Search This Blog

Showing posts with label Network Security News. Show all posts

The guards at the Ukrainian nuclear power plant mined cryptocurrency and divulged state secrets


The attackers used the resources of the South Ukrainian nuclear power plant for mining digital currency. The Security Service of Ukraine (SBU) stopped the activity of criminals.

Agents of the SBU, checking objects of the nuclear power plant, found computer equipment, illegally connected to the systems for mining. On July 10, the employees of the Department searched and seized the media converter, fiber optic and part of the network cable.

It’s important to note that information about the physical protection of the station, which is a state secret, leaked to the network due to the unauthorized placement of computer equipment in the territory of a nuclear power plant.

Specialists of the Security Service of Ukraine have information according to which members of the National Guard of Ukraine may be involved in illegal mining. The SBU has achieved the initiation of criminal proceedings against them.

It is an interesting fact that recently it became known that in Ukraine the authority that controls the quality of equipment for the South Ukrainian nuclear power plant since 1992 will be eliminated. Employees of the structure carried out examinations, as well as participated in tests of the equipment.

The decision was made after the evaluation of the enterprise. The work of the center was deemed ineffective.

However, it can be assumed that this is due to the fact that someone was mining cryptocurrency on the territory of the South Ukrainian nuclear power plant.

In addition, this week the police discovered an underground farm for the production of cryptocurrency in Ingushetia. Its owners were engaged in illegal and unaccounted electricity consumption. During the inspection of this room, law enforcement officers found that more than 1.5 thousand devices for receiving crypto currency, a laptop, two system units, a video recorder of a video surveillance system, as well as two transformer points with a capacity of 1.6 thousand kW each were connected to the power supply system without appropriate documentation.

Recall that in May 2018 it became known that the police in the Ukrainian city Rovno were mining cryptocurrency directly at the workplace. Since Ukraine does not have legislation regulating the circulation and mining of cryptocurrencies, an investigation was conducted into the theft of electricity.

This was not the first case of using the official position for cryptocurrency mining. In September 2017, Crimean government officials were fired for mining bitcoins in the workplace, and on February 2018 it became known that employees of the Ministry of Finance of Kazakhstan used office computers and department servers for cryptocurrency mining.

Chinese Network Security Laboratory Offering Bounty for Cyber Attacks



A 24-hour online testbed known as Network Endogens Security Testbed (NEST) is proposed by a Chinese network security laboratory for the purpose of testing the security measures provided by various organizations. It's a globally accessible testbed which would welcome cyber attacks from people and organizations across the world.

As per the Purple Mountain Laboratory for Network Communication and Security, the testbed would accept public tests with a reward money of 1.5 million yuan ($2,18,000).

Authorized users are likely to receive corresponding bounties on the basis of their test outcomes, according to the Nanjing-based laboratory.

Justifying the purpose of the proposal, Wu, the proposer of Cyber Mimic Defence Theory, said that improved "autoimmunity" should be made a priority for the upcoming generation information technology.

Wu Jiangxing, an academician of the Chinese Academy of Engineering, compared the present day network security measures which are patches for the flaws and the antiviruses to taking medicine after catching the disease.

“Whether the network is safe or not, hackers have a say. They are also welcomed to challenge it,” he added.

NEST is designed to subdue security threats that arise due to unknown flaws, vulnerabilities or Trojans, Wu told that NEST could effectively put an end to such network security threats without having to rely upon an external safeguarding measure.



A new virus attacked computers in Russia


Cases of malicious e-mails to Russian companies have become more frequent. Attackers write on behalf of Banks, large air operators, car dealers and mass media. They offer cooperation to companies and advise to open the file in the attachment, where there are details about a good deal. If the user does this, the computer is infected with the so-called Troldesh virus. This malware encrypts files on the infected device and demands a ransom.

Fraudsters claim that they are employees of companies and attach a password-protected archive to the letter, in which, according to them, the details of the order are indicated. But in fact, a malicious virus is attached to this email. When a victim gains access to the archive, important files are blocked in his operating system that can be opened only by paying a ransom to the fraudsters. Of course, the addresses from which the letters were sent are fake.

Group-IB found out that in June more than a thousand such messages were sent to different Russian companies. The number of attacks using Troldesh only in this quarter increased 2.5 times compared to 2018. Yaroslav Kargalev, the Deputy Head of Information Security Incident Monitoring and Response Division of Group-IB, said that it is almost impossible to destroy the virus.

