London Police Arrest Romanian ATM Hacker Who Stole Millions

Romanian man has been arrested and charged with conspiracy relating to his involvement in a prolific ATM malware campaign.

Emanual Leahu, 30, was arrested in the western city of Bacău, Romania by the London Regional Fraud Team (LRFT) London police run by the City of London Police on Tuesday 20 September, extradited to the United Kingdom last week.

Leahu is believed to be a member of a European ATM hacking gang that stole more than £1.5 Million ($2 Million) from cash machines across the UK in 2014 using ATM malware to bypass security controls.

The gang physically broke into ATMs to directly load malware onto the machines, allowing it to withdraw "large amounts of cash." The malware was good enough to erase itself to hide its tracks, making it difficult to identify the culprit.

Three out of Five Gang Members Arrested


Luckily, due to the gang's carelessness, one of its members was recorded by a hidden ATM surveillance camera, which allowed the police to identify and arrest him.

The gang hit 51 ATMs in standalone public places across the UK, including London, Portsmouth, Bognor Regis, Brighton and Liverpool over the 2014 May Bank Holiday weekend.

This is the third arrest in the case after Grigore Paladi and Teofil Bortos, who were arrested and sentenced in 2014 and 2015 to 5 and 7 years in jail for their roles in robbing vulnerable ATMs.

According to the UK authorities, the gang has five members, with the other two suspects still remain at large in Romania. European arrest warrants have already been issued in their names as well.

Read More

Spotify Free Service Caught Dropping Malware on User Browsers

MANY SPOTIFY USERS ARE COMPLAINING THAT ITS FREEMIUM SERVICE IS INFECTING THEIR BROWSERS WITH MALWARE.

Last year, the music and video streaming giant Spotify was in the bad news when Russian hackers were suspected to have hacked some of its users’ accounts or when the company’s CEO Daniel Ek apologized for collecting private dataof its users. But now, a number of Spotify premium users are complaining that the service is infecting their browsers with malware ads by loading malicious sites without their permission.

One of the Spotify’s users going by the handle of TonyOnly reported on Spotify community about unusual activity on his browser. 

“There’s something pretty alarming going on right now with Spotify Free. This started a several hours ago. If you have Spotify Free open, it will launch – and keep on launching – the default internet browser on the computer to different kinds of malware / virus sites. Some of them do not even require user action to be able to cause harm.”

In reply, Jason from Spotify said that the company is investigating the issue.

“We’re currently looking into this with the team here. We’ll pass that information on to the investigating team. We’ll also make sure to update this thread once we have a further update to share with you.”

At first, it was reported that only Windows 10 users are facing the issue but later it turned out that Mac and Ubuntu users are not safe either.

Read More

Two INDISHELL Hacker group’s members arrested at Noida

Two Hackers of the group “Indishell” which is located in India has been arrested on Saturday after the investigation by the Police at Noida (India). The accused who was arrested is a B-Tech Student from Computer Science actually they have hacked a e-commerce website which provides mobile recharges, d2h recharges and many types of recharges, they have cheated them about more than 50 Lakh.

Hackers who were arrested

• Sumit Gupta (24)
• Ankit Singh (22)

They both are from U.P (Uttar Pradesh), Police have charged them under sections 420 of the IPC (Indian Pinal Code) and 66c of the IT act 2008.

“We received a complaint from the head of recharge of Memory Electronics Pvt Ltd about the website being hacked,” said Triveni Singh, DSP (cyber-crime cell) GB Nagar. 

According to Triveni, The IP address used by the hackers was located in Sector 62 of Noida. Cops then zeroed in on the duo, allegedly involved in scores of hacking cases. To siphon off the money, the hackers would bypass the cc avenue payment gateway, cops said. “After hacking into the server, the accused obtained administrative rights of the website. When users asked for recharge of their cellphones, DTH cards, net cards, etc., the hackers would just key in the cell number and the amount to be topped up. However, no bill would be generated as the hackers had bypassed the payment page,” 

Read More

Over 32 Million Twitter Accounts Possibly Hacked

Twitter has fallen victim to a serious cyber-attack just a month after the previous mega-hacks. But this is not an everyday hack; the perpetrators managed to get the IDs of over 32 million Twitter users.

Such reports usually emerge from the dark web. However, this time, the news is making rounds on authentic websites where there are even offering to remove the login credentials of the victims at no cost.

TechCrunch says the data has been confirmed to have been from 32 million hacked Twitter accounts.

One unusual thing about the hack and the reports is that they are both coming from a website that allows ordinary people to download the much leaked information, but also allows you to delete your details from the data pool.

Among all the involved websites, LeakedSource is the one capitalising on the hack the most.

The website carried the report in a post where it stated that it got a copy of the leaked Twitter login credentials from an email address named Tess88@exploit.im

According to LeakedSource, the Twitter login details are being traded without restrictions on the underground forums of the dark web.

A further report was released which indicated that over 32, 888, 300 records with personal details likeemails, login names, and passwords have been exposed.

If you have an account with Twitter, quickly go to the LeakedSource site and have your details erased without any charge.

Twitter itself has not made mention of the leak. However, there was some contact between the social media platform and LeakedSource to investigate the issue.

