive advertising without the consent of users. It turned out that this scheme really works; users who want to get a gift are playing a game of the scammers.

Analysts of the anti-virus company conducted an investigation, during which they managed to find the site of cybercriminals, which was used for several phishing campaigns. This is a type of fraud aimed at obtaining personal data of users. Fraudsters launched more than 66 phishing services from the same domain. All fake promotions were sent to subscribers under the guise of well-known brands – Adidas, Rolex, etc.

An interesting fact is that the scammers have already used such schemes to deceive WhatsApp users. In early May, it became known that the victims received a letter with an offer to get a premium account in the Spotify service. The attached link led to a phishing site similar to the official music platform portal.

It should be noted that WhatsApp posted on its website a publication in which it announced that WhatsApp will sue the organizers of mass mailings starting from December 7, 2019. Also, WhatsApp prohibits the use of the application for non-personal purposes. The messenger warns that it will collect evidence of illegal activity not only on its own platform. Moreover, in the fight against violators will be used technical means.

The Ministry of Internal Affairs of the Russian Federation to create a portal for complaints against hackers


In Russia, a special resource that will allow better fight against hackers to be created. Citizens themselves will be able to inform on hackers who either suffered from hackers or simply noticed some violations.

The concept of the service is the collection of information on cybercrime from citizens and legal entities, as well as government agencies, and then accumulating it in one system. The resource will be continuously and automatically collect data about the threats.

It will be possible to tell about violations by phone, e-mail, messenger, SMS and social networks. The database of the resource will also be updated due to the already existing systems in Russia: for example, a Unified Biometric System, a Portal of Public Services.

Citizens and government agencies will be able to use the service for free. Today in Russia there is no single place to collect information about cybercrime, access to which could be obtained by all interested citizens.

The system is being created by the Russian organization Data Economy. The organization was created to provide services in the Development of the Digital Economy in Russia supporting socially significant projects and initiatives. The founders of the organization are the Russian Government, ASI, Russian Post, Sberbank, a number of telecommunications and IT companies.

However, an employee of one of the IT companies said that the effectiveness of this system is sharply questionable, as the data from the public resource will be in the hands of attackers very soon and will only help them quickly modify the attack to be unnoticed.

It is interesting to note that the concept of a single portal was approved by the organization Data Economy and sent for approval to the Cabinet of Ministers. The total amount of financing of the national project for the next six years is more than 1.5 trillion rubles.

According to Russians, Assange is a freedom fighter and an altruist


According to a survey by the Russian Public Opinion Research Center, the majority of Russians believe that the founder of WikiLeaks Julian Assange is a freedom fighter and an altruist.

According to 45% of Russians, Assange promotes the principles of freedom of speech and freedom of the media, publishing secret materials. In addition, 40% of survey participants believe that Assange acted in the interests of the world community.

Most Russians believe that “Assange wanted to open the eyes of the world community to cases of corruption, crimes, scandals in different countries."

However, a quarter (27%) of those surveyed believe that Assange violated the law with his publications. According to 17% of Russians, Assange sought to take revenge on his enemies and attract attention.

The survey was conducted on April 13, 2019, among 1600 Russians over 18 years old. The survey method was a telephone interview.

It should be remembered that on April 11 the British court found Assange guilty of the violation of conditions of release on bail. The journalist was arrested at the Embassy of Ecuador in London. where he asked for political asylum in 2012. He never left the diplomatic mission building for fear of arrest and extradition to the United States, where he is accused of publishing secret documents of the State Department.

Hackers from Fancy Bear were accused of attacking the Ministry of Defense of Spain

The authoritative Spanish online edition Español citing anonymous sources reported on April 12 that Russian hackers from Fancy Bear were responsible for the attacks on the Spanish Ministry of Defense at the beginning of the year.

This conclusion was made by investigators after analyzing the methods of cybercriminals. Hackers used the same scheme as they did during the hacking the servers of the US Democratic Party in 2016, after which the hacker group became known worldwide.

It is noted that the virus was introduced through external e-mail in order to gain access to the "technological secrets of the military industry."

According to experts, the computers of the Defense Department were under the complete control of hackers for three months. And only in March it became known that the computer network of the Ministry of Defense of Spain was hacked using a virus.

It should be noted that foreign politicians and journalists associate this hacker group Fancy Bear with the Russian authorities. They believe that the purpose of cybercriminals is "to undermine democracy." However, the connection of the hacker group Fancy Bear with the authorities or intelligence services of Russia has not been proven. This statement is based solely on speculation and assumptions.

