Search This Blog

Naavi: Information collected from WhatsApp would be shared with Facebook and eventually be used for advertising

The WhatsApp messenger, which is owned by Facebook, began to notify its users (which is about 2 billion) about the update of the privacy policy. Do you want to keep using the popular messaging app?

On 18 January we conducted an interview with a veteran Cyber Law specialist in India Vijayashankar Na (Mr. Naavi) and he shared with us his opinion on the new privacy policy of WhatsApp messenger and how it impacts the users.

Please introduce yourself to our readers.

I'm the chairman of a foundation of data protection professionals in India, which is the primary organization in India working on data protection, providing certifications, audit, support and so on. Since 1998 I was working on cyber law issues which was based on our law called the information technology act. Moreover, I'm the founder of Cyber Law College, a virtual Cyber Law Education institution. Now we have extended it to data protection.

On January 4, WhatsApp announced that from February 8, all users of the messenger (except for residents of the EU and the UK) will be forced to share their personal data with Facebook — the social network will have access to phone numbers, transaction information and IP addresses. What has changed?

Actually, compared to what happened before, there may not be significant changes. We know that WhatsApp has been acquired by Facebook, but we are not very sure whether the information from WhatsApp was being shared with Facebook. But I believe it was happening in the background which we do not know. But maybe now, because they don't want to take any chances with particularly the GDPR (General Data Protection Regulation) authorities they wanted to actually be transparent about what they would like to do. I think this was driven more by the GDPR considerations to just polish their current privacy policies so that any problems could be sorted out.

WhatsApp wanted to disclose the fact that some part of the information collected from WhatsApp would be shared with Facebook and eventually be used for advertising.

So we all know that WhatsApp is a free app. In fact, it's popularity or growth in popularity was because it was free. But it cannot continue like that forever because there has to be a revenue model for any company. Now WhatsApp has come out to the open and through the new policy has declared what kind of information they are likely to share.

WhatsApp contains two sets of data. One is the metadata - contact list, location, status, financial information and data such as your unique phone ID. So, it all reflects a certain characteristic of persons. That usage information itself is actually a treasure if properly analyzed for the purpose of profiling the person.

As we know from the news, WhatsApp's innovations have already angered technology experts, privacy advocates, billionaire entrepreneurs and government organizations. But the main thing is that they provoked the flight of users. Why did this happen?

WhatsApp made a big mistake in the sense that they did not clarify properly what do they want to do. They said that this change is only for business applications. But pop up about update actually came for all individuals who are having a personal WhatsApp account. Subsequently, WhatsApp said in the Press release that this is only for business accounts, not for individual accounts. Then the people asked, "why did WhatsApp show this particular pop up to me at all? If it was not meant for me?" It was psychologically, very disturbing for people.

Moreover, the problem with WhatsApp today is PR. Actually, they drafted it in such a manner that it would actually create revulsion amongst the people. In my opinion, it was a bad PR "Get it or Leave it". We know that the privacy policy should be return in clear and precise terms that an ordinary person can understand. Going that WhatsApp should have been a little more careful.

So, it has become easy for people to download Signal, Telegram. And of course in India, there will be a moment to develop our own indigenous apps. So maybe WhatsApp is going to lose more than what, perhaps it could have.

What do you think, why does Facebook need this metadata?

Instagram and Facebook are now going to be able to show even more targeted ads on Facebook and Instagram, having carefully studied the interests and preferences of users in the messenger. In addition, businesses will be able to accept payments in WhatsApp for products that users have selected in Instagram ads.

Whether we like WhatsApp or not, whether we like Facebook or not, they also have the right to say that I cannot do it on free service forever. Now advertising requests profiling, without profiling advertisements cannot be targeting.

If the person wants to give the information by way of consent, let him give it. So this is a fair game between business interests and personal privacy interests. It's how GDPR is building. There has to be a legal basis.

WhatsApp will read our messages. Is it true?

As it is generally stated, they are not supposed to be reading our messages. Our conversations are encrypted using end-to-end encryption, and, the company says, even WhatsApp itself can not access them. So, the content is getting encrypted with some device-related ID. So, at the moment it leaves my device, It should get encrypted.

Now in case people actually go for backups, storage in the cloud, then there is an issue. So people should avoid cloud storage and make the backup only within the mobile.

In your article "WhatsApp needs to change its Jurisdiction clause in the Terms or else, exit from India" you said that "WhatsApp has created two different sets of policies, one offered by WhatsApp Ireland Ltd to the EU region and the other by WhatsApp LLC  to other countries". How does this apply to India?

In India, on 8 February we were expecting the parliament to pass the Indian data protection law. In my opinion, WhatsApp decided to change the privacy policy on 8 February only to preempt the data protection law.

When I said that "we need to look for a change of WhatsApp in India" was not because of the privacy issue, it's a question of analyzing the privacy policy, that is a matter of revising the privacy policy.

My issue was in the terms of use one of the clauses - jurisdictions. Of course, this is not exclusive to WhatsApp. It happens in many other international web services. The jurisdiction clause says that if there is any dispute between the user of WhatsApp and WhatsApp, then the dispute has to be resolved in accordance with the Californian law and in the district court of California automated binding arbitration there. It means that the use of WhatsApp in India is not going to have any grievance mechanism in India, this is not in accordance with our law, our law doesn't permit it. It is almost denying the government's interest. I'm not happy with that. I would like that to be changed.

