WhatsApp has allegedly filed a lawsuit in Delhi against the Indian government seeking to prohibit regulations that go into effect on Wednesday. Experts fear the legislation can force Facebook's messaging app to violate privacy rules, according to Reuters. According to persons familiar with the litigation, show more ...
the complaint seeks the Delhi High Court to declare that one of the new IT rules violates privacy rights in the Indian constitution by requiring social media businesses to identify the original creator of the material when authorities demand it. The WhatsApp lawsuit intensifies a d... (read more)
Carl Pei, the co-founder of OnePlus, recently announced the Nothing brand and confirmed the release of the company's first TWS headphones later this year. While waiting for the news, the Twitter account of Carl Pei was hacked to carry out a Bitcoin scam, according to 91mobiles. When the attackers gained access show more ...
to the account, they tweeted that Nothing had joined the cryptocurrency industry with NothingCoin, that is based on the Ethereum (ETH) ERC 20 chain. The hacker also attached an address asking users to pay their ETH, after which "Nothing coins will be distributed". Pei urged readers not to send their ETH to avoid being scammed The tweet was removed minutes later, and Pei confirmed that his Twitter account had been hijacked. He further stated ... (read more)
According to Masatoshi Fujitani, president of the Tokyo-based Japan Forum for Strategic Studies (JFSS), the Summer Olympics in Tokyo are likely be the targeted by cyberattacks. Based on E Hacking News, the attacks are going to be originating from Russia. Mr. Fujitani, a former senior police official in Japan, show more ...
published an article in the online newspaper JB Press, based on the background of the hacker group DarkSide, which was allegedly involved in the attack on the largest U.S. gasoline pipeline, the Colonial Pipeline, and is linked to Russia. The Japanese expert states "In Japan, we have already started training "white hackers" and creating government hacker organizations". The JFSS Director calls on developed countries such as Japan, the United States, and the United Kingdom to take immediate action in partnership with public and commercial trade groups... (read more)
Researchers revealed on Tuesday a new espionage effort that has used damaging data-wiping attacks against Israeli companies since at least December 2020. According to The Hacker News, the malicious attack was disguised as ransomware extortion. SentinelOne, a cybersecurity company, linked the attacks to a nation-state show more ...
actor associated with Iran and that can be tracked under the alias Agrius. Security researchers' states "An analysis of what at first sight appeared to be a ransomware attack revealed new variants of wipers that were deployed in a set of destructive attacks against Israeli targets". "The operators behind the attacks intentionally masked their activity as ransomware attacks, an uncommon behavior for financially motivated groups". Modus Operandi
Bose was hit by a sophisticated ransomware attack in March that led to unlawful access to the personal data of current and former employees. The US audio technology giant informed the New Hampshire Attorney General's office that it first discovered the malware on March 7, 2021. However, on April 29, more than show more ...
two months later, they found out that personnel files had been accessed. The company said that “The personal information contained in these files include name, Social Security Number, and compensation-related information”. “The forensics evidence at our disposal demonstrates that the threat actor interacted with a limited set of folders within these files. However, we do not have evidence to confirm that the data contained in these files were successfully exfiltrated, but we are also unable to confirm that it was not”. The company said it has hired ... (read more)
In any bank fraud scheme, the criminals need to move funds to clean accounts or cash them out, and that means laundering. To cover their tracks, they transfer funds, first to money mules and thence somewhere else. At RSA Conference 2021, representatives of several major US and Australian financial institutions held a show more ...
panel discussion on the topic of money mules and the changing landscape, concluding that the fight against money laundering is a top priority for the financial sector. Pandemic-related changes in mule behavior Historically, operators of fraudulent schemes tended to use the accounts of existing bank clients for laundering purposes. The scammers gained access to them in one of three ways: By seizing control over legitimate accounts of unsuspecting bank clients by means of phishing or financial malware; By gaining victims’ trust through a sob story, for example about urgently needing money for medical treatment and not being able to use their own account because of an overdue payment; By recruiting online. In the latter scenario, mules were complicit and received a cut. Nowadays, cybercriminals open up to 90% of the accounts they use for money laundering, and that rate is growing. In the past two years, we have also witnessed many personal data leaks, some quite large. The dark web market for data sufficient to open a bank account is both vast and affordable. Therefore, using the data of an unsuspecting citizen to transfer even relatively little money may be economically justifiable. In addition to the above, the COVID-19 pandemic has caused major damage to many companies around the world. Some have been forced to close. Various countries are trying to help with grants to both businesses and individuals. Many banks have made it easier for those in need to get emergency loans. Many have simplified provisional credit checks, leading to a spike in the number of mules. Why you don’t want mules as clients Some banks pay little attention to incoming cash flows, especially if the amounts of cash are not very large. Generally speaking, bank security services have tended to focus on protecting customers and identifying attempts to hijack accounts. Moreover, a professional money mule who opened an account using someone else’s documents looks like a legitimate client simply receiving money. But even though mules do not harm banks directly, they don’t make good clients. For one thing, they don’t stay long and don’t tend to bring banks any substantial profit. That would already be reason enough not to want mules in the system. Second, associating with mules carries potential for serious reputational damage. No bank wants to be known for aiding and abetting illicit activity. Third, at some point, investigations of cybercriminal operations inevitably attract the attention of law enforcement agencies and regulators. Commissions from mule-related transfers simply do not come close to balancing the costs involved. How to identify mules among clients Sophisticated money-laundering schemes involve equally sophisticated tricks including the use of automation tools, proxy servers, remote administration tools, and the Tor network — all to discourage the linking of new schemes with previously identified fraud and laundering tricks. Combating such advanced operations requires specialized tools for timely cross-channel detection of money-laundering schemes. Kaspersky Fraud Prevention provides such capabilities, analyzing the devices cybercriminals use to connect to mule accounts, as well as login patterns and many other signs, enabling you to determine whether a client is involved in an illegal scheme. For more details about the solution, see our Kaspersky Fraud Prevention page.
