Search This Blog

MyOffice, the Russian alternative to Office 365 gains momentum in Africa

The MyOffice platform, the Russian equivalent of Microsoft Office 365, is conquering Africa. The Russian software developer has signed deals for the licensing of the MyOffice package with the governments of Cameroon, Burundi, and the Congo. In the future, the Russian company plans to enter the markets of 23 more African countries.

An important advantage of the information product for customers was the absence of the need to store data on foreign servers.

"We can be sure that government secrets will be protected from hackers or any third parties," said Minister of Education of Cameroon Laurent Etundi.

Dmitry Komissarov, founder and CEO of MyOffice, said that sales in Africa can make up 15% of the company's total revenue. "We were very surprised by the growth of the project in Africa,” added he.

"MyOffice is a small company. It is expected that this year its total income will be $26 million. However, the company is supported by Kaspersky Lab, which had sales of almost $700 million last year. The administration of President Vladimir Putin also helped promote the company in Africa.

Years of declining oil revenues have pushed Putin to find other ways to expand trade, including with Africa. Some MyOffice agreements are a consequence of a summit held last year in Sochi to promote trade with Africa. A representative of the Russian Ministry of Telecom and Mass Communications was present at the signing of the agreement between the company and Congo.

Millions of people in Africa are only now beginning to access the Internet. According to the GSMA, more than 300 million devices will be connected to the Internet in sub-Saharan Africa by 2026.

Hacker Who Stole Information From Nintendo Now Sentenced

 


A computer hacker who stole data from Nintendo and was recently caught with the possession of child pornography on his computer was condemned to three years in prison.

A resident of Palmdale, California, the accused goes by the name of Ryan S. Hernandez.

He had previously pleaded in January to 'one count of computer fraud and abuse and one count of possession of child pornography'.

The federal judge ordered Hernandez to be on seven years of supervised release following his term in the prison and register as a sex offender.

However, this isn't the first time when he was found engaging in illegal work. At the point when he was a minor, Hernandez was caught stealing 'confidential Nintendo files' in 2016. 

The FBI at that point had examined the matter and reached out to Hernandez and his parents following which he consented to quit hacking the company, as indicated by court records. 

Nonetheless, according to the prosecutors, Hernandez hacked Nintendo services and stole 'confidential info' about some rather well-known video games, gaming consoles, and developer tools from June 2018 to June 2019.

The FBI at that point had looked through his home and computers in 2019 and discovered several confidential Nintendo files also videos and images of minors engaged in a sexual act. 

The judge recommended Hernandez be imprisoned at a federal prison for detainees with cognitive challenges and hence ordered him to pay $259,323 in compensation to Nintendo.

Updated Malware: Vietnamese Hacking Group Targeting MacOS Users

 

Researchers have discovered a new MacOS backdoor that steals credentials and confidential information. As cyber threats continue to rise, the newly discovered malware is believed to be operated by Vietnamese hacking group OceanLotus, colloquially known as APT 32. Other common names include APT-C-00, SeaLotus, and Cobalt Kitty. 
 
The nation-state backed hacking group has been operating across Asia and is known to target governments, media organizations, research institutes, human rights organizations, corporate sector, and political entities across the Philippines, Laos, Vietnam, and Cambodia. Other campaigns by the hacking group also focused on maritime construction companies. Notably, OceanLotus APT also made headlines for distributing malware through Apps on Google Play along with malicious websites. 
 
The attackers found the MacOS backdoor in a malicious Word document that supposedly came via an email. However, there is no information regarding the targets that the campaign is focusing on. In order to set the attack into motion, the victims are encouraged to run a Zip file appearing to be a Word document (disguised as a Word icon). Upon running the Zip file, the app bundled in it carrying the malware gets installed; there are two files in it, one is the shell script and another one is the Word file. The MacOS backdoor is designed by attackers to provide them with a window into the affected system, allowing them to steal sensitive data.

"Like older versions of the OceanLotus backdoor, the new version contains two main functions: one for collecting operating system information and submitting this to its malicious C&C servers and receiving additional C&C communication information, and another for the backdoor capabilities," TrendMicro explained in a blogpost. 

In an analysis, Researchers told, “When a user looks for the fake doc folder via the macOS Finder app or the terminal command line, the folder’s name shows ‘ALL tim nha Chi Ngoc Canada.doc’ (‘tìm nhà Chị Ngọc’ roughly translates to ‘find Mrs. Ngoc’s house’).”

“However, checking the original .zip file that contains the folder shows three unexpected bytes between ‘.’ and ‘doc’.”


Lithuania to allot seven million euros to combat hackers

Lithuania has applied to host the European Cyber Security Competence Center, which is designed to develop technologies and develop protective measures. The Raimundas Karoblis, the Minister of National Defense of the Baltic Republic, openly links the request for its creation with the "Russian threat".The vulnerability of NATO's "eastern flank" continues to worry European countries, which believe that after the protests in Belarus, the issue of Russia's influence is more acute.

Lithuania will compete for hosting the institution with Belgium, Germany, Luxembourg, Poland, Romania and Spain.

Ministry of Defense of the Baltic Republic draws attention to the activity of China and Russia, which are often associated with the hacker threat.

