Save-Point
News of the Cyber World - Printable Version

+- Save-Point (https://www.save-point.org)
+-- Forum: Official Area (https://www.save-point.org/forum-3.html)
+--- Forum: Tech Talk (https://www.save-point.org/forum-87.html)
+--- Thread: News of the Cyber World (/thread-7678.html)

Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37


RE: News of the Cyber World - kyonides - 08-24-2022


Quote:Apple Inc. and a top U.S. cybersecurity agency are urging iPhone, iPad, and Macbook users and administrators to update their iOS software following the recent discovery of security vulnerabilities.
...
Users and administrators are urged to review Apple’s security updates page and apply the updates—MacOS Monterey 12.5.1, iOS 15.6.1, iPadOS 15.6.1, or Safari 15.6.1—as soon as possible.
...
The vulnerabilities could allow hackers to gain “full admin access” to the device.

That would allow intruders to impersonate the device’s owner and subsequently run any software in their name, said Rachel Tobac, CEO of SocialProof Security, in an interview with The Associated Press.

Security experts have advised users to update affected devices—the iPhone6S and later models; several models of the iPad, including the 5th generation and later, all iPad Pro models and the iPad Air 2; and Mac computers running MacOS Monterey. The flaw also affects some iPod models.

“The flaws were found in the kernel, a program at the core of the OS (CVE-2022-32894) and WebKit, the engine that powers the Safari web browser (CVE-2022-32893). Both flaws allow hackers to remotely execute malicious code on your iPhone, iPad, or Mac and potentially take over your device,” according to Forbes tech security writer Gordon Kelly.

So don't forget to update your PC iOS any time soon! Shocked


Quote:The researchers at Google’s Threat Analysis Group, who dubbed the tool “HYPERSCRAPE,” detected the malicious program in December 2021. The Iranian hackers appear to have deployed it against fewer than two dozen accounts located in Iran, according to Ajax Bash, a Google security engineer.

While the oldest known sample dates to 2020, the tool remains under active development, Bash said.

Google took action to secure the affected accounts and notify the victims, Bash said. It’s not clear whether the Iranian hackers actually deployed the code against Yahoo or Outlook email accounts.

The program is likely associated with Charming Kitten, a prolific cyber espionage operation believed to operate under the Iranian Revolutionary Guard Corps, with aspects of its activity tracked variously as APT35, TA453, Phosphorus, ITG18 and Cobalt Illusion. Researchers with cybersecurity firm Secureworks said in May that elements of the group also carry out ransomware attacks, revealing financial motives alongside its traditional espionage role.
...
For the tool to work, victims either need to be logged into their account or the attackers need their credentials, Bash wrote. Once inside, the tool changes the account’s language settings to English, downloads individual emails and then marks them as unread. The program also deleted any security emails from Google triggered by the activity, Bash wrote.



RE: News of the Cyber World - kyonides - 08-28-2022



Quote:Bitcoin, the world’s biggest and best-known cryptocurrency, was last down 1.5 percent at $19,946 on Saturday, down $298 from its previous close.

It is down 58.7 percent from the year’s high of $48,234 hit on March 28.

Ether, the coin linked to the ethereum blockchain network, meanwhile dipped 2.76 percent to $1,467.2, losing $41.60 from its previous close.

Bitcoin’s fall comes after a weak day on Friday for the currency, which fell as Wall Street slumped with all three benchmarks ending more than 3 percent lower.

The weakness in risk assets came after Federal Reserve Chief Jerome Powell cautioned against expecting a swift end to its rate tightening. The Fed’s actions on interest rates has caused some investors to forecast more pain for equities.


Quote:Meta’s Facebook has agreed in principle to settle a four-year-old lawsuit that alleges the platform inappropriately shared user data with third parties including Cambridge Analytica.

A joint stipulation (pdf) filed in San Francisco District Court Friday disclosed the preliminary settlement while giving no financial terms or details of the agreement. Lawyers for the plaintiffs and Facebook said additional time is needed to proceed with the latest developments, asking the judge to put the class action on hold for 60 days to allow both parties to “finalize a written settlement agreement and present to the Court for preliminary approval,” according to the papers.

The new filing comes a month after lawyers for both sides agreed that attorneys can depose Meta CEO Mark Zuckerberg next month for six hours of questioning by plaintiffs’ lawyers, as part of the lawsuit, according to a July 19 filing (pdf).