Read More

Watch Out Gamers: Hacked Steam Accounts Distributing Malware

STEAM USERS ARE AGAIN UNDER THE RADAR OF CYBER CRIMINALS — THIS TIME, HACKED STEAM ACCOUNTS HAVE BEEN FOUND DISTRIBUTING REMOTE ACCESS TROJAN (RAT).

Previously we informed our readers about the hacking of Steam accounts. Now a Reddit user is claiming that some of these hacked accounts are distributing malware.

The user on Reddit who goes by the alias Hayaddict can be seen alerting about the hackedSteam accounts being used to SPAM malicious URLs. Steam chat is the primary platform used for the distribution of this new malware. The chat messages contain a link to a video available at this address: videomeo.pw. As soon as the recipient of this message visits this page, another message window pops up requesting the visitor to download a Flash Player update to watch the video.

Lawrence Abrams from Bleeping Computers writes that if the unsuspecting user downloads this update and installs it, nothing will happen and the video still won’t be displayed because the installer is actually a malware. This Trojan immediately executes zaga.ps1, which is a PowerShell script that downloads a 7-zip archive, a CMD script and 7-zip extractor from the zahr.pw server.

After downloading these files, the PowerShell script launches the CMD file first. This file extracts the sharchivedmngr to the %AppData%\lappclimtfldr folder. Furthermore, when the user logs in, it configures the Windows to execute the mcrtvclient.exe automatically, which is a copy of the NetSupport Manager Remote Control Software. Upon launching, the NetSupport gateway connects with it at leyv.pw:11678 allowing the attacker to create a direct link with the infected computer remotely. The malware stays disabled until it receives commands from the C&C server.

To check if your computer is infected with the Steam Trojan, you can inspect the %AppData% folder for the presence of folders that we have mentioned above, states Abrams.

But, even if your computer is not infected with this virus, we urge that you never pay any attention to suspicious links and refrain from visiting links that offer videos or any kind of illicit content. Especially, never download any updates from third party websites, but only use the authentic websites of the company for downloading updates. Last but not the least, always keep an updated version of anti-virus installed on your computer to avoid infections.

For more technical details we recommend visiting Bleeping Computer blog post by clicking here.

Read More

South Korea says their military cyber command was hacked

SOUTH KOREA SAYS THEIR MILITARY CYBER COMMAND WAS HACKED WITH A MALICIOUS CODE – USUAL CULPRIT: NORTH KOREA.
South Korea says its military cyber command center was hacked last month after officials found a malicious code in the system. It is unclear how the code got into the system but its target was a ”vaccine routing server” used by country’s military cyber command.

The vaccine routing server was installed to provide extra security to military computers connected to the Internet. According to Yonhap News country’s national defense committee member Kim Jin-pyo:

“A malicious code has been identified and it seems to have taken advantage of the vulnerability of the routing server,” he said. “In a cautious measure, the server has been separated from the network.”
Kim also suggested that the chances of stealing or leaking sensitive data are low as the military intranet was not connected to the targeted server.

The usual suspect of this attack is North Korea however the investigators are on a fact-finding mission and will not officially blame anyone until investigations are completed.

You shouldn’t be surprised if North Korea is found to be the culprit behind this attack. The South has blamed North several times for conducting cyber operations against its servers. Last year, North pointed their fingers on the South for hacking its Neaclure plant and subway system.

Unit 21 is one of the more well known state-sponsored hackers. Unit 121 is an elite group of highly trained hackers, who are solely focused on cyber espionage. This unit is made up of the best and brightest minds, that have been handpicked from a very early to be trained in cyber warfare.

Read More

New Lockscreen Ransomware Targeting Android Devices

SYMANTEC SECURITY CLAIMS ANDROID LOCKSCREEN RANSOMWARE USING PSEUDORANDOM PASSCODE TO ENSURE VICTIM PAYS THE RANSOM.

Android Lockscreen ransomware has been around for quite some time now but the new version of these is far more powerful and resilient. Previously the ransomware used to lock the screen using a hardcoded passcode but experts were able to perform reverse engineering to provide the victim with the passcode so that they could unlock their devices. However, in the new version the attackers have made it impossible to reverse engineer the passcode since the ransomware uses pseudorandom passcodes. Due to this, the victims aren’t able to unlock their devices and are forced to pay the ransom.

Attackers have also equipped this new version with a custom lockscreen that is joined with the device’s lockscreen. This creates another problem for the victim. It must be noted that such Trojans are now being directly created on mobile devices prior to being distributed to unsuspecting users.

But what is Pseudorandom passcode?

When a device has been infected by this malware, it creates a custom System Error message window, which is pasted atop every visible user interface on the infected device. The malware also displays intimidating messages through this window asking the user to talk to the attackers to get the passcode.

The previous versions of Android Lockscreen ransomware hardcoded the passcode that would unlock the device in the sample’s code but the new version replaced it with a pseudorandom number. This means, pseudorandom passcodes are basically randomly generated numbers, which could be either 6 digit or 8 digit numbers. The figures presented below show both the 6 digit and 8 digit numbers.

The number that is randomly generated is different for every device since the base number is acquired with the “Math.Random()” function. It is important to note that the malware developers have fortified the threat by combining the pseudorandom passcode generation mechanism with a trick they have been using in the previous versions. That is, along with a customized lockscreen that is created through the System Error window, the device admin privileges are also used by the attackers to modify the PIN of the device’s normal lockscreen.

