RE: News of the Cyber World - kyonides - 11-13-2021
CBS News Wrote:After his successful flight to space, Jeff Bezos pushed back on criticism that launching rockets was a vanity project for billionaires, saying that the future of the planet — and those who inhabit it — depends on what can be accomplished in space.
"I think people don't understand it, or most people don't," Bezos told "CBS This Morning" co-host Gayle King in an exclusive interview after he landed back on Earth Tuesday. "When you get into space and you can see the Earth's atmosphere, it's so thin and fragile looking. So we do have to take care of this planet. And right now it's just true that our civilization is — we pollute the planet."
He sees space as a potential solution.
"This sounds fantastical, what I'm about to tell you, but it will happen. We can move all heavy industry and all polluting industry off of Earth and operate it in space," he said.
It will take decades to get there, Bezos acknowledged...
"What Blue Origin can do is build a space vehicle that is so operable and commercial and inexpensive that it becomes the infrastructure that the next generation can use to take those big steps," he said.
I gotta add here that other media like Russian Times News included another "prediction", that Earth would become a natural resort people might visit every so often.
Something makes me think he watched the latest Captain Harlock CGI movie just too many times...
I know he's a businessman and all, but it's uncomfortable to see how much he craves for everything to look and work just like a Japanese 3D animated movie...
RE: News of the Cyber World - kyonides - 11-24-2021
CyberScoop Wrote:When the Shiba Inu token, a meme-based virtual currency, hit its highest all-time value in October, it didn’t take long for scammers to seize on the trend for their own benefit.
Live YouTube videos promising bogus giveaways of the token have racked up hundreds of thousands of views, while groups on Telegram promoting other frauds have also exploded, according to research shared exclusively with CyberScoop.
Many Shiba scams identified by the security firm Tenable all take a nearly identical approach. Accounts live-stream old footage from a June event featuring Jack Dorsey and Elon Musk, a popular name among crypto enthusiasts, with on-screen instructions for users to send an arbitrary amount of currency into a wallet, with the promise of getting twice as much or more in return.
Scams have earned $239,000 worth of cryptocurrency since October 20, based on an analysis of online wallet addresses associated with nefarious Shiba Inu-themed pages, according to Satnam Narang, a researcher at Tenable. Such ruses are known as “giveaway scams” and are among the most common forms of cryptocurrency fraud, according to the Federal Trade Commission.
...
Because cryptocurrency exchanges lack the same federal protections as traditional financial exchanges, victims’ losses are not protected by the federal government.
Shiba Inu, which actually encompasses three different virtual currency tokens, was launched in 2020 by an anonymous group as a competitor to Dogecoin. While the currency started out as what investors call a “meme coin” — meaning it has no real-world use — it has gained credibility in recent months through listings on major exchanges, including Binance. AMC theaters this month announced it would be the first company to accept the token as payment.
According to Shiba Inu token’s official Reddit page, users have been reporting scams at least as far back as May.
...
While Shiba’s value has dipped in recent days, fraud efforts are still prevalent.
In addition to the research provided by Tenable, CyberScoop was also able to quickly surface six similar giveaway videos on YouTube using a sample search for the term “Shiba” between Monday, Nov. 22 and Tuesday, Nov. 23.
The fake giveaways identified by CyberScoop racked up more than half a million views collectively. Multiple streams came from the same Thailand-based account “SHIBA INU.” All of the live-streamed videos turned up within the first ten search results, often outranking a warning video about the scam that has received just 1,400 views.
CyberScoop Wrote:On the same day Apple announced a lawsuit against Israeli spyware vendor NSO Group for developing hacking tools to help breach iOS technology, the company was notifying potential targets of those exploits.
El Faro, a news organization in San Salvador, El Salvador, reported late Tuesday that 12 of its staff members received notices from the company, which warned that that “Apple believes you are being targeted by state-sponsored attackers who are trying to remotely compromise the iPhone associated with your Apple ID.” The company also sent notices to four others in San Salvador who are “leaders of Civil Society organizations and opposition political parties,” the news organization reported.
Notices were also sent to six Thai activists and researchers critical of the government there, Reuters reported.
...
In announcing its suit against NSO Group, Apple said that the FORCEDENTRY spyware, built by NSO Group, was “used to attack a small number of Apple users worldwide.” The company would be notifying the uses that it discovered the possible targeting using the exploit. “Any time Apple discovers activity consistent with a state-sponsored spyware attack, Apple will notify the affected users in accordance with industry best practices,” the company’s announcement read.
The following news article might serve as an alert for users owning websites hosted by GoDaddy.
CyberScoop Wrote:Data connected with up to 1.2 million GoDaddy customers may have been accessed by an unauthorized party, the company reported to the U.S. Securities and Exhcnage Commission Monday.
