Search This Blog

Showing posts with label Security. Show all posts

BGP Hijacking Victimizes Google, Amazon and Other Famous Networks' Traffic!


As per reports, a telecommunication provider that is owned by Russia rerouted traffic which was intended for the most imminent Content Delivery Networks (CDNs) and cloud host providers of the globe.

The entire re-direction kept on for around an hour during which it affected over 8,500 traffic routes of the internet. The concerned organizations happen to be few of the most celebrated ones.

Per sources, the brands range across well-known names like Cloudflare, Digital Ocean, Linode, Google, Joyent, Facebook, LeaseWeb, Amazon, GoDaddy, and Hetzner.

Reportedly, all the signs of this attack indicate towards its being a case of hijacking the Border Gateway Protocol, also known as, BGP hijacking. It is the illegitimate takeover of IP prefixes by a hijacker to redirect traffic.

This gives a lot of power in the hands of the hijacker because they could at any time “publish an announcement” stating that the servers of a particular company are on their network. As a result of which all of e.g. Amazon’s traffic would end up on the hijacker’s servers.

In earlier times when Hypertext Transfer Protocol wasn’t as widely used to encrypt traffic, BGP hijacking was a lucrative way to carry Man-in-the-Middle (MitM) attacks and catch and modify traffic.

But in recent times, analysis and decryption of traffic later in time has become easier because of BGP hijacking, as the encryption gets weaker with time.

This predicament isn’t of a new kind. It has been troubling the cyber-world for a couple of decades, mainly because they aim at boosting the BGP’s security. Despite working on several projects there hasn’t been much advancement in improving the protocol to face them.

Google’s network has been a victim of BGP hijacking by a Nigerian entity before. Researchers mention that it is not necessary for a BGP hijacking to be malicious.

Reportedly, “mistyping the ASN” (Autonomous System Number) is one of the other main reasons behind a BGP hijacking, as it is the code via which internet units are recognized and ends up accidentally redirecting traffic.

Per sources, China Telecom stands among the top entities that have committed BGP hijacking, not so “accidentally”. Another famous one on a similar front is “Rostelecom”.

The last time Rostelecom seized a lot of attention was when the most gigantic of financial players were victimized by BGP hijacking including HSBC, Visa, and MasterCard to name a few.

The last time, BGPMon didn’t have much to say however this time, Russian Telecom is in a questionable state, per sources. They also mention that it is possible for the hijack to have occurred following the accidental exposure of the wrong BGP network by an internal Rostelecom traffic shaping system.

Things took a steep turn when reportedly, Rostelecom’s upstream providers re-publicized the freshly declared BGP routes all across the web aggravating the hijack massively.

Per researchers, it is quite a difficult task to say for sure if a BGP hijacking was intentional of accidental. All that could be said is that the parties involved in the hijack make the situation suspicious.

Winja (VirusTotal Uploader)- The Malware Detector!


Cyber-security is an important concern for everyone working from these days, amid the lock-down due to the current Coronavirus pandemic. There are several security measures one can employ to stay on top of all the cyber-hazards that hackers could be brewing.

Winja is one such free application and passive analysis tool that is designed for Microsoft Windows that helps the user find any potential malware on their system. By way of using the scanning engine of the anti-virus products, the application gives forth very specific details as to which file is hazardous in which way.

Whenever we download something from the internet our first step is to ensure that it’s safe for our device. With Winja, all you have to do is to drag the file in question on the mal window and Voila! The results apparently will show on the desktop.

In case you have a sneaking suspicion about your device being infected, you could scan all services and processes for malware and the application will help you.

Reportedly, Winja initially uses the “VirusTotal” public API to insert the fingerprint of a file. If the fingerprint is present, Winja sends the current analysis report and if it is not then Winja sends the “unknown file” to the VirusTotal servers for scanning. You can also analyze files any time you want to enhance the chances of detection.

As has been recognized by researchers over these years, hackers tend to have their places of choice in their victim’s devices to first sneak in and then hide the malware. With Winja it becomes extremely easy to locate any suspicious files in those places. Per sources, Services, Task Scheduler, Active Processes, Applications beginning with Windows and Actions that require network resources and internet are few to be mentioned.

All you need to do to scan any file that you have a suspicion on is to drag it and drop in onto the main window of the Winja application.

Plus, you can make use of an extension for the Windows Explorer that would aid you to request a scan by means of a right-click on any file of your choice from the file browser.

Per sources, all the subsequent versions after the sixth one are available in French making it a huge hit in the French-versed population. VirusTotal, which is an arm of Google, strongly suggests Winja as a substitute for their Windows desktop application.

This application goes hand in hand with the anti-virus software that you love to use for your devices. It is not a substitute for anti-virus software but it fits with them like a puzzle piece and does not intend to endanger their publicity in any way.

This COVID-19 Website By Google Tells You All You Need To Know About Coronavirus!


The first step anyone took after hearing the first of the Coronavirus was ‘Googling’ it. Google has been a solution, for as long as we can remember, to most of our queries. Yet again it upholds its
reputation.

Amid all the mass confusion and chaos this virus has caused for the human race, every single one of us has wanted a ‘go-to’ for a little clarity between all of this bewilderment related to COVID-19.

Be it asking about the first symptoms, vaccine information or prevention strategies, in the middle of this bewilderment people have continued to look up to search engines for answers.

Google stepped in at the right moment and launched a website that encompasses next to every single bit of information about the Coronavirus.

