Search This Blog

Showing posts with label cyber attack. Show all posts

Bengaluru's Police Accounts Hacked: Culprits changed Twitter ID’s



BENGALURU: In the last four days, five of Bengaluru’s Traffic Police Twitter accounts have been cracked where the hacker alleged access to the accounts, posting spams and changing their usernames.

While the police exhort about strengthening cyber security and the need to use strong unique passwords to safeguard online accounts, their own accounts are being hacked by simple password guessing techniques.

Jayanagar Traffic Police was the first account to be hacked at around 10 pm on Friday, followed by ACP South East Division and soon KR Puram, Shivajinagar and Airport traffic police twitter accounts too were hacked by Sunday.

This is not the first time when Bengaluru’s traffic police have been made a victim of cyber crime - Elliot Alderson, a French based hacker broke into the city’s traffic police website in march this year exposing directories. Even other government sites are not well protected, the Aeronautical Development Agency’s (ADA) TRACES account of the Income Tax Department was hacked with impunity with the culprit still unidentified.

Though, in this case, the culprits simply second-guessed common passwords. A man called up various traffic police stations, claiming to be from the IT Department and asked account details and passwords to reset them. It is suspected that one of the staff members fell for the con and shared the password.

The black hat tried the password on other accounts and voila, it worked!

After breaching their twitter handles, the miscreants posted spam messages from these accounts and changed their usernames resulting in Shivnagar Traffic police handle being renamed as ‘SHIVAJINAGAR CINEMA’ and KR Puram became ‘KR PURAM T BOLIWOOD’.

These consequences could have been avoided by quick thinking and strong passwords. Cyber security experts repeatedly identify the use of strong, unique passwords so that malicious cyber threats can’t find or guess your password. SplashData, a password security company estimates that approximately 10% of individuals used at least one of the 25 worst passwords on this year's list, and approximately 3% used the worst — 123456.

Additional commissioner of police (traffic) BR Ravikanthe Gowda said they have filed a complaint with city cyber crime police and told officials to immediately change passwords to secure their accounts (quoting TOI). They also reported the hacking to twitter awaiting a response.

An officer said they are unable to take back control of their accounts on grounds of lack of trained men for the job.

Bengaluru has only one cyber crime police station with a tally of 8,200 cases this year, though to open more of these has been repeatedly proposed to no effect.

Sberbank helped one of the largest US banks to prevent a cyber attack


In July, Sberbank helped one of the largest US banks to prevent a cyberattack and avoid damage of several million dollars. Deputy Chairman of the Board of Sberbank Stanislav Kuznetsov announced this at the Eastern Economic Forum.

"At the end of July, our cyber defence center recorded an attack on one of the largest American banks. We informed the Bank, informed the relevant departments of payment systems to prevent the withdrawal of funds. At least several million dollars were saved," he said.

At the same time, Kuznetsov refused to tell which Bank was exposed to attack.

Kuznetsov shared the details of the cyberattack scheme. According to him, the fraudsters managed to hack one of the acquiring terminals and conduct a large number of operations. In the United States, PIN verification of transactions up to $130 is not required. As a result, at one moment the resources of several banks were attacked through a large number of operations.

At the same time, he stressed that this is a clear example of the fact that credit institutions should detect such attacks in an automated mode and not allow any actions directed against customers of both Russian and foreign organizations.

In addition, Stanislav Kuznetsov said at the Forum that Sberbank recorded about 2 thousand attacks on its systems in the first half of the year and prevented possible damage from them in the amount of at least 25 billion rubles.

According to him, the Bank noted the growth of social engineering."This is a trend to collect data about a person and corporations, and the second trend - we see that scammers focus on those companies that are poorly protected, and this is small and medium-sized businesses," he noted.

At the end of his speech, Kuznetsov said that North Korea's attacks on Russian banks are a myth, the threat to Russian resources comes "from another direction".

It is worth noting that this is the Fifth Eastern Economic Forum, held in Vladivostok on September 4-6.

Expert warns cyber threats to worsen with tech advances


Technological advances like Artificial Intelligence, Internet of Things, Automatic Cards and others will throw up new challenges for cyber security and all countries must unite to foresee and combat them, a leading Israeli cyber security expert said on Monday.

