Search This Blog

Showing posts with label Security. Show all posts

Malware Attack! Oregon County's Network Smashed By a Ransomware?


Per local news and reports, allegedly, a cyber-attack shook the Tillamook County of Oregon, USA when it rendered the local government’s services ineffective.

Apparently owing it to the cyber-attack, the county officials are back to basics with all their daily tasks and are working about the crisis.

When the computers in the various departments of the county started misbehaving, that’s when the officials grasped the severity of the situation and immediately warned the IT department.

That is when the IT department comprehended that the systems had been infected with encrypting malware. To contain the infection, all the affected servers and devices were instantly isolated.

There is no sincere evidence to show if the malware was used for a ransomware attack but it sure is being conjectured on the affirmative. Per sources, no request for a ransom has been posted so far.

Allegedly, the Oregon city was recently struck by a cyber-attack of the same nature about a week ago.

The damage is of such a severe type that along with infecting all of the county’s computers and servers it has seriously harmed both the online and offline phone systems given the “VoIP” (Voice over Internet Protocol) that they employ.

Per sources, to rummage the details of the cyber-attack including the source, type, and magnitude of the attack, the county especially engaged a “digital forensic” team from a well-known cyber-security organization.

There is no doubting the fact that the Oregon county systems have been shut by the attack indefinitely and there is no knowing when they’d be back on operations.

With quite a substantial population to be hit by a cyber-attack of such severity, Oregon County has never before experienced a similar attack. Hence they can’t exactly mention their modus operandi to their plan of mitigation.

Sources mention that the county officials have decided to subcontract a few response operations to counter the attack and its repercussions.

The cyber-crisis management team happens to be the best at what they do and are efficiently working towards containing and mending the damages done by the malware.

Cyber Attack Alert! A Fake Factory Network Attacked With RAT, Ransomware, Malware and So On!



Researchers simulated a real-looking “Industrial prototyping” organization with fake employees, PLCs, and websites to study the types of cyber-attacks that commonly on such networks.

The elaborately fake organization’s website and the network worked on a highly advanced interactive “honeypot” network that worked extensively on attracting the attention of potential hackers.

The plan was to create such a legitimate-looking network that no one could even doubt it's being phony and to accumulate serious information related to cyber-threats and attacks to study and analyze them.

Behind researching these threats and attack mechanisms the motive was to dig out the threats that the “Industrial control system” (ICS) sector faces today.

Per sources, the sham company specifically let some ports of its network be susceptible to attack and Voila! It got hit with the most cliché of attacks that any IT network faces, including, Ransomware, Malware, Remote Access Trojans (RAT), Crypto-jacking, Online fraud and the “botnet-style” malware which hit the network’s robotic workstation.

A couple of the attackers went as far as shutting the factory via the HMI, locking the screen and opening the “log view of the robot’s optical eye”.
While one of the few attackers of the more mischievous inclinations worked on tactics like circumventing the robotics system to shut the HMI application and ultimately powering down the entire system, the others started the company network back and shut the bogus conveyor belt and then shut the network back again.

Per sources, the fake factory network was constructed of real ICS hardware and an amalgamation of physical hosts and virtual devices, mainly a Siemens S7-1200 PLC, an Omron CP1L PLC and two Allen-Bradley Micrologix 1100 PLCs.

The researchers as bait also used the common exposed passwords on the internet for the network’s administrative security, which happens to be a very basic mistake in the ICS sector.

The PLCs were used to imitate real processes like controlling the burner, the conveyor belt and palletizer for piling pallets using robotic arms. The plant network had three VMs including an engineering workstation for programming, a robotics workstation and HMI for controlling the factory.

Allegedly, per reports, later on, the fake network also opened up Remote Desktop Protocol, EtherNet/IP, and Virtual Network Connection ports to lure in more attackers.

Another attack that the researchers found out which deeply exhausted the server’s capacity, was for crypto-currency mining unlike what they thought it to be.

Per reports, the network was also attacked with ransomware called “Crysis”, which kept the network down for around four days while negotiating which led to HMI being locked down and loss of visibility into the plant operations.

If only the network were real, this ransomware would have wreaked major havoc owing it to 4 entire days of no production. This clearly reflects the kind of jeopardy the ICS sector could face.

One of the researchers pretending to be a worker at the fake company emailed the attackers to return their files and also mentioned that how they were working for a very important client and wanted to immediately run the production back.

The ransom stopped at $6,000 in email-exchange which didn’t need to be paid given that they already had backups and therefore were able to re-construct their systems. Following this little incident, another ransomware which goes by the name of “Phobos” tried to binge on the network.