Experts of Group-IB noted that Troldesh was previously sent out mainly on behalf of Banks, however, at the moment, the attackers stopped doing it, as Banks have strengthened measures to counter phishing.

It is interesting to note that Troldesh can be bought or rented at specialized sites on the Darknet. Judging from the latest attacks, Troldesh not only encrypts files but also mines cryptocurrency and generates traffic to websites, thereby increasing their traffic and revenue from online advertising.

Experts of Group-IB also stressed that a fairly large-scale infrastructure is involved in the virus distribution, which includes servers, infected IoT (Internet of Things) devices, for example, routers. Now the virus distribution campaign is still active.

It is worth noting that Troldesh attacks companies not for the first time. Such attacks were first recorded in 2015, and the largest took place in March 2019. Then messages came from well-known retailers, as well as financial and construction companies.

Mark Zuckerberg's Previous Facebook Posts Deleted, the Company Blames Technical Errors


The public posts made by Facebook’s CEO Mark Zuckerberg on his personal Facebook profile have been deleted; it included some of the critical updates and important announcements made by the company. All the information shared by Zuckerberg in the year 2007 and 2008 has also vanished.
On being enquired, a spokesperson of Facebook said that these posts which included the major announcements like the one regarding the acquisition of Instagram were erased mistakenly because of some technical errors. Another crucial announcement which was disappeared is Zuckerberg’s promise to keep Instagram free from Facebook.
However, today Instagram is integrated more closely by Facebook than what was said to be. The matter is reported to be escalated to an extent that it led two of Instagram’s co-founders to resign last year.

The deletion of the post where Mark pledged to build and grow Instagram separately is the highlight as Zuckerberg seemingly did not abide by it. 

'Every day, we make decisions about what speech is harmful, what constitutes political advertising, and how to prevent sophisticated cyber attacks.’ Zuckerberg told to The Washington Post.

'These are important for keeping our community safe. But if we were starting from scratch, we wouldn't ask companies to make these judgments alone,' he added.

Referencing from the statements given to Business insider by Facebook’s spokesperson, 'A few years ago some of Mark's posts were mistakenly deleted due to technical errors. The work required to restore them would have been extensive and not guaranteed to be successful so we didn't do it,'

'We agree people should be able to find information about past announcements and major company news, which is why for years we've shared and archived this information publicly — first on our blog and in recent years on our Newsroom.’


Facebook to be reoriented towards user privacy and encryption says Mark Zuckerberg



On Wednesday, Facebook’s CEO, Mark Zuckerberg put forth a reoriented model of privacy for the social media platform which has continued to encourage generation after generation to share what’s up with their life via pictures and status updates.

In an essay Mark posted on his account, he announced his future plans regarding Facebook which are focused on safety, interoperability, private interactions, encryption, secure data storage and reducing permanence.

After consistently being in news for security issues, the company has finally decided to appropriately position itself for an unknown time which is yet to come. Seemingly, the plan of action has been fuelled by the descending trust of the users and ongoing arguments with regulators across the globe.

Explaining the new model, Zuckerberg told that Facebook would be subjected to a change which would remodel the platform after a living room, where people will have complete control over who can communicate with them and a trust that no one else can access what they share, which is in contrast to the initial model which was based into broadcasting information to large sections.

Referencing from Zuckerberg’s Facebook post, “Public social networks will continue to be very important in people's lives -- for connecting with everyone you know, discovering new people, ideas and content, and giving people a voice more broadly. People find these valuable every day, and there are still a lot of useful services to build on top of them. But now, with all the ways people also want to interact privately, there's also an opportunity to build a simpler platform that's focused on privacy first.”

“In a few years, I expect future versions of Messenger and WhatsApp to become the main ways people communicate on the Facebook network. We're focused on making both of these apps faster, simpler, more private and more secure, including with end-to-end encryption. We then plan to add more ways to interact privately with your friends, groups, and businesses. If this evolution is successful, interacting with your friends and family across the Facebook network will become a fundamentally more private experience.”

The subtle and skeptical reactions to Mark’s announcement included privacy advocates questioning about the data that is collected for Facebook’s benefits, they asked if the practice will be minimized. Meanwhile, they asserted on the CEO’s need to talk beyond encryption and prioritize answering the questions on data collection for business purposes.