"The Internet was not designed for security, hence it is inherently insecure since everything is hackable. It is more difficult to be a cyber security personnel than a hacker. The hacker has to succeed only once, where the the cyber security personnel has to succeed always to remain safe, within many rules and regulations," Menny Barzilay, the CEO, Cyber Research Centre of Tel Aviv University and CEO of Cytactic, said.

He pointed out how "smart people" from different countries are joining hands to commit cyber crimes and hence there is "a need for super-smart people" from around the world to join as cyber security experts.

"Cyber threats don't create a sense of urgency, unlike a bomb threat, and we cannot feel it in our senses. It is therefore more difficult to convince people that the 'cyber' threat is real," said Barzilay, addressing a panel discussion on cyber security at Nehru Science Centre (NSC) via videoconference.

The discussion was also attended by Israeli Consul-General in Mumbai, Yaakov Finkelstein, security experts from the Mumbai Police and students.

Recalling an incident of cyber attack on Sony Corporation after the release of its film, "The Interview", Barzilay said that corporates are not prepared to face cyber crimes and the government must support them during such cyber hits.

"Billions of devices, part of Internet of Things implies they are prone to hacking, a smart device means being vulnerable, it will also affect our privacy. Big companies have lot of data about users and can manipulate them for private gains, something which allegedly happened in the US elections," he said.

Attackers demand $2.5 million for Texas Ransomeware




The cybercriminals who attacked multiple Texas local governments with file-encrypting malware via compromising service provider's network.

The attackers demanded a ransom of $2.5 million for decrypting the entire local government files, the mayor of a municipality says.

The Department of Information Resources (DIR) has announced that a total of 22 victims has been established, while all of them were attacked by a single party.

However, the names of all the victim municipalities have not been disclosed, whereas two municipalities have announced the hit publicly.

In a statement released by the city of Borger, "Based on the current state of the forensic investigation, it appears that no customer credit card or other personal information on the City of Borger’s systems have been compromised in this attack. No further information about the origins of the attack will be released until the completion of the investigation,"

Keene is another city affected by this ransomware attack. Both of the administration right now can not process card payments or utility disconnections.

The city will inform its citizen as soon as they restart business and financial services, press release. 

An iMessage Vulnerability Patched by Apple Allowed Potential Attackers to Read Contents of Files





An iMessage vulnerability was discovered by Google Project Zero security researcher was as of late fixed by Apple as a component of the 12.4 iOS update which enabled potential attackers to peruse contents of many files put away on iOS devices remotely with no user interaction.

The security flaw tracked as CVE-2019-8646 was reported in Apple during May. Natalie Silvanovich, the researcher who found the vulnerability created the proof of concept works just on devices running iOS 12 or later and said that it is structured as "a simple example to demonstrate the reach-ability of the class in Springboard. The actual consequences of the bug are likely more serious."
Describing the issue in detail on Project Zero's bug tracker she says:

 “First, it could potentially allow undesired access to local files if the code deserializing the buffer ever shares it (this is more likely to cause problems in components that use serialized objects to communicate locally than in iMessage). Second, it allows an NSData object to be created with a length that is different than the length of its byte array. This violates a very basic property that should always be true of NSData objects. This can allow out of bounds reads, and could also potentially lead to out-of-bounds writes, as it is now possible to create NSData objects with very large sizes that would not be possible if the buffer was backed.”

Later adding the Google security researcher says that ‘the iMessage issue is caused by the _NSDataFileBackedFuture class which can be deserialized even if secure encoding is enabled. This class is a file-backed NSData object that loads a local file into memory when the [NSData bytes] selector is called.’

Apart from this Silvanovich discovered two other iMessage vulnerabilities in collaboration with Google Project Zero's Samuel Groß, flaws that additionally got fixed in the iOS 12.4 update.
The first is memory vulnerability in Core Data tracked as CVE-2019-8660 fixed with improved length checking and the second, a Core Data use after free issue tracked as CVE-2019-8647 that may enable a remote attacker to cause arbitrary code execution on iPhone 5s or iPad's.

In general, five iMessage bugs were found by Silvanovich, with the last two being an input validation issue which could block devices with a contorted message, that was fixed in iOS 12.3 and released on May 13 and an 'out-of-bounds read' read prompting a memory leak which was fixed in watch iOS 5.3 issued on July 22.