The Minister of Defense claims that "Russian cyber attacks happen quite often," although at the same time he makes a reservation: it is very difficult to formally establish the "authorship" of hacker attacks.

According to him, this is accompanied by information campaigns. It is likely that the work of the European Cybersecurity Competence Center will also be aimed at countering those information messages that will be considered propaganda in Vilnius. By the way, Lithuania offers to place the institution itself in the Vilnius TV tower.

It is worth noting that in January, the Prime Minister of the Republic Saulius Skvernialis called Lithuania "a leader in the field of information security". According to him, this area is a priority for the Baltic Republic.

In addition, Lithuania ranked fourth in the Global Cybersecurity Index (GCI) with a score of 0.908 points. The rating was led by the United Kingdom, which scored 0.931 points. The second and third places are occupied by the United States (0.926) and France (0.918). The top five is completed by Estonia, whose security level was estimated at 0.905 points.

Lithuanian authorities often claim cyber attacks and "Russian interference” without providing any evidence of the "guilt" of the Russian side. Moscow denied all such accusations and stressed that they were "absolutely unfounded".

However, Lithuania is currently concerned about military activity near its borders, which, according to its estimates, has increased against the background of the Belarusian events.

A Russian-speaking hacker put up for sale the accounts of the heads of the world's largest companies

 A Russian-speaking hacker under the pseudonym Byte leaked passwords from the personal profiles of managers of many large companies in the world

Data for accessing the personal accounts of Microsoft's online services and the email addresses of several hundred senior executives are put up for sale on a Russian-language hacker forum.  This was done by a Russian-speaking hacker under the pseudonym Byte. The seller claims that he has hundreds of passwords of different top managers from all over the world. He is ready to confirm the authenticity of the data to the buyer.

Offer to sell credentials appeared on a private forum Exploit.in for Russian-speaking cybercriminals. The description states that you can purchase email addresses and passwords to access the accounts of Office 365 and other Microsoft services of presidents, their deputies, CEOs, and other high-ranking executives of companies from around the world.

Byte asks for each address from $100 to $1500, the price directly depends on the size of the company and the position held by the account owner.

An information security specialist entered into negotiations with the seller to confirm how relevant the database offered for sale is. For verification, he received the credentials of two accounts: the CEO of an American software development company and the CFO of a chain of retail stores in one of the EU countries. As a result of verification, he got access to the data of these people. 

The attacker did not disclose the source of the data but claims that it can provide access to hundreds of accounts.

Analysts at KELA reported that the person selling these credentials previously tried to purchase information collected from computers infected with the Azorult malware. It usually contains usernames and passwords that the program extracts from victims' browsers.

This incident once again highlights the need for better data protection. Two-factor authentication or 2FA is often recommended.

Microsoft discovers Vietnamese Govt sponsored threat actor deploying cryptocurrancy malware

Microsoft on Monday claimed that Vietnamese government-backed hackers have been behind the cryptocurrency-mining malware campaign.

These state-run cyberspies have started additional activities of gaining financial aid along with running government-backed projects. Similar groups have been already reported from Russia, China, and Korea making it difficult to determine whether the campaign is for intelligence gathering or capital gain.  
Discovered by Microsoft Security Intelligence, Bismuth based in Vietnam also known as APT32 and OceanLotus has been active since 2012 doing backhand work for the government like hacking and data/info gathering for political, economic, and foreign policy matters. But, recently Microsoft observed a transformation in their activities earlier in the year.

 "In campaigns from July to August 2020, the group deployed Monero coin miners in attacks that targeted both the private sector and government institutions in France and Vietnam," Microsoft said in their blog.

Microsoft suspects two theories behind this change: 

One of the reason could be to avoid suspicion and throw light over random crimes like crypto-mining malware and hide their cyber-espionage pursuits. This tactic will help them disguise and decrease security responses. 

Another and the more likely reason Microsoft believes is - it is what it looks like. These groups as they have total immunity from the government are expanding into gaining revenue from the systems they already went through during their spying operations. 

 Crypto-miners usually are suspected to be cybercriminals and not government-sponsored threat actors and are also not taken into account by security in normal routine checkups. But, these APT from the Chinese, Russian, Iranian, and North Korean state have started upside businesses of gaining capital via tactics like crypto-mining. 

 The reason being, since these groups are state-sponsored, they have total immunity. In-home state, they help the government and these countries doesn't have extradition treaties with the US, they can do anything with little or no consequence.

Experts Discover New macOS Backdoor, Link Attack Campaign to Vietnamese Hackers

 

Cybersecurity experts at Trend Micro found a macOS backdoor, which the experts believe is used by Vietnamese criminal actors named "oceanlotus." Famous as APT32 or "APT-C-00," the backdoor is highly resourced and resolute. Experts say that Ocenlotus targets government agencies and corporate organizations located explicitly in Southeast Asia. At the beginning of 2020, the criminal group launched Covid-19 espionage attack campaigns targeting China. 

After analyzing different C&C domains used by the sample, Trend Micro suggests that organizations not download any suspicious link or open any unknown attachment, keep systems updated, and ensure employee cybersecurity to stay safe. Compared to Oceanlotus' earlier malware variants, the current sample presents correlations in coding and dynamic behavior. The similarity in behavior hints at the sample's link to the criminal group. A file incorporated in the attack campaign shows a Vietnamese name. According to this information, experts believe that the new malware targeted Vietnamese users. 