It shows Sheryl Sandberg, chief operating officer of Meta, and Javier Olivan, the company’s chief growth officer who will replace Sandberg, will also be questioned for five hours and three hours respectively.



RE: News of the Cyber World - kyonides - 09-01-2022

Malicious Google Chrome extensions affect 1.4 million users
McAfee identified five malicious extensions that you should avoid, including Netflix Party.

Quote:Malicious extensions redirect users to phishing sites and insert affiliate IDs into cookies of eCommerce sites, according to a McAfee blog post Monday. According to the security company, the extensions also track users' browsing activity, and every website visit is sent to servers owned by the extension creator.

The extension creator can then insert code into eCommerce websites being visited by the user, and receive affiliate payment for any items the user purchases. There is an implicit privacy breach to the consumer when the browsing data is shared.

The five malicious extensions McAfee identified were Netflix Party, Netflix Party 2, FlipShope – Price Tracker Extension, Full Page Screenshot Capture – Screenshotting and AutoBuy Flash Sales, with a total install base of over 1.4 million users. The specific extension names and extension code IDs are listed below.

Elon Musk promises "kickass" internet on cruise ships with major new deal.

Quote:Cruise operator Royal Caribbean will deploy Starlink across its entire fleet to improve connectivity for guests and crew. Cruise ships have in the past had to rely on expensive satellite internet services that rarely offer enough bandwidth to do a Zoom meeting. Royal Caribbean promises Starlink will be a game-changer for passengers.
...
Starlink will be deployed immediately on all Royal Caribbean International, Celebrity Cruises and Silversea Cruises ships, as well as all new vessels for each brand. The cruise company expects to complete the installation by the end of the first quarter of 2023.
...
The Royal Caribbean deal is also a big win for SpaceX, which launched Starlike Maritime in July and recently lost out on $885 million in regional broadband funding from the Federal Communications Commission. SpaceX has launched over 2,000 Starlink satellites.

SpaceX has deployed Starlink for its own fleet of ships used for capturing spaceships returning to sea.


Quote:Digital minister Taro Kono on Tuesday vowed to dismiss Japan's laws that have entrenched floppy disks and CD-ROMs in the nation's systems. In a tweet from his English Twitter account, Kono said he was declaring "war" on floppy disks as part of its digital transformation and enabling citizens to submit data online. 

Kono explained there were about 1,900 articles in Japan's laws that require businesses to submit forms to the government on floppy disk. There are also 157 laws that require submissions specifically be sent on optical disks, magnetic disks, and magnetic tapes.

Because those laws don't specify an online mechanism, it technically binds businesses and citizens to use technology that many consumers can't even find at a store today: Sony stopped selling floppy disks in 2011.
...
The country is embarking on a national ID smartcard scheme called My Number that citizens can use to electronically sign online tax submissions, apply online for other government services, and use for online banking logins and signing transactions.
...
Bloomberg reports that Kono, a potential contender to be prime minister, has been a critic of the nation's inefficient bureaucracy, including the continued use of fax machines and the 'hanko' or red stamp used to sign official documents.
...
The US Air Force only in 2019 replaced floppy disks for managing its nuclear arsenal with solid state drives.

Happy with a sweat Well, it certainly took the air force a hell of a time to upgrade their nuclear related technology.


RE: News of the Cyber World - kyonides - 09-09-2022



Quote:There are more private options. DuckDuckGo’s navigation service uses the framework of Apple Maps without all the tracking. Tap or click here to see how it works.

1. Travel incognito 

When you navigate somewhere using Google Maps, location info is saved to your profile. If you want to go somewhere without seeing it pop up on your recent places, turn on Incognito mode.

How to turn on Incognito mode on iPhone or Android:

Open Google Maps, then tap your profile picture in the top right corner.

Tap Turn on Incognito mode.

If you use Waze, your username and more may appear on a publicly available map. Friends can also see your name and photo. To stop that, you can go invisible:

Tap My Waze > Settings > Privacy.

Turn on Go invisible.

2. Use voice commands

3. Find cheaper fuel

Open the Waze app.

Tap the Where to? search bar and then tap the Gas stations icon.

Your device will start looking around for the closest stations, with prices for each one.