Per sources, by way of collaborating with the US government, Google was has developed a website fully committed to educating people about COVID-19 including the probable symptoms, ways of prevention, treatment and all the other related information.

Reportedly, in the last week of January, Google had launched an SOS “alert” packed with resources and safety details from the WHO, plus the latest news. The alert, as of now, has spread across many countries in 25 languages. Per sources, people in over 50 countries have access to localized public health guidance from authorities.

The website mostly centers on providing health-related information along with safety and preventive practices, helpful resources, updated data and insights, relief assistance, the most recent of news, the early symptoms of the disease and how it spreads.

The website strongly endorses the “Do the Five” campaign to further wakefulness about basic things people can do to control the spread of COVID-19, per the WHO. According to sources, the website also has a map of the affected areas via the WHO and links to national health authority websites.

The website is loaded with informative videos from the Ministry of Health & Family Welfare, depicting the importance of washing hands regularly, responsible behavior and fighting together.

It is a massively lucrative initiative towards putting all the misunderstandings and confusion of people regarding COVID-19, to rest. The website shall be regularly updated and improved with more details and resources.

The link to the website:
https://www.google.com/covid19/

Windows 10 Users Beware! Astaroth Malware Campaign is Back and More Malicious!


A malware group that goes by the name of ‘Astaroth’ has re-emerged stronger and stealthier than before. This group has been known for exploiting Microsoft Windows tools to further the attack.

Microsoft had gotten aware of these methods and exposed the malware group and its “living-off-the-land” tactics. But the malware resurfaced with a hike in activity and better techniques.

Reportedly, the Windows Management Instrumentation Command-line (WMIC) is the built-in tool that got used the last time as was spotted by the Windows Defender ATP.

Per sources, the analysis done by Microsoft led to the discovery of a spam operation that spread emails with links to websites hosting a “.LNK” shortcut file which would instruct the WMIC and other Windows tools to run “fileless” malware in the memory well out of the reach of the anti-malware.

Sources indicate that having learnt from mistakes, Astaroth now entirely dodges the use of the WMIC. January and February showed a rise in activity.

According to sources, the new styled campaign still commences with a spam email comprising of a malicious website hosting link, LNK file but it the new version it employs a file attribute, “Alternate Data Streams” (ADS), that lets the attacker clip data to a file that already exists so that hiding malicious payloads gets easier.

Per source reports, the first step of the campaign which is a spam email reads, “Please find in the link below the STATEMENT #56704/2019 AND LEGAL DECISION, for due purposes”. The link is an archive file marked as, “Arquivo_PDF_.zip”.

It manipulates the ExtExport.exe to load the payload which per researchers is a valid process and an extremely unusual attack mechanism.

Once the victim clicks on the LNK file with the .zip file in it, the malware runs an obfuscated BAT command line, which releases a JavaScript file into the ‘Pictures’ folder and commands the explorer.exe that helps run the file.

Researchers mention and sources confirm that using the ADS permits the stream data to stay unidentifiable in the File Explorer, in this version Astaroth reads and decrypts plugins from ADS streams in desktop.ini that let Astaroth to rob email and browser passwords. It also unarms security software.

Per sources, the plugins are the “NirSoft WebBrowserPassView” tool is for regaining passwords and browsers and the “NirSoft MailPassView” tool is for getting back the email client passwords.

This is not the only legitimate tool Astaroth exploits. A command-line tool that goes by the name of “BITSAdmin” which aids admins to create download and upload jobs with tracking their progress is exploited to download encrypted payloads.

Reportedly, Astaroth has previously wreaked havoc on continents like Asia, North America, and Europe.

Three Botnets Abuse Zero-Day Vulnerabilities in LILIN's DVRs!


Not of late, LILIN recorders were found to be vulnerable. Reportedly, botnet operators were behind the zero-day vulnerabilities that were exploited in the Digital Video Recorders (DVRs ) that the vendor is well known for.

Sources mention that the exploitation of the zero-day vulnerabilities had been a continuous thing for almost half a year and the vendor was unaware. Nevertheless, they rolled out a patch in February 2020.

Digital Video Recorders are electronic devices that collect video feeds from local CCTV/IP cameras systems and store them on different mass storage devices like SD cards, USB flash drives, disk drives, etc.

DVRs are a huge deal today given they are a major element for the security cameras that are used almost everywhere in these times.

With CCTV cameras raging, attacks especially designed for them have also risen equally. Malware botnets and other hacker operations have been targeting these widely used DVRs for quite some time now.

Per sources, the non-revised and out of date firmware stands to be the reason for these devices being hacked. Especially, the DVRs with default credentials are exploited to kick off DDoS and other IoT attacks.
Sources mention that security researchers found LILIN’s DVRs too were being exploited for almost half a year, since August last year by three botnets.


The vulnerability in the “NTPUpdate”, sources mention, allows attackers to inject and control the system’s commands. Via one of the ‘hardcoded credentials’ (root/icatch99 & report/8Jg0SR8K50) the attacker stands a chance to retrieve and alter a DVR’s config file, and later control commands on the device after the File Transfer Protocol (FTP) server configuration is regularly matched.

Per sources, the first botnet behind the zero-day vulnerability was the “Chalubo botnet” with a motive of exploiting the NTPUdate of the LILIN DVRs. The other two were employed by the “FBot botnet”

Reportedly, a couple of weeks after the previous attacks of the FBot, the Moobot botnet also tried its luck and succeeded on the second zero-day vulnerability.

