News of the Cyber World

[kyonides]

Toshiba Stops Making Laptops

https://www.bbc.com/news/technology-53721016
Sharp has purchased all of its computer making division so your PC's or laptops might be the last ones you'd ever get from now on. Even if you find a store selling a laptop at a good price... You better think it twice before buying it. I can't guarantee you'll be able to find parts in the next couple of years.  
Plus Toshiba had reported a $318 million loss in 2015 so support might be dropped at any moment as well.
The article doesn't mention anything about Sharp's plans for laptops.

[kyonides]

North Korean hackers are targeting Israel's defense sector

https://www.cyberscoop.com/north-korea-h...l-defense/
Their favorite method would be sending fake job offers to Israeli soldiers according to the Israeli Defense Minister. These hackers might belong to the Lazarus Group and they're using LinkedIn to send the fake offers. They've been impersonating CEOs and top officials at multinational companies to run their scam.

The US Department of Justice had reported they'd learned about spearphishing emails sent to Lockheed Martin's employees. Their goal was their computer systems and all the data they could steal from them.

McAfee prefers to blame Operation North Star for the attacks.

[kyonides]

TikTok users VOLUNTARILY giving their data to China

https://www.cyberscoop.com/tiktok-justic...hn-demers/

that China could use the 2014 and 2015 hacks of the Office of Personnel Management and health care insurer Anthem to build data profiles on Americans for intelligence recruitment.

You have an instance of Americans voluntarily signing onto this product as opposed to the Chinese stealing the data or the Chinese buying the data and that’s what the recent executive order was meant to address.

As you may already know, President Donald Trump that will ban transactions with ByteDance, TikTok’s owner based in China, and Tencent starting September 20.

Chinese [government] appetite for large volumes of sensitive personal data.
99% of that data they will not be interested in from a counterintelligence perspective.
But once they’re interested in somebody… they can mine those existing data sources to find out what that person’s financial life is like, what their health life is like, what they’re married life is like.

That sounds quite serious indeed. Some "independent" research firm stated TikTok was doing nothing wrong.

Some Wall Street Journal's article disagree with the firm. They found out the app collected unique identifiers from millions of mobile devices running the Android operating system, an apparent violation of Google Play store terms.

NSA, FBI publicize hacking tool linked to Russian military intelligence

https://www.cyberscoop.com/russian-milit...e-fbi-nsa/
With a malware Russians dubbed Drovorub allegedly hacked the Democratic National Committee in 2016 and frequently target defense, government, and aerospace entities.

The U.S. intelligence community has assessed that multiple foreign governments may “seek to compromise our election infrastructure.”

Do you still think Russia can't be that evil?
 
Very well, then go ahead and read this report published last month concerning RUSSIA attacking institutions dedicated to the coronavirus research. The United States, United Kingdom and Canada are sustaining their collective claims.

Russian government hackers targeting coronavirus vaccine research

https://www.cyberscoop.com/coronavirus-v...ear-apt29/

The Russian government hacking group known as Cozy Bear or APT29 has been targeting coronavirus vaccine research, U.K., U.S., and Canadian government officials said Thursday morning.

Cozy Bear?

The hacking is aimed predominantly at “government, diplomatic, think-tank, healthcare and energy targets,” the NCSC said in the assessment.

Why are they desperate to grab such information!? I'm letting John Deemers explain it.

Whatever country’s or companies’ research lab is first to produce that is going to have a significant geopolitical success story. We are very attuned to increased cyber intrusions to medical centers, research centers, universities — anybody that is doing research in this area.

Besides Russia and Estonia are behind the attacks. Some of them are the WellMail and WellMess malwares.

But how did they try to breach the systems?

In recent attacks targeting COVID-19 vaccine research and development, the group conducted basic vulnerability scanning against specific external IP addresses owned by the organisations. The group then deployed public exploits against the vulnerable services identified.

WellMess allows them to execute arbitrary shell commands, like those you'd almost never enter in a CMD window, and download and upload files. Even the corresponding Japanese agency reported the existence of the WellMess malware.