Cyber security Team Identified Ransomware Utilized to Compromise City Power



Residents of Johannesburg using pre-paid electricity meters were not able to load the electricity purchased from City Power and were also unable to purchase further electricity due to a ransomware attack which compromised City Power's database.

Earlier, City Power said while the variant of ransomware utilized to carry out the attack remains unknown, they have the encrypted network, applications, and database being restored and rebuilt by their ICT department.

Easing off the customers, Isaac Mangena, the utility's spokesperson, said, "We want to assure residents of Johannesburg that City Power systems were able to proactively intercept this and managed to deal with it quicker."

"Customers should also not panic, as none of their details were compromised," Mangena assured.

On Friday, City Power announced that their cybersecurity team identified the variant of malware which temporarily paralyzed the city's computer systems.

Reportedly, the email systems took the hardest hit by the ransomware and were taking a while to recover and be functional again.

While giving updates, Mangena said “The virus samples have been taken to the external labs for analysis and testing,”

“Our IT technicians have also recovered and, in [a] few instances, reconstructed most of the systems,, applications, and data that was threatened, using backup files.”

Victims of the cyber power attack along with the customers, have been raging since the incident happened and encrypted the computer databases, applications and network.

City Power turned to external cyber security experts who worked in association with their team to tackle the issue.


Equifax Paying Settlement around $700 Million after Massive Data Breach


Almost two years ago, Equifax suffered a massive data breach which exposed a significant amount of sensitive data of over 143 million Americans, the compromised information included that of driving licenses, social security numbers, and addresses of the victims. 

It has been uncovered by The Wall Street Journal and The New York Times that the consumer credit reporting agency is closing in on a settlement with FTC, state attorneys general, Consumer Financial Protection Bureau along with state and federal agencies. Equifax could settle up with $650 to $700 million, out of which it has put aside $690 million for the purpose of penalty. 

As per the media findings, the amount is expected to differ on the basis of the number of people filing claims and the details of the same will be released on Monday.

Notably, the settlement entails terms to devise a separate fund for the purpose of settlement, however, the amount victim's could expect in compensation is still a matter of question.

Commenting on the matter, Equifax CEO, Richard Smith, said, “At this critical juncture, I believe it is in the best interests of the company to have new leadership to move the company forward,” as he decided to retire in the wake of the cyberattack. 



UK Police's Forensic firm targeted in cyber attack









An investigation has been launched after a ransomware attack targeted the UK’s largest private forensics provider, which is widely used by forces across the country. 

The firm Eurofins scientists detected a breach of its systems on June 2. After following the report, police have suspended all its work with the company. The company carries out DNA analysis, toxicology, ballistics and computer forensics work.

The National Police Chiefs’ Council, Chief Constable James Vaughan, said in a statement: “We have put our national contingency plans in place, which will see urgent submissions and priority work diverted to alternative suppliers to be dealt with as quickly as possible.’’

“It is too early to fully quantify the impact, but we are working at pace with partners to understand and mitigate the risks. We will share more information as soon as we can.”

The company has been told to return the casework that had not been started. They deal with more than 70,000 cases ever year, including murders and terrorism.  


Beware of new phishing scam that’s attacking Google Calendar

No matter which corner of the internet you visit, you'll find scammers trying to take advantage of you. You may already know to be skeptical of emails, Facebook posts, and dating profiles that seem too good to be true. And some times they even try to take control of our data - primarily the financial data - using the alleged calls from customer care executives. Quite frankly, no one is immune to receiving such unsolicited messages or emails. But thanks to their popularity, everyone knows the drill to safeguard themselves. Just don't click on suspicious emails or links and don't reveal your financial information to anyone and you are good to go. You know this. I know this and even scammers know this. And so now, reports are that there's a new type of security threat that targets your Google Calendar.

Scammers are using Google Calendar and other calendar apps to target innocent users in a new type of phishing scam, according to a global security firm.

Findings from the threat intelligence firm Kaspersky show there's been a recent wave of scam artists using hyperlink-embedded events to gain access to people's sensitive information. They start by spamming Google Calendar users with seemingly benign calendar invites. Anyone can accept the invitations, but the real targets are users with the default setting that automatically adds every event they're invited to to their Google Calendar. Once it's been added, Google sends notifications related to the event, making it seem more trustworthy.

The scam is thought to have happened throughout May this year.