There is no knowing as to what the exact motive was behind hacking the LILIN DVRs. Nevertheless, there has been a history of DDoS attacks, re-routing traffic, and proxy networks.

As it happens there are, per sources, over 5,000 LILIN DVRs that exist today thus making it quite a hefty task to update all of them immediately. But it’s a relief to know that the first step has been taken. There’s not much to worry about now given LILIN has released a firmware update along with solutions for mitigation.

HACKED- Windows 10, macOS, Adobe, VMware, Apple and Oracle at The Pwn2Own 2020!


Pwn2Own is a well-known computer hacking contest which is held once every year at the CanSecWest security conference. In this contest, the contestants are tested on how well they could exploit commonly used software and mobile devices with formerly unheard of vulnerabilities.

An issue as grave as the Coronavirus pandemic has clearly not affected the spirits of the Pwn2Own 2020 hacking competition which got done with its first two days.

On Day 1, security researchers and participants bagged a handsome amount of over $180,000 for exploiting the Windows 10, Ubuntu Desktop and macOS, mention sources.

Reportedly, a “team from the Georgia Tech Systems Software and Security Lab succeeded in exploiting a kernel privilege escalation to execute code on macOS” by way of Safari. The attack mechanism that ended up winning for the team $70,000 was comprised of 6 vulnerabilities.

Per the event page (thezdi.com), Georgia Tech employed a “6 bug chain to pop calc and escalate to root”.

The team that has won several preceding editions of the hacking contest, Team Fluoroacetate, won themselves a victorious $40,000 after they employed a “local privilege escalation exploit” meant for the Windows 10.

Reports mention that one of the two members of the aforementioned team also won himself a smashing amount of $40,000 for yet another privilege escalation exploit pursuing Windows 10.

As per sources, the RedRocket CTF team got themselves a win, owing to it to one of their members, Mafred Paul, who bagged an attractive amount of $30,000 for a local privilege escalation exploit focused on Ubuntu Desktop. The hack was about the manipulation of the ‘Input validation bug’.

On Day 2, The Fluoroacetate successfully targeted the Adobe Reader with a local privilege escalation by employing a pair of UAFs, mentioned sources and grabbed an amount of $50,000.

Per reports, the Synacktiv team targeted the VMware Workstation but unfortunately to no avail in the given duration of time. There also were special demonstrations of the Zero Day Initiative against the Oracle VirtualBox.

This was the very first time the organizers allowed “conditional remote participation” in the Pwn2Own hacking contest, understandably because of the increased concerns of people about traveling due to the Coronavirus outbreak.



Beware of Stalkerware That Has Eyes On All of Your Social Media!


Dear social media mongers, amidst all the talk about the Coronavirus and keeping your body’s health in check, your digital safety needs kicking up a notch too.

Because, pretty recently, security researchers discovered, what is being called as a “Stalkerware”, which stalks your activities over various social platforms like WhatsApp, Instagram, Gmail, Facebook, and others.

‘MonitorMinor’, per the sources, is definitely the most formidable one in its line.

Stalkerware are “monitoring software” or ‘Spyware’ that are employed either by people with serious trust issues or officials who need to spy for legitimate reasons.

Via this extremely creepy spyware kind, gathering information like the target’s ‘Geographical location’ and Messaging and call data is a cakewalk. Geo-fencing is another spent feature of it.

This particular stalkerware is hitting the headlines this hard because, MonitorMinor has the competence to spy on ‘Communication channels’, like most of our beloved messaging applications.

The discoverers of this stalkerware issued a report in which they mentioned that in a “clean” Android system, direct communication between applications is blocked by the “Sandbox” to kill the possibilities of the likes of this spyware gaining access to any social media platform’s data. This is because of the model called “Discretionary Access Control” (DAC).

Per sources, the author of the stalkerware in question manipulates the “SuperUser-type app” (SU utility) (if present) allowing them root-access to the system.

The presence of the SU utility makes all the difference for the worse. Because owing to it and its manipulation, MonitorMinor gains root access to the system.

The applications on the radar are BOTIM, Facebook, Gmail, Hangouts, Hike News & Content, Instagram, JusTalk, Kik, LINE, Skype, Snapchat, Viber, and Zalo-Video Call.

From lock patterns to passwords, MonitorMinor has the power to dig out files that exist in the system as ‘data’. And it obviously can use them to unlock devices. This happens to be the first stalkerware to be able to do so, mention sources.

Per reports, the procedure is such that the “persistence mechanism” as a result of the malware manipulates the root access. The stalkerware then reverts the system section to read/write from the initial read-only mode, copies itself on it, deletes itself from the user section, and conveniently goes back to read-only mode again.

Reports mention that even without the root access, MonitorMinor can do a consequential amount of harm to targets. It can control events in apps by manipulating the “Accessibility Services”. A “keylogger” is also effected via the API to permit forwarding of contents.
Unfortunately, victims can’t do much to eradicate the stalkerware form their systems, yet.

Other functions of the stalkerware include:
• Access to real-time videos from the device’s camera
• Access to the system log, contact lists, internal storage contents, browsing history of on Chrome, usage stats of particular apps
• Access to sound recordings from the device’s microphone
• Control over the device’s SMS commands.

The security researchers released a report by the contents of which, it was clear that the installation rate of it was the maximum in India, closely followed by Mexico and then Germany, Saudi Arabia, and the UK.