To mitigate the threat, Symantec suggests the following practices:

➢ Always update software

➢ Never download apps from unauthentic websites

➢ Always install apps from trusted websites/platforms

➢ Closely watch the permissions asked by the downloaded apps

➢ Do install a reliable mobile security app like Norton to keep your device and data secure

➢ It is a wise idea to always create a data backup

Read More

Meet Linux.Mirai Trojan, a DDoS nightmare

LINUX-BASED DEVICES ARE AGAIN UNDER THE RADAR. THIS TIME, CYBER CRIMINALS ARE INFECTING THEM WITH LINUX.MIRAI TROJAN TO CARRY LARGE-SCALE DDOS ATTACKS.

The IT security researchers at Russian firm Doctor Web have discovered yet another trojan that is specifically developed to target Linux-based devices and conduct Distributed Denial of Service (DDoS) attacks.

Dubbed Linux.Mirai by researchers; the trojan works with the SPARC, ARM, MIPS, SH-4, M68K architectures and Intel x86 computers.

An important fact about Linux.Mirai is that it was previously found by Doctor Web in May 2016 under the name of Linux.DDoS.87. It has similar features as Linux.BackDoor.Fgt, a backdoor that was found infecting Linux operating system back in 2014. But Linux.DDoS.87 targets Linux operating system by killing old and existing trojans. In order to avoid removing itself, the trojan creates a file named .shinigami, (Shinigami means “god of death” or “death spirit” in the Japanese language), in its folder and check its presence time by time.

Furthermore, the trojan connects back to a command-and-control server to get more instructions and also sends the MAC addresses and the architecture of the infected system. If commanded to run a DDoS it can launch attacks like UDP flood; UDP flood over GRE; DNS flood; TCP flood (several types); HTTP flood.

The maximum uptime of Linux.DDoS.87 on an infected computer is one week, after which the Trojan terminates its operation.

When it comes to Linux.Mirai, the trojan has a few more features than its predecessors, for example, it can turn off Linux Watchdog timer (WDT), a hardware circuit that can reset the computer system in case of a software fault.

Linux was once considered as the most secure operating system to use, but with a passage of time, they have become a prime target for cyber criminals. Recently, Bashlite or Lizkebab and LuaBot malware were also found targeting Linux devices.

Read More

How To Increase Your Web Browing Speed. 3 Ways to hack DNS, which will increase your Web Browsing Speed

There is perhaps nothing more painful than having a slow internet connection in the modern world and it is even more painful if you have good bandwidth but it does not capitalizes the full potential of the bandwidth. One good way to make your browsing experience faster and more reliable is by hacking the Domain Name System (DNS) system.

The routers and internet servers do not understand the web address that you write in your browser, such as http://www.google.com. The website’s address is converted in to a string of numbers which is called IP address, such as 74.125.224.72. DNS server is the one which transforms a web address into an IP address. If your ISP’s connection with the DNS server is slow then it does not matter how big your bandwidth is since the full potential cannot be utilized as the DNS lookup will be slow.

Three ways are suggested in the following text to hack the DNS lookup process to make it faster by not using your ISP’s DNS server.

OpenDNS is the one that is preferred by many, more than 50 million, and it is our favorite too. It has 21 global data centers which are strategically located so that when a DNS request is made the closest DNS server resolves it. Thus, making the process faster as company describes it in the following words:

“Unlike other providers, OpenDNS’s network uses sophisticated Anycast routing technology, which means no matter where you are in the world, your DNS requests are answered by the datacenter closest to you.”

It is more reliable and secure than the ISP’s DNS server as well. On top of that it is very flexible and provides many additional features. When you signup then you will provided with a guided manual about the service.

Google Public DNS

Google has a vast knowledge base about DNS because of their search technology which requires crawling the web faster to answer search queries faster. Thus, they also have a very good, free and reliable DNS service. You can get more information instructions here.

namebench

namebench is very different from OpenDNS or Google Public DNS in the sense that it is a free software which you download and install on your device and then run it to find the best DNS system for you. It does not resolves the DNS itself but compares different DNS systems, such as OpenDNS or Google Public DNS or your ISP’s DNS.

from WordPress http://ift.tt/2dHCWq2
via IFTTT

Read More

Anyone can use Facebook servers for DDoS attacks: Vulnerability Exposed

Distributed denial-of-service (DDoS) attacks are ever increasing and the attackers are using novel and sophisticated ways to carry out their malicious acts. A new way is to use Facebook ‘Notes’ as a mechanism to trigger DDoS attack using the image, <img>, tag according to Chaman Thapa, known as ‘chr13’ who wrote in a blog recently.

“Facebook Notes allows users to include <img> tags. Whenever a <img> tag is used, Facebook crawls the image from the external server and caches it,” Thapa wrote.“Facebook will only cache the image once however using random get parameters the cache can be by-passed and the feature can be abused to cause a huge HTTP GET flood.”

He explained the steps needed to be taken in the blog one by one. The users can tag 1000 images in one Facebook Note or the same image can be tagged a 1000 times. Suppose each image is at least 1 Mb and if 100 users try to see the note at the same time then the amount of parallel requests for Facebook servers is already huge that is 1 * 100 * 1000 = 100,000 Mb or 97.65 Gb.