And then came the attacker with quite a sense of humor. With a data destruction attack disguised as ransomware, the attacker renamed the network’s ABB Robotics folder. And when they didn’t agree to pay the ransom the attacker wrote a script that made browsers to porn sites appear whenever the network was started.

Hence, pretty evidently, in addition to never letting VNCs open without passcodes and reusing passwords across different systems, the researchers say, that this fake “Network” had everything that must NOT be done to keep the ICS sector safe and secure.

Website Puts 12 Billion User Records Up For Sale and Gets Seized By US Authorities


Are you fond of buying stolen'/leaked data? Because, one such domain, named ‘WeLeakInfo.com’ recently got seized by the US authorities.

WeLeakInfo, with its absolutely convenient name, had been selling stolen data from other hacked websites, online for the past three years.

The website provided an online service where hacked data was made available to people willing to pay for it.

Per sources, hackers were made available people’s “cleartext passwords” which aided them to purchase a subscription on the site in order to attain access to tons of user credentials.

Apparently, this illegal website was doing so well that it had gotten quite a popular fan-base for itself in the hacking “underworld”.

Reportedly, people were even providing them with consignments to execute recon on targeted individuals and organizations alike.

The modus operandi was in the way, that hackers would buy access to the site. They’d then search for names, emails and usernames of people they want to hack. The site would come up with results in the affirmative as to in which data breaches exactly were the required user’s data available.

The hackers would then have complete access to people’s passwords which they could easily run against that person’s other online profiles as well.

The cost of the website was incredibly low making it easily accessible to all sorts of hackers of all sorts of abilities and financial attributes.

Reportedly, for a lowly amount of $2/day hackers could fully wring the website for unlimited searches for any user’s data which was ever in a data breach.

During the silence before the storm period, WeLeakInfo was proudly flaunting on its website its expanded network of over 12 billion user records owing it to more than 10,000 data breaches, reports mentioned.

The storm hit and WeLeakInfo got taken down together by FBI, authorities from the Netherlands, Northern Ireland, the UK, and Germany.
Also, per sources, two arrests were made in the Netherlands and Northern Ireland each. Reportedly, the arrested suspects are allegedly staff members of the site.

After the US authorities took down “LeakedSource” in February 2017, “WeLeakInfo happens to be the second most major website to go down the same drain.

There still exist several websites that are providing people access to stolen data especially cleartext password, as you read this.

Per sources, similar websites, allegedly by the name of “Detached”, “Leak-Lookup” and “Sunbase” have been created on the model of a website “Have I Been Pwned” which is a website created by Australian researchers, per reports.

The model of the three websites and “Have I Been Pwned” may be the same but the latter never permits access to cleartext passwords.

Adult Webcam Models' Private and Sexual Data Compromised!


Undoubtedly, being an "Adult Webcam Model" means living a "revealing" life "out in the open". But to an extent where "Personal" and "Sexual" details are laid out on the table? Not what most would think.

PussyCash, an infamous “live webcam porn network” suffered a data breach and threw in the face of the internet all the tremendously “controversial” details of their adult webcam models’ lives.

Per sources, “PussyCash” hosts “affiliation programs” for numerous adult websites. Webmasters are paid for sending traffic to these sites via “banners”.

PussyCash owns and operates other similar websites via its parent organization “IML SLU” by the names of, “ImLive”, “Shemale”, “Forget Vanilla”, “Whiplr”, “Supermen”, “Phonemates”, “Fetish Galaxy”, “Sexier” and many more.

PussyCash, who really should’ve known better, had administered an “explicit webcam network” with over 870,000 files left unattended for ANYONE with an internet connection to access without the need for a PASSWORD.

The awfully gigantic plop of information about the adult webcam models that was leaked by PussyCash had in it the models’ full names, dates of birth, places of birth, addresses, nationalities, citizenship statuses, passport details, genders, photographs, signatures, parents’ full names, fingerprints, the entire credit card numbers their expiry dates, driving licenses, marriage certificates, birth certificates, body measurements, tattoo and piercing details and other such stuff.

But this was NOT ALL.

Other particularly uncanny and creepy details of the models’ personal and work lives got revealed, including, PHOTOGRAPHS, VIDEO CHATS and SCREENSHOTS of their work, apparently. And, their Sexual Fantasies, Favorite Sexual Positions, scans of their handwritten biographies, hobbies, favorite food, and the list goes on.

(Mortifying!)