The fake invitations contained a malicious website link that encouraged users to input their personal details, often in the form of a simple questionnaire that promised the chance to win money or other prizes if completed.

Kaspersky researchers say that users can safeguard themselves by turning off the automatic adding of invites to your Google Calendar app.

Sim swapping attacks hit US cryptocurrency users

Something strange happened last week, with tens of US-based cryptocurrency users seeing SIM swapping attacks.

Numerous members of the cryptocurrency community have been hit by SIM swapping attacks over the past week, in what appears to be a coordinated wave of attacks.

SIM swapping, also known as SIM jacking, is a type of ATO (account take over) attack during which a malicious threat actor uses various techniques (usually social engineering) to transfers a victim's phone number to their own SIM card.

The purpose of this attack is so that hackers can reset passwords or receive 2FA verification codes and access protected accounts.

These types of attacks have been going on for half a decade now, but they've exploded in 2017 and 2018 when attackers started focusing on attacking members of the cryptocurrency community, so they could gain access to online accounts used for managing large sums of Bitcoin, Ethereum, and other cryptocurrencies.

But while these attacks were very popular last year, this year, the number of SIM swapping attacks appeared to have gone down, especially after law enforcement started cracking down and arresting some of the hackers involved in these schemes.

Something happened last week

But despite a period of calm in the first half of the year, a rash of SIM swapping attacks have been reported in the second half of May, and especially over the past week.

Several users tweeted their horrific experiences.

Some of them have publicly admitted to losing funds, such as Sean Coonce, who penned a blog post about how he lost over $100,000 worth of cryptocurrency due to a SIM swapping attack.

Some victims avoided getting hacked

Some other victims candidly admitted to losing funds, while others said the SIM swapping attacks were unsuccessful because they switched to using hardware security tokens to protect accounts, instead of the classic SMS-based 2FA system.

The Russian Embassy responded to accusations from London in cyber attacks


The Press Secretary of the Russian Embassy in the UK said that the cyber attacks, which were stated by the British Minister, are not a real problem, but only a reason for the forcing of anti-Russian sentiment.

Recall that on Thursday, British Foreign Minister Jeremy Hunt once again accused Russia of carrying out cyber attacks in order to "undermine the critical infrastructure" and "change the results of the elections" in many countries.

The diplomatic mission stressed that the Russian side "repeatedly at various levels offered British partners cooperation on the issue of cyber threats". However, there has been no reaction from London.

The diplomats expressed the opinion that the new anti-Russian statement of the British Minister indicates that the Russian cyber attacks are not a problem for the British authorities, but an occasion to " forcing anti-Russian sentiments on an international scale."

The Russian Embassy stressed that such statements cause regret and serious concern. In addition, they added that, perhaps, London in this way hides preparations for a cyber attack on Russia.

However, no one in Europe believes Hunt. The President of the Czech Republic Milos Zeman commented on the allegations of Russian influence on the elections.

"Fake news is that Russians, Chinese or someone else influence the elections. Such false news is aimed at creating panic, they are spread by those who are afraid of losing. They are looking for an excuse to lose the election in advance," the Czech leader said.

It is worth noting that Russia has repeatedly denied all the allegations of attempts to influence democratic processes in different countries. Western countries have repeatedly attacked Moscow on this issue.

Earlier, for example, the State Secretary Mike Pompeo said that Russia interfered in the US elections in 2012, in 2008 and in 2004. However, he did not provide any evidence of his words.

Russian Senator Alexei Pushkov drew attention to the fact that from Pompeo's statements it can be concluded that "Russia has been interfering in the US elections since he went to school." At the same time, he noted with irony that maybe Moscow chose Pompeo.

Hacker stole $1.75 million from church





The hackers have successfully stolen $1.75 million from the church Saint Ambrose Catholic Parish  using a successful BEC(Business Email Compromise) in which hackers trick email users to send the money in wrong banks. The attack was discovered on April 17 after contractor  of Vision 2020 project inquired church for not receiving monthly installment .

BEC which is also known as Email Account Compromise (EAC)  are very common among hackers where not much technical skills are required, it just rely on tricking people into wiring money to trusted bank while bank accounts are usually controlled by the hackers.

The Parish’s website posted, “With 16,000 members made up of 5,00 families, Saint Ambrose is the second largest church in the Diocese of Cleveland and the largest church in Brunswick, Ohio."