The researchers also per reports have reasons to believe that possibly the MonitorMinor might have been developed by an Indian because they allegedly found a ‘Gmail account with an Indian name’ in the body of MonitorMinor.

Tor Browser Bug Executes Uncalled for JavaScript Codes!


The well-known Tor is allegedly experiencing some kind of bug in its mechanism. It has hence warned the users to stay vigilant as regards to the “Tor Browser Bug”, which runs JavaScript codes on various unexpected sites.

Tor (originally Team Onion Router) is a free and open-source software which chiefly works on allowing anonymous communication to users.

Reportedly, the team has been working on a solution and would roll it out as soon as it is done, but there isn’t a particular time to expect it.

One of the most critical features for the security of the Tor Browser Bundle (TBB) happens to be the ability to block the code execution of the JavaScript, mention sources.

TBB is a browser that has a set of superior privacy features majorly for concealing real IP addresses to maintain the anonymity of online users and their devices’ locations.

Owing to these features, the browser has become a go-to for the working people, especially the journalists, citizens of repressive countries and people with political agendas because after all, it is a great instrument to dodge online censorship and firewalls.

People who are against the anonymity of the users and just can’t let things be, have in the past tried several times to expose Tor Browser users’ actual IP addresses via exploits that functioned on JavaScript code.

Sources cite that while few attempts of the better nature have been successfully employed to track down criminals, others were pretty strangely executed.

And then recently, a bug was discovered in the much appreciated TBB’s security mechanism. When the browser was set to allow the use of the most supreme security level and still permitted the execution of the JavaScript code when instead it should have barred it.

It is a relief that the team of Tor is well aware of the bug and is, with dedication working towards developing a patch for it. Per sources, they also mentioned that if a user requires to “Block JavaScript” they could always disable it entirely.

As per reports, the procedure for doing the above-mentioned is to open the “about config” and search for “javascript.enabled”. If here the “Value” column mentions “false” it means that the JavaScript is disabled and if it mentions “true” then right-click to select “Toggle” or double click on the row to disable it.

250,000+ Login/Passwords Leaked in The Trident Crypto Fund Data Breach


More than 260,000 customers’ data was compromised online in a gigantic data breach that went down pretty recently.

Trident Crypto Fund, per reports, experienced this data breach which gave rise to the leakage of thousands of customer records including usernames and passwords, online.

Per sources, Trident is a crypto-investment index fund that functions as an arm of the “Dragonara Business Center”, Italy. It also is reportedly the “first coin-based index fund”.

And like scattered sugar for ants, the leaked records were immediately devoured by the cyber-cons right after they were compromised.

Per sources, personal data of over 260,000 registered users of the Trident Crypto Fund was left bare for people to exploit as per they wished to.

Reports mention that the leaked data comprised of phone numbers, encrypted passwords, email addresses, and IP addresses.

The aforementioned data was discovered to be published on several “file-sharing” websites in the past month.

According to researchers, the hackers had evidently de-crypted the stolen files and published an array of over 120,000 passwords at the beginning of March. It was also found out that the password and login ID pairs were matchless with the ones previously leaked.

The details or even the mention of the data breach haven’t appeared on the website or on other communication platforms. But reportedly, a victim of the breach was contacted who confirmed the connection between the fund and the leaked data.

As mentioned on the fund’s website, the company “works hard” to protect its customers’ data and secure accounts. They allegedly are also investigating the “suspected breach”.

The Russians were the ones to get heavily affected by the above-mentioned data leak as the compromised data was a direct key to their accounts. Word has it that more than 10,000 Russian users were impacted by the Trident Crypto Fund data breach.

Even though it’s possible that Russian residents might have had their records leaked previously as well, there are no records of that happening.

Nevertheless, this data breach structured the history of data leakages for Russia as this happens to be one of the first major ‘Personal’ data breaches the country’s citizens have faced that has had such a major impact.

Attention! Malvertising Campaigns Using Exploit Kits On The Rise


Of all the things that online advertising could be used for, spreading malware is the one that throws you off the list by surpassing them all.

Not of late, researchers found out a recent ‘Malvertising’ campaign and sources say that it was done by way of the “Domen Social Engineering Toolkit”.
‘Malvertising’ (malicious advertising) could be defined as using online advertising means for spreading malware. Most typically it is done by inserting malware or malicious advertisements into legitimate advertising web pages or networks.

Per informed sources, this campaign was uncovered while trying to influence a VPN service as bait. It displayed a group of domains that gave Domen’s attack mechanism a fresh bend.

The construction of the campaign, as mentioned in reports, was such that ‘search-one[.]info’ was comprised in it as the ‘fake’ page, ‘mix-world[.]best’ as the download site and ‘panel-admin[.]best as the backend panel.

As revealed in reports, the campaign managed to redirect the users and bare them to ‘Smoke Loader’. This is conceivably a downloader that installs secondary payloads. And that’s what it did. They consisted of a ‘Vidar stealer’, ‘Buran ransomware’ and ‘IntelRapid cryptominer’.

Need not to mention, this campaign isn’t the first one to surface which was focused on payloads. Women's malvertising per source had commenced in September last year. The social engineering toolkit was employed to exploit the website and fool users into clicking on a fake ‘Adobe Flash Player’ update. The clicking would start a download of “download.hta”. Afterward, by way of employing PowerShell to connect to “xyxyxyxyxy[.]xyz”, only to download the 'NetSupport Remote Access Trojan' (RAT), later.