This data leak has surely opened up new avenues for criminals by providing them fresh meat to ‘extort’, ‘stalk’, ‘blackmail’ and publicly humiliate these models in addition to the commonplace attempts at identity thefts and scams.

Once an adult webcam model, NOT ALWAYS an adult webcam model.
It is more than probable that out of the listed individuals some preferred to quit being “adult webcam models” and moved towards more conventional and professional jobs and careers. What would happen if their workplaces get privy to these exceedingly controversial details of their past lives?

Unfortunately, PussyCash isn’t the first one to err so. Loads and tons of websites leave their sensitive data out on the face of the internet for people to exploit.

Porn websites certainly can’t be condoned of lack of security just because, well, they are porn websites. Everyone on the web should equally worry about the privacy of their data, it doesn’t matter if the organization is professional or not.

Phishing Attack Alert! Los Angeles County Says No Harm Done!


A Phishing attack last month surfaced over the LA County which was immediately contained before any devices got compromised.

The attack was discovered by the staff, last month. The containment of the attack was done by the staff instantaneously before much damage was done.

The hackers were apparently after the county’s residential data.

Per sources, it all began when the Los Angeles County received a phishing email which extended malicious activities. The malicious campaign was aimed at stealing the receiver’s personal data.

The hackers’ plan was to get the recipient to click on the links/attachment in the email. Reportedly, the email had come from a “third-party account”. Allegedly, the distribution list of the third party got leaked and was sent to more than 25 county employees.

Per website sources, The LA County happens to be the most populated area in the US. It has over 35,000 personal computers, 12,000+ cell phones and 800+ government network locations.

According to reports the “Internal Services Department” happens to support the “Countrywide Integrated Radio System” which extends essential services during emergencies.

Most local governments have faced attacks along the same lines including Los Angeles County as well. Per sources, in the Minnesota case where the phishing attack targeted over 100 LA County employees, the personal data including targets’ names, social security numbers, dates of birth, card details and other personal data was compromised.

It is evident that the phishing attack could have taken a gigantic form if it hadn’t been for the prompt skills of the employees and staff of the LA County.

Given that such a humongous number of devices and networks could have been jeopardized this attack must necessarily be taken as a serious warning.

The already existing and well-established security controls of the county also had a lot to contribute to this successful aversion of the accident.

Reportedly, the county’s Chief Executive Officer had taken this incident as quite a forewarning and mentioned that they would work stalwartly towards improving the security provisions and strengthening them.

The overall incident is still under investigation by the county along with help from a few private participants.

Privacy Alert! Xiaomi's Security Cameras Not All That Secure?


If you think that if you have a security camera at your home then you are safe, you are absolutely wrong to sleep on your chair so freely!

Xiaomi instantly hit headlines when one of its security cameras displayed stills of a man sleeping on a chair.

Xiaomi, the global giant known for its great products at a low price per reports, had launched a “Home Security Camera” earlier. With increase in the use of security cameras the aspect of privacy and security are still a major concern.

The Home Security Camera by Xiaomi which offers a 1080p recording, infrared night vision, AI motion detectors ad lots more apparently was too high-tech when it displayed pictures from other cameras from “Google Nest Hub”.


Reportedly, the issue surfaced when a user reported that his Xiaomi Security Camera displayed still images from someone else’s camera on the Google Nest Hub of “a man sleeping in his chair”.

Allegedly, the user mentioned that the firmware the “Nest hub” and the “Xiaomi Security Camera” were freshly bought and working on the version 3.5.1_00.66.

Google, as a result of this case disabled Xiaomi integrations on its devices. Users could link the Xiaomi Home Security Camera to their Google accounts and access the Nest devices via the Mi Home application.

Xiaomi immediately, stunned with Google’s response apparently, issued a statement mentioning that they had fixed the issue and that in fact the issue happened owing it to a “cache update”.

The update which was supposed to make the security cameras better in terms of improved streaming quality ended up displaying images “under poor network conditions”.

Per sources, the company cited that over 1000 users had the above mentioned “integrations” and only a “few” with tremendously poor network were majorly affected.

Eventually, the service got suspended by Xiaomi as it mentioned to Google, allegedly.

It goes without saying that the conditions in which this incident took place are extremely rare and the entire satiation is under investigation by the security team of Xiaomi and that the issue wouldn't occur at all if the cameras are linked to the Mi Home app.

Xiaomi also profoundly cited that for them, users’ privacy and security has always been paramount. The issue about the reception of still images while connecting to Mi Home Security Camera on Google Home hub is deeply regretted for. They also apologized for it profusely.