GoDaddy, a behemoth in the commercial web hosting and domain registrar space, reported that it discovered the apparent intrusion on Nov. 17, and that the improper access dated back to Sept. 6.
Using a compromised password, an unknown party accessed a GoDaddy system dedicated to managed WordPress services, where the company offers customers hosting and other content management features. Up to 1.2 million active and inactive customers’ email addresses and customer numbers were exposed, which could set them up for phishing attacks, Demetrius Comes, the company’s chief information security officer, wrote in the notice.
...
The active customers’ data included database usernames and passwords, and a subset of customers’ private SSL encryption keys were exposed, Comes wrote. Passwords have been reset and the company is in the process of issuing and installing new SSL certificates.
GoDaddy regularly faces distributed denial-of-service attacks, as well as an “increased level” of social engineering efforts, including “several successful” campaigns by “a persistent threat actor” attempting to transfer domain names related to cryptocurrency, the company noted in its Nov. 4 quarterly SEC filing.
RE: News of the Cyber World - kyonides - 12-06-2021
Epoch Times Wrote:The FBI has the ability to see some of the contents of iMessage and collect metadata from WhatsApp in as little as 15 minutes, according to a recently published internal bureau document.
First published in November by nonprofit organization Property of the People following a Freedom of Information Act request, the document contains an infographic showing the FBI’s ability to lawfully access secure messaging app content and metadata.
According to the document, WhatsApp provides the FBI with metadata every 15 minutes in response to a “pen register”—a surveillance request that provides the agency with the source and destination of each message for a targeted individual. Other messaging platforms—including iMessage, Signal, Telegram, and WeChat—provide logs of latent data, according to the document.
...
The document also states that the FBI can obtain “limited” content from iMessage. Apple encrypts iMessage, although not the backups for it in the cloud—unlike WhatsApp, which started offering encryption for backups in September.
...
The FBI also still can see the contents of backed-up WhatsApp messages if they’re unencrypted, which is the default setting.
Other platforms included in the FBI document include Signal, Telegram, and WeChat—none of which provide the content of messages to law enforcement. Chinese-owned WeChat accepts subpoenas for metadata, but doesn’t provide records for accounts created in China, according to the FBI.
The extent to which the FBI collects metadata isn’t clear. Facebook’s transparency center stated that the company received 63,657 law enforcement requests in the United States from January to June, but doesn’t distill the data further to show what agencies are making the requests.
...
During a Dec. 3 livestream, technologists for the Freedom of the Press Foundation agreed with Facebook: The FBI’s access to messaging metadata should be enough for agents to be able to conduct investigations.
Is it a real cyber need nowadays?
Or a typical case of government overreach?
RE: News of the Cyber World - kyonides - 01-24-2022
CyberScoop Wrote:The bureau’s Internet Crime Complaint Center (IC3), issued a general alert Tuesday about “malicious” QR codes that reroute unsuspecting consumers to the world of cybercrime.
“[C]ybercriminals are taking advantage of this technology by directing QR code scans to malicious sites to steal victim data, embedding malware to gain access to the victim’s device, and redirecting payment for cybercriminal use,” the announcement says.
The FBI’s warning is the latest in a long string of advisories from cybersecurity researchers or government agencies about the threat posed by QR codes. Last week, Ars Technica reported on fake QR codes that were stuck on parking meters in Texas cities, with the goal of intercepting payments.
In October 2021, scammers were spotted using them as part of a phishing campaign. Earlier last year, the U.S. Army issued a warning. Other alerts pointed to bitcoin scams, And at least one barcode scanner app became notorious for carrying malware itself.
RE: News of the Cyber World - kyonides - 02-01-2022
Quote:Losses from fraud originating on social media skyrocketed in 2021, according to data the Federal Trade Commission released Thursday.
More than 95,000 individuals reported losses totaling $770 million as a result of fraud initiated on social media. That number is up from $258 million in 2020 and just $42 million in 2017.
Part of that growth has been driven by record losses to cryptocurrency scams. Investment scams made up 37% of all reported fraud losses originating on social media in 2021, according to Thursday’s report.
Scammers have found a wide range of ways to dupe cryptocurrency investors, such as so-called “giveaway” scams where victims are told to send in money for a large investment return that never appears. Those scams have popped up quickly after surges in popularity of a new coin and even with focused efforts, social media platforms have struggled to stop them.
The FTC in March 2021 reported a significant increase in cryptocurrency investment scams with victims reporting nearly $80 million in losses between October 2020 and March 2021 alone. Victims are often unable to recoup losses from these scams.
The largest number of reports, however, traced back to online shopping scams where fraudsters advertised misleading or nonexistent products on social media.
