News of the Cyber World

[kyonides]

George Floyd: Anonymous hackers re-emerge amid US unrest
https://www.bbc.com/news/technology-52879000

• Minneapolis police department website was temporarily taken offline over the weekend.
  
• A database of email addresses and passwords claiming to be hacked from the police department's system is also in circulation. Nevertheless, experts suspect those are outdated data only.
  
• A page on the website of a minor United Nations agency has been turned into a memorial for Mr Floyd, replacing its contents with the message "Rest in Power, George Floyd", along with an Anonymous logo.
  
• Anonymous activists are also circulating years-old accusations against President Trump, taken from documents in a civil court case that was voluntarily dismissed by the accuser before it went to trial.
  

The same Facebook page posted similar videos about UFOs and "China's plan for world domination" in recent weeks which - like the George Floyd video - feature an electronically-disguised voice discussing previously published news stories.

Well, I can't tell you UFO's really exist because they might be advanced technology developed by Earth's superpowers, but I'm glad Anonymous isn't blind and complained about China's destructive path for world domination.

Google delays Android 11 launch

https://www.bbc.com/news/technology-52877792

It was supposed to be launched in two days time but they suddenly changed their minds.

For developers, Android 11 has a tonne of new capabilities for your apps, like enhancements for foldables and 5G, call-screening APIs [application program interfaces], new media and camera capabilities, machine learning, and more.

We also need to wait till this Thursday to see if Sony will reveal any information on their launch games for their PS5.

Japanese IT services firm reveals hack affecting up to 621 corporate customers
https://www.cyberscoop.com/ntt-hack-japa...omer-data/
Hackers earlier this month breached the computer systems of Japanese data-management company NTT Communications...
NTT Communications, which powers data centers in more than 20 countries or regions, said the unidentified hackers had breached the company’s Active Directory server, a repository of network data, and used it as the focal point of their attack.
Their information should have left their network, meaning customers are at risk. This also means many of their projects and banking accounts might have been stolen as well.

Israeli official confirms attempted cyberattack on water systems
https://www.cyberscoop.com/israel-cybera...igal-unna/
Well, we have seen how hackers had targeted European, East Asian and American companies and institutions, now it was Israel's turn to face those criminals.

NSA calls out Russian military hackers targeting mail relay software
https://www.cyberscoop.com/nsa-advisory-...-software/
Did you think USA was safe in the cyberworld? Then let me tell you that NSA stated you're wrong. Russia might be picking you as their next target. They, the Sandworm, have been hacking US mails since last August, so far NSA is aware of. That group was behind the attacks against the Ukrainian power grid.

When Sandworm exploits the vulnerability, victim machines download and execute a shell script from a Sandworm-controlled domain, according to the NSA. The script then works to disable network security settings, add privileged users, and execute an additional script to allow further exploitation.
When the patch for the vulnerability was issued last year, there was “no evidence” anyone was actively exploiting it, according to Exim. Within weeks of the patch being issued, the Russian military hackers began their onslaught.

I hope you have applied the respective patch if you're using Windows.
US authorities had also linked viruses like NotPeya and Olympic Destroyer to Sandworm.

[kyonides]

PS5 Console and Games
https://www.bbc.co.uk/news/technology-53018000
The PlayStation 5 has a black core surrounded by white edging. Sony's machine will launch alongside Microsoft's rival Xbox Series X before the end of the year.

There's more than just better graphics and fast loading times
https://www.bbc.com/news/technology-53017909
PS5 includes 3D audio, more space and SSD cards as well. You might purchase a digital version of the console or get one with the usual Blu-Ray disc drive. Don't get surprised if it's larger than the PS4.  
Stuff like Its gamepad or how it works and reacts to a player's input is still a mystery.

"Rename RuboCop" Rubygem Drama and what its author thinks about that
https://metaredux.com/posts/2020/06/08/t...redux.html

Yeah, that anti-cop feeling lurking around several US cities has reached the Ruby world as well.
Now it seems that including terms like cop or police makes your rubygem (a Ruby extension) look BAD. Oh really?

[kyonides]

India bans TikTok, WeChat and dozens more Chinese apps
https://www.bbc.com/news/technology-53225720

In a statement, it said the apps were "prejudicial to sovereignty and integrity of India, defence of India, security of state and public order".
In total, 59 different apps were banned - including popular messaging app WeChat.
It follows weeks of escalating tensions along the disputed border between the two countries.