This can become even bigger if the image file is replaced with some other file of larger size. For example, Thapa used PDF file of 13 Mb and demonstrated that the impact can be huge.

“Getting rid of the browser and using the poc script I was able to get ~900 Mbps outbound traffic,” Thapa wrote in his blog. He continues:

“I was using an ordinary 13 MB PDF file which was fetched by Facebook 180,000+ times, number of Facebook servers involved was 112.”

He found similar issues with Google also which means that the method can be easily replicated to other services. After reporting the issue to Facebook, Thapa got a reply from them telling him that they will not fix it. Facebook wrote:

“In the end, the conclusion is that there’s no real way to us fix this that would stop “attacks” against small consumer grade sites without also significantly degrading the overall functionality.”

Thapa criticized Facebook for not taking it seriously. He wrote:

“I’m not sure why they are not fixing this. Supporting dynamic links in image tags could be a problem and I’m not a big fan of it. I think a manual upload would satisfy the need of users if they want to have dynamically generated image on the notes.”

from WordPress http://ift.tt/2cL19pm
via IFTTT

Read More

FBI admits “We have the ability to hack webcam without knowing you”

Most popular investigation agency “FBI” can easily activate the computer’s webcam without any user intervention.

At the time, when we turn on our webcam, there is usually a light which indicates us about the status of cam, but FBI can easily by -pass that and can switch on the webcam without turning on the light.

The agency has the ability to access webcam for years, Washington post reported.

It is also stated by the former assistant director of the FBI’s Operation Technology division ‘Marcus Thomas’-“Our agency can access webcams.”

Thomas pointed out that this ability has been used mainly in counter terrorism or any type of serious criminal investigation.

US officials say- This technique is used by the FBI sparingly, to keep public references to its online surveillance tools to a minimum.

After evidence is gathered, subjects are notified about the surveillance.

Thomas said, “Because of encryption and because targets are increasingly using mobile devices, law enforcement is realising that more and more they’re going to have to be on the device,” “They’re going to have to use these types of tools more and more.”

Until, there is not any rule on whether these types of techniques are attack on privacy.

Whereas, principal technologist for the American Civil Liberties Union ‘Christopher Soghoian’ said, “We have transitioned into a world where law enforcement is hacking into people’s computers, and we have never had public debate,” “Judges are having to make up these powers as they go along.”

from WordPress http://ift.tt/2dJHPLy
via IFTTT

Read More

Cisco Battles Shadow Broker Exploits

Cisco has swung into action to combat a hacker group’s exploitation of vulnerabilities in its firmware. The group, known as the “Shadow Brokers,” released online malware and other exploits it claimed to have stolen from the Equation Group, which is believed to have ties to the United States National Security Agency.

Cisco earlier this month disclosed the vulnerability, along with intrusion prevention system signatures and SNORT rules, “even though the patches are still under development,” said Cisco spokesperson Yvonne Malmgren, “because we learned that there may be public awareness of the vulnerability.”

This will let customers “actively monitor and protect their networks,” she told the E-Commerce Times, and it ensures that they “have the same level of information and awareness that we do.”

Customers can check Cisco’s Events Response Page for updates about its investigation into the issue.

The vulnerability affects products running Cisco IOS XR 4.3.x to 5.2.x, as well as Cisco IOS XE 3.1S and up.

The Cisco IOS Software Checker identifies any Cisco security advisories that impact a specific IOS Software release, as well as the earliest patch for the vulnerabilities in each advisory.

Bracing for Breaches

The vulnerability is in the Internet Key Exchange version 1 packet processing code in Cisco IOS, Cisco IO XE and Cisco IOS XR software.

It’s due to insufficient condition checks in the part of the code that handles IKEv1 security negotiation requests.

Attackers could exploit it by sending a crafted IKEv1 packet to an affected device that’s configured to accept IKEv1 security requests, Cisco said. Exploiting the flaw lets attackers retrieve memory contents, which could lead to the disclosure of confidential information.

The flaw could have a “possibly substantial” impact, said Giovani Vigna, CTO of Lastline.

“Many devices out there are not managed well,” he told the E-Commerce Times. “They are installed and left to cyber-rot.” These mismanaged devices “are going to be vulnerable, and used as the first point of compromise in enterprise networks.”

When exploited, the vulnerability discloses information such as virtual private network configuration details and RSA private and public keys, said Thomas Pore, director of IT and services for Plixer.

They “cover a range of equipment that, in some cases, will likely never be patched,” he told the E-Commerce Times

Customers using Cisco products and others that are affected by this revelation “are bracing themselves for potential data breaches — or, even worse, finding out that some hidden resident malware has been lurking on their systems for an unknown period of time,” remarked Chenxi Wang, chief strategy officer for Twistlock.

“Cisco seems to be moving fairly fast to release fixes for the vulnerabilities disclosed by the Shadow Brokers,” she told the E-Commerce Times, but “the industry would love to see more publicized information on how Cisco achieves secure development lifecycle practices — and possibly a bug bounty program to boot.”