With amplification in the usage of the internet and online means, it becomes a top priority to build up a structured and strong defense mechanism to fight and prevent Malvertising.

Hiring security professionals is a safe pre-requisite and a building block towards creating the defense structure. Keeping abreast of the latest updates and patches must be a primary priority.

Word has it that in most cases the ‘exploit kits’ are employed to disseminate the malware payloads. Hence the organizations should have a clear account of all its obstruction points so that Malvertising campaign’s attack payloads could be detected and dealt with in time.

Alert! The Days of WhatsApp Are Gone? Stronger Competitor In The Market!


Joy all around for the social media fanatics who had gotten quite bored of WhatsApp being their only source of incessant chatting provisions. And to those as well who felt unsafe because of the recent spyware that hit the beloved social media chat application.

The word around is that a recently surfaced social media chat application could give strong competition to the Facebook-owned social media service.

The users were already quite disconcerted about the recent cyber threat that hit WhatsApp and were in desperate need of any substitute to satisfy their daily social cravings.

The celebrated application goes by the name of “Signal”. Its unique characteristic is its keen focus on the privacy of the users.

Per sources, Signal has planned out to move towards the big market and go “main-stream”, owing it to the substantial monetary support it received from WhatsApp’s co-founder.

The financial backing is to facilitate “Signal” in getting better features and attracting the attention of people who are sort of done with using WhatsApp and are in want of other options, for whatever reasons.

Reports mention that the launcher of ‘Signal’ had continually been working on getting everyone access to encrypted communications without much fuss.

Now it finally is time for Signal to enter the world it was originally created for in the first place. It is a revolutionized effort at forming a more secure cyber-space for the people.

With key agendas like privacy and cyber-security being the central constituents of Signal, the application is sure to win a lot of hearts.

In recent times WhatsApp has been all over the place because of the alleged cyber threats, like spyware, it has been leaving its users open to. Because of which people’s trust over it has been withering gradually.

Per valid sources, Signal is special because it is encrypted from end-to-end. Its servers do not store any sort of “conversation metadata” on them. This especially was quite a hefty task for the developers to work their way around. They also had to work on enabling “group administration” to let people add and remove members without the servers’ knowledge. But they did it.

Hence, at a time like this, Signal is a very welcome blessing for social media fanatics who have become so used to social applications that they can’t imagine their lives without them.

Apple Deliberately Restricts Old Versioned iPhones' Performance; Gets Fined!



Apple, the technology giant famously known for its partially eaten logo among other things, was recently fined by France’s authority that regulates competition in the country, mentioned sources.

This apparently isn’t the first time that Apple has been fined by governmental authorities but it hasn’t mattered to the multi-million organization much before because of its money replenishing power.

Per reports, the reason behind this charging happens to be Apple’s voluntarily keeping the fact from its users that the software updates it released in 2017 could limit the functioning of the older versions of iPhones.

According to sources, Apple never updated its users that the time-worn batteries of the older iPhones, namely, iPhone 7, iPhone 6, iPhone SE and such wouldn’t be able to manage the increased battery usages.

The Directorate-General for Competition, Consumption and the Suppression of Fraud (DGCCSF) is the aforementioned body that in one of its reports elaborated upon how Apple’s software updates hindered the proper performing of older models of iPhones and how the company never realized their duty to enlighten the users about it.

The updates in question basically curbed the performance levels of iPhones to thwart excessive energy consumption of older versions of the phones, eventually trying to ward off a total crashing down of the devices.

The users could go back to older software versions or replace the battery and their iPhones could have a chance at working like they formerly did. The issue is a good initiative and has a solution but how are the people to know about this and act accordingly, if they aren’t duly apprised by Apple?

And what’s more, Apple restricted the users from returning to their previous software types, meaning the users couldn’t do much about the situation anyway!

Sources mentioned that Apple agreed to pay the fine of around $27.4 million for purposely limiting the performance of older iPhones and not alerting the users about it.

There was quite a hullabaloo outside of France as well regarding the same issue including lawsuits that got Apple to publicly apologize and offer free battery exchanges for affected devices.

As per sources, an Italian agency too had fined Apple and Samsung for not conspicuously informing the users on how to replace batteries.

But, $27.4 is next to nothing for a gigantic tech name like Apple. It would, with no apparent trouble, stock back the amount of money in just 2roper to 3 hours!

120 Million Medical Records Leaked! Global Medical Report Sheds More Light.


Along with cyber-security within your phones and other devices, you must make sure the hospital you go to has enough cyber-protection as well!

The obnoxiousness of cyber-criminals is escalating by the hour. As if stealing data of organizations and loosely selling largely famous tech giants’ data online wasn’t enough, hackers have now thrown on the internet personal medical details of more than 120 million Indian patients, per sources.

With the leakage of these personal medical records, they have also been made available online for cyber-cons to exploit.

In a recent “Global Report” on “Medical Data Leak” it was acutely mentioned that in the enormous number of records that got leaked, the affected patients’ X-rays, MRIs and images of CT scans were the major components.

According to sources, the first such report was published by a German cyber-security firm in October 2019. According to the actions taken by several countries’ governments as a response to the publishing of the first report, the succeeding report segregated countries into the categories of “good”, “bad” and “ugly”.

It may or may not come as a shock to many, but India was a “proud winner” of the second position in the “Ugly” category right after the United States of America.