Will you continue to use WhatsApp, or have you changed Messenger?

In our professional circles, actually, we have made some moves. Many of the professionals prefer Signal. Of course, some people prefer to Telegram a bit more. Earlier Telegram was the most used platform due to the number of people in the groups. In fact, we were thinking of shifting our FDPPI group to Telegram.

What do you can recommend to our readers?

If somebody is going to have serious professional discussions, financial discussions, then obviously they should look at shifting to Signal. If it is purely personal, family discussions, you can keep using WhatsApp. So, you need to make a distinction between personal use, family use and professional use. If you want 500 people to be in your group then no have a choice, but to leave a WhatsApp. If it's a small group that handles confidential information, need to change to Telegram.

We've covered quite a bit in this conversation. Before we wrap up, is there anything else you'd like to to add?

The only thing I want to say is that we need clarity amongst the ordinary people on what is privacy and what is that we are willing to protect in privacy. It is not absolute protection. It is always the protection of the choice. And the fact that there are, even if you shift from WhatsApp to Telegram, we don't know whether Telegram will remain free forever.

I feel there is a need for this harmonious relationship between the users and the organizations that make use of the data. And that is the purpose of the data protection law. And when we interpret data protection law, again, we should not be totally one-sided. That is the beauty of this issue, balancing the whole thing.


Serious Vulnerabilities Discovered in Group Face Time Apps

 

Threat actors utilized Google Duo, Facebook Messenger, Signal, JioChat, and Mocha messaging apps vulnerabilities to their advantage by listening to user’s surroundings without any consent before the user on the other side received the call.

Natalie Silvanovich, a Google project Security Researcher discovered the [Group Face Time] bug in multiple video conferencing mobile applications and now all the vulnerabilities in these apps are fixed. iPhones, renowned across the globe for their security features were reported with a critical flaw in January 2019. 

Apple’s FaceTime group chat vulnerabilities allowed hackers to start off a FaceTime video call and eavesdrop on targets. Threat actors tricked the users by attaching their own number as a third person in a group chat right before the user on the other end received the call. This vulnerability was considered so critical that forced the company to eradicate the FaceTime group chats feature. Later, the issue was resolved via iOS update.

Natalie Silvanovich stated that “I investigated the signalling state machines of seven video conferencing applications and found five vulnerabilities that could allow a caller device to force a callee device to transmit audio or video data. Theoretically, ensuring callee consent before audio or video transmission should be a fairly simple matter of waiting until the user accepts the call before adding any tracks to the application”. 

“however when I looked at real applications, they enabled transmission in many different ways. Most of these led to vulnerabilities that allowed calls to be connected without interaction from the callee”, she further added. 

In December 2020 the Google Duo bug, a race condition that permitted callees to leak video packets from unanswered calls to the caller was patched. Two relatable vulnerabilities were discovered in the Mocha messengers and JioChat in July 2020; vulnerabilities that permitted sending JioChat audio, patched in July 2020. Mocha messengers audio and video bugs were patched in August 2020 after exploitation by the threat actors.

Chinese Threat Group Chimera Attacks Airline Industry

 

For the last few years, a Chinese threat group under the name Chimera has been targeting the airline industry with the intention of amassing passenger data, and later to monitor their movement and track the persons, selectively. However, the operations of Chimera have been under the radar of the cybersecurity organizations for a while and experts suspect the threat actors behind Chimera to be working in alignment with the interests of the Chinese state. The Cyber Security Organization CyCraft first described the actions of the group in a paper written and presented at the Black Hat Conference in 2020. Chimera has also been suspected to coordinate attacks against the Taiwanese superconductor industry as mentioned in the paper written report. 

In a recent study released last week by the NCC Group and its affiliate Fox-IT, the two companies said that the intrusions of the group were larger than what was originally believed- even targeting the airline sector besides the superconductor industry. This spanning was not limited to Asia but was done for assorted geographical areas as well. They also cited that in several cases, actors had been cloaking within networks for more than three years before they were identified. 

The attack on the superconductor industry of Taiwan was targeted at stealing intellectual property, although the target was different in the case of the airline industry. The companies further alleged that the actors wanted to gather Passenger Name Record (PNR) for which they were targeting the victims. With further investigation, the companies observed that the assorted custom DLL files were continuously used to extract PNR information from the memory structures where the main data is generally stored. 

"NCC Group and Fox-IT observed this threat actor during various incident response engagements performed between October 2019 until April 2020," added the two companies. 

The report provided by NCC and its affiliate Fox-IT states the modus operandi of the actors whose first step is to collect data like the user login credentials which would be leaked in the public domain or the dark web after the data breach has occurred at other companies. This collected data is later used by the actors for ‘credential stuffing’ and ‘password spraying’ attacks against the target’s personnel accounts, as the email account.

Maze Ransomware: Exfiltration and Extortion

 

New research by New Zealand organization Emsisoft has discovered that a cyber-blackmail tactic initially debuted by ransomware gang MAZE has been adopted by over a dozen other criminal cyber gangs. Initially observed in May of 2019, the maze was a prominent part of consistent, yet unremarkable, extortion campaigns. However, as of late a sizable uptick have been seen in Maze campaigns, including numerous prominent, high-profile attacks. The attackers behind Maze have previously claimed credit for assaults on both Allied Financial just as well as the City of Pensacola Florida. 