Open Waze, then tap My Waze.

Tap the settings icon at the top-left corner, then Gas stations.

Select Price in the Sort stations by section.
...




Quote:If there is no wi-fi or mobile network signal, the idea is the Bullitt phone will automatically link to one of two global satellite networks.

There is speculation that Apple's forthcoming iPhone 14 could have emergency satellite connectivity.

Mr Musk is also working on a satellite phone service with T-Mobile.

However, last month he said plans were hampered by "regulatory approval" of satellite launches and added that the service would be unlikely to become available before the end of 2023.

Bullitt's service is due to launch in February 2023 and will initially enable users to send and receive text messages only.

The recipient will receive the message in the form of an SMS and can reply if they download Bullitt's app. It is free to use for them - but the Bullitt phone owner will have to pay a monthly subscription for the service.
...
Mr Musk says that currently phones using his platform could have to wait up to 30 minutes to connect with a satellite. However, Mr Wharton said he believed that thanks to deals with two global satellite networks - which he declined to name - the wait would not be more than a few seconds.

The handset requires a bespoke chipset that has been developed over the last 18 months with an Asian manufacturer, he said. The battery drain would be minimised by the phone only seeking satellites in the absence of other signals, he added.




Quote:The move comes after a software developer tweeted screenshots of ads from major Western companies placed through Google’s display advertisement service alongside headlines spreading disinformation about the war.

The Twitter thread — posted on Aug. 24 by Braedon Vickers, a Singapore-based software engineer who builds tools to detect digital advertising trends — enraged disinformation experts, digital advertising watchdogs and U.S. senators who condemned Google for continuing to profit off of ads placed on Russian websites.
...
Senate Intelligence Committee Chairman Mark Warner, D-Va., told CyberScoop in a statement that “all companies have a responsibility to ensure that they are not helping to fund or even inadvertently support Vladimir Putin’s invasion of Ukraine. … It’s extremely disappointing to see an American company continue to financially support websites pushing Putin’s propaganda.”
...
Vickers said Google often appears to “demonetize” ads it places by removing them from specific problematic articles as opposed to cutting off whole sites.
...
Disinformation activists and digital advertising experts questioned why a company as powerful and well-resourced as Google continues to struggle to manage a problem that an individual software engineer detected and posted on Twitter.
...
The full list of brands Adalytics found on sanctioned Russian sites in April included Adidas, Citibank, CVS, Facebook and Google itself, among many others, according to Adalytics CEO Krzysztof Franaszek.




Quote:Nearly 90% of information technology professionals working in health care said their facilities suffered a cyberattack in the past year, according to a report out Thursday from the research organization Ponemon Institute.

Many of them said the attacks, which averaged 43 at various types of health care organizations including hospitals and insurance providers, increasingly affected patient care.
...
Fifty-three percent of the respondents said their organization had experienced at least one ransomware incident over the past two years, while a third said they’d suffered between two and five. Nine percent of respondents said their organizations suffered six to 10 incidents.
...
Of the entities that reported having been hit by ransomware in the new survey, 67% reported a disruption in patient care, such as delays in procedures and tests, an increase in patients transferred or diverted to other facilities or longer lengths of stay.

Nearly a quarter of the entities that reported having been hit by ransomware reported an increased mortality rate, but it’s unclear what role ransomware played in the increased mortality rate.
...
In September 2021, an Alabama woman sued a local hospital claiming that a ransomware attack on the hospital contributed to her baby’s death.




Quote:Parts of this activity have been documented and analyzed publicly over the years by various governments and private information security firms, such as Microsoft’s analysis of an Iranian U.S. election interference operation in 2019 linked to a group it tracks as Phosphorus, or a 2021 analysis from Proofpoint detailing an Iranian effort it tracked as TA453 that targeted senior medical professionals in the U.S. and Israel.
...
Wednesday’s research pulls the various operations together under one organizational umbrella that Mandiant is referring to as APT 42. The group is characterized by targeted spear phishing campaigns and surveillance operations. The outfit also spends considerable time building rapport with victims in order to facilitate successful attacks, the researchers said, that can include delivering malware used to track location, recording phone conversations, accessing video and images and extracting entire SMS text inboxes.
...
Iran has also been engaged in a persistent cyber tit-for-tat with Israel dating back to at least last summer that has reportedly included efforts to lure Israeli targets to fake events in an effort to kidnap and harm them.
...
APT 42 targeting patterns focus largely on the Middle East region, the researchers said, but what distinguishes APT 42 activity is the targeting of “organizations and individuals deemed opponents or enemies of the regime, specifically gaining access to their personal accounts and mobile devices. The group has consistently targeted Western think tanks, researchers, journalists, current Western government officials, former Iranian government officials, and the Iranian diaspora abroad.”