Same Phishing Risks Faced By Start-Ups and Big Corporations



Reports of a near-perfect phishing attempt have surfaced after a large number of remote employees with health and work environment benefits through human resources giant TriNet received such emails.

The emails were shared with TechCrunch, an American online publisher, in order to 'verify their authenticity' and when two independent security researchers were approached to offer their evaluations, both were of the view that it was a phishing email indeed contrived to steal usernames and passwords.

Furthermore, even a $3.7 billion corporation like TriNet, let alone the other big giants are not doing what's needed to counteract such phishing attack on the grounds that had they proactively utilized basic email security techniques, it would have been significantly simpler to identify that the email was not in actuality a phish, but an authentic company email.

Anyway, the issue isn't even a new one for TriNet or for that matter any other big company.

For instance just the previous year, security firm Agari discovered that only 14% of all Fortune 500 companies were utilizing DMARC, a domain security feature that prevents 'email spoofing' and effectively implements it and the new data provided by Agari to TechCrunch shows that figure has risen to just a single percentage point in the last year, bringing it to a small 15%.

Nonetheless, it’s safe to assume that both phishing and impersonation are 'fundamentally' human issues with the intent to attempt to fool clueless victims into turning over their usernames, email addresses and passwords to hackers who at that point login and steal data or money. On that account, it is recommended for the users to always be vigilant when they are at the receiving end of such emails.

FaceApp has access to more than 150 Million user's faces and names








Everyone is busy posting pictures of themselves how they will look in the future, while security researchers are really worried about the data that users are giving them. 

The Cybersecurity experts at Checkpoint have said that the Russian owned app doesn't have access to your camera roll, but it 'might store' the image that you modified. 

Till now, more than 100 million people have downloaded the app from the Google Play store. While it is a top-ranked app on the iOS App Store. 

According to the terms and condition of the FaceApp, ‘You grant FaceApp a perpetual, irrevocable, nonexclusive, royalty-free, worldwide, fully-paid, transferable sub-licensable license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, publicly perform and display your User Content and any name, username or likeness provided in connection with your User Content in all media formats and channels now known or later developed, without compensation to you. When you post or otherwise share User Content on or through our Services, you understand that your User Content and any associated information (such as your [username], location or profile photo) will be visible to the public.’

However, the firm addressed the privacy concerns saying that they are storing the uploaded photo in the cloud to increase their performance and deal with the traffic.

In the statement released they clarified that even though their 'core R&D team is located in Russia, none of the user data is transferred to Russia'. 



Bit Torrent’s peer-to-peer app and its uTorrent counterpart susceptible to a depraved Hijacking Errancy.

Google researcher Tavis Ormandy recently detailed a host of DNS rebinding exploits in Windows versions of Bit Torrent’s peer-to-peer app and its lightweight uTorrent counterpart.

The rebinding exploits lets attackers resolve web domains to the user's computer, essentially giving them illegal access to the user’s personal data.This illegal approach could help them to execute remote code, download malware to Windows' start up folder, grab downloaded files and access the download history of the user.

The flaws address on all unpatched versions, including uTorrent Web. Bit Torrent engineering VP Dave Rees says that the flaws in the conventional client have been fixed in beta versions released last week. Adding further that those that are on the stable releases are set to release in the coming week.

Ormandy was initially more concerned that Bit Torrent hadn't appropriately settled uTorrent Web's issues and also partly stressed by the recurring in lack of communication after reporting the fix in December, but Rees later added that the patch is now in place that should address that exploit, the full statement of his is below:

"On December 4, 2017, we were made aware of several vulnerabilities in the uTorrent and Bit Torrent Windows desktop clients. We began work immediately to address the issue. Our fix is complete and is available in the most recent beta release (build 3.5.3.44352 released on 16 Feb 2018). This week, we will begin to deliver it to our installed base of users. All users will be updated with the fix automatically over the following days. The nature of the exploit is such that an attacker could craft a URL that would cause actions to trigger in the client without the user's consent (e.g. adding a torrent).”

"Bit Torrent was also made aware yesterday that its new beta product, uTorrent Web, is vulnerable to a similar bug. This is a different product and wasn't covered by the original vulnerabilities. The team behind uTorrent Web released a patch for that issue yesterday and we highly encourage all uTorrent Web customers to update to the latest available build 0.12.0.502 available on our website https://web.utorrent.com and also via the in-application update notification.”

"As always, we encourage all customers to always stay up to date."


It's not certain till now whether anyone has made use of the exploits in the wild or not. Having said that, it’s smarter to stay wary as it would only take a visit to the wrong website to trigger an attack, and the consequences following it could be particularly severe.