The globally renowned security software organization, Emsisoft declared a ransomware crisis in the last month of 2019. Their most recent ransomware report shows that this specific sort of malware has hugely affected the United States in 2020. Emsisoft threat analyst Brett Callow described the numbers in "The State of Ransomware in the US: Report and Statistics 2020" as "pretty grim." 

At least 2,354 US governments, medical services offices, and schools were affected by ransomware last year, including 113 federal, state, and municipal governments and agencies, 560 healthcare facilities, and 1,681 schools, universities, and colleges. Researchers noticed that the assaults caused huge, and in some cases perilous, disturbance: ambulances carrying emergency patients had to be redirected, cancer treatments were deferred, lab test results were difficult to reach, clinic workers were furloughed and 911 services were interfered with. 

In 2020, MAZE turned into the first ransomware group to be observed exfiltrating information from its victims and utilizing the threat of publication as extra leverage to coerce payment. As per a November report by Coveware, some ransomware gangs that exfiltrate information don't erase it, even in the wake of accepting a ransom from their victims. Coveware noticed REvil (Sodinokibi) requesting a second ransom payment for stolen information it had just been paid to delete.

Maze ransomware doesn't simply demand payment for a decryptor however exfiltrates victim information and threatens to leak it publicly if the target doesn’t pay up. This “double whammy” heaps on yet more strain to persuade the victim to cave into the cybercriminals' demand. The onus presently is on organizations to ensure they have a trusted security arrangement demonstrated to forestall ransomware from executing in the first place, as restoration of data from a backup won't save them.

3 Unique Procedures to Counter Money Laundering in India

 

The main weapon used by money launders to launder cash is bitcoin and other cryptocurrencies alternatives. India’s cryptocurrency exchanges deployed their own KYC regulations and anti-money laundering protocols for users.

Nishal Shetty, CEO of India’s largest cryptocurrency exchange WazirX said we follow all the necessary protocols such as asking users for ID and address proof like Aadhar and PAN Card. Our platform also emphasizes that money must come from the concerned customers' bank account and not from the third party bank account.

Cryptocurrency exchanges use various procedures to conduct KYC, one such method is penny drop. Penny drop method helps in verifying the user’s personal information and bank details, for example, a token of 10 rupees is transferred to the user’s account to confirm bank account details. This method confirms the account holder’s name as registered with the bank, to the transferor.

Neeraj Khandelwal, co-founder of CoinDCX stated that “for corporate clients who are given higher trading limits, more documents like articles of association, board resolutions authorizing crypto investment, etc. are needed”.

Chainlink is one of the most familiar software among cryptocurrency exchanges which helps in identifying rogue addresses. Khandelwal further stated “we use a globally renowned crypto AML tool to check for blacklisted crypto addresses. If a legitimate user has got crypto from such an address, maybe through peer-to-peer and he or she wants to transact on our exchange, we ask for additional KYC such as source of funds and profession”.

Bitcoins and other cryptos are not held in bank or demat accounts contrary to other financial assets such as stocks, bonds, and FDs. The cold wallet is the method that can be used for holding on to the bitcoins and other cryptos, it is the hardware device or even paper that is not linked to the internet. Therefore, cold wallets cannot be easily seized by law enforcement authorities.

AnyVan 4.1 Million Users Comprised with Data-Breach

 

Headquartered in Hammersmith, London (UK)- AnyVan is a European online platform for the patrons to access consignment, transport, and removal services from their chain network of transport partners. It focuses on European moves only. Also, it is one of the front runners of Europe in terms of moving services as it can easily compare the delivery path of the patron with that of the transport service provider and associate them to mitigate costs and eliminate CO2 emissions by optimizing storage space and haulage. However recently AnyVan affirmed its users about the unauthorized data break-in and embezzlement of personal details of its patrons by the hackers. 

The company informed its patrons by sending them a notice concerning a data breach that the company has become a victim of. AnyVan later disclosed that they discovered this incident on the 31st of December 2020 and they also mentioned the reason as to, “why they're being informed so late?” 

AnyVan in regards to the aforementioned incident stated that “This leaking of data came to our attention on the 31st December, but we understand the incident itself occurred at the end of September. As soon as the incident came to our attention, our specialist IT team investigated it and have since taken the following remedial action: all passwords have been changed."

According to the notice and statements given by the company, patrons' names, email and a cryptographic hash of their passwords have been accessed and probably displayed on the dark web by the actors. Seemingly, no other sensitive information was compromised. Further, they added that an investigation of the incident continues. however, all this came only after the actors had ample time to exploit user’s data and information. The estimate reflects that around 4.1 million users are being affected due to this data breach. AnyVan never even reached out to the ICO (Information Commissioner’s Office), which was an important step as its users' confidential data was compromised.

As a precautionary measure, the company advised its patrons to update their password and other personal details for the accounts, they use on AnyVan. They alarmed them not to share unwittingly any other piece of information or personal detail to anyone. Moreover, the company apologized for this data breach of the personal information suffered by its users and said that they are very sorry for the inconvenience caused.