The NSA Connection

If it’s true that the Equation Group does have ties to the NSA, then “if the NSA has zero-day vulnerability information on all the top firewall brands, what other kinds of information do they have at their disposal to conduct surveillance on civilians and organizations at their discretion?” Wang asked.

Those ties could be why the NSA didn’t notify Cisco of the vulnerabilities, suggested Plixer’s Pore, and “the problem with not disclosing vulnerabilities for the sake of national security is that now many U.S. private and government organizations are vulnerable to potential nation-state attacks.” 

from WordPress http://ift.tt/2cTjPXx
via IFTTT

Read More

Surviving the Internet’s Troll Apocalypse

Social media has sharpened humans’ age-old appetite for public shaming, providing a stage and unlimited seating for a seemingly unending stream of immorality plays. Those who share even the simplest identifying details about themselves are vulnerable to being pushed into the glare of the spotlight.

The anonymity the Internet provides frees many individuals of the consequences they might face offline for being abusive to other people. Perhaps appearing to their friends, family and connections as ordinary people in the real world, these Jekyll-and-Hyde netizens transform into trolls to carry out their online assaults.

Anonymity has been a hot button issue for just about the entire life of the Internet, and although there is no 100 percent solution in sight, the situation is not entirely hopeless, according to Charles King, principal analyst at Pund-IT.

“So long as public sites enable user anonymity, pathological behavior will continue, because it thrives in the shadows,” he told TechNewsWorld. “Forcing abusers into the sunlight may be difficult or impossible — but changes in rules, laws and enforcement practices could make their lives more complicated and less comfortable.”

Deep Dive Into Dirt

We know what the problem looks like, thanks to big data and analytics.

A recent analysis identified more than17,000 tweets related to body shaming, for example, and ranked the most common terms Twitter users lobbed at others to shame them for their weight.

Artificial intelligence soon might be able to catch and moderate cruel posts mere moments after publication, suggested a University of Lisbon team of researchers who have leveraged machine learning to teach AI to suss out sarcasm.

For now, the moderation and reporting tools available aren’t set up to prevent or discourage online abuse, said Rob Enderle, principal analyst at the Enderle Group.

“Reputation protection services can be used, but that doesn’t scale well — they target one person at a time — and it can be really expensive if you have to litigate and your attacker has no money,” he told TechNewsWorld.

What to Do?

It appears Reddit currently has the best system in place, in Enderle’s view, as its shadow-blocking tools shield users from whomever they wish to block, while allowing offenders to keep their accounts. Offenders are none the wiser, barring some detective work.

“Of course, publicizing shamers so they lose their jobs, gym memberships, and get attacked themselves does work,” he acknowledged, “and if it is done enough, that should change behavior.”

However, that approach so far hasn’t been used enough to make a difference, Enderle said.

That could change if social media sites and other forums were willing to make some changes.

They could take proactive steps that might make a difference, noted King, who pointed to a list ofsuggestions for Twitter, posted online by Randi Lee Harper, founder of the Online Abuse Prevention Initiative.

Those changes might result in a significant decrease in the prevalence of abuse on Twitter, but what will it take to inspire websites and their parent companies to intercede?

“Many, if not most, technology vendors bend over backward to avoid favoritism and maintain level playing fields for users of all stripes,” King pointed out. “I respect that attitude, but it’s often subject to being gamed by some users — and in some circumstances has resulted in online environments that amplify abusive behavior.”

Societal Shift

Machine learning tools one day might be capable of rejecting abusive comments before their intended targets ever see them. However, even if the companies running social networks work strenuously to stomp out online abuse, it’s ultimately up to humans to ensure that humanity prevails.

The best line of defense against social shaming starts at home, suggested counselor Scott A. Spackey.

“Family validation and bonding, and personal achievement with sports, school work and personal goals is the antidote to ANY source of social shaming,” he told TechNewsWorld.

People are more immune to criticism from outsiders when they have evidence to the contrary, provided by self knowledge and by those in their inner circles, Spackey said. For example, it’s easier to brush off being called “stupid” when one’s grades indicate otherwise.

“We all need to remember there’s no law against unfriending a social network contact at any time,” he noted. “Virtual life has same rules as non-virtual life: You get to have the final say on who you interact with and what you are exposed to.”

While it’s ideal to teach those lessons in the home, it’s never too late to improve oneself with education and re-education.

Pity the Fool?

When Playboy Playmate Dani Mathers snapchatted an image of an older woman nude in a locker room, that was an opportunity for education, according to relationship and etiquette expert April Masini.

“It was a moment to talk about what happens, naturally, to our bodies,” she told TechNewsWorld.

“There is a lesson for Ms. Mathers to learn that bodies age and they don’t look the same at 20 as they do at 60 or 70 or 80, and that it’s important to celebrate the changes of a healthy and aging human being,” Masini said, “instead of mocking the change that is often difficult to endure because it’s a signal life is slipping away — as it should.”

Mathers undoubtedly was “afraid of what she saw” to some degree, she suggested, and might not even be conscious of the aging of her own body.

“The impetus for body shamers and bullies is usually fear,” Masini said. “We see bravado and mean-spirited posts — we don’t acknowledge the fear behind the person posting.” 

from WordPress http://ift.tt/2dECgl3
via IFTTT

Read More

Hacking Elections Is Easy, Study Finds

question whether hackers will influence the 2016 elections in the United States — only how much they’ll be able to sway them.