Well, you gotta recall they passed a law requiring Chinese and foreign companies to provide the military with intel...
There's no guarantee that those apps won't be used to spy on you, even if you're not their main target.  
Plus, there's also a chance your phone can be hacked a la Zoom...

India's Ministry of Information Technology said it was banning the 59 Chinese apps after receiving "many complaints from various sources" about apps that were "stealing and surreptitiously transmitting users' data in an unauthorised manner".
"The compilation of these data, its mining and profiling by elements hostile to national security and defence of India, which ultimately impinges upon the sovereignty and integrity of India, is a matter of very deep and immediate concern which requires emergency measures," the ministry said.

Oh wait a second! It was not a mere theory but a fact!

[kyonides]

European police crack encrypted phone network, arrest hundreds of alleged criminals
https://www.cyberscoop.com/encrochat-enc...drug-bust/
If you ever thought USA was the only nation cracking phones to further a criminal investigation, let me tell you that you're seriously wrong about that! And the total number of messages doesn't seem to be a problem either.

Law enforcement agencies in France, the Netherlands and the United Kingdom on Thursday announced hundreds of arrests of alleged drug dealers and other criminals in a major bust made possible by cracking an encrypted phone network.
European police officials said they broke into the platform of EncroChat, a bespoke encrypted messaging service, in April and had been quietly reading the messages ever since.
The Dutch police claimed they were able to read 20 million messages on EncroChat since April. That led to the seizure of more than 17,000 pounds of cocaine. In the United Kingdom, 746 people were arrested and more than $67 million in cash seized, officials said.
EncroChat had promised its users anonymity by never storing decryption keys on its servers. A “kill code’” allowed phones to be wiped remotely...

That last part sounds terrifying indeed for they pretended to let them commit the perfect crime.

Pandemic and Stalkerware
https://www.cyberscoop.com/stalkerware-p...-violence/

Security researchers tell CyberScoop that data show a rise in invasive surveillance software known as stalkerware — applications that can spy on partners’ texts, calls, social media use and geolocation information — since the coronavirus pandemic began, despite the fact that abusers are much more likely to be sharing the same living space as their victims.
Three antivirus companies tracking stalkerware globally told CyberScoop they saw an increase in stalkerware detections just after governments at all levels put social distancing measures in place. Between January and May, for instance, California-based Malwarebytes and Germany-based Avira said stalkerware detections on their respective customers’ devices spiked by 190% and 99%, respectively. Slovakia-based ESET also found stalkerware detections rose from the fourth quarter of 2019 to the first quarter of this year.

Who could tell you could be spied even at home? Especially by someone around you.

Facebook reinstates NSO Group employee accounts amid ongoing lawsuit
https://www.cyberscoop.com/facebook-nso-...-whatsapp/

Moroccan journalist targeted by NSO Group spyware, Amnesty International says
https://www.cyberscoop.com/nso-group-spy...i-morocco/

Amnesty International said Sunday its security team found evidence of abuse on a Moroccan journalist’s cell phone that can be tied back to spyware developed by NSO Group.

The journalist, Omar Radi, was targeted by surveillance software capable of tracking texts, calls, emails, camera, and more — just days after NSO Group, the Israeli surveillance software company, announced it would stop its products from being used to perpetuate human rights abuses, according to Amnesty International.

And even so Facebook reinstated those NSO Group accounts.
Then you wonder why companies wanted to boycott that social media site.

"Unknown Company" that Handles Most of Cloud Services Compromised?
https://www.cyberscoop.com/cyber-command...rity-flaw/ 

BIG-IP is among the most popular networking gear in use today in government systems, internet service providers and cloud computing data centers.
Traffic Management User Interface (TMUI), which can enable load balancers, firewalls, rate limiters and web traffic shaping systems. Attackers who exploit the weakness can execute arbitrary system commands, create files, delete files or disable services.
The Department of Homeland Security’s cybersecurity agency also advised administrators to update their F5 systems on July 4.

If you didn’t patch by this morning, assume [you are] compromised. Keep patching and check logs.

It sounds incredibly dangerous for any nation's cybersecurity indeed. Especially now that we depend on the internet even more than ever...