APT 42 also supports broader Iranian intelligence needs, the analysis concludes, such as targeting the pharmeceutical sector at the onset of the COVID-19 pandemic in March 2020, and pursuing domestic and foreign-based opposition groups prior to recent Iranian presidential elections.




Quote:The Treasury Department announced sanctions on Friday against Iran’s Ministry of Intelligence and Security and its Minister of Intelligence in response to “cyber-enabled activities against the United States and its allies.”

The announcement comes two days after the Albanian Prime Minister Edi Rama formally blamed the Iranian government for the attack and took the unprecedented step of severing diplomatic relations with Iran based on the cyberattack, giving Iranian personnel 24 hours to leave the country.

Rama’s statement was quickly followed by statements from the U.S. and British governments condemning the cyberattacks. The U.S. had pledged to take further actions against Iran.
...
The attacks on Albania occurred after a string of attacks on Iran, which the Iranian government associated with the Mujahedin-e Khalq (MEK), an opposition group the Iranian government considers terrorists.

The group claiming responsibility for the July attacks on Albania claimed to be targeting Albania for hosting the “terrorists of Durres,” a reference to the MEK refugees who live in a camp in Durres, a county in Albania. MEK was set to host a conference July 23 and 24 before it was cancelled due to threats of violence.
...
They are largely focused on classic espionage targets such as governments and dissidents, and they have been found targeting upstream sources of intelligence like telecommunications firms and companies with potentially valuable PII. Furthermore, they have a history of targeting the MeK, the group at the center of the Albanian incident.
...
DEV-0861 had been actively exfiltrating emails from various organizations in multiple countries, Microsoft said, including Israeli targets between June 2021 and May 2022.

Additionally, the logo of “Homeland Justice,” the front group established to distribute the stolen Albanian materials through a website and a Telegram channel, mocked the logo of Predatory Sparrow, a hacking group Iran associates with Israel that has carried out a series of sophisticated attacks on Iranian targets dating back to mid-2021.
...
Cloudflare CEO Matthew Prince defended the company’s decision not to drop the site in an Aug. 31 blog post as part of a philosophical belief in providing services for material that may be objectionable. Four days later the company relented and dropped Kiwi Farms, citing the potential for violence.


Sarcasm So for Cloudfare it's OK to block Kiwi Farms but not to prevent Iranian hackers from publishing materials online. What a hypocrite you are, Mr. Prince! Angry Aren't those Iranian agents dangerous as well?


RE: News of the Cyber World - kyonides - 09-19-2022


Quote:A new trend on the TikTok social media platform has led to an 85 percent increase in Hyundai and Kia car thefts in Los Angeles from last year, according to Police Chief Michel Moore.
...
These viral videos, which have been circulating on TikTok since May, show people how to break into Hyundai and Kia vehicles made between 2010 and 2021.

These cars were targeted because they lack an ignition immobilizer system, making them vulnerable to hot-wiring—a method to start a car without a key, according to the Los Angeles Police Department (LAPD).

...
People are hot-wiring the vehicles by disassembling a portion of the ignition and using a USB cord to start the engine, according to Moore. The videos have been viewed “tens of thousands of times, which we believe is influencing the theft of these vehicles,” he said.

It’s estimated that 1,600 Kia and Hyundai vehicles have been stolen this year so far. The department is recovering about 55 percent of the vehicles, with most of them being found both in other parts of the city and outside the city.

Moore is asking residents who own one of these cars to install a steering wheel lock, which can offer “both a visual and physical deterrent” to thefts.