Leaked emails already have cost a Democratic Party chairperson her job, and the FBI last month issued a flash warning that foreign cyberadversaries had breached two state election databases.

Those two states — most likely Arizona and Illinois — aren’t alone in having their voter information compromised. Voter registration databases from all 50 states are being hawked on Deep Web marketplaces, an investigation by the Institute for Critical Infrastructure Technology has found.

Those databases could be used for all kinds of mischief, noted ICIT Senior Fellow James Scott, who collaborated with ICIT researcher Drew Spaniel on a study of voting system vulnerabilities.

For example, an attacker could sour a candidate’s supporters by sending bogus robocalls, supposedly originating from the candidate, at 3 a.m.

“An attacker could alter registration records on Election Day to delay and disrupt the election process and to spread disenfranchisement in the U.S. democratic process,” Scott told TechNewsWorld.

Dilapidated Black Boxes

Theft of voter registration records may be just the tip of the iceberg. U.S. voting systems are woefully vulnerable to hacker attacks, the ICIT maintained in the study released last week.

“Western democracy is held hostage to vulnerable code in black boxes on dilapidated bare bones PCs with virtually zero endpoint security, otherwise known as e-voting machines,” Scott and Spaniel wrote.

“Moreover, the systems are maintained and managed either by manufacturer personnel who obfuscate the insecurity of the systems or by local and state voting officials who are the very prototype of victims that repeatedly fall for spear phishing, ransomware and malware attacks and other easily avoidable cyber-attacks,” they continued.

“The problem in the sector is not merely a matter of lacking basic cyber hygiene, rather it is the sheer absence of the technical aptitude required to understand the cyber, physical and technical landscape available for exploit by the multitude of adversaries possessing a keen interest in manipulating the election process,” Scott and Spaniel added.

Safety in Fragmentation?

As vulnerable as U.S. voting systems are, it would be difficult for hackers to influence the outcome of an election, maintained Tellagraff CEO Mark Graff, a former CISO of Nasdaq and Lawrence Livermore Labs.

“It’s one thing to steal voter registration information from websites on the Internet, but it’s quite something else to modify that information on the sites,” he told TechNewsWorld.

There’s a difference between generating noise intended to undermine the credibility of the election and actually influencing the outcome, Graff pointed out.

“I don’t believe there is a credible case right now that they are trying to directly influence the outcome of the election,” he said.

“While our systems do have vulnerabilities, the fact that we have a federal system and all 50 states have their own systems is a strength,” Graff observed. “It might be possible to change some votes, but to change the outcome of an election and do so in a way that could not be detected is not practical at this point.”

Media Illusion

The fragmentation defense is an illusion propagated by the media, claimed ICIT’s Scott.

“The fragmented system does absolutely nothing to mitigate the risk of cybercompromise of election systems,” he argued. “If anything, the disjointed, distributed system makes it easier.”

The cybersecurity requirements of voting systems are not standardized or regulated, Scott explained. As a result, some states protect their systems, while other states only think that they protect their systems.

“Attackers only need to compromise one or a few counties in one or a few states to have a major impact on the national election,” he said. “It does not matter if some of the states adequately protect their systems, because the states that do not undermine the entire process.”

Brass Bull’s-eye

When it comes to ransomware, company brass have a bull’s-eye on their backs.

Upper management and C-level executives were popular targets of ransomware attacks, according to a recent Malwarebytes survey of 540 CIOs, CISOs and IT directors representing companies with an average of 5,400 employees across the U.S., Canada, UK and Germany.

Eighty percent of attacks affected mid-level managers or higher, the survey participants reported. A quarter of the attacks (25 percent) affected senior executives and the C-suite.

Ransomware in the wild increases by 46 percent or more every six months, noted Malwarebytes Senior Security Researcher Nathan Scott told TechNewsWorld. “That’s because ransomware makes so much more money than any other malware that we have ever seen.”

Breach Diary

• Sept. 19. Active Network of Texas offers two years of free identity repair services in letter to 1 million Oregon and 1.5 million Washington Department of Fish and Wildlife customers potentially affected by data breach of hunting and fishing license sales system maintained by Active in those states.
• Sept. 19. Payment systems at four Genghis Grill locations were compromised by malware between Feb. 9 and Sept. 7, placing at risk some 55,000 transactions by customers during that period, Dallas Morning News reports.
• Sept. 20. St. Francis Health Systems in Tulsa, Oklahoma, confirms data breach in which 6,000 names and addresses were stolen from a server.
• Sept. 20. A federal appeals court in Cincinnati has overturned a lower court ruling and is allowing class action lawsuit to proceed against Nationwide Mutual Insurance over 2012 data breach in which information of 1.1 million policy and non-policy holders was exposed to unauthorized parties, SC Magazine reports.
• Sept. 20. Paul O’Brien, founder of smartphone news and reviews site MoDaCo, confirms data breach that has exposed 880,000 subscriber identities.
• Sept. 21. Payment gateway Regpack is notifying its vendors that a data breach has placed at risk personal information in some 324,380 accounts, SC Magazine reports.
• Sept. 21. U.S. Rep. Ralph Abraham, R-La., has filed a bill allowing the director of management and the budget to recommend the removal of any agency head whose agency suffers a data breach because it failed to comply sufficiently with information security requirements or standards, NextGov reports.
• Sept. 21. University of Ottawa announces it is launching an investigation into the disappearance of a hard drive containing the personal information of 900 former and current students.
• Sept. 22. Yahoo confirms 500 million user accounts have been compromised in data breach.
• Sept. 22. Hacker group DCleaks makes public emails from a White House contractor containing sensitive information about schedules and procedures, as well as about Secret Service, military and White House personnel. DC Leaks is the same group that recently exposed emails of former Secretary Colin Powell.
• Sept. 22. H&L Australia, which provides point-of-sales systems for more than 300 restaurant and liquor stores, confirms data breach of its customer relationship management system, resulting in theft of 14.1 GB of customer information.
• Sept. 23. Ronald Schwartz, a New York resident, files class action lawsuit against Yahoo for gross negligence that led to data breach resulting in compromise of 500 million user accounts.
• Sept. 23. Trump Hotel Collection company agrees to pay $50,000 to settle case with New York State Attorney General’s office over data breach that exposed more than 70,000 credit card numbers and other sensitive data.