Pastor Father Bob Stec sent a letter to the Parish saying “On Wednesday, Marous Brothers called inquiring as to why we had not paid our monthly payment on the project for the past two months totaling approximately $1,750,000. This was shocking news to us, as we have been very prompt on our payments every month and have received all the appropriate confirmations from the bank that the wire transfers of money to Marous were executed/confirmed.”

After  an FBI investigation of the cyber attack  incident, it was found that the hackers hacked the  the parish's email system through phishing attack and were able to trick the staff   convincing them that the contractor had changed their bank account and making them transfer money to the fraudulent bank  account.

According to the investigation only email system of the Parish was hacked while the database that is "stored in a secure cloud-based system. This allows for many layers of security/protection of our parish database information."

According to the reports of  cleveland.com, Father Stec's letter also states “We are now working closely with the Diocese, legal counsel, the insurance program, and the FBI to investigate the situation further and file the appropriate insurance claims. At the same time, we brought in information technology consultants to review the security and stability of our system, change all passwords, and verify the integrity of our databases and other pertinent information. They have determined the breach was limited to only two email accounts. “.

The parish has  submitted an insurance claim to pay to the contractor in timely manner for the project 2020.

Hacker from Novovoronezh was convicted of a cyber attack on the library

A resident of Novovoronezh received a year of imprisonment for a cyber attack on the Kurgan Regional Universal Scientific Library. The crime was solved by employees of the FSB of the Voronezh region.

According to the Press Service of the Voronezh Prosecutor's Office, in February 2018, 24-year-old Mikhail Nazarov installed malicious software on his PC with which allowed him to destroy, block, modify or copy the information and to bypass its protection. The guy found the Internet resource of the Government of the Kurgan region, namely the Library and committed a series of cyber attacks. Why the young man chose this resource is not specified.

However, hacker came to the attention of the FSB, whose officers seized cyber attacks and detained the attacker. Law enforcement authorities opened a criminal case under the article “Creating, using and distributing malicious computer programs”. The maximum penalty under this article is 4 years of imprisonment.

The Court found the young man guilty and sentenced him to one year in prison conditionally. Nazarov received a shorter sentence since he admitted his guilt.

We will remind that earlier the Court of the Voronezh region has sentenced a 30-year-old local resident to one and a half years of imprisonment and 10 thousand roubles a fine for hacker attacks on State sites of Siberia and the Far East. Moreover, the hacker managed to hack the websites of commercial organizations. The man used the hacked services for personal mercenary purposes, including mining.

Russian Speaking Hacker Compromises and Gains the Full Control of the Government Network Systems



Another rush of cyber-attacks from a Russian speaking hacker has been recently discovered by researchers and distinguished as one who utilizes the weaponized TeamViewer, the most mainstream and popular device used for remote desktop control, desktop sharing, online gatherings, web conferencing as well as record exchange between computers, to compromise and deal with the Government network systems.

This malignant campaign ceaselessly utilizes TeamViewer by adding TeamViewer DLL in order to deliver powerful malware that steals sensitive data and money from the various governments with addition to the financial systems.

In view of the whole infection chain, the tools created and utilized in this attack, the underground activity influences the analysts to believe that the attack was led by a financially inspired Russian speaking hacker.

The underlying phase of this infection chain begins by delivering a spam email under the subject of "Military Financing Program" with the attached malevolent XLSM document with installed macros.

A well-crafted malevolent document acted like the U.S Department of State which is marked as "top secret” persuading the victims to open it. When the victims open that 'decoy document' and empower the macro, there are two files extricated from the hex encoded cells in the XLSM document.



The first one is a legitimate AutoHotkeyU32.exe program, the second one on the other hand is an AutoHotkeyU32.ahk which is also an AHK script to communicate with C&C server to download the additional script and execute it.

By means of using this strategy, attackers concealing the TeamViewer interface from the users view, sparing the current TeamViewer session credentials to a text file and allows the exchange and execution of extra EXE o DLL documents 

In light of the Telemetry record, this attack is said to be focusing on nations including Nepal, Guyana, Kenya, Italy, Liberia, Bermuda, Lebano public financial sector in addition to the government officials.