FCC officially names Huawei and ZTE as national security risks
https://www.cyberscoop.com/fcc-huawei-zte-espionage/
Just in case you didn't know this, here's a friendly cyber reminder of how some Chinese products and even whole companies might be more dangerous than we first thought.

The U.S. Federal Communications Commission has designated Chinese telecommunication providers Huawei and ZTE as national security risks, a decision that officially prohibits American phone companies from purchasing their equipment with government subsidies.

If you think this is just Trump's viewpoint and nothing else, you better read the following article as well.

The companies are subject to a Chinese law that requires firms to provide authorities with sensitive data, even if they’re unwilling to do so.

Just in case you didn't know that by now.

Huawei: UK government weighs up ban of Chinese firm's telecoms kit
https://www.bbc.com/news/technology-53306809

The government has received a report into Huawei that is likely to change its policy over the Chinese firm's role in the UK's telecoms networks.
Digital Secretary Oliver Dowden said GCHQ's National Cyber Security Centre had delivered its findings.
NCSC is believed to have said it can no longer assure the security of Huawei's products because of new US sanctions.
China's ambassador to the UK has warned that if the country got rid of Huawei, it would send out a wider message about its openness to foreign investment.
The risk is that as a consequence Huawei would have to start sourcing chips from elsewhere, which UK security officials might not be able to properly vet.

Yeah, who could know where they're gonna find those new chip providers or manufacturers... I hope they won't force Uighurs to make them. Even so 2 companies asked them to let them remove Huawei's technologies over a period of roughly 10 years.
10 YEARS!? Do they want their customers to get their data stolen during that lengthy  period of time!?


Chinese mobile surveillance of Uighurs more pervasive than previously thought, researchers say
https://www.cyberscoop.com/china-surveil...g-lookout/
Speaking of Uighurs, here they've become China's favorite target as of late.

Like Android-focused surveillance kits before them, the malicious software is capable of stealing sensitive data on target phones and turning them into listening devices, according to mobile security firm Lookout, which made the discovery.
Some of the hacking tools have been in use for more than five years, but Lookout pieced them together into a vast spying effort tied to the Chinese government.
The Chinese government has detained more than 1 million ethnic minorities, many of them Uighur Muslims, in prison camps in the name of “counterterrorism” and security — repression that human rights groups have denounced. The surveillance campaigns tracked by Lookout extend far beyond China. The hacking kits appear to have been used against people in 14 countries, the researchers said, from Pakistan to Turkey. Most of them are Muslim-majority and on a list of “sensitive countries” where Chinese authorities closely track the movements of travelers from Xinjiang.

And you really wanna think Chinese companies can't do the same to spy on you over your dear cellphone? They're already spying foreign countries just like that!

[kyonides]

D-Link Routers Compromised
https://www.cyberscoop.com/d-link-home-r...-networks/
Have you an ethernet connection? Did you buy or lease some D-Link router? Then this news article might be of special interest. It seems that you gotta apply several fixes to prevent hackers from stealing your credentials!
Obviously, that doesn't mean intruders will stop right there. They could even cause Denial of Service attacks against servers. Yes, they can also play with your DNS to route you straight to their sites full of malware. OK, they could also make you feel like an accomplice by uploading malware to any website. Practically they could even impersonate you, steal or directly spend your money, post stuff on social media, etc.

What's funny about this is that the company behind the discovery of such security flaws, Palo Alto, has been questioned for being insecure as well. Just take a look at the article I provided below.

Palo Alto's Very Own Security Flaw
https://www.cyberscoop.com/cyber-command...rks-patch/

Netgear routers are unsafe as well
https://www.cyberscoop.com/netgear-remot...grimm-zdi/
First D-Link and now Netgear joins this nefarious list of companies that are forced to release patched for flaws that could let outsiders steal or bypass your credentials as well.

An specialist even claimed that a hacker could inject javascript code to your web browser to gain such access to your router. So they don't really need to even find your device via a Wi-Fi connection.

Federal agencies recommend blocking Hong Kong-US undersea cable over national security concerns
https://www.cyberscoop.com/team-telecom-...cable-fcc/
I know this sounds extremely crazy but knowing we can't count on Hong Kong as the only democratic oasis in China any longer, it starts making some sense. Besides they already revealed the ownership of the PLCN (the undersea cable connecting Hong Kong and US) is linked to the Chinese company Dr. Peng Telecom & Media Group Co. Ltd., who's supposedly its legal owner, can be manipulated by the Chinese government, and that might not be just a conspiracy theory. We already learned about how China passed that cyber espionage law a couple of years ago...
At the end, Google and Facebook would need to properly control the portions of the cable that connect US with Taiwan and Philippines.