Upcoming Security Events

• Oct. 4. Cyber Crime — Why Are You a Target? 10 a.m. ET. Webinar by Richard Cassidy, UK Cyber Security Evangelist. Free with registration.
• Oct. 5. Cambridge Cyber Summit. Kresge Auditorium, 48 Massachusetts Ave., Massachusetts Institutue of Technology, Cambridge, Massachusetts. Registration: $250.
• Oct. 5-6. SecureWorld Denver. Colorado Convention Center, 700 14th St., Denver. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.
• Oct. 6. Smartphone Encryption Is Getting Stronger. Is It Enough To Keep You Safe? Noon ET. Webinar by ManTech. Free with registration.
• Oct. 5-7. APWG.EU eCrime Symposium 2016. Slovenská sporitelna, Tomásikova 48, 831 04 Nové Mesto, Bratislava, Slovakia. Registration: APWG members, 129 euros; student or faculty, 129 euros; law enforcement and government, 129 euros; all others, 149 euros.
• Oct. 7-8. B-Sides Delaware. Wilmington University, New Castle Campus, 320 North Dupont Highway, New Castle, Delaware. Free.
• Oct. 8. B-Sides Denver. SecureSet, 3801 Franklin St., Denver. Free, but tickets limited.
• Oct. 11. Your Credentials Are Compromised, So Now What? 1 p.m. ET. Webinar by Centrify. Free with registration.
• Oct. 11-14. OWASP AppSec USA. Renaissance Marriott, 999 9th St. NW, Washington, D.C. Registration: Non-member, $925; single day, $500; student, $80. Oct. 14-16. B-Sides Warsaw. Panstwomiasto, Andersa 29, Warsaw, Poland. Free.
• Oct. 12. Can You Really Automate Yourself Secure? Facts vs. Fantasies. Noon ET. Webinar sponsored by Cigital. Free with registration.
• Oct. 12. Why Are We Still Failing to Stop Cyber Attacks? 1 p.m. ET. Webinar by Cyphort. Free with registration.
• Oct. 13. ISSA SoCal Security Symposium. Hilton Long Beach & Executive Meeting Center, 701 West Ocean Blvd., Long Beach, California. Registration: members, $115; nonmembers, $140; students, $75; day of event, $190.
• Oct. 14-16. B-Sides Warsaw. Panstwomiasto, Andersa 29, Warsaw, Poland. Free.
• Oct. 17-19. CSX North America. The Cosmopolitan, 3708 Las Vegas Blvd. South, Las Vegas. Registration: before Aug. 11, ISACA member, $1,550; nonmember, $1,750. Before Oct. 13, member, $1,750; nonmember, $1,950. Onsite, member, $1,950; nonmember, $2,150.
• Oct. 18. IT Security and Privacy Governance in the Cloud. 1 p.m. ET. Webinar moderated by Rebecca Herold, The Privacy Profesor. Free with registration.
• Oct. 18-19. Edge2016 Security Conference. Crowne Plaza, 401 W. Summit Hill Drive, Knoxville, Tennessee. Registration: before Aug. 15, $250; after Aug. 15, $300; educators and students, $99.
• Oct. 18-19. SecureWorld St. Louis. America’s Center Convention Complex, 701 Convention Plaza, St. Louis. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.
• Oct. 18-19. Security of Things, A Smart Card Alliance Event. Hilton Rosemont Chicago O’Hare Hotel, 5550 N. River Rd., Rosemont, Illinois. Registration: members $775 before Oct. 8, $885; nonmembers, $895 before Oct. 8, $1,045.
• Oct. 20. Los Angeles Cyber Security Summit. Loews Santa Monica Beach Hotel, 1700 Ocean Ave., Santa Monica, California. Registration: $250.
• Oct. 20. B-Sides Raleigh. Marbles Kid Museum, 201 E. Hargett St., Raleigh, North Carolina. Registration: $20.
• Oct. 22. B-Sides Jacksonville. Sheraton Hotel, 10605 Deerwood Park Blvd., Jacksonville, Florida. Registration: $10.
• Oct. 27. SecureWorld Bay Area. San Jose Marriott, 301 S. Market St., San Jose, California. Registration: conference pass, $195; SecureWorld Plus, $625; exhibits and open sessions, $30.
• Nov. 1-4. Black Hat Europe. Business Design Centre, 52 Upper Street, London, UK. Registration: before Sept. 3, Pounds 1,199 with VAT; before Oct. 29, Pounds 1,559 with VAT; after Oct. 28, Pounds 1,799 with VAT.
• Nov. 9-10. SecureWorld Seattle. Meydenbauer Center, 11100 NE 6th St., Bellevue, Washington. Registration: conference pass, $325; SecureWorld Plus, $725; exhibits and open sessions, $30.
• Nov. 28-30. FireEye Cyber Defense Summit 2016. Washington Hilton, 1919 Connecticut Ave. NW, Washington, D.C. Registration: through Sept. 30, general admission, $495; government and academic, $295; Oct. 1- Nov. 21, $995/$595; Nov. 22-30, $1,500/$1,500.