WellMail could allow attackers to run commands with results sent to a hardcoded command and control server, the NCSC said.
Err, when they say hardcoded, they usually mean that's embedded in their code and it's not configurable, it's not supposed to change. Probably they believe they've got a great chance of successfully breaching the system this way. Running a server either locally via their malware or even remotely is something that your PC should NEVER let it happen.
Even if pretty much everybody knows this at this point, things aren't that easy in real life.  

Windows Print Spooler can be hacked

https://www.cyberscoop.com/windows-print...black-hat/
Yes, it has to do with the very same SERVER that handles print requests, especially at any office building. So if they make the WellMail locate it and exploit it, they'd pretty much take control of the whole network. Why am I so sure about it? Because this vulnerability has been present in Windows since the days of Windows 2000!

Nope, guys, Windows 10 still HAS this very same vulnerability. At the time CyberScoop had published the article, there was no fix available to prevent the bad guys from taking advantage of its decades old code.

[kyonides]

Do you love playing Fortnite?

Then read this!

https://www.bbc.com/news/technology-53777379
Because Epic Games preferred to offer a discount bypassing Apple's and Google's policies on revenues, both of them removed Fortnite from their stores!
They usually get a large cut, 30% to be exactly, but they refuse to let people download and install it on their devices if it's not via their stores.
Epic Games even tried to convince manufacturers like OnePlus and LG to preinclude the game or implement a separate store so people could purchase it "directly" from Epic. Google, the evil corporation, has blocked such efforts forcing anybody negotiating with Epic Games to reject the proposals.
Thus Epic Games had to filed a complaint against Apple and Google in California. EG claims they're trying to keep the control of their monopoly. Instead of a compensation they asked for offering Apple's and Google's customers a better deal by respecting their rights.

Here's Google's position on this topic.

The open Android ecosystem lets developers distribute apps through multiple app stores.
For game developers who choose to use the Play Store, we have consistent policies that are fair to developers and keep the store safe for users.

Safe they said!? Did they forget I've reported how they let THOUSANDS of malware get distributed via Play Store!?

Apple's reaction pretty much consists of asking Epic Games to resolve the violations before they can come back to them.

[DerVVulfman]

I guess you didn't see the advert they had of people freed of an oppressive regine, the leader they are overthrowing being a man with an 'APPLE' for a head.

There's rumors that the next version of Fortnite may not be available for APPLE if they continue this intended monopoly.

[kyonides]

IcedID The Banking Trojan

If you recall the story of the fall of Troy according to Homer, if I remember clearly, anything related to Trojans aren't good at all.

https://www.cyberscoop.com/icedid-bankin...reat-labs/

In one case, fake invoice emails from student tutoring company, PrepNow, were sent to customers laced with malicious .zip attachments. Those email addresses, Juniper Threat Labs says, were previously compromised.
PrepNow did not immediately return request for comment.
If victims click through the .zip file, they will be presented with a manipulated Microsoft Word document requesting they enable macros. If they do so, they will be targeted with the new second stage downloader, the malicious DLL, which will download the next malicious component of the attack, the IcedID malware.

You see they even made the ZIP file password protected!
No matter if the email says it comes from a known source and you need to download and open that file, make sure it's not virulent!
Is it a Word document or an Excel spreadsheet? Is it asking you to enable macros?  
You better scan it many times if deemed necessary... or fear the IcedID!

I wish it were some Iced Tea instead.

Even so I'll leave you, lazy readers, another sign of danger the email might include.

But for people who have some sort of awareness about phishing, the email body is too minimalist to not trigger suspicion.

Still, Hadad claims they should have stopped for good. Let's hope he isn't wrong about this.

[kyonides]

Vishing is on the Rise

also known as Voice Phising

FBI and CISA warn Americans about strange phone calls that might sound quite familiar to you if you currently depend on a VPN, a kind of secure tunnel, to connect to a remote server commonly located at your company's headquarters.