DMV Warns New Yorkers of Text Phishing Schemes

 

The New York State Department of Motor Vehicles cautioned New Yorkers of progressing text message phishing schemes. These counterfeit text messages request that recipients update their driver's license contact data, with the messages connecting to a fake DMV site. Utilizing the progressing adoption of the REAL ID Act of 2005 trying to make the scam sound authentic, the attackers have utilized three explicit text phishing messages, said the New York State Department of Motor Vehicles (DMV). 

The New York DMV released three sorts of text phishing messages that fill in as the initial salvo in this attack.

 • The primary assault message illuminates the recipient in broken English that anybody holding a driver's license must "update their contact to compliance regulation agreements.” 

• The following text phishing message accomplishes something similar, advising the recipient they need to change their mailing and contact data to accelerate compliance with new ID guidelines. This rendition of the plan refers to REAL ID by name.

 • The last text message parrots the past two iterations however utilizes the most broken grammar of the three. 
Each three of the driver's license phishing messages diverts to a phony DMV site intended to steal data. 

New York State DMV cautioned of a similar text phishing assault in October 2020. In that case, threat actors were utilizing scam text messages to divert clients to a phony DMV site. On the off chance that somebody clicked on it, the attackers could target them with identity fraud or malware. In another situation, a text phishing scam utilized a pandemic alleviation payment as a cover story. The assault message informed the recipient, they were qualified for $600 on the off chance that they clicked on the embedded link. These attackers utilized caricaturing strategies to mask their message as true correspondence from New York's Department of Labor. 

These assaults feature the requirement for employers to protect themselves against phishing assaults professing to be government messages. They can do such by putting resources into making a security awareness training program. Seeing phishing assaults in a test setting can teach representatives about some of the most common types of scams being used today, as well as emerging campaigns. Employers can likewise consider utilizing phishing prevention technical controls.

More Than 22 Billion Records Revealed in Data Leaks in 2020

 

A new record has been set with regards to the data breach, ‘more than 22 billion records were revealed globally amid 730 publicly leaked data violations in 2020’, as stated in a report published on Friday. A major chunk of data breaches was linked to ransomware attacks which are nearly thirty-five percent.

Cyber exposure company Tenable’s Security Response Team (SRT) analyzed that 14 percent of data leaks were the outcome of email compromises in the period of January 2020 to October 2020. The main tactics used by threat actors was the dependency on unpatched susceptibilities in their strikes, meanwhile, encompassing multiple other vulnerabilities. 

While giving insights, Satnam Narang, a Staff Research Engineer at Tenable stated “every day, cybersecurity professionals in India and the rest of the world are faced with new challenges and vulnerabilities that can put their organizations at risk. The 18,358 vulnerabilities disclosed in 2020 alone reflects a new normal and a clear sign that the job of a cyber defender is only getting more difficult as they navigate the ever-expanding attack surface”. 

The growth rate of common vulnerabilities and exposures (CVEs) increased at an average of 36.6 percent from 2015 to 2020. In 2020 it shot up to 183 percent as compared to 2015; 18,358 CVES were reported in 2020 as compared to 6,487 in 2015. 

“Pre-existing vulnerabilities in virtual private network (VPN) solutions - many of which were initially disclosed in 2019 or earlier – continue to remain a favorite target for cybercriminals,” Narang told. 

Search engines such as Mozilla Firefox, Google Chrome, Microsoft Edge, and Internet Explorer resulted in 35 percent of all zero-day susceptibilities abused in wild by the threat actors. 

“In 2021, we must have the tools, awareness, and intelligence to effectively reduce and eliminate blind spots” Narang concluded. 

Patrons Become Victim to Depop Hacks

 

Since the lockdown started in March, there has been a significant spike in online shopping. This has become a big attraction for people looking for items on famous sites and apps. However, like every online shopping app, there could be issues for consumers, such as hacking, data breach, cyber fraud, etc. And this pandemic came out as a golden opportunity for the Scammers since they have managed to continue plaguing a variety of internet resources. 

One "have a go" tactic of the hackers is "credential stuffing" which requires the use of automated software to log into accounts repeatedly, entering previously uncovered usernames and login information from data breaches of other common online services. However, this dupe won't work if a person doesn't have the same password on many sites or has changed their passwords after being subjected to a data breach. 

One such incident of hacking and data breach has happened with 21 years old, Birmingham based law student, Amelia Strike who was unknowingly logged out of her Depop social shopping app account in October. Regarding which she said that "I thought I had just forgotten my password when I couldn't get back in, but a couple of days passed and I realized something wasn't right”, further adding, "I just felt so violated”. 

Later she received a post from a stranger on Instagram, alerting that her account had been taken over by a hacker auctioning Apple Air Pod headphone for £50. She also figured out that the hacker was scamming a lot of Depop customers under her name. The hacker was instructing the patrons to make the payment via PayPal’s “Friend and Family” option. Well, this method of payment overrides Depop's fees and does not offer any protection to buyers. 

She was fast enough to act against the scammer by using her brother’s Depop account and commenting on the offending post and contact for help from the app firm. Her query was noticed, and the firm removed the posts done by the hacker, within few hours and her password was reset. Amelia Strike notices at least three Depop patrons who had made payment by the unauthorized method to the hacker. 

In Amelia Strike's case, to get users to believe scam listing, the hacker even uploaded a picture of her name to a post-it note next to the headphones that were allegedly for sale. This is a common technique used by people selling second-hand goods online to show that images have not been taken from another listing. 