Chrome Extensions Filled with Spyware
https://www.cyberscoop.com/chrome-spywar...y-galcomm/

A sweeping set of surveillance campaigns has hit Google Chrome users, leading to nearly 33 million downloads of malicious software in the last three months.
The researchers believe the unidentified hackers used Chrome extensions and other malicious tools — along with domains issued by a single registrar — to spy on computer users in sectors such as oil and gas, finance and health care.
U.S. government contractors were among those targeted.

Only after another company warned Google about this issue, they finally got rid of 70 malicious extensions from its store. Before they did that, hackers could take screenshots of your favorite apps and steal your credentials. They even dared to add code to the open source browser Chromium!

Now even an Israel based company in charge of keeping domain registries secure has been questioned for its own lack of security measures to prevent ill domain registration requests from ever being approved!

Bad News for Melana and her fellow German forumers!

Hackers target senior executives at German company procuring PPE
https://www.cyberscoop.com/germany-ppe-c...ckers-ibm/

Unknown hackers began their intensive phishing campaign to infiltrate at least one of nine firms. Those companies are related to testing facilities, enterprises focused on vaccine research and some dedicated to manufacture or procure PPE to protect people from viruses.
In essence it seems they wanted to disrupt the German coronavirus related supply chain!
They had targeted an executive of an European bio-pharmaceutical company already.

[kyonides]

Hollywood needs videogames
https://www.bbc.com/news/business-51799504

Kim Libreri, an award-winning visual effects artist based in Northern California, has worked on movies including Artificial Intelligence and War of the Planet of the Apes.
For nine years he has been working with a piece of technology better known for computer games, in particular the smash-hit Fortnite.
The Unreal Engine, owned by Epic Games, provides the building blocks and tools that a computer game developer needs, but is increasingly an attractive technology for TV and film producers.

Who would ever say that Hollywood would end up depending on a game engine!?


That expert even claims that the creative staff, including the director and the technicians, can collaborate efficiently by using such an engine.

Germany seizes server hosting pilfered US police files
https://apnews.com/ab0a5f01a0bcdd4da347ba6763dcab61

The data, dating back to 1996, include emails, audio and video files and police and FBI intelligence reports. DDoSecrets founder Emma Best said the data, dubbed “BlueLeaks,” comes from more than 200 agencies. It has been stripped of references to sexual assault cases and references to children, but names, phone numbers and emails of police officers were not redacted.

One thing is to investigate cases and another one is to just leak cops' names endangering them and their relatives as well. Plus they didn't get an informant working at a station to tell them what he or she found strange, they simply breached Houston's police servers to snatch as many files as it pleased them! Then DDoSecrets just grabbed them without making any questions!
Plus they relied on a server located in Falkenstein, Germany!
Seriously, I can't believe that organization isn't involved in that data breach one way or another. It's just too convenient to claim they just published it in the best public interests.

[kyonides]

TikTok: Amazon says email asking staff to remove app 'sent in error'
https://www.bbc.com/news/business-53370736

This morning's email to some of our employees was sent in error. There is no change to our policies right now with regard to TikTok.
But earlier on Friday, a memo sent to staff seen by multiple news outlets stated that the app must be removed from mobile devices.

Now Amazon is sending mixed messages as of late. I fear they didn't wanna make China impose some sort of sanctions against them.
It seems it's a good time to double check who exactly might have invested heavily in Bezos's company in the last couple of years.

[kyonides]

Twitter Bitcoin and Hackers
https://www.bbc.com/news/technology-53425822
Do you own a Twitter account?
You better check if you got scammed via a bitcoin payment.
People like Elon Musk, Jeff Bezos and Bill Gates were affected by this terrible hack.

The US Senate Commerce committee has demanded Twitter brief it about the incident next week.
Twitter said it was a "co-ordinated" attack targeting its employees "with access to internal systems and tools".
The UK's National Cyber Security Centre said its officers had "reached out" to the tech firm.