Referenced from the statements given by Jess Chester, executive director of a nonprofit privacy advocacy group in Washington, “Why does it always sound like we are witnessing a digital version of Groundhog Day when Facebook yet again promises — when it’s in a crisis — that it will do better,”

“Will it actually bring a change to how Facebook continually gathers data on its users in order to drive big profits?" He added.

Commenting on the matter, Jennifer Grygiel, assistant professor of communications at Syracuse University, questioned, “What’s not clear is how they are going to make this transition safely. We have already seen the risks associated with WhatsApp and private encryption in India, for example, where misinformation has led to mobs and the loss of life,”

Studies suggest that consumer trust in Facebook took critical hits due to continuous exploitation of users’ data. In terms of reputation among 100 highly visible public companies, Facebook fell from being 51st to 94th last year. Moreover, certain Facebook user polls implied people entirely getting rid of the app by uninstalling it.

While acknowledging the reduced trust quotient in his post, Zuckerberg wrote, “I understand that many people don’t think Facebook can or would even want to build this kind of privacy-focused platform — because frankly we don’t currently have a strong reputation for building privacy protective services, and we’ve historically focused on tools for more open sharing,” he said. “But we’ve repeatedly shown that we can evolve to build the services that people really want, including in private messaging and stories.”


To Zuckerberg’s proposal of a future which would look different, Twitter bore witness to another skeptical remark as Ashkan Soltani, a former Federal Trade Commission official and privacy researcher, said “This move is entirely a strategic play to use privacy as a competitive advantage and further lock in Facebook as the dominant messaging platform.”

Flaw in D-Link switches; A threat to security

Independent security researcher Varang Amin and Aditya Sood, chief architect at Elastica’s Cloud Threat Labs discovered a flaw in DGS-1210 Series Gigabit smart switches from D-Link which could be exploited to access log and configuration files without any authentication credentials.

These switches which can be configured to store backup files, including logs, firmware and configuration files lack proper authorization and authentication controls, allowing an attacker to access the backup files found both on the device’s flash memory and the web server.

The duo also pointed out that while the web server’s root directory is easily accessible, the back files from the flash memory could be remotely accessed by knowing the IP address of target device.

The access of configuration file can pose a threat as it can expose all the details about the switch including configuration, username, etc. The file can be uploaded to another switch to obtain further information about the clients which is stored in log files.

According to Sood, the flaw was detected on October 07, but the company did not release a fix for it till now.

After waiting for a month, the researchers recently disclosed their discovery at the ToorCon security conference. However, in order to give time to the firm to address the issue, the duo did not make the exploit details public.

Microsoft provides urgent security fix for Windows

Microsoft has recently provided a security fix for its Windows operating systems to plug a lapse in security that allowed hackers access to a victims computer.

Microsoft has said that the vulnerability present in their operating system would have allowed a hacker to gain complete access to an affected computer.

The vulnerability is present in Windows Vista, Windows 7, Windows 8 and 8.1 and Windows RT. These operating systems represent two out of three computers in the world that run a Microsoft operating system.

The company had previously provided an update like this in November 2014 also.

The flaw is said to exist in the final version of Windows 10 also that will be available to users from July 29.

The security fix will be done through Windows Update

Ex-employee arrested for hacking into High-voltage power manufacturer's network


A Software programmer who was employed at the High-voltage power manufacturer company arrested for hacking into the computer network of the company.

According to the FBI report, Michael Meneses, was employed at the victim company as a software programmer and system manager specializing in developing and customizing the software that the company used to run its business operations.

He was one of two employees who were primarily responsible for ensuring that the software that drove the company’s manufacturing business. His responsibilities gave him high-level access to the company’s computer network.

He had voiced displeasure at having been passed over for promotions, tendered his resignation in late December 2011.  Then, he allegedly launched cyber attack against the company and steal employee's security credentials.  He then used those credentials for accessing the network remotely via VPN.  The complaint says the company suffered over $90,000 in damages as a result of Meneses’s intrusions.

If convicted, he will face a statutory maximum sentence of years’ imprisonment, a $250,000 fine, and restitution.

Hackers compromised cPanel's proxy server used by Technical Analysts


cPanel announced that one of the cPanel proxy servers which is used by their Technical analysts for accessing customer servers has been compromised by hackers.

According to their forum post, the hacker compromised proxy machine by compromising a single workstation used by one of our Technical Analysts.

The company said "only a small group of our Technical Analysts uses this particular machine for logins".