The new sample pretends to work as a word document, but it is an app packed into a Zip archive in reality. The app uses special characters to avoid detection. According to TrendMicro, the operating system views the app bundle as an unsupported directory. It means that it uses the "open" command is used to administer the file. The cybersecurity experts found two files in the app bundle. A word file that is shown during the execution process and shell script which does malicious tasks routinely. 

According to security week, "the shell script is responsible for deleting the file quarantine attribute for the files in the bundle and for removing the file quarantine attribute of files in the system, copying the Word document to a temp directory and opening it, extracting the second-stage binary and changing its access permissions, then deleting the malware app bundle and the Word document from the system. The second stage payload is responsible for dropping a third-stage payload, creating persistence, changing the timestamp of the sample using the touch command, and deleting itself. Featuring encrypted strings, the third-stage payload contains two main functions: collecting and sending operating system information to the command and control (C&C) servers, receiving additional communication information, and performing backdoor activities."

Interview with founder of the copyright timestamped entity Digital Witnessor

 The world is changing, technology is changing. We conducted an interview with one of the founders of a new startup Digital Witnessor and lawyer Mister Dhruv Bagri. He shared with us his knowledge about copyright, how to securely register it, quickly and easily, using Blockchain, and from a legal point of view.

If you have created your own software, your clothes design, a choreographic dance, wrote a poem and do not know how to register copyrights to your creation, how to protect your rights, then this article is for you.


  • Please introduce yourself to our readers.

My name is Dhruv Bagri, I am a  Lawyer at RDB Associates. We frequently work on matters relating to Intellectual Property protection, including a lot of copyright infringement work. I’m also one of the founders of the platform Digital Witnessor.


  • How would you describe Digital Witnessor?

We have developed a platform called Digital Witnessor that creates timestamps using blockchain on your works. This allows you to protect your intellectual property rights in just a few seconds. The timestamp is considered official proof of ownership, and this saves you a considerable amount of time and legal fees in case of infringements and helps in more than one way. As the Company is based out of Estonia and the Service provided has been structured, studied, and developed by industry veterans from Cyber Security Privacy Foundation PTE Ltd, a Singapore based cyber security company, it boasts of maintaining high levels of privacy in accordance with GDPR guidelines and also provides high levels of security protection to any and all content passing through the Platform.


  • Why copyright is so important?

A copyright is a right in rem, which means that the right exists on the person who created the work right from the time such work was created. The platform is created at a time when there is a lot of uncertainty in the law with regard to copyright. Music and Art and their associated businesses are booming in the last decade. All these come under copyrightable work.  So, the copyright timestamped entity that is Digital Witnessor helps protect individuals and companies against copyright theft.


  • Are companies secure from their own programmers/employees and third parties?

Typically, the company would be the copyright holder, even though an employee might create it on behalf of the company. That is usually the structure that is in place and is an industry-standard. However, there are times when the company would not be holding the copyright. And that basically implies that the company needs to go ahead and register the copyright with country-specific entities/registrars that are available within their respective jurisdictions, which would create a legally binding registration that could be affected in a court of law. However, without that, litigation becomes a big hassle when copyright has not been registered. It becomes harder to prove that the work is originally theirs. So, Digital Witnessor takes away this problem for the company. We will generate a timestamp for the company data that needs copyright using blockchain technology. In fact, it's just a hash that is created and that could stamp your creation. The main file would also not be required to be uploaded. A file would be stamped without giving us access to its contents in case of any sensitive and confidential information which creates a bit of a hesitation in the holder of the works as to providing such content to us. 


  • How can a timestamp be useful in court? It’s legal?

From a legal point of view, a proceeding that includes a hash-signed block is an electronic document that can serve as written evidence in court.

It would also be helpful in case you are applying for copyright after a particular period of time, for example, you need to apply for copyright because the company is selling its entity and the buying entity would require such IP rights to exist. Similarly, a company receiving investments, the investor would always be more favorable to companies holding IP rights as this would deem to be an intangible asset in the company books. So, a timestamp would help the registration authorities to access this document in itself and in determining the exact time on which such the work was created. That makes things simpler. Secondly, a timestamp would be binding in a court of law. Blockchain has been implemented in quite a few countries across the world. So, it would definitely be helpful in most of the countries around the world.

Timestamp plays the role of a virtual notary and is much more credible than the traditional one. Because nobody can alter the information on the blockchain, not even the Company and I think that is the beauty of this Product. 


  • What kind of blockchain - private/public are you using? Why?

We are using a public blockchain. Firstly, in a public blockchain, anyone can take part by verifying and adding data to the blockchain. Secondly, A public network is more secure due to decentralization and active participation. Thirdly, a private blockchain is more prone to hacks, risks, and data breaches/ manipulation. In a private blockchain, anyone who is overseeing the network can alter or modify any transactions according to their needs.


  • How does it work? For example, I am a designer and I want to copyright a shoe model. What should I do and how will it happen?

As I mentioned earlier, it can be uploaded on the platform. It is not necessary that the design in itself be uploaded onto the platform.

Post which the platform would timestamp that particular uploaded file, in this case, that file will contain a shoe design. Once that is timestamped and the credentials of the author are stamped, it enters the blockchain. 