As stated by the succeeding report, the state of Maharashtra is positioned right at the top if we consider the number of “data troves” (308, 451 troves) that are available online providing access to more than 69 million images.

Per sources, the second position is Karnataka with 182, 865 data troves providing access to more than 13 million images!

Researchers found out that the number of data troves that are available online has risen exponentially especially speaking in terms of India.

What exactly induced the leakage isn’t as widely known as all that but the first report clearly insinuated that the leak was in a way prompted by the servers of the “Picture Archiving and Communications Systems (PACS)” as the leaked information is mostly stored there.

The problem possibly was that the servers aren’t as secure as they should be and are connected to the public internet network which makes them easily susceptible.

This leakage is really disconcerting because you can’t simply get hold of who those patients are. They could be ANYONE, ranging from common men to big shots!
Apart from that, these medical records could pose threats like extortion, identity theft, and the list is unending.

Mobile Banking Malware On The Rise, 50% Hike In Attacks! WhatsApp a Dependable Medium?


According to studies, with an increase of 50% malware attacks have known no bounds in the past year. Most common of all happen to be malware that steals users’ financial data and bank funds.

The banking malware is on the rise in India. According to several sources, over 35% of organizations and institutions in India have been affected by such attacks in 2019 alone.

Among the most common types of malware that India often faces, that steal photographs and contact details from the phone, Adware is a big name as it generates ads on your phone to make money for some other party.

Another variant that isn’t all that trendy in India is a malware that kicks off surveillance on the target’s phone, tracks its GPS location and snips their personal data. What’s more, they could even control your microphone and other mobile phone operations.

What makes banking malware scary is its ability to steal data while the target’s on their phone making payments. Unaware of any malicious activity, the user would have let some cyber-con know all their bank credentials.

WhatsApp is becoming an accessory in the procedures of banking malware. Despite the hefty encryption that’s done on the chat app, hackers keep finding creative ways to exploit even the most minute of vulnerabilities.

In a recent zero-vulnerability case, the malware which was on the video-file message got transmitted as it is onto the receiver’s device.

To make sure that you don’t get malware installed on your device via WhatsApp, keep cleaning all the data and do not open any doubtful files and links.

Phishing attacks are among other common tactics of hackers to attack users and their devices. Suspicious emails, if opened could help the hackers kick off malware in the mailbox and then the attack goes in a way that takes the target to a website and asks them to fill in their personal information.

Downloading apps from third-party stores and straight from the internet is a strict no! Do not open any suspicious files and treat each link and file with equal distrust. If you’re not sure who the sender is, do not consider the file at all, be it on text message or on email.

Connecting to unauthorized or unknown Wi-Fi networks could also pose security issues. With the tag of free networks to lure you in, “man-in-the-middle” attacks could easily be launched.

Mobile phone security is as paramount as the security of your house or any other electronic device. There has got to be a set of security measures in place to work if anything goes south.

Hacked! SCPI Protocol Vulnerabilty; Measurement Instruments Could be Hacked!


A leading cyber-security firm recently alerted all the netizens about a vulnerability discovered in the measurement tools that support the Standard Commands for Programmable Instruments (SCPI) protocol, mentioned reports.

According to sources, SCPI is an ASCII-based standard especially crafted out for the purposes of testing and measurement machines that came into existence in 1990.

SCPI still happens to be used quite a lot given its easy and user-friendly interface and the inclusion of commands that could help alter any setting on the devices.

In recent times, most of the measurement devices are connected to networks and in some cases even to the internet. Hence, SCPI’s holding no authentication mechanism is a matter of risk and insecurity for all its users.

Per sources, when one of the major cyber-security research firms ran analytic research on SCPI they uncovered all the devices that use it and therefore are vulnerable to cyber-crime.

Per reports, the aforementioned measurement devices encompass of multimeters, signal analyzers, oscilloscopes, data acquisition systems, and waveform generators.

The researchers carried forward their analysis on different brands and different products of the same type and came across the fact that all the vendors’ products could be equally susceptible to cyber-attacks of similar nature if they used SCPI.

A multimeter was analyzed by the researcher wherein they found that its web and other interfaces were quite easily available and were very easy to get to as they were neither password-protected nor had any security functions by default.

Therefore, any cyber-attack that even a basic attacker plans could have a high possibility of success as the “configuration panel” could be very easily accessed and the password could be changed to anything in accordance with the attacker’s whims.

And as if all this wasn’t enough, the attacker could actually configure the measurement instruments to cause physical harm to people. The devices could be set to show illogical and unsystematic text any number of times, as well.

Per sources, the memory of the measurement instruments could be written for a definite number of times but incessant writing could lead to the devices’ physical distortion which couldn’t be reversed without changing the parts.

The power supply units of the devices could also be easy targets for attackers, according to sources, and could trigger DoS leading to physical corruption of the device.

Malware Attack! Oregon County's Network Smashed By a Ransomware?


Per local news and reports, allegedly, a cyber-attack shook the Tillamook County of Oregon, USA when it rendered the local government’s services ineffective.

Apparently owing it to the cyber-attack, the county officials are back to basics with all their daily tasks and are working about the crisis.

When the computers in the various departments of the county started misbehaving, that’s when the officials grasped the severity of the situation and immediately warned the IT department.

That is when the IT department comprehended that the systems had been infected with encrypting malware. To contain the infection, all the affected servers and devices were instantly isolated.