Russian Hackers attacked European Embassies






According to a report in Check Point Research, Russian hackers attacked several European embassies by sending them malicious email attachments disguised as official documents.

The European embassies in Italy, Guyana, Nepal, Liberia, Bermuda, Lebanon and Kenya were targeted by the hackers . The malicious email attachment looked like document from United States State department and contained Microsoft Excel sheets that contained macros, once those macros were opened, the hackers took complete control of the infected system through TeamViewer, which is a popular remote access service.

According to the Press release “It is hard to tell if there are geopolitical motives behind this campaign by looking solely at the list of countries it was targeting,” it further added “since it was not after a specific region and the victims came from different places in the world”

According to the Checkpoint government officials from revenue were the intended target “They all appear to be handpicked government officials from several revenue authorities,” the press release says.

CheckPoint suggested that the attackers are from Russia but denied the possibility of state — sponsored attack. One of the hacker was traced back and it was found that it has a registration on carding forum as a username “Evapiks," the hacker has instructed how to carry out cyberattacks on forums . Because of the attackers involvement in the carding community, checkPoint suggested the attack  could have been “Money motivated”

Banking Malware Being Distributed By Hackers Via Password Protected Zip Files!





Cyber-cons have a new way of wreaking havoc. Hackers have found another unique way to bypass security. Reportedly the infamous BOM technique’s to blame.

The “Byte Order Mark” technique goes about altering the host’s files on the windows system.

The major superpower of the BOM is helping the threat actor group to be under the line of display or detection.

The researchers from a very widely known anti-virus firm noticed a new campaign that majorly worked on spear phishing.

The spear phishing process would help to deliver the infected files to the victim’s system.

The moment the user attempts to open the ZIP file using their default browser, it all crashes and an error sign pops up, saying.

According to the researchers, the legit ZIP files start with “PK” and are of (0x 504B). The BOM have extra three bytes (0x EFBBBF) found within UTF-8 text files.

In some systems the ZIP archive format goes undetected but in some systems it’s recognized as a UTF-8 text file and the malicious payload isn’t extracted.

The same files on the other hand could be opened via third-party functions to name a few 7-Zip & WinRAR.

Once the extraction of the file is done, the malware is executed thence beginning the infection process.

Systems using third party utilities are more susceptible to such malware attacks than the rest.

The malicious executable is just a tool to help load the main payload inserted within the main source section.

The malware originates from a DDL along with a BICDAT function encrypted with the XOR based algorithm.
The library then downloads a second stage of payload, the password protected ZIP file.
The dcyber crownloaded payload material is encrypted using similar functions as the inserted payload.
After having extracted the necessary files the last and final payload is launched, which goes by the name of “Banking RAT malware.”
This RAT scours information like access card codes, dates of birth, account passwords, electronic signature, e-banking passwords and etc from the system.

Krasnoyarsk hacker tried to hack the State procurement site

The Krasnoyarsk court imprisoned a resident of Krasnoyarsk who tried to hack the State procurement site of the Vladimir region but was caught by the FSB.

According to the Prosecutor, in February 2016 hacker installed on his computer a special program for illegally copying files from other electronic devices. Further, he tried to hack the State procurement site of the administration of the Vladimir region and get logins and passwords to some data. However, the attempt to hack the State resource was identified and stopped by the FSB officers.

It should be noted that the defendant was an information security officer at a large Russian bank.

The court found the man guilty and sentenced him to 2 years of imprisonment with a fine of 50 thousand rubles.

The hacker disagreed with the decision of the court and tried to appeal the verdict, but the regional court rejected his arguments and left the decision of the court of the first instance unchanged.


Venezuelan blackout due to cyber-attack, says president


Over the last two months, Venezuela has been going through a political and economic crisis with two claimants to the President’s chair and the US imposing sanctions to pressure the incumbent regime. Matters reached a head last week when opposition leader Juan Guaidó, who has declared himself acting President and has the support of the West, returned home after a self-imposed exile to cheering crowds in Caracas. He is trying to force out left-wing dictator Nicolas Maduro, President since 2013, who has declared himself the winner of a controversial election.

Guaidó, 35, was born in the beach town of Vargas, which was severely hit by flash floods in 1999. The family moved to Caracas, where Guaidó studied engineering. It was in 2006 that Guaidó emerged in politics, as one of the principal leaders campaigning for freedom of the press amid a crackdown by then President Hogo Chávez. Guaidó formed his party, Voluntad Popular, which is today leading the fight against Maduro. This year, Guaidó’s party declared him President of the National Assembly, the country’s Parliament.