Los Angeles isn’t the only city where such car thefts are on the rise. In Chicago, authorities reported a 767 percent increase in Hyundai and Kia vehicle thefts since the beginning of July.
...
Overall car thefts increased by 15 percent in Los Angeles last year, according to the LAPD.
Before you ever read the following article, heed my voice and remember this: stop using TikTok, guys! Confused



Quote:A TikTok executive declined on Sept. 14 to make a commitment that the hugely popular short-video app would cut off flows of Americans’ data to China, during the first U.S. Senate hearing since recent reports on the company’s connections to the regime in Beijing.

TikTok Chief Operating Officer Vanessa Pappas, along with executives from other U.S. big tech companies, testified before the Senate Homeland Security Committee. During the hearing, Pappas faced a barrage of questions regarding Tiktok’s ties to Beijing and the potential for U.S. users’ data to be obtained by the Chinese Communist Party (CCP), which has become a bipartisan concern.
...
The short-video app...was founded by and is owned by ByteDance, a Beijing-based tech giant. The ties have drawn concerns in the United States and elsewhere over whether its data can be accessed by the CCP, given that its laws compel companies to cooperate with security agencies when asked.

Officials and experts say the personal data harvesting from Americans could be used by the CCP to conduct espionage operations, or even shape their perceptions to be favorable to the Chinese regime.
...
Between at least September 2021 and January, ByteDance engineers in China had access to nonpublic data of TikTok’s U.S. users, according to leaked recordings of 80 internal meetings cited by BuzzFeed News. In addition, TikTok employees at times had to turn to their colleagues in China to determine how U.S. data was flowing, which the U.S. staff weren’t authorized to independently access, the report said.



Quote:Hackers tied to the Iranian government launched an attack against Albania’s government system used to track border crossings, Albanian officials said over the weekend.

The attack comes several days after the Albanian government cut diplomatic relations with Iran over a July 15 cyberattack attributed to multiple groups aligned with Iranian aims, and international condemnation of the attacks from the U.S., the U.K., and others. The U.S. government on Friday sanctioned Iran’s Ministry of Intelligence and its minister of intelligence over the attacks.
...
The U.S. first helped Albania implement the Total Information Management System (TIMS) in 2007, CNN’s Sean Lyngaas reported. The attack targeted the data storage and transmission systems for TIMS, the Albanian Ministry of the Interior said in a statement. Homeland Justice, the front group that claimed responsibility for the July attacks, posted a video to both its Telegram channel and website showing what appeared to be a video feed from the TIMS system.

Iran’s foreign ministry spokesperson Nasser Kanaani on Saturday condemned the U.S. sanctions and Albania’s decision to cut diplomatic ties...He added that the the U.S. is “giving full support to a terrorist sect,” referring to the Mojahedin-e-Khalq (MEK), an Iranian opposition group that the Iranian government considers terrorists.

Nope, people. Confused I am not double posting here. It just happens that Iran keeps targeting US allies out of mere amusement (among many other things), guys. Therefore, US government needs to take some extra measures to deter them from attacking more systems in the Western world.


Quote:The U.S. government on Wednesday announced wide-ranging punitive actions against 10 Iranians and two Iranian companies — including sanctions, indictments and multiple $10 million rewards — related to a spree of breaches and ransomware attacks around the U.S. dating to October 2020.

All 10 people and the two companies are affiliated with Iran’s Islamic Revolutionary Guard Corps, the U.S. Treasury Department said in a statement.
...
According to an indictment unsealed today, Mansour Ahmadi, Ahmad Khatibi and Amir Hossein Nickaein Raviri “engaged in a scheme to gain unauthorized access to the computer systems of hundreds of victims in the United States, the United Kingdom, Israel, Iran, and elsewhere, causing damage and losses to the victims,” according to a Department of Justice statement.

Each face charges of conspiring to commit computer fraud and related activity in connection to computers, intentionally damaging a protected computer and transmitting a demand in relation to damaging a protected computer. Ahmadi faces an additional count of intentionally damaging a protected computer, the DOJ said.

The State Department’s Rewards for Justice announced rewards of up to $10 million each for information on the suspects’ location.


Quote:In the wake of the Uber hack, allegedly by an 18-year-old who claimed he pwned the company because it had weak security, the conversation in infosec circles quickly centered on how it could possibly have been so easy to compromise one of the world’s most valuable tech companies.
...
[He] told The New York Times late Thursday that they’d socially engineered an Uber employee to gain access to the company’s systems. Screenshots shared across Twitter and other platforms seemed to demonstrate the wide-ranging access the attacker achieved, including to Uber’s accounts with Amazon Web Services, Google Suite and HackerOne.