“In nearly 70% of these reports, people said they placed an order, usually after seeing an ad, but never got the merchandise,” the FTC reports. “Some reports even described ads that impersonated real online retailers that drove people to lookalike websites.”
Nearly nine out of 10 reports named Facebook or Instagram as the source in their reports of undelivered goods.
...
Such scams have also proliferated on other social media platforms, including TikTok and YouTube, as security firm Tenable has noted.
Quote:A ransomware group claimed Thursday that it stole thousands of files from the French Ministry of Justice, threatening to post “all available data” if the ransom isn’t paid by Feb. 10.
The announcement appeared on the leak site of LockBit 2.0, a known ransomware-as-a-service operation that’s been active since at least September 2019, according to cybersecurity firm Emsisoft.
...
A ministry spokesperson told Politico that the agency was “aware of the alert and immediately took steps to carry out the necessary checks,” but did not elaborate.
The post viewed by CyberScoop on the leak site — where victim files are publicized either to pressure payments or punish victims if ransoms aren’t paid — indicates that the group may have 9,856 files, but nothing has been posted yet.
Brett Callow, a threat analyst at Emsisoft, said Thursday that the group may not end up posting any files, “as some of their past claims have been bogus.” For example, he said, there have been cases “where information stolen from organization A included information about organization B, they claim to have hit both A and B.”
Originally known as ABCD ransomware based on the file extension of the files it would encrypt on a target’s system, the ransomware evolved to LockBit and then LockBit 2.0 by June 2021, racking up perhaps tens of thousands of victims globally, Emsisoft reported.
LockBit was reportedly used in the July 2021 ransomware attack on global IT consultant firm Accenture that reportedly came with a $50 million ransom demand, CyberScoop reported at the time.
RE: News of the Cyber World - kyonides - 02-20-2022
Google, Microsoft and Mozilla have warned users of Chrome, Edge and Firefox that a unified update will soon be made to all three browsers which could bring down some of the world’s biggest websites.
Forbes Wrote:...Chrome. Edge and Firefox will soon move to version number ‘100’ and this will cause some of the web’s biggest sites to fail because they cannot process visits from browsers with three digit version numbers. Some of the sites currently impacted include Bethesda, T-Mobile, HBO Go and Yahoo!
...If you are running an older, unsupported browser (in Chrome, the common cut-off point is 40) then you will not be allowed to open the site for fear it may have been compromised by hackers. The problem is the outdated code in these sites only checks the first two digits. So Chrome, Edge and Firefox 100 will be read as ‘10’ and blocked.
So why are all three browsers moving to version 100 at the same time? In short: to pressure web developers to upgrade...
...The stable versions of Chrome and Edge (which both run Chromium) are 98 while Firefox is on 97.
Emergency countermeasures have been announced for Chrome and Firefox. Depending on how many websites fail upon launch (and no-one will truly know until launch), Google’s backup plan is to freeze Chrome’s version number at 99 in its ID code while Mozilla will try a combination of version number freezing and issuing hotfixes for individual sites. Microsoft has yet to comment.
Here you can take a look at all of the reported issues users might have found while testing any browser that has hit version 100 already, namely those nightly builds and developers' builds.
If you don't know what a build means, it's basically the binary executable(s) involved in your browser or WebView apps.
Remember this might affect you whether you use a PC or laptop or an Android phone. I still have to see if this will afflict iOS users as well. At least they should be part of this if they can run Chrome, Edge or Firefox on their phones.
If you think I'm exaggerating, I was testing Chromium version 100 on my phone.
Guess what? It did not let me view some online show and asked me to upgrade to the most recent build ASAP.
At first I thought it might have happened because I was using Chromium instead of Chrome till I had found that article on the browser's versioning issue.
RE: News of the Cyber World - kyonides - 03-03-2022
CyberScoop Wrote:Hackers stole employee user logins and proprietary company data from Nvidia last week, the U.S. chip maker said Tuesday, but added that it has not seen evidence of a ransomware attack.
A ransomware group known as Lapsus$ claims to be leaking Nvidia data.
...
“We are aware that the threat actor took employee credentials and some NVIDIA proprietary information from our systems and has begun leaking it online.”
The spokesperson did not answer questions about a Telegraph report that the incident partially shut down operations for two days. Nvidia says it has notified law enforcement about the February 23 breach, contacted cyber incident response experts and bolstered its defenses.
Well, if you own some Nvidia graphics card, as many gamers do, you should really care about this security breach.
RE: News of the Cyber World - kyonides - 03-11-2022
CyberScoop Wrote:Ukraine and charities supporting the nation have turned to soliciting cryptocurrency donations during Russia’s invasion of the country. The gamble on virtual currencies worked: Within a week of launching wallets to receive donations directly, the Ukrainian government raised more than $50 million worth of cryptocurrency.