It should be noted that the content of the original works is never available to be viewed on the blockchain or exposed publicly. It is not visible to us as and it's not visible to any third party either.


So, what we provide is a time stamping facility which allows you to do three things:

    •    Legally establish yourself as the copyright owner of the work.

    •    Legally establish the date of creation.

    •    Take legal action against anyone who infringes on your copyrighted work.

Ease in assignment and transfer of said Copyrighted works to 3rd Party entities and individuals 


  • We know that Digital Witnessor works together with legal company RDB Associates? What is the role of this company?

RDB Associates is a full-service multi-specialty law firm based out of Bangalore in India and with multiple offices across India. I am one of the founding partners of the firm, which started in 2017. We believe that in our country as well many people are not going to go and get their copyrights registered, or we see that people do that for their other available Intellectual property rights such as trademarks, industrial designs, Patents, etc.

But with copyright, no one really gives that extra push to get their works registered. So, we noticed that there were many infringement matters wherein copyrights were in question and it was very hard for even the opposing counsel and for us to prove that such and such copyright existed at a particular time or not.

We did find a way to prove that the creations are in fact created on those particular timelines. It made the process a little more streamlined and a little more simple especially since it's not easy for everyone to approach the registrar for the Copyright and requires properly drafted applications. With the introduction of the platform Digital Witnessor, one can do it in a few seconds and get the process of registration started with ease.


We have a separate intellectual property team that works on registration and cases of infringement. We are integrated into the whole aspect through the onboarding of our clients onto this Platform or giving legal opinions on whether copyright exists or not, sending out legal notices in case of any infringements, and so on and so forth.


What is the distinctive feature of your company from others on the market?

Presently there aren’t many timestamping companies. We don't technically provide the same service as other competitors in the market dealing with similar platforms. However, one of the features that is distinctive is that we provide for easy assignment of copyrights from the copyright owner to third parties. So, that is a great feature that is available on our platform.

However, our other main USP is that our platform is going to be used across the world. Most of the companies that exist are very jurisdictional specific, so they only apply to certain areas thereby limiting their rights to such certain jurisdictions alone. 


  • What are the benefits that a company would get by using the platform Digital Witnessor?

Some benefits that the company would get is primarily establishing their definite right in rem and streamlining the process of registering with applicable registrars/entities in their jurisdictions by making it much easier for registration of their work.

It will ease the process in a way that quicker decisions would be made regarding the infringement of copyrights. And individuals do not have to wait longer and go through a long, arduous litigation process to get justice. So we believe that in case of IP rights, it is important to establish definite rights and to not leave it open-ended whereby one invites liability. Streamlining the process is very important and that's the main benefit that the platform would be providing.


  • How do you see the company in 5 years?

We do have certain things lined up and planned for the next couple of years, for starters, the integration of the technology for agreements. Enforceability of contracts and agreement terms would be made much easier. So once this facility is provided, I think many companies would be or would in fact like using this platform just to streamline the internal processes as well.

But currently, I think we need to concentrate on copyright protection, and we shall take it one step at a time.


  • We've covered quite a bit in this conversation. Before we wrap up, is there anything else you'd like to share about?

I think we covered most of the aspects of the platform and its benefits.  Just looking forward to see how this develops, grows, and integrates itself into the market in the coming few months

Group-IB presents patented-technologies to protect against cyber threats

The international company Group-IB presented its own patented technologies designed to identify hackers, search for threats on the Internet and investigate cybercrime

Using artificial intelligence technology, the patented system of Group-IB has helped Interpol identify members of the Nigerian hacking group TMT, which has attacked hundreds of thousands of private and state-owned companies in recent years.

In addition, Group-IB was involved in the Carding Action 2020 operation of Europol and the UK police, which aims to combat the illegal market for the sale of stolen bank cards. Using its own technologies, Group-IB analyzed and transmitted to the police data on 90 thousand compromised cards of clients of financial organizations in Europe. As a result, it was possible to prevent damage that could have been caused to European banks in the amount of 40 million euros.

"Law enforcement agencies effectively use our technology in cybercrime investigations to find criminals. There is a result, so our technologies work, "said Ilya Sachkov, founder and CEO of Group-IB.

Group-IB presented its solutions at the CyberCrimeCon 2020 cybersecurity conference. The Threat Intelligence&Attribution system, which has no analogs, saves all possible data about hackers, including those that were tried to delete, and sets detailed information about them, up to the identity of the criminals.

The second system, Threat Hunting Framework, is able to protect the entire company: from traditional IT networks to remote workplaces of employees. The AI system finds unknown threats and targeted attacks both inside and outside the protected perimeter, giving the security service the tools to properly respond to an incident.

All Group-IB technologies are integrated into a single system that automatically blocks attacks and immediately goes to specific criminals.

Researchers Demonstrate Flaws In Tesla X Model By Hacking And Stealing It

 

For the third time, the Belgian research team's experts demonstrated by hacking Tesla's key fob, how anyone could easily access the car and steal it in no time. The new demonstration attack on Tesla reveals the existing vulnerabilities that Tesla still faces. It also shows security vulnerabilities in Tesla's "Keyless Entry System," one of the industry's most expensive electric vehicles. Experts at COIC (Computer Security and Industrial Cryptography) found significant security vulnerabilities in Tesla X's key fob technology. It is a small tech that allows a person to unlock a car automatically by pressing a button or just passing by. 