Nevertheless, she is not only the one whose Depop account was hacked, other 14 users have also reported similar cases. And in all such cases, the fraudsters insisted that they be charged directly rather than via the app. Further Depop has requested the patrons to pay via the authentic method and has stated, “We consistently communicate this to our community and reinforce that the only safe way to purchase is on the Depop app or website via the buy button.”

Hackers Altered the Covid-19 Vaccine Records

 

The European Union's drug regulator has said that COVID-19 vaccine documents that were purloined from its servers in a cyberattack have been not only leaked on the web but "manipulated" by hackers.

A cyber-attack hit the European Medicines Agency (EMA). At the hour of the divulgence of the hack, the EMA didn't give technical insights concerning the attack, nor any information on whether the attack will affect its operations while it is evaluating and approving COVID-19 vaccines. 

The European agency plays a vital role in the evaluation of COVID-19 vaccines across the EU, it has access to sensitive and confidential data, including quality, safety, and effectiveness of information coming about because of trials. The European Medicines Agency said on Friday that a continuous investigation concerning the cyberattack demonstrated that hackers got emails and records from November identified with the evaluation of experimental Covid vaccines. 

The agency, which regulates medications and drugs across the 27-part EU, had troves of confidential COVID-19 information as a feature of its vaccine approval process. 

"A portion of the correspondence has been manipulated by the culprits before distribution in a manner which could sabotage trust in vaccines," the agency said. It didn't clarify what data was altered — but cybersecurity experts state such practices are typical of disinformation campaigns launched by governments. 

Italian cybersecurity firm Yarix said, "the intention behind the leak by cybercriminals is sure: to cause critical harm to the reputation and credibility of EMA and Pfizer." The agency said that given the overwhelming toll of the pandemic, there was an "urgent public health need to make vaccines accessible to EU residents as quickly as time permits." The EMA demanded that despite that urgency, its decisions to recommend the green-lighting of vaccines were based "on the strength of the scientific proof on a vaccine's safety, quality and efficacy, and nothing else.” 

The agency, which is situated in Amsterdam, went under hefty criticism from Germany and other EU part nations in December for not approving vaccines against the virus all the more rapidly. The EMA gave its first recommendation for the Pfizer and BioNTech vaccine weeks after the shot got approval in Britain, the United States, Canada, and elsewhere. 

The EMA said law enforcement authorities are taking necessary action in response to the cyberattack.

Russian hackers hacked the first level Olympiad in a second

A new Olympic season has begun in Russia. Many competitions have been moved online due to the COVID-19 pandemic. The first level Olympiad allows the winner to enter the university without exams.

It turns out that the hacker could theoretically ensure admission to the best universities in the country, putting graduates in unequal conditions.

SQL injections and XSS vulnerabilities were discovered on the site, which make it is possible to influence the results of the competition. As a result, according to the hacker, it is easily possible: 1) find out the tasks in advance and change the answer data during the Olympiad; 2) see the sessions and data of other users; and 3) massively upload user information, including personal information (information from the passport, registration, phone, e-mail).

"SQL injection is one of the easiest ways to hack a site. Indeed, in a very short period of time and by replacing several characters, an attacker can gain access to all personal data of the Olympiad and to all tasks," said Oleg Bakhtadze-Karnaukhov, an independent researcher on the Darknet.

According to the researcher, most likely, there was not enough time to detect such errors during the programming of this site, although it takes little time to find and fix them.

"If the site contains vulnerabilities, then a command in a specific programming language can be inserted, for example, in a link, and the page will display information that was not intended for users initially," explained Dmitry Galov, Cybersecurity Expert at Kaspersky Lab.

According to Alexei Drozd, head of the information security department at SearchInform, the reason may be design errors, as a result of which the site, for example, poorly checks or does not check incoming information at all.

"Unfortunately, when developing websites and applications, security issues are always in the background. First, there is a question of functionality," concluded Alexey Drozd.


Cisco Shows no Intentions on Patching EOL Vulnerabilities

 

Cisco, an American Multinational Conglomerate stated this week it does not plan on fixing vulnerabilities in end-of-life (EOL) Cisco routers, more than 70 vulnerabilities were spotted in CISCO’s Small Business RV110W, RV130, RV130W, and routers. Despite these vulnerabilities, the company has no intentions to fix these patches.

Cisco stated that these devices have reached end-of-life (EOL) hence there is no point in fixing the Cisco routers. The deadline regarding software maintenance releases and bug fixes was December 1, 2020. Cisco has released software updates to fix these vulnerabilities and said they are not mindful of threat actor exploits targeting the vulnerabilities.

CVE-2021-1144 recognized as a high severity bug (CVSS score of 8.8) in Connected Mobile Experiences (CMX) is the most valuable flaw which can be exploited by threat actors to alter the passwords for any user account on the system which includes administrator accounts as well. Threat actors can exploit the vulnerability by sending an altered HTTP request to a susceptible device.

CVE-2021-1237 (CVSS score of 7.8) is tracked as another high severity flow, it was detected in the AnyConnect Secure Mobility Client for Windows, influencing the Web Security Agent Components and the endpoint solution’s Network Access Manager. This vulnerability could be exploited by an authenticated and local threat actor for Dynamic Link Library (DLL) installation.