Curiously, Trump's account was not part of this messy business.
By the way, Instagram has an account that might be closely related to that very same cyberattack.

The Guy Behind the Scam
https://krebsonsecurity.com/2020/07/whos...tter-hack/
At least we could say they've got a suspect. Bad news are that he wasn't the only one involved there.

[kyonides]

Next time you ever think China does not imprison their own people and cannot do the same to foreigners, you better think it 1000 times.

2017: BBC Reporter John Sudworth was arrested thanks to the facial recognition system
https://techcrunch.com/2017/12/13/china-...-reporter/

China has the largest monitoring system in the world. There are some 170 million CCTV cameras across the country, and that’s tipped to grow more than three-fold with 400 million more set to be installed by 2020.

Yeap, that is exactly what they used to lockdown entire cities and know what people was doing. Of course, cellphones with their GPS feature are their accomplices as well. And Uighurs know that first hand.

Of course, the reporter did not stay in prison for it was a test of their surveillance system. Once again keep in mind they can now arrest pretty much anybody at any given time. You don't believe me!? Well, read one of the articles I posted on News of the World and you will see how RECENTLY they have been using this system to abuse of civilians like those poor Hong Kongers.

[kyonides]

Garmin Has Been Hacked!
https://www.cyberscoop.com/garmin-ransom...tedlocker/
Fine, you might know pretty much nothing about Garmin but they might know you very well by now...
They make GPS related devices and they couldn't keep them safe. A source once said customers weren't affected by this breach, but can we believe them?
Especially when the group behind this calls itself Evil Group. Yeah, they do care a lot about ethics...
I don't know how they forgot they were demanding a ransom from the very beginning!


Do you live in New York? Or your insurer's headquarters are located in NYC or nearby?
If so you might need to read the article below...  

Insurer's Huge Data Exposure
https://www.cyberscoop.com/first-america...s-charges/


Department of Homeland Security Confirms Attacks
https://www.cyberscoop.com/cisa-f5-vulne...-response/
Through its CISA division they have corroborated hackers were targeting federal and private networks.  

VHD and the Lazarus Group
https://www.cyberscoop.com/north-korea-r...ersky-vhd/
Nope, it's not some HD video or channel or anything the like.
Actually it's a ransomware produced by North Korean hackers. Yes, they might wanna steal your money under your very same noses.
Victims have been located in France and Asia so far...

Walgreens Data Exposure
https://www.cyberscoop.com/walgreens-rob...alth-data/
Criminals have managed to collect customers' health insurance and vaccination information only, according to their sources at least.

Islamic State and Telegram
https://www.cyberscoop.com/islamic-state...m-europol/
If you have never heard about Telegram before, let me tell you it is an open source version of WhatsApp.
Now Europol and US military are striking ISIS hard and Telegram seems to have joined them now. They shut down lots of suspicious accounts recently.
Sadly that doesn't seem to make IS stop spreading propaganda, no matter how difficult it has become as of late.

How did Hackers breach Twitter's systems?
https://www.cyberscoop.com/how-twitter-h...d-bitcoin/

Twitter says the people who took over the accounts of high-profile users in order to launch a bitcoin scam used tactics focused on phones to trick company employees into giving them access.

Gullible stays short here... Only morons would provide them with such access without confirming it once or twice or as many times as needed.
Oh they contacted us by phone!
So what? If they ever tell you they're demons, is that enough for you to believe them!?
Let's hope Twitter gets punished for letting hackers scam people with their bitcoin fraud stratagem. But it's gotta be quite hard to achieve that goal indeed.

Twitter Hacker Arrested!
https://www.cyberscoop.com/accused-twitt...n-florida/
Well, at least US authorities are moving fast.
It seems he loved the idea of spending his ill earned money in Florida...  

European Union sanctions several Cyber Criminals
https://www.cyberscoop.com/eu-sanctions-...rth-korea/
They are Russian, Chinese and North Korean.

EU officials announced Thursday they would enact restrictive measures against the people it deemed responsible for the WannaCry ransomware outbreak in 2017, the NotPetya campaign and Operation Cloud Hopper, a Chinese cyber-espionage effort. Penalties include a travel ban, asset freeze and prohibit people and organizations in the EU from “making funds available” to the sanctioned individuals and entities.

Obviously they've got no plans to travel to EU in the next couple of months or years.