Dave and I cover a lot of ground this week on the Kaspersky Transatlantic Cable podcast, from how obscure movies are holding up to surviving COVID-19, plus SolarWinds and more. We kick off the show with the latest on SolarWinds — not media speculation but straight from the horse’s mouth. In this article, our show more ...
old colleague Dennis Fisher recaps a talk given by Sudhakhar Ramakrishna, SolarWinds CEO, on the attack and what they have learned. Then, heading across the pond, we reflect on three years of GDPR and the biggest fines levied to date. For our third story, we take a look at Conti ransomware’s recent attacks on first responder and healthcare institutions. After that, Robby Cataldo, the managing director of Kaspersky North America, joins us to discuss RSA 2021, Cataldo’s bout with COVID-19, and how businesses have had to adapt to the pandemic. To close things out, we look at the fallout from a breach at Air India. If you liked what you heard, please consider subscribing and sharing with your friends. For more information on the stories we covered, see the links below: Attackers focused on SolarWinds network as early as January 2019 Three years of GDPR: the biggest fines so far FBI identifies 16 Conti ransomware attacks striking US healthcare, first responders Air India data breach impacts 4.5 million customers
Overworked, understaffed teams constantly jumping from one fire to the next - exhausted and reactive to events and alerts. The “SOC hop” is not sustainable. The post The SOC Hop Needs to be a Relic of the Past appeared first on The Security Ledger with Paul F. Roberts. Related StoriesFutility or show more ...
Fruition?Rethinking Common Approaches To CybersecurityDeere John: Researcher Warns Ag Giant’s Site Provides a Map to Customers, EquipmentCan Blockchain Solve Data’s Integrity Problem?
This threat has constantly been growing in the past year and boasts a wide range of malicious capabilities such as browser hooking, credential theft, MiTM proxy setup, and a VNC module, among others.
Cyberattacks can harm credit ratings mainly through reputational damage and potential monetary losses, the ratings agency said in a report titled 'Cyber Risk In A New Era: The Effect On Bank Ratings.'
The BravoMovies campaign uses an elaborate infection chain that’s in keeping with BazaLoader affiliates, who coax their victims into jumping through a number of hoops to trigger the malware payloads.
No one knows who took control of Darkside's servers, a week after the shady Russia-based hackers forced the closure of a major US oil pipeline, causing gasoline shortages across the Eastern US.
A Checkbox Survey vulnerability that could allow a remote attacker to execute arbitrary code without authentication is being exploited in the wild, the CERT Coordination Center (CERT/CC) at CMU warns.
While the world's diplomatic attention has been focused on the North's nuclear goals, analysts warn its army of thousands of well-trained hackers is proving just as hazardous.
A group claiming responsibility for the attack released records and documents containing names, phone numbers, and addresses of patients and staff, Radio New Zealand and other local media reported.
Acting as a cyber adversary, the red team will emulate the behavior of threat actors and perform penetration tests to identify any weaknesses in the Coast Guard's cyber defenses.
Ransomware is not just a type of malware – it’s also at the center of a sophisticated, flourishing underground economy that has all the conventions of legitimate commerce.
Siemens on Tuesday released an advisory to inform customers about several high-severity vulnerabilities affecting its Solid Edge product which are introduced by widely-used fourth-party software.
The Ryuk ransomware operators continue to target critical infrastructure and extract high ransom payments from vulnerable groups, including an attack on a large health care organization last year.
Cyberattacks have long been seen as a threat to financial markets, but worries are becoming even more acute after a US pipeline hack that set off a public panic and forced the company to pay a ransom.
Impacted agencies whose names have been made public so far include the Ministry of Land, Infrastructure, Transport, and Tourism; the Cabinet Secretariat; and the Narita Airport.
Victorovich Firsov, a Russian national has been jailed for 2.5 years for acting as the administrator of deer.io, a platform designed for the sale of stolen data and accounts.
Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's IDE.
French authorities have dismantled their third dark web marketplace over the last four years after they seized control of “Le Monde Parallèle” (The Parallel World) last week.
Potential victims are sent phishing documents branded with the UNHRC logo. Named UgyhurApplicationList.docx, this document contains decoy material relating to discussions of human rights violations.