Cisco stated that “an attacker could exploit this vulnerability by inserting a configuration file in a specific path in the system which, in turn, causes a malicious DLL file to be loaded when the application starts. A successful exploit could allow the attacker to execute arbitrary code on the affected machine with SYSTEM privileges”.

Cisco issued 18 other recommendations explaining medium severity bugs in Proximity Desktop for Windows, ASR 5000 routers, Enterprise NFV Infrastructure Software (NFVIS), Webex, Finesse, Firepower Management Center (FMC), Video Surveillance 8000 IP Cameras, Unified Communications products, DNA Center, AnyConnect Secure Mobility Client, and CMX API authorizations.

WhatsApp Clients Resort to Other Messaging Platforms

 

WhatsApp has told its two billion clients they should permit it to share information with its parent organization Facebook if they wish to keep utilizing it. All WhatsApp clients would not be able to proceed with the service except if they accept the new terms by 8 February. The stage said the update will empower it to offer features, for example, shopping and payments. 

Message platforms Signal and Telegram have both seen a gigantic surge in downloads around the world over after a questionable update to WhatsApp's terms and conditions. 

As per information from analytics firm Sensor Tower, Signal was downloaded all around the world multiple times the week before WhatsApp declared the change on 4 January and 8.8 million times the week after. This included big surges in India, where downloads went from 12,000 to 2.7 million, the UK from 7,400 to 191,000, and the US from 63,000 to 1.1 million. In a progression of tweets, Signal said a few people were detailing issues with creating groups and postponements to verification codes showing up in light of the fast development but that it was addressing the issues. 

Telegram has proved to be even more popular, with downloads booming all around the world from 6.5 million for the week starting 28 December to 11 million over the next week. In the UK, downloads went from 47,000 to 101,000. Furthermore, in the US they went from 272,000 to 671,000. During the same period, WhatsApp's worldwide downloads shrank from 11.3 million to 9.2 million. 

One industry watcher said he didn't think this fundamentally spoke to a major issue for WhatsApp, which has been downloaded 5.6 billion times since its launch in 2014. 

"It will be hard for opponents to break user habits, and WhatsApp will keep on being one of the world's most popular and broadly utilized messaging platforms," said Craig Chapple, mobile insights strategist at Sensor Tower. 

WhatsApp reassured its clients that it doesn't keep logs of every individual who is messaging, it can't see your shared location, it doesn't share your contacts to Facebook, and that groups can stay private. It likewise exhorts clients that they actually have the choice to set messages to disappear and that they can't download their information. WhatsApp's clarification may figure out how to reassure a few clients that the privacy changes aren't as troubling as first dreaded, yet for other people, it might have come past the point of no return.

Colombian Woman purloin Rs 17.71 Lakh from SBI ATM

 

Bengaluru Police have confronted a freshly growing crime that goes under the name ATM fraud. In this ATM fraud, the actors steal the money from the ATM by fixing a device and hacking the bank’s servers with their master dupe. In recent times, a Columbian woman has been accused of this fraud. She was held in defrauding the State Bank of India (SBI) with a calculated amount of Rs. 17.71 lakhs with her dupe. This case was registered in the Hegdenagar, Northeast Bengaluru, India. 

This incident was first perceived by a manager of SBI, Sushil Kumar Singh when he acknowledged an unusual call from a man, who had a query stating that he has received Rs. 1 lakh while he was trying to withdraw an amount of Rs. 1,500 from the local SBI ATM at Hegdenagar. This incident was reported to the Sampigehalli Police on the 11th of January. 

On the other hand, upon hearing the situation from the caller, Sushil Singh with his colleagues ran to the troubled ATM right away and started his investigation. The first thing that he did was to switch off all the ATMs at the kiosk as a precautionary measure. This was done so as the other ATMs do not get in the eye of the actor. The very next day, in the morning he found that a device was attached to the cash deposit machine (CDM) at the kiosk. Further in the investigation, a scrutiny of the cash balance receipt revealed that Rs 17,71,500 were missing from the ATM. 

Later the CCTV footage of the ATM as well as the neighboring areas was checked by the bank staff. With the help of the CCTV footage, they concluded that a woman had walked into the ATM near about 2.25 pm on the 11th of January and had fixed the device to the CDM. In this regard, Sampigehalli police evaluated the clues which helped them to track and arrest a woman, named Leidy Stefania Munoz Monsalve, aged 23 on Friday who was the culprit behind the fraud. 

The device that was fixed to the CDM works by hacking the bank’s servers connected to the ATM, which enables the actors to withdraw the money stored into the kiosk. However, the Police have recovered the stolen money from the ATM. The police mentioned that “The Hegdenagar case, along with three others from Banaswadi, Halasuru, and Nelamangala, appears to be her first foray in cybercrime”.

Currently, Monsalve is in custody for further investigation. Well, this is not the first time that Monsalve was arrested, she has been a part of thefts earlier as well. But was released on bail.

Threat Actors Demand Ransom After Major Cyber Attack on Scottish Environmental Protection Agency

 

Scottish Environment Protection Agency (SEPA) said its digital systems have been severely affected by a ransomware attack since Christmas Eve. Threat actors have locked agency's emails and contact centers and are demanding a ransom to unlock them.

National Cyber Security Centre and Scotland Police are investigating the whole incident and it is believed that the international cybercriminal group is behind the ransomware attack. Cybersecurity experts have unearthed that threat actors have stolen nearly 1.2 GB of data which suggests threat actors may have accessed and stolen 4,000 files.