What you should expect to hear from these scammers

You first get a call from a stranger that pretends to be your coworker or the IT guy that somehow learn about your "incorrect setup" or "outdated software" or anything like that to connect to your company's network.

Then he tricks you into either giving away your credentials either by telling him what your username and password are over the phone or by opening a fake website that might look similar to any VPN website you might opened while working at home.

At this point it's too late for you and the company! They've already managed to break into their systems thanks to your naive attitude.  

The agencies have been telling companies to implement some ID verification system that might let them discard such phone calls right away in an attempt to keep your connections secure.

https://www.cyberscoop.com/fbi-cisa-aler...edentials/

[kyonides]

Is Apple Attempting to Cripple Unreal Engine?

Besides having filed a suit against Apple, Epic Game's popular videogame Fortnite held its #FreeFortnite Cup Sunday.
They claimed that Apple threatened to close their company's developer accounts and Apple's development tools.

Such an issue isn't just affecting Epic Games alone. Please feel free to read Kevin Gammill's thoughts on this matter.

"For game creators in the later stages of development utilizing Unreal Engine and targeting the iOS and/or macOS platform, Unreal Engine’s sudden loss of support for iOS and macOS would create significant costs and difficult decisions," Gammill added. "The creator would have significant sunk costs and lost time using Unreal Engine for game creation, and would have to choose between (a) starting development all over with a new game engine, (b) abandoning the iOS and macOS platforms, or © ceasing development entirely."

Who'd like to spend lot of time and money then? It's like asking Lani or Wulfo or even me to stop developing our games in RM because they wanna decommission it out of the blue. No matter what's the engine you've picked, why should you be forced to accept policies that might prevent you from selling your game or some in game services if you feel like you need to do it? Gladly, Kadokawa doesn't control an extremely large slice of the gaming market, not outside of Japan at least. Even so why do Apple or Google think they can impose their conditions like getting about some 30% cut of all revenues?

I really hope some judges stop them for good before they amass too much power.

Here's the full article.
https://www.foxbusiness.com/media/epic-g...eal-engine

[kyonides]

Elon Musk confirms that attempted Russian ransomware attack was aimed at Tesla

https://www.cyberscoop.com/tesla-ransomw...sk-russia/
Last month, the weird Musk accepted that Tesla, located in Sparks, Nevada, was attacked by hackers, kind of. He thanked the FBI for stopping them.

The U.S. Department of Justice on Wednesday announced that police had arrested a Russian man accused of offering $1 million to an unnamed person to hack their employer. The plan was to infect the company’s factory, based in Sparks, Nevada, with malware, then direct a distributed denial-of-service attack against its services, knocking it offline. When the victim ultimately paid an extortion fee, attackers’ logic went, hackers would split the proceeds with the inside source.

They fooled the guy by asking him to meet in Los Angeles where he was arrested.

TikTok scrubs ads promoting diet pills, fake apps after Tenable report

https://www.cyberscoop.com/tiktok-securi...le-report/

The video-sharing app, which claims some 49 million daily active users in the U.S., said Thursday it removed an array of advertisements from its central #ForYou page that marketed suspicious diet pills, fake mobile apps and other inauthentic services.

Do you still think TikTok is secure?

TikTok classifies more than a third of its 49 million daily users in the U.S. as 14 years old or younger, raising questions about whether the company is doing enough to safeguard their data, according to the New York Times. Without years of experience navigating digital services for common fraud tactics like phishing or suspicious ads, children may be more susceptible to social media scams.
Tenable researchers suggested that the number of malicious advertisements on TikTok’s #ForYou section, a main page where users discover new content, indicates weaknesses in the moderation process.
The recommended app, Super Expense, actually is called iMoney, researchers found.
The iMoney app urges users to provide a picture of their driver’s license, a move that would expose their name, home address, driver’s license number and other personal details.

Meanwhile they get their money "indirectly".

Norway and Hackers
https://www.cyberscoop.com/norway-parlia...berattack/

Some unnamed actor hit their parliament and stole some of their records by taking control over their mail accounts. The attackers managed to download it.
Could they be Russians? Curiously Norwegians are getting used to foreign cyber attacks.