Ph.D. student Lennert Wouters, a member of the research team, previously demonstrated two hacks on the Tesla Model S, which also had keyless technology. The attack allowed Lennert to unlock the car and start it. Tesla is famous for selling the best 'state-of-the-art' electronic vehicles available in the market. The EVs (electronic vehicles) price range starts from $40,000 (for basic models) and goes above the $100,000 line for top model Tesla X. 

Tesla's Model X uses key fob technology with BLE (Bluetooth Low Energy) that interfaces with a smartphone application to gain keyless access into the car. It is where the flaws exist, said the researchers in a press release posted online about the attack. Besides this, BLE is becoming mainstream in key fobs to allow smartphones to interact with people. It was not the first when a Tesla model showed security flaws. In 2016, Chinese experts showed, by hacking Tesla models and breaking into the cars and controlling them. 

According to Lennert Wouters, "using a modified Electronic Control Unit (ECU), obtained from a salvage Tesla Model X, we were able to wirelessly (up to 5m distance) force key fobs to advertise themselves as connectable BLE devices. By reverse-engineering the Tesla Model X key fob, we discovered that the BLE interface allows for remote updates of the BLE chip's software. As this update mechanism was not properly secured, we could wirelessly compromise a key fob and take full control over it. Subsequently, we could obtain valid unlock messages to unlock the car later on".

Are Media Agencies the Next Target of Cybercriminals?

 

There is no denying the fact that cybercriminals have been exploiting the trust of people in media agencies. However, the ongoing situations have seen an incredible surge in cybercriminals needing to utilize each possible way to target media agencies.

Aside from direct attacks, they have even misused brand names to create counterfeit identities, which are then used to target 'potential victims'.

A couple of incidents throw light upon how and why these threat actors have set their sights on the media industry.

Some of them have been directly targeted generally through ransomware attacks.

Ritzau, the biggest independent news agency in Denmark, was targeted by a ransomware attack, prompting the compromise and encryption of more than one-fourth of its 100 network servers.

The computer servers at the Press Trust of India were also attacked by LockBit ransomware, which kept the agency from delivering news to its subscribers.

A few attackers very cleverly utilize the 'pretense' of media agencies to plan out their attacks.

Some time back, TA416 Able was found carrying out spear-phishing attacks by imitating journalists from the Union of Catholic Asia News, endeavoring to target the scope of victims, including diplomats for Africa and people in the Vatican.

Another incident happened when the U.S. seized 27 domain names that were utilized by Iran's Islamic Revolutionary Guard Corps (IRGC) for carrying out secretive influence campaigns, in which a few domains were suspected to be veritable media outlets.

OceanLotus had set up and operated a few websites, professing to be news, activist, or anti-corruption sites consistently. Furthermore, they traded off a few Vietnamese-language news websites and utilized them to load an OceanLotus web profiling framework.

Subsequently keeping these events in mind, experts recommend having sufficient safety measures, like frequent data backups, anti-malware solutions, and implementing Domain-based Message Authentication, Reporting & Conformance (DMARC).

Furthermore, recommendations were made on carrying out tests to distinguish and eliminate the risks of domain spoofing.


Fake Among Us apps floating over the internet can deploy malware and adware in your device

There is an imposter among us, quite literally - the popular gaming app has attracted many flukes and malware carrying apps made to look like the legit gaming application or mod. These malicious apps can range from harmlessly annoying to quite dangerous.

Players looking for Among Us should be cautious as to use only trustworthy sources to install the app from and look into mods and their legitimacy before using them.

These "fake" apps range from mock among us intending to swindle off from the game's success to mods, which attracts young players in the lure of hacks but actually drops malware in the system or steal data from the device.
A report from TechRadar says that currently there are 60 fake imposter apps of Among Us including apps that can i) install adware or bloatware or ii) apps that deploy malware and iii) steal financial data. 

Why Among Us? 

Among Us, a multiplayer PC and mobile game suddenly became popular in 2020. Though it was released in 2018, did not gain much attention until gaming streamers started broadcasting the game. Developed by InnerSloth, a small studio in Redmond, Washington, Among Us has stayed top five on Apple’s U.S. App Store since Sept. 1, with more than 158 million installs worldwide across the App Store and Google Play. 

Word to mouth marketing and pandemic imposed lockdown made the game quickly catch up with young players which these miscreants exploited. A young player looking for hacks and mods would be easy to dupe and install a fake app that installs adwares or one that's more damaging. 

Precautions to avoid Among Us imposter apps:

It's smart to avoid any website that claims to offer hacks, resources, packs, and mods as people without much background in gaming and the cyber world won't be able to detect malicious content. 

 
Always install the app from a trusted source and after reading comments as they would tell you if anything is wrong with the app. 

As to find out the legitimacy of mods it's best to use the community. In themselves mods are harmless but as told before some of these fake ones could add codes into your device. Use legitimate mod websites and if going for a private website then do read comments as someone would probably write any suspicious behavior on the discourse. Also, mods developed by semi-public figures or among us content creators will usually be safe.