US intelligence warns of Russian cyber attacks to interfere in the Ukrainian elections


It has long been known about Moscow's plans to influence the results of the presidential election in Ukraine. In recent years, Western countries have a new tradition of accusing Russia of such interference.

In the National Intelligence Agency of the USA believes that Russia will use cybertechnology for interference in the presidential election in Ukraine on March 31. This was stated by the Head of the National Intelligence Agency Dan Coats at the hearings in the US Senate Intelligence Committee.

Also, Dan Coats said that hackers from Russia can make attacks during the upcoming US elections in 2020.

It is known that the United States is ready to protect Ukraine from Russian interference in the elections, as declared by the President Donald Trump's national security advisor, John Bolton, during a visit the capital city of Ukraine (Kiev) in August last year.

In turn, the Head of the Foreign Intelligence Service of Ukraine Egor Bozhok recently said that the Russian Special Services received 350 million $ to interfere in the Ukrainian elections.

"The Kremlin will definitely try to interfere in the elections in Ukraine because Russia used to do this with the United States and African countries" - said the Head of the Security Service of Ukraine Vasily Gritsak.

The Security Service of Ukraine, the National Police and the Prosecutor General's Office are ready to resist Russian interference and know where Moscow can strike. Most actively Moscow is trying to make an information attack on Ukraine through TV screens. In addition, Russia uses information propaganda, cyber provocations, financially supports candidates and will try to capture polling stations.

Apple's Delayed Response On FaceTime Flaw has put their Commitment to Security into Questioning


On 19th of January, an Arizona based teenager, Grant Thompson while using Apple’s FaceTime discovered an unusual bug which allows eavesdropping on the person being called. Thompson deduced the same when he was able to eavesdrop on the friend he called before the call was even answered.

Immediately after, Grant’s mother, Michele Thompson attempted to inform Apple of the hack by sending a video of the flaw which put to risk the privacy of millions of iOS users. When her warning did not fetch any response from the company, she resorted to other channels of communication like emailing, faxing and tweeting. She even tried to connect with Apple’s security department via Facebook.

It was on Friday, Ms. Thompson’s warning was entertained and she was encouraged by the product security team of Apple to create a developer account and then file a formal bug report.

On Monday, acknowledging the presence of the flaw, Apple said, “identified a fix that will be released in a software update later this week.” However, the company left unaddressed the question of how the flaw passed through quality assurance and what took the officials so long to respond to Ms.Thompson’s warnings.

The Group Facetime was disabled by Apple and it was said that the same is running on a fix but the fact to be noticed is that the company hurried to take action when a different developer brought the issue to their knowledge after it was also being addressed in an article which went viral.

As Apple is known for its unassailable security and the continuous advertising of its bug reward program, the delay in the responses and the preventive measures taken by the company has put its commitment to safety and security into questioning.

Insisting on their commitment to safety, the company’s chief executive, Tim Cook tweeted, “we all must insist on action and reform for vital privacy protections.”

How the flaw works?

It is a highly rare security flaw which allows such remote access and is so simple to be executed. After adding a second individual to the group FaceTime call, one can access the audio and video of the initial person called without even requiring him to answer the call.

Referencing from the statements given by Patrick Wardle, the co-founder of Digita Security, “If these kinds of bugs are slipping through, “you have to wonder if there are other problematic bugs that other hackers are exploiting that should have been caught.”



Students Hack Student Information System; Change Attendance, Grades, and Lunch Balance Data


Two students at Bloomfield Hills High School are the main suspects of a hack into the school’s Student Information System called MISTAR. The students are believed to have made changes to the grades, attendance records, and lunch balances of about twenty students and themselves.

The hack was discovered when an employee logged into his account and noticed an error, after which the school investigated the issue and learned about the attack.

The students are suspected to have exploited a now-resolved vulnerability in the school systems to gain access.

“With the assistance of a forensic investigator, we determined that a report that may have contained the usernames and passwords for the Parent Portal may have been run,” the school said in an FAQ on its website after the attack. “As a precaution, a letter will be mailed to all parents detailing how to change their Parent Portal credentials. Should we determine that additional information contained within MISTAR was accessed without authorization, we will provide impacted individuals with notification.”

