08-14-2020, 07:25 AM
TikTok users VOLUNTARILY giving their data to China
https://www.cyberscoop.com/tiktok-justic...hn-demers/CyberScoop Wrote:that China could use the 2014 and 2015 hacks of the Office of Personnel Management and health care insurer Anthem to build data profiles on Americans for intelligence recruitment.
Assistant Attorney General for National Security John Demers Wrote:You have an instance of Americans voluntarily signing onto this product as opposed to the Chinese stealing the data or the Chinese buying the data and that’s what the recent executive order was meant to address.
As you may already know, President Donald Trump that will ban transactions with ByteDance, TikTok’s owner based in China, and Tencent starting September 20.
Assistant Attorney General for National Security John Demers Wrote:Chinese [government] appetite for large volumes of sensitive personal data.
99% of that data they will not be interested in from a counterintelligence perspective.
But once they’re interested in somebody… they can mine those existing data sources to find out what that person’s financial life is like, what their health life is like, what they’re married life is like.
That sounds quite serious indeed. Some "independent" research firm stated TikTok was doing nothing wrong.
Some Wall Street Journal's article disagree with the firm. They found out the app collected unique identifiers from millions of mobile devices running the Android operating system, an apparent violation of Google Play store terms.
NSA, FBI publicize hacking tool linked to Russian military intelligence
https://www.cyberscoop.com/russian-milit...e-fbi-nsa/With a malware Russians dubbed Drovorub allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities.
CyberScoop Wrote:The U.S. intelligence community has assessed that multiple foreign governments may “seek to compromise our election infrastructure.”
Do you still think Russia can't be that evil?
Very well, then go ahead and read this report published last month concerning RUSSIA attacking institutions dedicated to the coronavirus research. The United States, United Kingdom and Canada are sustaining their collective claims.
Russian government hackers targeting coronavirus vaccine research
https://www.cyberscoop.com/coronavirus-v...ear-apt29/CyberScoop Wrote:The Russian government hacking group known as Cozy Bear or APT29 has been targeting coronavirus vaccine research, U.K., U.S., and Canadian government officials said Thursday morning.Cozy Bear?
CyberScoop Wrote:The hacking is aimed predominantly at “government, diplomatic, think-tank, healthcare and energy targets,” the NCSC said in the assessment.
Why are they desperate to grab such information!? I'm letting John Deemers explain it.
Assistant Attorney General for National Security John Demers Wrote:Whatever country’s or companies’ research lab is first to produce that is going to have a significant geopolitical success story. We are very attuned to increased cyber intrusions to medical centers, research centers, universities — anybody that is doing research in this area.
Besides Russia and Estonia are behind the attacks. Some of them are the WellMail and WellMess malwares.
But how did they try to breach the systems?
NCSC Wrote:In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organisations. The group then deployed public exploits against the vulnerable services identified.
WellMess allows them to execute arbitrary shell commands, like those you'd almost never enter in a CMD window, and download and upload files. Even the corresponding Japanese agency reported the existence of the WellMess malware.
WellMail could allow attackers to run commands with results sent to a hardcoded command and control server, the NCSC said.
Err, when they say hardcoded, they usually mean that's embedded in their code and it's not configurable, it's not supposed to change. Probably they believe they've got a great chance of successfully breaching the system this way. Running a server either locally via their malware or even remotely is something that your PC should NEVER let it happen.
Even if pretty much everybody knows this at this point, things aren't that easy in real life.
Windows Print Spooler can be hacked
https://www.cyberscoop.com/windows-print...black-hat/Yes, it has to do with the very same SERVER that handles print requests, especially at any office building. So if they make the WellMail locate it and exploit it, they'd pretty much take control of the whole network. Why am I so sure about it? Because this vulnerability has been present in Windows since the days of Windows 2000!
Nope, guys, Windows 10 still HAS this very same vulnerability. At the time CyberScoop had published the article, there was no fix available to prevent the bad guys from taking advantage of its decades old code.
"For God has not destined us for wrath, but for obtaining salvation through our Lord Jesus Christ," 1 Thessalonians 5:9
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE
Maranatha!
The Internet might be either your friend or enemy. It just depends on whether or not she has a bad hair day.
My Original Stories (available in English and Spanish)
List of Compiled Binary Executables I have published...
HiddenChest & Roole
Give me a free copy of your completed game if you include at least 3 of my scripts!
Just some scripts I've already published on the board...
KyoGemBoost XP VX & ACE, RandomEnkounters XP, KSkillShop XP, Kolloseum States XP, KEvents XP, KScenario XP & Gosu, KyoPrizeShop XP Mangostan, Kuests XP, KyoDiscounts XP VX, ACE & MV, KChest XP VX & ACE 2016, KTelePort XP, KSkillMax XP & VX & ACE, Gem Roulette XP VX & VX Ace, KRespawnPoint XP, VX & VX Ace, GiveAway XP VX & ACE, Klearance XP VX & ACE, KUnits XP VX, ACE & Gosu 2017, KLevel XP, KRumors XP & ACE, KMonsterPals XP VX & ACE, KStatsRefill XP VX & ACE, KLotto XP VX & ACE, KItemDesc XP & VX, KPocket XP & VX, OpenChest XP VX & ACE