The attacker told Corben Leo, a researcher and developer, that they gained access to a privileged access management tool which, when queried, revealed the credentials for the range of services.

That relative ease...shows that this is a structural systems problem, not a problem at the individual employee level.
...
Bill Demirkapi, a researcher and security engineer with Microsoft, pointed out on Twitter that “the scope of the attack demonstrates another problem with centralizing authentication,” which is that “it can often be a single point of failure that can give attackers a wide variety of access, as we’ve seen in this example.”

If the details are accurate about how the attacker gained access, initially by spamming the employee with push-based multi-factor authentication requests, Demirkapi added, then this is not just an Uber problem. “The practices that led to their compromise are shockingly common,” he tweeted. “Vulnerable MFA is used everywhere, >60% of sites don’t even support hardware tokens.”

Similar attack methods were used in the recent breaches of Twilio, Okta and roughly 130 other companies, according to Group-IB, and experts say it’s a tactic on the rise.



RE: News of the Cyber World - Remi-chan - 09-19-2022

My my, aren't you cutting it a little close?

Don't think we didn't see you refreshing every ten minutes... Are you trying to give VVulfie a migraine?

That's pretty nasty, you know?


RE: News of the Cyber World - DerVVulfman - 09-19-2022

No kidding. YOU WAITED UNTIL LITERAL POST TIME


RE: News of the Cyber World - kyonides - 10-28-2022


Quote:Billionaire industrialist Elon Musk took over Twitter Thursday night and immediately fired several top executives, sending shockwaves throughout the social media platform.

CEO Parag Agrawal, CFO Ned Segal and head of legal policy, trust, and safety Vijaya Gadde were all fired after Musk had accused them of misleading him and investors over the number of fake accounts on the platform, a source with knowledge of the matter told FOX Business.

Editor-in-chief of The Federalist Mollie Hemingway described the firings as "An excellent start" to Musk's tenure in a tweet.

Co-Host of Breaking Points Saagar Enjeti posted emoji hands waving "bye" while retweeting a post of his from April where he had written that, "Vijaya Gadde, the top censorship advocate at Twitter who famously gaslit the world on Joe Rogan's podcast and censored the Hunter Biden laptop story, is very upset about the @elonmusk takeover."
...
Controversial tech columnist Taylor Lorenz tweeted, "It’s like the gates of hell opened on this site tonight."

Liberal academic and journalism professor Jeff Jarvis' reaction upon hearing the news was, "The sun is dark." Earlier in the day, he had warned, "This is an emergency! Twitter is to be taken over by the evil Sith lord."


Quote:A pro-Chinese government information operation is “aggressively targeting the United States” across a variety of fronts, including by attempting to discredit the U.S. democratic process and “discourage Americans from voting in the 2022 U.S. midterm elections,” researchers said Wednesday.
...
The activity represents a continued escalation from the 2020 elections, when top U.S. intelligence officials assessed that China did not deploy interference efforts and had “considered but did not deploy influence efforts” in an attempt to shape the outcome of election.
...
“We have seen DRAGONBRIDGE criticize American society via narratives regarding racial strife and social injustice,” the researchers said. “However, its targeting of the U.S. political system through attempts to discourage Americans from voting shows a willingness to use increasingly aggressive rhetoric.”

Last month Meta, the parent company of Facebook and Instagram, removed a small Chinese influence operation that used fake personas posing as Americans and promoting politically conservative causes while criticizing President Biden.

The campaign exposed Wednesday also pushed nonpolitical narratives, such as attempting to label a prolific and prominent pro-China hacking group as actually American, and alleging that the U.S. was responsible for the Nord Stream gas pipeline explosions in October 2022, the researchers said, mirroring Russian President Putin’s claims.


Quote:Cybercriminals used a pair of point-of-sale malware variants to steal more than 167,000 payment records from 212 infected devices mostly in the U.S., according to researchers with Group-IB.
...
Researchers estimate the information could be worth more than $3.3 million, highlighting how malware designed to steal information from credit card payment terminals remains a troubling concern.