The school has announced that it will be resetting all Parent Portal passwords on Monday, May 21, 2018, which will then require all parents/guardians to reset their individual password upon returning to the system.

While the investigation is ongoing and the school is still reviewing its digital security, it has said that, “Modifications will be made as necessary to our internal practices and the district plans to conduct internal staff and student training in addition to what has been provided in the past or is normal, ongoing training.”

“We are committed to using this unfortunate incident to teach our students about digital citizenship and help support them in making better digital decisions,” the school further announced.


In a YouTube video, Bloomfield Hills High School superintendent Robert Glass said that the punishment for the culprits of the attack is likely to be severe.

“Cyber hacking is a federal crime and we're working with the proper authorities to determine the appropriate discipline and legal ramifications," he said. "Due to student privacy laws, we're not able to disclose more information but we can assure you that we're working within the full extent of the Student Code of Conduct and the full extent of the law."

The school has also established a support hotline, aside from their FAQ page, where parents can reach out to learn more or have their questions about the hack answered.

Pavel Durov says they are Not closing Telegram service in Russian and Iran


Just a few days ago, Russian and other media reported that Telegram CEO Pavel Durov is ready to close his business in Russia or Iran. However, Durov denied in his VKontakte(VK) account that it is an incorrect information.

In the VK post, he said that Telegram will to continue to provide a secure messaging service in problem markets like Russia and Iran, despite the pressure of regulators and the threat of blocking. But, the media came up with different headlines saying "Durov announced his readiness to close Telegram", "Durov threatened to close Telegram in Russia". However, Durov said that some Russian media like Meduza, Vedomosti, DP.ru has provided correct information.

"Russian media often quote inaccurate translations of what I publish on Twitter and my channel." Durov said in VK.

Recently, Iran opened a criminal case against Telegram CEO stating that the Telegram is being used by pedophile for distributing child pornography.

"I am surprised to hear that. We are actively blocking terrorist and pornographic content in Iran. I think the real reasons are different." Durov responded to the accusation in his twitter account.

Recall that just a few weeks ago, the Russian Federation threatened to block Telegram and reported that this encrypted messenger was actively used by Islamic radicals during the preparation of the bombings in Saint-Petersburg subway. The head of the Ministry of Communications and Mass Media said: "Telegram will be blocked, if it will work not in accordance with the current Russian legislation".

Durov hopes that the legal situation in the Russian Federation and Iran will change in future.

- Christina

 

Telegram founder agrees to register in Russia but won't share user data



The Telegram's founder Pavel Durov has agreed to register the company in Russia, after getting pressure from the local authorities.

Few days ago, the Russian communications regulator Roskomnadzor has demanded Telegram to provide information about the messaging app and company details.  The authorities also said this encrypted messaging app is being used by terrorists to plan attacks.

The authorities asked to give access to decrypt messages in order to catch terrorists. Authorities threatened to ban the Telegram, if the company fails to do so.

At first, Durov didn't agree with the demands.  Now, he is agreed to register the company with the Russian government.

"If the Telegram is banned in Russia, it will not happen because we refused to provide details about our company" Durov said in the social network VK.

Roman Jelud, a Professor from dataVoronezh State University, shared his opinion to Regnum that news about "Telegram ban" itself is a PR stunt.  This will only help the Telegram to gain more number of users.  Few days back itself, Roman said that Durov is using this for his PR and eventually Durov is going to agree to provide the required five points of information.

Though Durov says that they are only registering the company in Russia and will not share the users' secret data with the government, it will be hard to know whether it is true or not.

Russia is not only the government that is interested in the Telegram messenger. Last week, Durov stated that US Federal officers want to add a backdoor to the app.

- Christina

ATM malware attacks are on the rise

In the past few months prevalence of hacking ATM has increased.

Some time ago 3 ATM’s have been attacked in India. It was found that the hackers used the Malware "GREENDISPENSER".


In this article we will look at methods of hacking ATM. Artur Garipov, Senior Research Specialist at Positive Technologies, helped us to understand how such hacks work and explained to us different methodologies .

For example, very famous virus is Tyupkin (PadPin), which steals card information.Sometimes attackers put fake ATMs, skimmers (devices that make "snapshot" dump of your credit cards) and so on. But that is a topic for another article.

In our opinion (EHN) ATM malware continues to evolve.  For example, new Malware GreenDispenser is new breed in ATM's hacking. It provides an attacker the ability to walk up to infected ATM and drain its cash vault.