Ever since the global crude oil downturn, Venezuela has slipped into an economic crisis. Its crime rate has doubled and inflation multiplied. The West-imposed sanctions have now led to a prolonged electricity blackout.

Seventeen people have died in Venezuela's massive power outage, "murdered" by the government of President Nicolas Maduro, opposition leader Juan Guaido alleged Sunday.

The blackout heightened tensions between the opposition and government loyalists, who accuse each other of being responsible for the collapse of the power grid.

Venezuelan president says complete blackout caused by 'an international cyber-attack' with support from within.
Venezuela's President Nicolas Maduro says the country's complete electrical failure has been caused by "an international cyber-attack" but that his administration has "defeated their coup".

Guaido, Venezuela's self-declared interim president, said Sunday that 16 states continued to be completely without power, while six had partial power. He said the private sector had lost at least $400 million from power outages.

Electricity was cut to 70% of the South American nation late last week, and officials warned that hospitals were at risk.’

"Venezuela has truly collapsed already," Guaido told CNN Sunday in an interview in a sweltering hotel room in the Venezuelan capital -- another byproduct of the blackouts.

Enterprise VPN Provider Citrix, Hacked; 6TB of Sensitive Data Stolen



Enterprise VPN provider, Citrix, was subjected to a hack which is doubted to have stolen private data pertaining to the company’s technology.

On Friday, Citrix told that FBI informed them about "international cyber criminals" working their way into the organization’s networks.

They were further told that most probably the criminals resorted to the technique of “password spraying” to break into the company’s networks. They did do by appropriately guessing the password to an account which belongs to the company.

The hackers involved are reported to be a part of an Iranian Hacking group which has attacked over 200 companies, along with multiple government agencies, technology firms and gas, and oil companies.

Referenced from a blog post by Resecurity, the cybersecurity firm contacted Citrix in an attempt to warn them about the hack which was on the way.

And, while refraining from telling the origins of the source from where the firm learned of the hack, it said that it "has shared the acquired intelligence with law enforcement and partners for mitigation."

While FBI denied commenting on the matter, Resecurity drew a connection between the hackers and a nation state, "due to strong targeting on government, military-industrial complex, energy companies, financial institutions and large enterprises involved in critical areas of economy."

Citrix expressed a probability of business documents being acquired and downloaded by the attackers and told in a notice, "The specific documents that may have been accessed, however, are currently unknown."

"Citrix has taken action to contain this incident. We commenced a forensic investigation; engaged a leading cybersecurity firm to assist; took actions to secure our internal network; and continue to cooperate with the FBI," the company further included in the notice.


Anonymous Threat Group Compromised 1 Million Web Pages of Popular Brands like Coca-Cola and McDonalds’s



Around 1 million Israeli based webpages owned by renowned brands like McDonalds’s and Coca-Cola have been compromised by an anonymous group of hackers who notably breached the websites of leading brands which were introduced for Israel natives with address ‘co.il’  – Cocacola.co.il and McDonalds.co.il and etcetera.  

The hacker group employed third-party accessibility plug-in known as ‘nagich.co.il’ which loaded infected JavaScript code that compromised the website and assisted the threat actors in exploiting and corrupting a million of web pages.

There’s a critical vulnerability which existed in the disabled page accessibility plug-in, Nagich, it permitted access to more than 1 million Israel based webpages and primarily assisted the attackers in corrupting the webpages.

Besides websites of renowned brands – Coca-Cola, McDonald’s and Toys"R"Us, other popular websites namely Ynet and Calcalist also fall prey to this breach. Reportedly, the attackers corrupted these websites and displayed political messages.

The Nagich website is not a usual site, it’s a website which contains an accessibility plugin - a Javascript which runs on a website which opts for this service and provides it a multitude of options. 

On giving necessary permissions, the severe vulnerability can run code on the website which means it can make any changes in our site and do whatever it wants. Hackers exploited it to replace the malicious code with an embedded link with the motives of corrupting webpages.

Due to the delay in taking remedial measures to patch the vulnerability, Nagich officials, in a way led hackers to compromise hundreds of webpages.