There is no sincere evidence to show if the malware was used for a ransomware attack but it sure is being conjectured on the affirmative. Per sources, no request for a ransom has been posted so far.

Allegedly, the Oregon city was recently struck by a cyber-attack of the same nature about a week ago.

The damage is of such a severe type that along with infecting all of the county’s computers and servers it has seriously harmed both the online and offline phone systems given the “VoIP” (Voice over Internet Protocol) that they employ.

Per sources, to rummage the details of the cyber-attack including the source, type, and magnitude of the attack, the county especially engaged a “digital forensic” team from a well-known cyber-security organization.

There is no doubting the fact that the Oregon county systems have been shut by the attack indefinitely and there is no knowing when they’d be back on operations.

With quite a substantial population to be hit by a cyber-attack of such severity, Oregon County has never before experienced a similar attack. Hence they can’t exactly mention their modus operandi to their plan of mitigation.

Sources mention that the county officials have decided to subcontract a few response operations to counter the attack and its repercussions.

The cyber-crisis management team happens to be the best at what they do and are efficiently working towards containing and mending the damages done by the malware.

Cyber Attack Alert! A Fake Factory Network Attacked With RAT, Ransomware, Malware and So On!



Researchers simulated a real-looking “Industrial prototyping” organization with fake employees, PLCs, and websites to study the types of cyber-attacks that commonly on such networks.

The elaborately fake organization’s website and the network worked on a highly advanced interactive “honeypot” network that worked extensively on attracting the attention of potential hackers.

The plan was to create such a legitimate-looking network that no one could even doubt it's being phony and to accumulate serious information related to cyber-threats and attacks to study and analyze them.

Behind researching these threats and attack mechanisms the motive was to dig out the threats that the “Industrial control system” (ICS) sector faces today.

Per sources, the sham company specifically let some ports of its network be susceptible to attack and Voila! It got hit with the most cliché of attacks that any IT network faces, including, Ransomware, Malware, Remote Access Trojans (RAT), Crypto-jacking, Online fraud and the “botnet-style” malware which hit the network’s robotic workstation.

A couple of the attackers went as far as shutting the factory via the HMI, locking the screen and opening the “log view of the robot’s optical eye”.
While one of the few attackers of the more mischievous inclinations worked on tactics like circumventing the robotics system to shut the HMI application and ultimately powering down the entire system, the others started the company network back and shut the bogus conveyor belt and then shut the network back again.

Per sources, the fake factory network was constructed of real ICS hardware and an amalgamation of physical hosts and virtual devices, mainly a Siemens S7-1200 PLC, an Omron CP1L PLC and two Allen-Bradley Micrologix 1100 PLCs.

The researchers as bait also used the common exposed passwords on the internet for the network’s administrative security, which happens to be a very basic mistake in the ICS sector.

The PLCs were used to imitate real processes like controlling the burner, the conveyor belt and palletizer for piling pallets using robotic arms. The plant network had three VMs including an engineering workstation for programming, a robotics workstation and HMI for controlling the factory.

Allegedly, per reports, later on, the fake network also opened up Remote Desktop Protocol, EtherNet/IP, and Virtual Network Connection ports to lure in more attackers.

Another attack that the researchers found out which deeply exhausted the server’s capacity, was for crypto-currency mining unlike what they thought it to be.

Per reports, the network was also attacked with ransomware called “Crysis”, which kept the network down for around four days while negotiating which led to HMI being locked down and loss of visibility into the plant operations.

If only the network were real, this ransomware would have wreaked major havoc owing it to 4 entire days of no production. This clearly reflects the kind of jeopardy the ICS sector could face.

One of the researchers pretending to be a worker at the fake company emailed the attackers to return their files and also mentioned that how they were working for a very important client and wanted to immediately run the production back.

The ransom stopped at $6,000 in email-exchange which didn’t need to be paid given that they already had backups and therefore were able to re-construct their systems. Following this little incident, another ransomware which goes by the name of “Phobos” tried to binge on the network.

And then came the attacker with quite a sense of humor. With a data destruction attack disguised as ransomware, the attacker renamed the network’s ABB Robotics folder. And when they didn’t agree to pay the ransom the attacker wrote a script that made browsers to porn sites appear whenever the network was started.

Hence, pretty evidently, in addition to never letting VNCs open without passcodes and reusing passwords across different systems, the researchers say, that this fake “Network” had everything that must NOT be done to keep the ICS sector safe and secure.

Website Puts 12 Billion User Records Up For Sale and Gets Seized By US Authorities


Are you fond of buying stolen'/leaked data? Because, one such domain, named ‘WeLeakInfo.com’ recently got seized by the US authorities.

WeLeakInfo, with its absolutely convenient name, had been selling stolen data from other hacked websites, online for the past three years.

The website provided an online service where hacked data was made available to people willing to pay for it.

Per sources, hackers were made available people’s “cleartext passwords” which aided them to purchase a subscription on the site in order to attain access to tons of user credentials.

Apparently, this illegal website was doing so well that it had gotten quite a popular fan-base for itself in the hacking “underworld”.

Reportedly, people were even providing them with consignments to execute recon on targeted individuals and organizations alike.

The modus operandi was in the way, that hackers would buy access to the site. They’d then search for names, emails and usernames of people they want to hack. The site would come up with results in the affirmative as to in which data breaches exactly were the required user’s data available.

The hackers would then have complete access to people’s passwords which they could easily run against that person’s other online profiles as well.