When installed, GreenDispenser may display an "out of service" message on the ATM. But attackers can drain the ATM’s cash vault and erase GreenDispenser. Hackers don't leave information how the ATM was robbed.

GreenDispenser is similar in functionality to PadPin but has some unique functionality, such as date limited operation and form of two-factor authentication.

We believe that we are seeing the dawn of new criminal industry targeting ATMs!

Artur commented that there are 2 types of ATM's hacking: 1) remote access 2) physical access.

If physical access hackers can just steal ATM on truck, or they can hook ATM on car and so on. In this case, they stolen the whole thing in order to cut ATM in a safety place, to open ATM physically.


We must understand that ATM consists of 2 parts which is hidden by cover. The upperpart is called service area. There are the simple computer and devices for working: card acceptance, fiscal registrar, and so on. This is the brain that controls the ATM.

The lower part is the safe with money. It contains tapes with different denomination of the bill.  When you remove the currency and you hear the buzzing - this is dispenser prepare to give you the necessary bills of different value from the tapes.

There are more technology-based ways to hacking.  Everything is simple. You need only open service area. You can do it by lock pick or use a special service keys. And sometimes you need just push hard on the hatch metal cover of ATM.

Further, the dispenser must switched off from the computer and connected to its prepared computer which gives command to give all banknotes. And that's all that is needed. The attacker can leave the crime scene with all the cash.

Also there are cases when the attacker had access to the internal network of the Bank. And through it attacker infected the equipment of ATMs or remotely taken control over them. With the help of this software he was able to give the same command to the dispenser to give all cash.

Interview with the researcher Arthur Garipov on ATM Hacking:


What are the methods used by attackers to infect the ATM with
GreenDispenser? 

I can not give an exact answer to the question. It is necessary to look in detail code of a GreenDispenser.

Methods for infecting of the ATM may be different. It can be simply installation with a regular software and temporary disconnection of the ATM from the network, for the purpose of infection.

For a more detailed answer it is necessary to understand how the ATM interract with processing center.
And what is the system of control and administration of these devices.
Most often, these solutions are vendor-dependent and differ not only between banks, but also between ATMs.

a. Consider the interaction of ATM and processing center.
Most often, the interaction goes through the Internet provider, inside the tunnel (VPN).
It is very problematic to break down the tunnel, to make a fake processing center - is not easy too.
But very often there is an opportunity to turn off VPN, to be in the same network with an ATM, and then Conduct an attack on some ATM service that will lead to RCE (remote code execution).
On the other hand, attackers can attack the processing center itself, and make changes to the system of updates.
In some cases, the ATM system is updated remotely. Through the update server. Sometimes this is a local installation.

b. But most often the installation of malware occurs locally.


An attacker just opens the service area of the ATM. At its core inside it is a regular computer, with an attached ATM peripheral. Next, he can locally install the Trojan.

For such purposes, special guys are hired. Such announcements, with such tasks, can be found in darknet, or in specific forums.

The new version of Ploutus malware "Ploutus-D" targets ATMs using KAL’s Kalignite platform, what are the other latest and popular
platforms targeted by malware?
 I did not have to work with this system (Kalignite). Perhaps there is some specific here. Malware, in general, attacks the security of the operating system. And the platform and API system through which it works can be easily changed from one to another.


APIs for the ATM middleware is not well documented, How the attackers
were able to write malware that interacts with the middleware?
 I will not agree. Documentation on the Internet is at the moment is more than enough. Everything is easy to find in the main search engines. The key to knowing the keywords:
https://wenku.baidu.com/view/aa32823987c24028915fc3be.html
And for practice it's enough ATM.
Http://www.ebay.com/sch/i.html?_from=R40&_trksid=p2050601.m570.l1313.TR0.TRC0.H0.Xatm.TRS0&_nkw=atm

NDA’s do not protect.

How do you find presence of this malware in ATM machines?
Unfortunately, most often this is the result of the investigation of the incident.
But there are, of course, other approaches.

What are the other security measures needs to be taken in order to
prevent this malware attack?
This is a separate very large topic for discussion. But it is worthwhile to understand that, more often than not, hacking
ATM is "locally". It is for this purpose that a button is installed on the ATMs. Unfortunately, the attackers also know about it.