A malware attack on Crown Corporation has caused a data breach affecting 44 of the company’s large business clients and their 950,000 receiving customers, the postal agency confirmed Wednesday.
According to Masatoshi Fujitani, president of the Tokyo-based Japan Forum for Strategic Studies (JFSS), the Summer Olympics in Tokyo are likely to be targeted by cyberattacks.
The report also mentioned that hackers had used the cloud storage facilities of Russia's leading technology firms, Yandex and Mail.ru, to help exfiltrate data stolen from the government agencies.
ClearSky attributed multiple attacks on cryptocurrency exchanges to a threat actor, dubbed CryptoCore, and linked its activities with Lazarus. It swindled hundreds of millions of dollars from the U.S., Israel, Europe, and Japan over the past three years.
After a hiatus, Zeppelin ransomware, a possible variant of the Vega Ransomware-as-a-Service (RaaS), is active again. Without stepping into the trend of double extortion, it can still cause serious damage to victims' systems.
Attacks on Taiwan-based QNAP continue to turn ugly. It is now advising its clients to update the HBS 3 disaster recovery app to block Qlocker ransomware actors who now use a backdoor that exploits a hard-coded credentials vulnerability.
The Scattered Canary group is already suspected of making millions defrauding the states of Hawaii, Florida, Massachusetts, North Carolina, Oklahoma, Rhode Island, Washington, and Wyoming.
The IoT Controller web application includes a NodeJS module, node-red, which has the capability for users to read or write to local files on the IoT Controller. With the elevated privileges the web application runs as, this allowed for reading and writing to any file on the IoT Controller filesystem.
A Python script (web.py) for a Dockerized webservice contains a directory traversal vulnerability, which can be leveraged by an authenticated attacker to view the contents of directories on the IoT Controller.
Three API endpoints for the IoT Controller are accessible without authentication. Two of the endpoints result in information leakage and consumption of computing/storage resources. The third API endpoint that does not require authentication allows for a factory reset of the IoT Controller.
Ubuntu Security Notice 4969-2 - USN-4969-1 fixed a vulnerability in DHCP. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service. Various other issues were also addressed.
Ubuntu Security Notice 4969-1 - Jon Franklin and Pawel Wieczorkiewicz discovered that DHCP incorrectly handled lease file parsing. A remote attacker could possibly use this issue to cause DHCP to crash, resulting in a denial of service.
Red Hat Security Advisory 2021-2139-01 - Red Hat Data Grid is a distributed, in-memory data store. This release of Red Hat Data Grid 8.2.0 serves as a replacement for Red Hat Data Grid 8.1.1, and includes bug fixes and enhancements, which are documented in the Release Notes document linked to in the References. Issues show more ...
addressed include bypass, code execution, denial of service, information leakage, and server-side request forgery vulnerabilities.
Gentoo Linux Security Advisory 202105-39 - Multiple vulnerabilities have been found in Ceph, the worst of which could result in privilege escalation. Versions less than 14.2.21 are affected.
Ubuntu Security Notice 4968-1 - It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code.
Sysdig Falco is a behavioral activity monitoring agent that is open source and comes with native support for containers. Falco lets you define highly granular rules to check for activities involving file and network activity, process execution, IPC, and much more, using a flexible syntax. Falco will notify you when these rules are violated. You can think about falco as a mix between snort, ossec and strace.
The QImage class can read out-of-bounds when reading a specially-crafted PNG file, where a tag byte offset goes out of bounds. This could potentially allow an attacker to determine values in memory based on the QImage pixels, if QT is used to process untrusted images.
Severe security flaws uncovered in popular Visual Studio Code extensions could enable attackers to compromise local machines as well as build and deployment systems through a developer's integrated development environment (IDE). The vulnerable extensions could be exploited to run arbitrary code on a developer's system remotely, in what could ultimately pave the way for supply chain attacks. Some
The Uyghur community located in China and Pakistan has been the subject of an ongoing espionage campaign aiming to trick the targets into downloading a Windows backdoor to amass sensitive information from their systems. "Considerable effort was put into disguising the payloads, whether by creating delivery documents that appear to be originating from the United Nations using up to date related
Cybersecurity researchers on Wednesday publicized the disruption of a "clever" malvertising network targeting AnyDesk that delivered a weaponized installer of the remote desktop software via rogue Google ads that appeared in the search engine results pages. The campaign, which is believed to have begun as early as April 21, 2021, involves a malicious file that masquerades as a setup executable
A big cheese ends up in jail, a Japanese dating site spills the dirt after a hack, and we learn all about the right to repair. All this and much much more is discussed in the latest edition of the "Smashing Security" podcast by computer security veterans Graham Cluley and Carole Theriault, joined this week by show more ...
Paul Roberts from The Security Ledger. Plus don't miss our featured interview with Javvad Malik from KnowBe4.
Are you doing enough to prevent scammers from hijacking your social media accounts? Even if you have chosen a strong, unique password for your online presence and enabled two-factor authentication it's possible that you've overlooked another way in which online criminals could commandeer your social media show more ...
accounts and spam out a message to your followers. Read more in my article on the Tripwire State of Security blog.