from WordPress http://ift.tt/2d3XqV2
via IFTTT

Read More

Fancy Bears hacked MH17 crash investigators with spear-phishing campaign

NEW SPEAR-PHISHING CAMPAIGN TARGETS BELLINGCAT RESEARCHERS TRYING TO INVESTIGATE FLIGHT MH17 CRASH – RESEARCHERS BELIEVE THE TECHNIQUE IS EXACTLY WHAT HAS BEEN USED BY FANCY BEARS HACKERS IN THEIR PREVIOUS HACKS.

The Bellngcat agency’s journalists are trying to investigate what actually caused the Malaysian Airlines’ flight MH17 crash, while hackers are trying to sabotage their efforts by channeling phish campaigns towards them. The motive behind the new hack campaign could be to take over the accounts of the company.

Read More

World’s largest 1 Tbps DDoS Attack launched from 152,000 hacked Smart Devices

Do you know — Your Smart Devices may have inadvertently participated in a record-breaking largest cyber attack that Internet has just witnessed.

If you own a smart device like Internet-connected televisions, cars, refrigerators or thermostats, you might already be part of abotnet of millions of infected devices that was used to launch the biggest DDoS attack known to date, with peaks of over 1 Tbps of traffic.

France-based hosting provider OVH was the victim to the record-breaking Distributed Denial of Service (DDoS) attacks that reached over one terabit per second (1 Tbps) over the past week.

from WordPress http://ift.tt/2dlHyjW
via IFTTT

Read More

Russian hackers tried to disrupt UK general election, security sources say

Russian hackers reportedly tried to disrupt last year’s general election, in what is thought to be the first known cyberattack on the British political system.

The group known as Fancy Bears planned to target every Whitehall server, including the Home Office, Foreign Office and Ministry of Defence, and every major TV broadcaster, including the BBC, Channel 4 and Sky, but was thwarted by GCHQ.

The agency, which is responsible for all the security services’ communications surveillance, managed to discover the plot in time after analysing a successful attack on French broadcaster TV5Monde in April last year.

Posing as Isis supporters, the group forced the channel’s scheduled programme off the air for 18 hours and replaced them with a screen showing the terror group’s flag.

GCHQ had initially feared Isis’ hacking abilities had reach a new level of sophistication but the attack was eventually linked back to Moscow.

David Anderson QC, the independent reviewer of terrorism legislation, toldThe Sunday Times that the incident was a “possible imminent threat” to the UK and said GCHQ “deployed a capability to protect government networks from this cyber-attacker”.

Analysts were reported to have worried that an attack would “embarrass” the government and took defensive measures to shore up Whitehall’s cyber security as well as warning TV networks about the plot.

A security source told The Sunday Times: “We found signs of this particular group and activity — they were looking at government department networks in the UK.

“We had information, and it could have been activated, which is why it was an imminent threat. They certainly could have defaced a website for propaganda reasons and they could have possibly taken it down.”

The hackers, who are believed to have links to the Russian state, are also believed to have been responsible for the leak of medical data about top British athletes such as Sir Bradley Wiggins and Mo Farah.

This is the first time a Russian-based hacking group is known to have targeted British politics but there have been repeated attempts to undermine the US presidential election.

Last week DC Leaks, another Russian hacking group with alleged ties to the state, is said to have leaked Michelle Obama’s passport information.

The hack of DNC emails by a hacker known as Guccifer 2.0 in July led to the resignation of its chair Debbie Wasserman Schultz.

Emails, published on Wikileaks, dated from January 2015 to May 2016 between seven key DNC staffers appeared to suggest they were trying to undermine the campaign of Bernie Sanders.

Both the Russian government and Wikileaks founder Julian Assange have denied that the information came from Russian hackers.

Republican nominee Donald Trumpattracted heavy criticism in the days that followed when he appeared to call for the hackers to break into Hillary Clinton’s email server.

He said: “Russia, if you’re listening, I hope you’re able to find the 30,000 emails that are missing.

“I think you’ll be rewarded mightily by our press.”

When asked if he was concerned about encouraging a foreign power to spy on a political party he said it “gave him no pause” and he would “love to see” Russia or China getting involved.

from WordPress http://ift.tt/2d3fW5n
via IFTTT

Read More