Nikolay Shelekhov...identified a poorly configured command and control server for point-of-sale, or POS, malware MajikPOS in April 2022, researchers said in a report shared exclusively with CyberScoop.
...
The server and discover that it hosted a separate command and control administrative panel for Treasure Hunter, a separate POS malware variant, which also collects compromised card data.

The researchers’ analysis revealed that since at least February 2021 through Sept. 8, 2022, the operators had managed to steal payment records. Shelekhov told CyberScoop the researchers identified 11 victim companies in the U.S.
...
MajikPOS has additional features, the researchers said, such as a more appealing control panel, an encrypted communication channel with a command-and-control function and more structured logs. Treasure Hunter, on the other hand, contains records about the processes running in an operating system of the device from which the data was stolen, along with their names.



RE: News of the Cyber World - kyonides - 10-30-2022



Quote:New Twitter owner Elon Musk appeared to mock his company’s human resource bots after receiving a “management 101” notice.

Musk, who acquired the social media platform for $44 billion last week, posted what he said was an autogenerated message to him and mocked it.

“Hey Elon,” the automated message began. “It’s time to start Managing @Twitter (M101)!”

It added: “M101 covers what it means to be a good manager at Twitter by showing you how to create opportunities for impact, help your Tweeps grow their careers, and demonstrate care for your team.” The message added that Musk, who owns Twitter, has 30 days to complete the “mandatory course.”

“Just received this email from Twitter,” Musk wrote early on Sunday. “This is an actual, real email that was autogenerated.”
...
Meanwhile, Segal, Agrawal, and Gadde stand to receive separation payouts totaling some $122 million, research firm Equilar said on Friday.

Equilar, known for its research on executive compensation, valued Agrawal’s so-called “golden parachute” at $57.4 million, while Segal’s was $44.5 million and Gadde’s was $20 million. In addition to those payouts, the three executives will also receive a collective $65 million from Musk in exchange for shares they held in the company he has now taken private.


So did they really think they stood a chance to kick Musk out!? Laughing


RE: News of the Cyber World - kyonides - 11-02-2022


Twitter Inc will charge $8 for its Blue service, which includes its sought-after "verified" badge according to Twitter's new boss Elon Musk.

Quote:"Twitter's current lords & peasants system for who has or doesn't have a blue checkmark is bullshit. Power to the people! Blue for $8/month," Musk said in a tweet, adding that the price will be adjusted by "country proportionate to purchasing power parity."

Musk said blue-tick subscribers would get priority in replies, mentions and searches, and be able to post longer videos and audios, while dealing with half as many ads.

He also offered subscribers a paywall bypass from "publishers willing to work with us."
...
Amid speculations that Twitter may soon start charging verified users a monthly fee of $20 for blue ticks, bestselling author Stephen King tweeted: "If that gets instituted, I'm gone like Enron."

Separately, S&P Global Ratings downgraded Twitter to B- on "significant" debt increase following the acquisition.




Quote:An Experian product that allows organizations to verify customers’ identity could be exploited to expose partial Social Security numbers, a researcher found through testing several organizations that use the product.

The researcher, who asked to be identified only by the online handle Lucky225, first detailed the security issue in a September Medium post after finding it when trying to register for the Pacific Gas and Electric Company. Lucky225 contacted CyberScoop after identifying three additional clients using the same function — two healthcare companies and a state health agency’s vaccination verification system.

The problem with making it easy for bad actors to access a partial SSN is that those four digits provide a gateway for attackers to take over other services and devices.

“It is essentially the same as having your password,” Lucky225 explained.

For instance, attackers could use them to convince a phone company to port a victim’s cellphone number to a new device. The technique, known as SIM Swapping, allows cybercriminals to bypass two-factor authentication and gain access to everything from a target’s Twitter account to their bitcoin wallets.

PG&E removed the function in early September after being contacted by Lucky225.
...
Experian takes data from credit histories and public records and drafts a set of multiple-choice questions that hypothetically only the real person should be able to answer.

However, getting those questions to populate — and therefore the partial SSN — only took a name and current or former address. Lucky225 recreated his results experimenting with his own information and information from friends. In some cases, the form also asked for an alternate ID or account number but did not check if that number was authentic.

Lucky225 contacted Experian with concerns about the Social Security Number question in September but after an initial conversation, the company stopped responding. Experian did not respond to multiple requests for comment from CyberScoop.