Russia was included in the list of countries with the most active hackers

The company Group-IB, which specializes in the disclosure of IT crimes, listed the countries from which cyber attacks are most often committed. This list includes China, Iran, North Korea, and Russia

Hacker attacks are most often carried out from China, Iran, North Korea and Russia, according to the report Hi Tech Crime Trends 2020 of the company Group-IB. The Asia-Pacific region was the most attacked in the second half of 2019 and the first half of 2020.

Groups of hackers associated with the security services are mainly concentrated in China, where they counted 23, in Iran — 8 groups, in North Korea and Russia — 4 groups, in India-3 groups, in Pakistan and the Gaza Strip-2 groups. Another one is in Vietnam, Turkey and South Korea. At the same time, their main area of interest is the Asia - Pacific region, as well as Europe.

According to a report, Russia and the United States were less likely to be attacked. So, 15 campaigns were conducted in the United States and 9 in Russia. They were attacked by groups from China, North Korea and Iran. Russia also recorded one attack by Kazakhstan's security services and the United States - from the Gaza Strip and Pakistan.

Experts note that the attacking teams are actively replenished with tools for attacks on physically isolated networks. So, this year, incidents occurred at nuclear facilities in Iran and India.

Another high-profile attack was a sabotage attempt in Israel, where water supply systems were targeted, where hackers tried to change the level of chlorine content. 

Google Security Researcher Banned From COD: Modern Warfare For Reverse Engineering


A security researcher from Google has been banned from Call of Duty: Modern warfare for attempting to reverse engineer its networking code while studying the security to hunt memory corruption vulnerabilities. 
 
Almost a week later, after getting his account suspended by Call of Duty's developer, Activision Blizzard, Google Project Zero's Williamson, who carried out the research in his personal capacity, published a blog post telling that the research he conducted required him to reverse engineer the networking code in COD'e executable ( For reviewing the code for memory corruption vulnerabilities). However, as the executable was heavily obfuscated, IDA failed to examine it, forcing him to as he said in the blog, "dump the unobfuscated code from the memory of a running game process." 
 
It was at that point when the developers of the game suspected him as a cheater and consequently, his activities were flagged for being suspicious in nature. To ensure he doesn't affect any players in the process, Williamson tried to read memory while he was in the main menu; he attached WinDbg debugging tool – in consequence to which the game exited, the incident was attributed to the flagging event as per Williamson who also attempted to pause the process prior to dumping memory from it. He dumped an image of the game from memory in the main menu and exited normally, as explained in his blog post. 
 
The researcher who was saddened by the ban for multiple reasons, told, "after spending a few days reviewing the binary, I decided that the binary was so large and unwieldy to deal with that I would table the project for a later date. But unfortunately, I was banned about a month later, losing over a year of progress on my account." 
 
"The ban saddens me on a personal level as I’ve reconnected with family and friends from throughout my life playing this game during the pandemic. But more importantly, this sends a clear signal: this research is not welcome. I believe I had a reasonable expectation that it would be. I had done similar work during a CTF, where I reverse engineered and fuzzed CS:GO without ever risking a ban," he further added. 
 
Williamson, while scaling the magnitude of 'cheating' as a threat to online gaming, said that, "I understand that the developers shoulder an impressive burden in preventing cheat development and use. They need to leverage a variety of signals to detect cheat development and use. I’m guessing that because they may not have seen security researchers reviewing their platform before, they interpret any attempt to reverse engineer as a sign of malicious behavior. No typical player would attach a debugger to the game, and therefore they probably assume they don’t need much more evidence beyond this to issue a ban." 
 
While voicing his concerns regarding the ban for security researchers, he said, "Let me be clear: at no point did I intend to develop or use a cheat, and at no point did I manipulate any aspect of the game for another player or even myself. To this day, I don’t know what exactly caused the ban, and there’s no process to appeal it. What if using a reversing tool as part of my job gets me flagged? This fear is in the back of my mind for all games with anti-cheat, not just Warzone."

South Korea Fines Facebook For Sharing Data Without User Consent


South Korea fines social networking giant Facebook for 6.7 billion Won (around $6 million) for sharing user data without their consent. According to PIPC (Personal Information Protection Commission), Facebook has a total userbase of around 18 million users in South Korea. It says FB shared user data of 3.3 million users to third-party companies without user consent. The incident happened from May 2012 to June 2018. Also, PIPC says that it will charge a criminal complaint against the company for violating "personal information laws." 

The shared information includes user names, academic background, work profile, relationship status, and home addresses. The users logged into other third-party apps using their FB credentials but without giving any permission to access personal information. Nonetheless, FB shared its data with the third-party apps the users were using. 

The issue came to notice when a FB user shared their data with a service while logging in with the FB account, but the user's friends didn't, however, unaware that their FB data was also shared. Following the incident, these third-party apps used Facebook's provided information to show customized ads on social media users' profiles. 

According to PIPC, with no user permission, Facebook provided user data to third-party companies and made monetary profits. PIPC also charges FB to store login credentials (with no encryption) without user knowledge and not notify the users while accessing their data. Besides this, it claims that Facebook presented fake and incomplete documents while the legal investigation was ongoing, instead of providing the real documents. 