SEPA said they have to start from scratch and build a whole new system following a ‘significant cyber-attack’. Agency further stated that essential services regarding food forecasting and warnings have not been hit by cyber-attack. Though it remains highly unlikely that 1,300 employees will be able to secure access to their old emails and online documents.

Scotland’s environmental regulator has termed this attack as an “incredibly sophisticated attack” and warned threat actors to face the consequences. We are aware that threat actors are demanding a ransom to unlock the agency's system but they will not succeed in their plan.

SEPA’s Chief Executive Terry A’ Hearn stated that “whilst we don’t know and may never know the full detail of the 1.2 GB of information stolen, what we know is that early indications suggest that the theft of information related to several business areas, some of the information stolen will have been publicly available”. 

The Conti ransomware group asserted the attack and has already leaked sensitive information on its site. The stolen information includes personal information associated with SEPA employees and information associated with commercial work with international allies.

Joker's Stash, the Largest Carding Forum Shutting Down

 

Joker's Stash opened in 2014 and was perhaps the most well-known underground carding site which gave new stolen credit card data and a guarantee of card validity. The activity gas has undergone a decline since mid-2020. The normally active administrator, Joker's Stash, had several gaps in communication. Joker's Stash, announced on January 15, 2021, that it is expected to shut down in a month - the stipulated date being February 15, 2021. The news was announced by the site's administrator through messages posted on different underground cybercrime forums where the site normally publicized its services.

Threat intelligence firm Intel 471 posted a blog expressing that Joker's Stash's fall comes after an extremely tempestuous close to 2020, documenting the website's end. In October, the individual who purportedly runs the site declared that he had contracted COVID-19, going through seven days in the hospital. The condition has influenced the site's forums, inventory replenishments, and different tasks. Intel 471 likewise found that the customers of the site were complaining that the shop's payment card data quality was progressively poor. 

The FBI and Interpol held onto four domains operated by the marketplace. During that time, the site's administrators said the law enforcement crackdown left just restricted effect on the site, the domains were just utilized as proxies to reroute clients from landing pages to the genuine marketplace, and that authorities didn't hold onto any servers containing card or client information. Despite the fact that the seizure didn't have a lot of effects, it chiefly influenced the site's reputation and made clients feel that the once-untouchable Joker's Stash was presently an open book for law enforcement agencies. 

The Joker's Stash admin didn't give more insights about the choice to close down the site. They may have chosen to stop as opposed to being taken down by the law enforcement agencies. Nonetheless, that doesn't infer that the site's administrator is now immune to prosecution. Prior to its declaration of closing down, the Joker's Stash was viewed as perhaps the most profitable cybercrime operations today.

As indicated by Christopher Thomas, Intelligence Production Analyst at Gemini Advisory, the shop is assessed to have made countless dollars in illicit profits, despite the fact that this cash also goes to the vendors themselves. Joker's Stash has been working since October 7, 2014. Last year alone, the site had posted more than 35 million CP (card present) records and in excess of 8 million CNP (card not present) records.

The site's administrator intends to wipe all servers and backups when they shut their operations next month.

Bug Detected in Linux Mint Virtual Keyboard by Two Kids

 

The Linux Mint screensaver has been detected with a flaw, it was discovered by two children who were playing on their dad’s computer. The maintainers of the Linux Mint project have labeled this security bug as vulnerable for it could have allowed any threat actor to bypass the OS screensaver and its password, accessing the locked desktops. 

Accessing the desktop in this way is as simple as via the virtual keyboard, the screensaver could be crashed, and the desktop would be unlocked.

"A few weeks ago, my kids wanted to hack my Linux desktop, so they typed and clicked everywhere while I was standing behind them looking at them play," states the user whose kids have discovered the flaw in the screensaver. He further added that his kids crashed the Linux Mint screensaver by pressing random keys on both the physical and the on-screen keyboards and bypassed the lock. Their father initially thought that this was an accidental move, however, the kids managed to do the same, second time as well.

Clement Lefebvre the developer of the Linux Mint also said that this issue was eventually tracked down to libcaribou, the on-screen keyboard (OSK) component that ships with Cinnamon, the desktop interface used by Linux Mint. In this regard, he wrote, “we’ll most likely patch libcaribou here”. 

The team mentioned that the vulnerability is generated when the user presses the "ē" key on the ‘on-screen’ keyboard, which eventually causes the system to crash. However, it is also observed that in most of the cases the bug generated crashes the Cinnamon desktop process if the virtual keyboard is left open for a long time, from the screensaver, this bug crashes the screensaver rather than the Cinnamon process. This in turn allows users to access the elemental desktop. 

Further, Lefebvre added “the bug was introduced in the Linux Mint OS when the project patched another vulnerability last October, tracked on the Xorg update as CVE-2020-25712” while the bug affects all the other distributions running Cinnamon 4.2 + and any other software that uses libcaribou. 

Later on 13th January 2021, a patch was released for this vulnerability that addresses the bug and prevents future crashes.

Russian IT company reportedly lost contract in USA because of serving sites with content from Trump supporters

The CEO of the Russian provider DDoS-GUARD Evgeny Marchenko explained why the American CoreSite refused to work with his company.