Unknown Router vendor has patched some zero-days, but leaves others wide open
https://www.cyberscoop.com/mofi-networks...cal-start/
It's a Canadian company called MoFi Network. A cyber security expert found 10 previously undisclosed vulnerabilities in the device that, if exploited, could allow attackers to steal passwords and data from networks running the vulnerable routers, including VPN credentials and API keys.

In MoFi’s case, the remediation process is not yet complete, according to Mirch. The company initially fixed some of the vulnerabilities, but it also introduced new bugs when it updated the firmware, he said. Those includes a vulnerability that could allow an attacker to remotely inject code on a device. In correspondence with Mirch reviewed by CyberScoop, a MoFi engineer argued that the remote access features the company introduced were necessary for customer support.

Silly, be careful!

By the way, Cisco is also running like a mad man as of late.

Cisco says it will issue patch ‘as soon as possible’ for bugs hackers are trying to exploit

https://www.cyberscoop.com/cisco-ios-xr-...ies-patch/

Unidentified hackers are trying to exploit critical vulnerabilities in router software made by Cisco.
The bugs could allow an attacker to remotely deny service to a device running the software or exhaust the memory on the device. That could destabilize interior and exterior routing protocols on an affected network.
Justin Elze, a principal security consultant at security company TrustedSec, pointed out that in order for the vulnerability to be exploited, a protocol known as IGMP needs to be enabled. That protocol is less common in enterprise networks and tends to be used by cable TV networks to do video streaming, he said.

So this isn't just about routers but cable TV networks as well.

[kyonides]

Voatz + Hackers + US Supreme Court

That's not a good sum or mix indeed.  

https://www.cyberscoop.com/voatz-cfaa-su...ty-voting/

As a summary, Voatz is a company focused on letting users vote online via their cellphones. Last March the HackerOne group broke relations with Voatz. The reasoning behind this move was that Voatz wants to be able to sue them if they keep trying to vulnerate its mobile app. It believes that "uninvited" hackers should not mess with their software. The hackers tells us a totally different story where they see hacking as ethical for they just alerted Voatz of several bugs its app includes nowadays. The app company disagrees and made a request to the US Supreme Court to not make any modifications to the 1986 law that currently criminalizes any hacking that vulnerates computers without the owner's previous consent. So far Voatz motivations sound relatively logical and acceptable.

The thing is that HackerOne plus any other "independent" hacker or group would have almost no "job" to do anymore. You see, a company doesn't hire hackers every other day or so. There are other hackers that irrupt in a network without warning only to claim later they might release the information they extracted if their target doesn't contact them in a timely manner. Some people just do it for free and soon post their outcome on a board or even upload them to websites like GitHub and keep the repository open to anybody.
So how would the future of the Computer Fraud and Abuse Act look like?

Middle East + North Africa + Ransomware

https://www.cyberscoop.com/ransomware-th..._networks/

The ransomware attacks used Thanos, a type of malware that surfaced earlier this year and has gained traction on underground forums.
Thanos is sold “as a service” to other hackers interested in deploying it. That can make the attacks harder to trace, and allow users to develop their own custom features.
Their version of Thanos had a “destructive” component designed to overwrite the computers’ master boot record (MBR), which tells a machine how to start up.

Things are getting ugly there. This malware allowed them to go to that sector of your computer where it keeps data on how to find your OS's! Later they corrupted it making it hard to get back in. They left a note asking for $20,000 but they didn't really make it obvious they wanted to get such a payment. Did they really want to get paid or not? An expert suspected they just pretended to let their victims think it was an actual ransomware attack instead of a deliberate attempt to destroy their PC's.

Why should we all be worried about this? Let a specialist tells us about that.

One of the advantages that Thanos offers is ease-of-use. Its clean control panel and adaptability to any kind of attack has made it very popular in underground forums.

So even for a not so experienced hacker it could become extremely easy to adapt it to his or her evil needs.