It affected the inquiry's credibility and caused difficulties in assessing FB's clear violations of rules and laws. For this misdoing, FB was charged for an extra 66 million won. 

The company Facebook, however, claims that it provided full cooperation during PIPC's investigation. FB find PIPC's complaint regrettable; however, it will respond after the commission takes its final decision. 

"The investigation against the US tech giant started in 2018 by the Korea Communication Commission, the country's telecommunication regulator, in the wake of the Cambridge Analytica scandal. The regulator handed the case to PIPC," reports ZDNet.

British Drug maker AstraZeneca Working to Deploy the Covid-19 Vaccine Targeted by Suspected North Korean Hackers

 


There is no denying the fact that cyberattacks against health bodies, vaccine scientists and drug makers have risen to an extreme length during the Coronavirus pandemic as state-backed and criminal hacking groups scramble to acquire the most recent research conducted as well as the data about the outbreak.

Yet another example has come across in the recent times, as a British drug maker company races to deploy its vaccine for the Corona virus and a couple of suspected North Korean hackers attempted to break into its systems. 

According to sources, the hacking endeavored to focus on a "broad set of people" including staff working on the COVID research.

The Reuters report that, by posing like recruiters on the networking site LinkedIn and WhatsApp the hackers approached the staff of AstraZeneca with fake job offers and later sent documents which appeared to be job descriptions that were bound with malevolent code intended to access a victim's computer. 

The source, who basically spoke on the condition of anonymity to examine non-public data, said the tools and the methods utilized in the attacks demonstrated that they were important for a continuous hacking campaign that US authorities and cybersecurity researchers have 'attributed' to North Korea. 

The campaign was previously been centered around defence companies and media organizations however pivoted to Coronavirus related targets as of late, as per three people who have investigated the attacks. 

Microsoft said for the current month alone it had observed two North Korean hacking groups target vaccine developers in multiple countries, including by "sending messages with fabricated job descriptions" Microsoft however didn't name any of the targeted organizations.

The North Korean mission to the United Nations in Geneva though didn't react to a request put forth for their comment. Pyongyang has likewise denied carrying out the previously mentioned cyberattacks.

It has no direct line of contact for foreign media. AstraZeneca, which has arisen as one of the top three Coronavirus antibody developers, also declined to comment. 

As North Korea has been accused consistently by the US prosecutors for a portion of the world's 'most audacious and damaging cyberattacks’, including the hack and leak of emails from Sony Pictures in 2014, the 2016 theft of $81 million from the Central Bank of Bangladesh, and releasing the Wannacry ransomware virus in 2017. 

Pyongyang has consequently portrayed the allegations against it as attempts by Washington to malign its image. 

Reuters however has recently reported that hackers from Iran, China and Russia likewise have attempted to break into leading drug makers and even the World Health Organization this year, yet Tehran, Beijing and Moscow have all denied the allegations.



Cyber security 2021 : What new threats can be expected?; here is our estimate


2020 has been an event-full year for cybersecurity, to say the least COVID-19 completely shifted the paradigm for the 184 Billion dollar industry, with ramifications felt throughout the year and possibly next year. So, what new threats can be expected in cybersecurity for the year 2021? We assessed future threats trends that you'll need to be careful of:

 Social Engineering Attacks:

Verizon’s Data Breach Investigations Report for 2020 says that social engineering is a top attack vector and this trend will probably continue for 2021 but in a better and sophisticated way. For example, attackers scamming people by asking their detail like email, card numbers, etc for free Covid testing kits.

 Cybercriminals will be focusing on Remote Workers and Network Attacks: 

 Social Distancing can slow down virus but not hackers. In 2021, it's highly probable that attackers will focus on WFH (Work From Home) employees and people using minimal security defenses. Phishing, including by email, voice, text, instant messaging, and even third-party applications targeting WFH employees will be high.

 Slow Economy leading to a reduced budget will result in compromising cybersecurity : 

 As the U.S economy fell from $779 billion at the end of 2018 to $2.8 trillion as of July 2020 their spending on IT and tech investment with a 10% decrease in 2020also decreased After years of accelerating, IT spending decreased nearly 10% in 2020. This will probably continue in the next year and companies will look for a more convergent cybersecurity solution where one company can provide the whole security solution like McAfee or Microsoft. Secure access service edge (SASE) platforms will gain a foot over disjointed products as companies will look for cost-cutting measures.

 Attackers relying on Machine Learning:

 Beyondtrust.com makes an interesting prediction that could viably come true with the rapid evolution in attack ways used by hackers and they predict that threat actors will use machine learning to discover vulnerabilities and gaps in security as well as evade security defenses. "ML engines will be trained with data from successful attacks. This will allow the ML to identify patterns in the defenses to quickly pinpoint vulnerabilities that have been found in similar systems/environments. This approach will allow attackers to zero in on entry points in environments far more quickly and stealthily as they will be targeting fewer vulnerabilities with each attack, evading tools that need a volume of activity to identify wrongdoing."

Cybersecurity Company Sophos Hit By Data Breach Attack, Company Informs Customers

 

A data breach attack recently hit Sophos, a Uk based cybersecurity company. The company currently has notified its customers regarding the data attack via mail, which the company suffered last week. The leaked information includes user names, emails, and contact numbers. According to Sophos, only a small number of customers were affected by the data breach. The spokesperson says that a "small subset" of customers was affected; however, not providing any further details. 