The cost of the website was incredibly low making it easily accessible to all sorts of hackers of all sorts of abilities and financial attributes.

Reportedly, for a lowly amount of $2/day hackers could fully wring the website for unlimited searches for any user’s data which was ever in a data breach.

During the silence before the storm period, WeLeakInfo was proudly flaunting on its website its expanded network of over 12 billion user records owing it to more than 10,000 data breaches, reports mentioned.

The storm hit and WeLeakInfo got taken down together by FBI, authorities from the Netherlands, Northern Ireland, the UK, and Germany.
Also, per sources, two arrests were made in the Netherlands and Northern Ireland each. Reportedly, the arrested suspects are allegedly staff members of the site.

After the US authorities took down “LeakedSource” in February 2017, “WeLeakInfo happens to be the second most major website to go down the same drain.

There still exist several websites that are providing people access to stolen data especially cleartext password, as you read this.

Per sources, similar websites, allegedly by the name of “Detached”, “Leak-Lookup” and “Sunbase” have been created on the model of a website “Have I Been Pwned” which is a website created by Australian researchers, per reports.

The model of the three websites and “Have I Been Pwned” may be the same but the latter never permits access to cleartext passwords.

Adult Webcam Models' Private and Sexual Data Compromised!


Undoubtedly, being an "Adult Webcam Model" means living a "revealing" life "out in the open". But to an extent where "Personal" and "Sexual" details are laid out on the table? Not what most would think.

PussyCash, an infamous “live webcam porn network” suffered a data breach and threw in the face of the internet all the tremendously “controversial” details of their adult webcam models’ lives.

Per sources, “PussyCash” hosts “affiliation programs” for numerous adult websites. Webmasters are paid for sending traffic to these sites via “banners”.

PussyCash owns and operates other similar websites via its parent organization “IML SLU” by the names of, “ImLive”, “Shemale”, “Forget Vanilla”, “Whiplr”, “Supermen”, “Phonemates”, “Fetish Galaxy”, “Sexier” and many more.

PussyCash, who really should’ve known better, had administered an “explicit webcam network” with over 870,000 files left unattended for ANYONE with an internet connection to access without the need for a PASSWORD.

The awfully gigantic plop of information about the adult webcam models that was leaked by PussyCash had in it the models’ full names, dates of birth, places of birth, addresses, nationalities, citizenship statuses, passport details, genders, photographs, signatures, parents’ full names, fingerprints, the entire credit card numbers their expiry dates, driving licenses, marriage certificates, birth certificates, body measurements, tattoo and piercing details and other such stuff.

But this was NOT ALL.

Other particularly uncanny and creepy details of the models’ personal and work lives got revealed, including, PHOTOGRAPHS, VIDEO CHATS and SCREENSHOTS of their work, apparently. And, their Sexual Fantasies, Favorite Sexual Positions, scans of their handwritten biographies, hobbies, favorite food, and the list goes on.

(Mortifying!)

This data leak has surely opened up new avenues for criminals by providing them fresh meat to ‘extort’, ‘stalk’, ‘blackmail’ and publicly humiliate these models in addition to the commonplace attempts at identity thefts and scams.

Once an adult webcam model, NOT ALWAYS an adult webcam model.
It is more than probable that out of the listed individuals some preferred to quit being “adult webcam models” and moved towards more conventional and professional jobs and careers. What would happen if their workplaces get privy to these exceedingly controversial details of their past lives?

Unfortunately, PussyCash isn’t the first one to err so. Loads and tons of websites leave their sensitive data out on the face of the internet for people to exploit.

Porn websites certainly can’t be condoned of lack of security just because, well, they are porn websites. Everyone on the web should equally worry about the privacy of their data, it doesn’t matter if the organization is professional or not.

Phishing Attack Alert! Los Angeles County Says No Harm Done!


A Phishing attack last month surfaced over the LA County which was immediately contained before any devices got compromised.

The attack was discovered by the staff, last month. The containment of the attack was done by the staff instantaneously before much damage was done.

The hackers were apparently after the county’s residential data.

Per sources, it all began when the Los Angeles County received a phishing email which extended malicious activities. The malicious campaign was aimed at stealing the receiver’s personal data.

The hackers’ plan was to get the recipient to click on the links/attachment in the email. Reportedly, the email had come from a “third-party account”. Allegedly, the distribution list of the third party got leaked and was sent to more than 25 county employees.

Per website sources, The LA County happens to be the most populated area in the US. It has over 35,000 personal computers, 12,000+ cell phones and 800+ government network locations.

According to reports the “Internal Services Department” happens to support the “Countrywide Integrated Radio System” which extends essential services during emergencies.

Most local governments have faced attacks along the same lines including Los Angeles County as well. Per sources, in the Minnesota case where the phishing attack targeted over 100 LA County employees, the personal data including targets’ names, social security numbers, dates of birth, card details and other personal data was compromised.

It is evident that the phishing attack could have taken a gigantic form if it hadn’t been for the prompt skills of the employees and staff of the LA County.

Given that such a humongous number of devices and networks could have been jeopardized this attack must necessarily be taken as a serious warning.

The already existing and well-established security controls of the county also had a lot to contribute to this successful aversion of the accident.

Reportedly, the county’s Chief Executive Officer had taken this incident as quite a forewarning and mentioned that they would work stalwartly towards improving the security provisions and strengthening them.

The overall incident is still under investigation by the county along with help from a few private participants.