The company also claimed that they found no evidence that any sensitive customer data was exposed and there is no evidence that the actual database was compromised.

cPanel restructured the process used to access customer server to "reduce the risk" of this type of security breach.

Syrian Electronic Army hacked into Emails of Israel News site Haaretz


The hacker group Syrian Electronic Army hacked into mail system of Israel News Paper Haaretz.

The hackers claimed that they gained access to more than 80 email accounts and passwords of Haaretz employees and leaked the data in their official website.(syrian-es.org/leaks/Haaretz/Haaretz-EmailsAndPasswords)

According to Haaretz report, the hackers sent a spoofed emails to Haaretz employees and asked them to click a link that leads to an article on website of The Guardian, about talks between the United States and the Syrian opposition.

Once the employee click the link, it redirect the victim to a page requesting them to enter their login credentials that allowed hackers to breach their work email accounts.

Haaretz take down the email server after the security breach. The Haaretz Group responded by saying that all employees' email passwords will be changed.  Readers' data from Haaretz Group websites  are not affected by this breach.

Screenshot that lists the Haaretz employees' email accounts
The employees use very simple passwords.  We have selected the Best password used by the Employees (lol) : "Abc123".

"It's just the beginning ... Next hacks will include Israeli government targets " Hackers said in their post.

NIC uses vulnerable Apache version, results in "Expect header XSS" vulnerability


The hackers who recently defaced Top level Domains of Turkmenistan by exploiting the vulnerability in NIC.tm, has discovered another vulnerability in the website.

They found that the few NIC websites uses the vulnerable version of Apache server(version 1.3.33) .   The version has a security flaw that exists in the handling of invalid Expect headers. Modifying the Expect header value to XSS code results in Cross site scripting attack.

GET / HTTP/1.1
Expect: <script>alert("E Hacking News")</script>
Host: nic.tm
Connection: Keep-alive
Accept-Encoding: gzip,deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.0)
Acunetix-Product: WVS/8.0 (Acunetix Web Vulnerability Scanner - NORMAL)
Acunetix-Scanning-agreement: Third Party Scanning PROHIBITED
Acunetix-User-agreement: http://www.acunetix.com/wvs/disc.htm
Accept: */*

Expect Header xss attack


The vulnerability affects four NIC websites : www.nic.ac, www.nic.tm ,www.nic.io,www.nic.sh.

There is another important security flaw in the Apache server : Mod_rewrite which is vulnerable to buffer overflow(Vulnerability Details). 

Quick fix for IE zero-day Vulnerability (CVE-2012-4792) is available


Microsoft has released quick fix for a zero-day vulnerability in older versions of its Internet Explorer web browser that is actively being exploited by hackers.

The security flaw affects the IE 6, Internet Explorer 7 and Internet Explorer 8. Versions 9 and 10 are not affected by this vulnerability.

About CVE-2012-4792:

Use-after-free vulnerability in Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code via a crafted web site that triggers access to an object that (1) was not properly allocated or (2) is deleted, as demonstrated by a CDwnBindInfo object, and exploited in the wild in December 2012.

The company said that the "Fix it solution" is not intended to be a replacement for any security update.

"We recommend that you always install the latest security updates. However, we offer this Fix it solution as a workaround option for some scenarios."

Quick fix the vulnerability is available here:
http://support.microsoft.com/kb/2794220#FixItForMe

#OpIsrael: Anonymous hacked Israel news agency DEBKAfile, accounts leaked

anonymous hacker

The Anonymous hackers has hacked into the official website of an Israel News Agency, DEBKAfile(debka.com) and leaked user accounts.  The hack is an apparent retaliation for what the hacktivist claimed is Debkafiles long history of being a “tongue of the Mossad.”

The dump contains more than 80 user login credentials .  It contains email address and password in plain text. Most of the password are very simple and only 6 letter text.

"DEBKA first started around 2000 in purpose of polluting media with Zionist-Oriented news and rumors." Hacker said in the pastebin.

"DEBKA also analyzes on how people react to news and information offered by the agency in their state of art laboratory. Using these methods the agency has got the ability to release news and rumors in subjects which have most impact in the eyes of readers and political figures."

According to hacker statement, they have managed to breach their systems and acquire highly sensitive information, including employees and authors personal information, labs details and of course their subscribers.

But they have leaked only portion of what they have got which includes subscribers emails and passwords (Most of them are retired MOSSAD agents!!!).

So far there is no official statement from Debkafile about the breach.  Stay tuned..!