DdoS-Guard, a company registered in Rostov-on-Don, has lost access to partner data centers in the United States. The reason for this was the fact that the company provided services to protect the websites of supporters of Donald Trump. This is reported by the Telegram channel Mash.

According to the founder of the company, Yevgeny Marchenko, the formal reason was to provide hosting to a site associated with the Hamas movement.

"The story began in November last year. One of our partners found out that we are working with a website related to the Hamas movement, which is banned in the United States. We immediately stopped cooperation, but the story was continued at the beginning of the year," said Marchenko.

Already on January 7, CoreSite announced that cooperation with DDoS-Guard was terminated, explaining the same reason - cooperation with Hamas.

"We conducted an internal investigation and found out that one of our partners distributed information to supporters of the current President Trump. Moreover, the content was distributed by a Canadian company. It all looks like an attempt to find at least some Russian company and by any means make a scandal that suggests that Russians support Trump," added Marchenko.

Also, the owner of DdoS-Guard noted that Hamas is now quietly working with the American company.

The DDoS-Guard company has already been repeatedly accused of supporting not entirely legitimate sites, but no measures were taken against them.

DDoS-Guard was founded in 2011 by Evgeny Marchenko and Dmitry Sabitov. The company provides traffic filtering services to protect against DDoS attacks to retail and corporate customers on the basis of its own network of filtering nodes located in several countries. DDoS-Guard also acts as a provider of secure hosting services. The company's head office is located in Rostov-on-Don.

Recall that almost all IT companies are against US President Donald Trump. The reason was the attack by his supporters on the Capitol, which took place on January 6. Many felt they were prompted to do so by Trump's words. After that, his accounts were blocked on almost all major social networks.

Bitcoin Scammers Tricked People by Using Elon Musk’s Name

 

Security researcher MalwareHunter team exposed a cryptocurrency scam through which scammers were targeting the users on Twitter, this scam was running in the name of TESLA CEO Elon Musk. Scammers were tricking people by hacking verified Twitter accounts and swapping the name to ‘Elon Musk’ and responding to the tweets of real Elon Musk.

The scammers were successful in tricking the users on Twitter by requesting them to send cryptocurrencies in exchange for collecting a huge amount later. The threat actors have managed to earn $587,000 in bitcoin through a scam promoting fake Elon Musk cryptocurrency giveaway.

MalwareHunter team stated that scammers hacked the inoperative accounts, “big % but not all. At least 2-3 was active within a few weeks to few days, of those one looked possible the last activities were not from the original owner but of course couldn’t verify”. This is not the first time that scammers have tricked Twitter users in the name of Elon Musk giveaway, in 2018 scammers successfully managed to earn $180,000 by running an Elon Musk giveaway promotion. 

Cybersecurity organization Adaptiv assembled the data in June 2020 which showed that Bitcoin scammers have managed to earn nearly $2million over a period of two months and no surprise, scammers have used the name of Elon Musk. Elon Musk gave concerning remarks on these scams in February 2020 by stating “the crypto scam level on Twitter is reaching new levels, this is not cool”.

Threat actors targeted the verified Twitter accounts and took advantage of Twitter’s new protocol as Twitter shut down the feature to verify an account in July due to the company was targeted by the scammers in a major cryptocurrency scam.

Remote Images Used by Hackers to Evade Email Filters

 

Phishing emails impersonating well-known brands like Microsoft or PayPal need visual content to be successful. From brand logos to colorful pictures, images give a visual cue to the recipient that the email is innocuous and authentic. However, pictures add a visual component of authenticity to in any case fake emails: they likewise make the work of filtering emails a lot harder. Image spam has consistently been a very mainstream strategy for evading an email's textual content analysis, as there is no important content that can be separated from the text email parts. 

On the off chance that the detection of identical images is moderately simple—thanks to signatures based on cryptographic hashing algorithms, for example, MD5—the detection of similar pictures requires complex and costly algorithms. Without a doubt, to evade detection, phishers manipulate the pictures marginally, changing the compression level, colorimetry, or geometry to bypass email filters. They will probably make each picture unique to evade signature-based technologies.

Remote pictures have emerged as the most recent filter bypassing method by hackers hoping to exploit shortcomings in email security technology. In contrast to embedded images, which can be analysed progressively by email filters, remote pictures are facilitated on the web and accordingly should be fetched prior to being analysed. In 2020, the utilization of remote image-based dangers surged. In November 2020 alone, Vade Secure broke down 26.2 million remote pictures and hindered 262 million emails highlighting noxious remote pictures. 

Analyzing a remote picture requires getting it over a network. Exploiting this shortcoming, cybercriminals utilize extra strategies to make the process more cumbersome for security scanners, such as:

 • Multiple redirections

 • Cloaking techniques

 • Abuse of high-reputation domains 

The way towards blocking picture-based threats requires Computer Vision, a scientific field that manages how PCs can acquire a high-level understanding of visual content. Vade Secure implemented the first Computer Vision technology dependent on Deep Learning models (VGG-16, ResNet) in mid-2020 to distinguish brand logos in emails and sites. The Deep Learning models have been trained on a combination of gathered pictures and artificially created pictures. 

The outcome is that large numbers of these emails go undetected. For clients, this regularly implies accepting a phishing email and reporting it, just to get it once more, and sometimes, on numerous occasions.