Do you think hackers and cyber criminals will weaponize ATM malware
like GreenDispenser with a worm like engine(as used by w32 blaster or
w32 funlove)? What happens to the world if w32 blaster carries Green
Dispenser in it?
Such systems should exist. The question is, it will be more difficult to detect.
And the purpose of such systems is a targeted attack. Specific bank, specific billing.

No app can stop CIA from reading your messages, says Pavel Durov



In an article titled "What does the "Year Zero" and "Vault 7" stuff from Wikileaks mean?", Pavel Durov, the Founder of social network Vkontakte and messenger Telegram, explained how CIA can read your messages even if you are using a secure messaging application.

Durov said that the hackers do not need to directly hack the targeted applications. Instead, they can exploit the vulnerabilities in the mobile operating systems to access your sensitive information and messages.

"To put 'Year Zero' into familiar terms, imagine a castle on a mountainside. That castle is a secure messaging app. The device and its OS are the mountain. Your castle can be strong, but if the mountain below is an active volcano, there's little your engineers can do." he explained. "So in the case of 'Year Zero', it doesn't matter which messenger you use."

He explained that the hackers can gain access to your keyboard that allows them to know which key you press.

"No app can hide what shows up on your screen from the system. And none of this is an issue of the app." said Durov

The founder of the Telegram urged the main developers of operating systems and devices, such as Apple, Google or Samsung, immediately start fixing their vulnerabilities.

He said that normal users do not need to worry about this. But, if the CIA is on your back, it doesn't matter which messaging apps you use as long as your device is running iOS or Android.

Akamai observes new types of reflection DDoS attack


Akamai Security Intelligence Response Team (ASIRT) has observed three new types of Distributed Reflective Denial of Service also known as reflection DDoS attacks that were being used in the wild from March to September 2015.

The ASIRT has published an advisory which warns for network admins that leave external ports open, especially if those ports are handled by UDP-based protocols, known as regular mediums for carrying out reflection DDoS attacks.

In the advisory, it has said that RPC, NetBIOS and Sentinel services abused in a series of new reflection DDoS attacks. There are a collection of network protocols vulnerable to these types of attacks, but the most dangerous ones are those that can accidentally add an amplification factor to the whole process.

The attackers can send one corrupted packet to a reflection point, but the victim receives ten. In this case, the reflection DDoS attack comes with an amplification factor of 10.

The Akamai has described in the advisory that during the past seven months, attackers have turned to new mediums for carrying out reflection DDoS attacks.

During these past months ten reflection DDoS attacks have been observed using RPC, NetBIOS and Sentinel technologies, one of which managed to go over 100 Gbps (Gigabits per second).

In NetBIOS, a protocol used in computer software to allow applications to talk to each other via LAN networks, based reflection DDoS attacks, it was observed that the peak bandwidth never went above 15.7 Gbps, the amplification factor was between 2.56 and 3.85, and its main victims were targets in the gaming and Web hosting sector.

Similarly, RPC attack, which uses RPC portmaps, a service that maps RPC service numbers to network port numbers, peaked around 105.96 Gbps, had an amplification factor of 9.65, and the first that was observed dates back to August against a financial firm.

And, the Sentinel attacks, which were also abused for reflective DDoS attacks, are generally used in closed environments to manage user licenses for multi-user network setups. It was observed that reflection DDoS attacks using Sentinel servers coming out of the University of Stockholm, at a peak of 11.7 Gbps, with an amplification factor of 42.94.

UI of China's new Linux Based OS shows they are fan of Windows XP



China has developed a Desktop Operating System (OS) named “NeoKylin” (and ‘Kylin’ in Chinese), as a substitute to Windows XP.

NeoKylin is developed by Shanghai-based China Standard Software Company and is already running on at least 40% of commercial units sold in the country by U.S based computer company, Dell.

NeoKylin has become a perfect replacement for Windows XP as it has many features similar to the latter.
The complete user interface and essentials like Window’s control Panel, XP’s classic start button and folder’s icon are same. The names of the folders used are also same like Recycle Bin, My Computer and Control Panel among others. The Microsoft office has been replaced by NeoShine Office which offers the same functions.

The classic rolling-hills-and-clouds desktop background has also been replaced with a mythical chimera-like beast that the OS is named after namely Qilin.

Apart from this, the Linux OS has additional features too like the Linux terminal also exists where commands can be run, and information about the OS can be captured from it.