Ukraine announced last week it would send free tokens of a new government-sponsored cryptocurrency as an incentive to donors. It ultimately scrapped the plans, but not before a group pretending to represent the country took advantage of the confusion to set up a token called “Peaceful World.” The con had some success, said Tom Robinson co-founder and chief scientist at Elliptic, a cryptocurrency compliance company. The value of the coin skyrocketed to $180 million within a week.
Researchers at InfoBlox observed purchases of another token, “SAVE UKRAINE,” through suspicious Ukraine-themed domains set up around the invasion, including one website meant to look like a decentralized anonymous organization (DAO) set up by Russian activists.
Donations scams have also run rampant on Twitter and Telegram, experts tell CyberScoop.
...
Allen says the scams fall into three buckets: Users pretending to be in need of donations, users pretending to be companies collecting donations and offers to help others create fake donation websites.
...
Cybercriminals aren’t limited to social media. Multiple firms have noticed an uptick in email scams where hackers pose as legit charities to solicit cash or bitcoin. Organizations scammers have impersonated include Act for Peace, UNICEF and Ukraine Crisis Relief Fund, according to BitDefender. Security firm Cofense found one cryptocurrency donation scam targeting users with a spoofed email from the Ukraine Red Cross Society.
CyberScoop Wrote:The top law enforcement officials from multiple states are alerting people affected by an August 2021 breach at T-Mobile that their personal data might be circulating in cybercrime forums online.
“Information stolen in a massive data breach has fallen into the wrong hands and is circulating on the dark web,” New York Attorney General Letitia James said Wednesday in a news release. Officials from California, Florida and several other states issued similar warnings.
The T-Mobile breach involved the data of tens of millions of current, former or prospective customers of the wireless company. The stolen data is attractive for identity theft and other financial crimes. The hacker who claimed responsibility for the breach told The Wall Street Journal in August that T-Mobile’s security was “awful.” Law enforcement agencies from multiple states are investigating the breach.
In some cases, the hacker accessed people’s names, dates of birth, Social Security numbers and driver’s license or ID numbers. The company also said technical data — including international mobile equipment identities (IMEIs) and international mobile subscriber identities — were also compromised. IMEIs, which are often used for advertising purposes, are a unique fingerprint for a device that cannot be reset.
CyberScoop Wrote:Citing the need for the U.S. government to address security issues with cryptocurrencies, as well as their role in the overall financial system, President Biden signed an executive order Wednesday on “responsible innovation” for digital assets.
A fact sheet released Wednesday morning by the White House called it “the first ever, whole-of-government approach to addressing the risks and harnessing the potential benefits of digital assets and their underlying technology.”
The signed order lists seven areas of concern, including mitigating “illicit finance” and the related national security risks. The order also called out the lack of adequate of cybersecurity protections in the industry, leaving sensitive financial information at risk and already leading to billions in losses for consumers.
...
The executive also direct agencies “to work with our allies and partners to ensure international frameworks, capabilities, and partnerships are aligned and responsive to risks.”
...
This week the Treasury Department’s Financial Crimes Enforcement Network (FinCEN) issued guidance on how Russian entities might use digital assets to evade U.S. sanctions against Moscow for the invasion of Ukraine.
...
The White House will also through the executive order examine equitable and safe access to financial services, support the “responsible development and use” of digital asset tech and explore whether the U.S. should have a central bank digital currency.
RE: News of the Cyber World - kyonides - 03-24-2022
Quote:The outage affected the PS Store, PS Now cloud gaming services, and games that rely on a network connection.
The problems started at around 8:30 a.m. Eastern time on Wednesday, according to the PlayStation status page.
The outage isn’t affecting everyone, as gamers based in the Midwestern United States and Canada appear to have no difficult accessing their systems while users in New York are reporting error messages, according to The Verge.
...
Sony recently released updates for its PS5 and PS4 game consoles, but it is unclear whether the updates are related to the outages.
RE: News of the Cyber World - kyonides - 04-07-2022
Quote:Musk owns 73,486,938 shares of Twitter, which represents a 9.2% passive stake in the company, according to the Securities and Exchange Commission 13G filing released Monday.
The stake is worth $2.89 billion, based Twitter's closing price Friday.
The Musk buy comes less than two weeks after Musk criticized the company, polling people on Twitter about whether Twitter adheres to free speech principles.
...
Late last month, Musk also said he was considering building a new social media platform.
...
Musk is a frequent user of Twitter and has more than 80 million followers on the platform. However, some of his tweets have gotten the Tesla chief into hot water over the years.
So is this a step for Twitter in the right direction?
Or will Musk fail at making changes in Twitter's board and its plans for the future?
|