Earlier this week, the company was informed of an access permission problem in a tool. The tool contains customers' information who contact Sophos support. The company said this in an email sent to its customers. 

The company says that it came to know about the issue through an expert and had fixed the misconfiguration as soon as it was reported. According to Sophos, customer privacy and safety is their topmost priority. It is currently contacting all impacted customers. 

Besides this, the company has implemented preventive measures to ensure that permission settings are not exploited. The data breach is the second cybersecurity incident that Sophos suffered this year. 

In April, a quite similar incident happened where hackers found and exploited a zero-day XG Firewall in Sophos and attacked companies worldwide. The hackers used Asnarok malware, but when the vulnerability was exposed, they shifted to ransomware and failed eventually. 

The email reads, "On November 24, 2020, Sophos was advised of an access permission issue in a tool used to store information on customers who have contacted Sophos Support. As a result, some data from a small subset of Sophos customers was exposed. We quickly fixed the issue. Your information was exposed, but due to remediation measures we have taken, your data is no longer exposed. Specifically, first name, last name, email address, and, where provided, a contact phone number. 

There is no action that you need to take at this time. At Sophos, customer privacy and security are always our top priority. We are contacting all affected customers. Additionally, we are implementing additional measures to ensure access permission settings are continuously secure. "

Massive BEC Phishing Ring Uncovered, 3 Nigerian Nationals Arrested

 

In the city of Lagos, three Nigerian nationals suspected of participation in an organized cybercrime group behind malware distribution, phishing attacks, and a massive business email compromise (BEC) ring responsible for scams globally, have been arrested under “Operation Falcon” carried out jointly by international police organization with Nigeria Police Force and Singapore-based cybersecurity firm Group-IB, according to the reports by Interpol. 
 
In a Business Email Compromise (BEC) attack, the threat actor hacks and spoofs email to impersonate an organization’s CEO, vendors, or senior executives to trick employees and customers by gaining their trust; which later is exploited as the attackers encourage actions relating to funds transfer to criminal’s account or transferring confidential data, in some cases. 
 
The cybercriminals behind the operations performed a number of their phishing campaigns in disguise; masked as product inquiries, Coronavirus aid, or purchasing orders. Stealing authentication data from emails, web browsers, and FTP clients from organizations based in the UK, the US, Japan, Nigeria, and Singapore, has been identified as the primary objective of these phishing attacks, as per Group IB. 
 
As the ongoing investigation continues to uncover other suspects and monetization means employed by the ring, around 50,000 targeted victims have been discovered, so far. Allegedly, the participants of the rings developed phishing links and domains before performing mass BEC campaigns wherein they sophisticatedly targeted corporations of all sizes. Reportedly, 26 different malware variants were being deployed by the criminals including remote access Trojans (RATs) and spyware. 
 
"They then used these campaigns to disseminate 26 malware programmes, spyware, and remote access tools, including AgentTesla, Loki, Azorult, Spartan, and the nanocore and Remcos Remote Access Trojans,’ the INTERPOL said. 
 
"This group was running a well-established criminal business model," Interpol's Cybercrime Director Craig Jones noted. "From infiltration to cashing in, they used a multitude of tools and techniques to generate maximum profits." 
 
“These programs were used to infiltrate and monitor the systems of victim organizations and individuals, before launching scams and siphoning funds,” as per an announcement by INTERPOL. “According to Group-IB, the prolific gang is believed to have compromised government and private-sector companies in more than 150 countries since 2017.”

Pinterest soon to join the Online Classes Plethora

 

With 400 Million monthly active users (a 30% increase from last year), Pinterest is gaining foot among millennials and Gen Z. And their secret of success is their creative interface and their constant new features that attract Gen Z to the platform for future growth, learning, and inspiration. And thus, the photo-sharing social app is aired to be testing online events where users can sign up for Zoom classes by creators. 

The organization confirmed that the feature is undergoing tests with selected users but didn't comment further either on the confirmation or the launch. 

The creators can organize lessons through Pinterest’s class boards, manage class materials, notes, and other resources, and connect through a group chat option. The classes would work through communities- similar to pinboards, if a user wants to join a class, they'll have to click on a sign (a book) to join and they will be mailed with the class detail and zoom link. The communities will be a space to inform about notes, photos, class overview, description, group chat, and more. like lists of what to bring to class, notes, photos, and more. 

The feature was discovered by reverse engineer Jane Manchun Wong on Tuesday by looking into class details. Though, she adds that clicking on these links results in nothing as the feature is not yet active. There are some demo profiles that you can check out: “@pinsmeditation” or “@pinzoom123,” but their communities are empty.

 "We are experimenting with ways to help creators interact more closely with their audience," a Pinterest spokesperson said in a statement. 

 The social media company is constantly on the rise with 442 million global monthly users and a 50 percent increase in Gen Z loggers. Their Q3 revenue rose to 58 percent and a 60 percent increase is expected in Q4. With these numbers, it is no shock that the company will invest in new features and quirks for their users, and what could be more beneficial than online classes during a worldwide pandemic. As Pinterest commented, "We continue to navigate uncertainty given the ongoing COVID-19 pandemic and other factors".