The OS comes with some pre installed applications like web browser, Firefox, a music player, an open-source image editor, GNU Image Manipulation Program (GIMP) and a calculator. Besides this, the version on Dell systems is packed with more applications and games.

At one time, Windows held around 91% of the total market share of China as compared to Mac OS X and Linux was stuck with just 1% and it was a big jolt for the country when Microsoft had announced to end the official support for Windows XP.

As China was neither interested in paying for extended support for Windows XP nor for switching to Windows 8, so it decided to develop their own Operating System. NeoKylin has long been a part of the Chinese government’s hopes for the emergence of a successful domestic OS.

There were speculations that the country did not pay as it doubted America would spy on it. China has always been cautious about the Information Technology (IT) infrastructure of their country.

The enterprise market is becoming more difficult for U.S software makers after whistle-blower Edward Snowden disclosed the US National Security Agency's mass surveillance programs in 2013.

China has always believed in accepting things on their terms and conditions and its plan to eliminate all foreign Technologies and Services by 2020 like Google and Facebook may become a reality for the citizens of the country.

In coming years, it would be an entirely independent IT economy by building homegrown Mobile and computer devices, Operating Systems, Applications, Browsers, etc. but or now it’s new OS needs to be accepted largely by the masses as it is still widely used even after updates and supports are closed, Windows XP is still in use in the majority of the systems in the country.


If NeoKylin were being graded on originality, it would fail. But for the purpose of recreating a domestic OS that the majority of the country wants to stick with, it passes.


Two Ukrainian defendants to pay $ 30 million to the Securities and Exchange Commission

Ukrainian based firm, Jaspen Capital Partners Limited and Chief Executive Officer (CEO), Andriy Supranonok had agreed to pay $30 million to settle U.S. Securities and Exchange Commission (SEC) civil insider trading charges on Monday (September 14).

SEC had charged the two to have traded on information from illegally obtained news releases.
The company had become the first of 34 defendants to settle SEC charges over allegations of theft of more than 150,000 press releases from Newswire before the news became public.

Traders would sometimes create what prosecutors called “shopping lists” of companies that were expected to make announcements and pass them on to hackers.

The illegal profit generated by traders over a period of five years is estimated to be around $ 100 million while Jaspen and Supranonok made approximately $25 million buying and selling contracts-for-differences (CFDs), which are derivatives allowing for leveraged stock price bets, to trade from 2010-2015 trading on press releases stolen from newswire service.

The case was filed in U.S. District Court for the District of New Jersey, which entered an asset freeze and other emergency relief against Jaspen and Supranonok, among others. Nine of the defendants also face criminal charges, though Jaspen and Supranonok were not criminally charged.

Without admitting or denying the SEC’s allegations, the two defendants agreed to transfer $30 million of ill-gotten gains from the accounts which were frozen a month ago.

"Today's settlement demonstrates that even those beyond our borders who trade on stolen nonpublic information and use complex instruments in an attempt to avoid detection will ultimately be caught,” said SEC enforcement chief, Andrew Ceresney.

The settlement between Jaspen and Mr. Supranonok must be approved by a court.

The SEC said its civil case will continue against the other 32 defendants.


  

Tech firm Ubiquiti subject of Cyberheist

A technology firm called Ubiquiti has recently announced that it became a victim of a $46 million cyberheist.

Hackers used a common scam in which crooks faked communications between top level executives of Ubiquiti to initiate unauthorized wire transfers.

The heist was disclosed by Ubiquiti in its quarterly financial report filed at the US SEC.

The company discovered the unauthorized wire transfers on June 5, 2015.

Ubiquiti wrote in a statement, “This fraud resulted in transfers of funds aggregating $46.7 million held by a Company subsidiary incorporated in Hong Kong to other overseas accounts held by third parties."

The company has till date recevered $ 8.1 million till date.

Ubiquiti is based in San Jose and provides network technology to service providers.

Symantec issues update for Criticial Vulnerabilities in Endpoint Protection

Researchers at Code White, a penetration testing company, have found several vulnerabilities in Symantec's Endpoint Protection.

According to the researchers, the flaws are so critical that a hacker can gain access to the whole network of a corporation by attacking the vulnerability.

The researchers found a total of six vulnerabilities in the anti virus program that can help a hacker in taking down a whole corporate network.

Symantec has issues a patch update called SEP 12.1 RU6 MP1 to fix the problems highlighted by the researchers at Code White.

Users have been advised by the anti virus company to update to the new version as soon as possible.