Author: Disini & Disini Law Office

Cryptocurrency Miner Devil Robber is the Second Most Widespread Mac Malware

Last Wednesday, a report from Symantec showed that a cryptocurrency miner called DevilRobber is the second most spread Mac malware. Also known as Miner-D or OSX.Coinbitminer, an estimated 21.65% of Mac malware detection was attributed to DevilRobber just this past month, which is a huge leap from 2.4% in May 2017. It is succeeded by a DNS replacer called RSPlug as the most widespread Mac malware. As its name implies, DevilRobber operates by using the GPU card to extract Bitcoin while robbing infected users of their wallets. Research suggests that the spike in the DevilRobber operations may be due to […]

Ashley Madison to Pays $11.2 Million in Breach Settlement

Last Friday, owner of Ashley Madison Ruby Corp. said they will pay $11.2 million in the U.S. litigation settlement on behalf of the estimated 37 million people whose personal information were compromised during a data breach in July 2015. Users with valid claims can get up to $3,500, depending on how well-recorded their losses were in relation to the breach. Moreover, court documents show that lawyers of Ashley Madison users may get up to one-third of the $11.2 million settlement to cover legal fees. The site’s Toronto-based parent company, formerly known as Avid Life Media Inc., has denied any misconduct […]

Bitcoin Internal Dispute May Result to Losses

Bitcoin is faced with an internal dispute over a software upgrade designed to improve the capacity of its increasingly congested network, according to a report last Friday. The disagreement may cause delays in payment processing, financial losses, and whipsawing prices. It could also mean no real changes happen when the upgrades take place. Bitcoin users and particularly “miners” are not in favor of the upgrade. Companies that maintain a group of miners think the new system could lower transaction fees, slashing their earnings. However, reformers behind the upgrade believe it brings new business opportunities with a faster, more reliable digital […]

Kaspersky Resolves Their ATM Antivirus Flaws

Last Thursday, Kaspersky Lab’s released several fixes for the vulnerabilities of their ATM security software. The Kaspersky ATM antivirus had bugs that could be exploited to bypass the anti-malware protection in systems. The company responded immediately by releasing a patch, but the security updates will take a while to be installed in equipment around the globe. During an audit, researcher Georgy Zaytsev from Positive Technologies found a flaw in the Applications Launch Control of Kaspersky Embedded Systems Security 1.1 and 1.2. Kaspersky Lab spokesman El Reg responded to the findings, saying that the vulnerabilities detected by Positive Technologies does not […]

Telegram App Might Get Total Ban in Indonesia

Indonesia announced on Friday that it’s blocking web versions of Telegram, a messaging app that provides encryption for messages, saying that they will have to shut it down it completely if the app cannot block violent militants from using it for radical propaganda.   In a statement, Ministry of Communications and Information Technology said it requested internet companies in the country to stop access to 11 addresses on Telegram’s available web version. Southeast Asian nations like Indonesia are improving efforts to fight Islamic radicalism after the Mindanao City of Marawi was taken by IS-linked extremists. Police have recently arrested suspected […]

Amazon May be Developing a New Messaging App

According to news last Saturday, Amazon has been conducting a survey to get user information on what seems to be a new messaging app. AFTV News posted screenshots from a survey-taker, detailing the Anytime name and the app’s features. Description from the survey states that the app will enable users to communicate with each other without the need to get phone numbers, just like Viber and WhatsApp. It also says it offers data encryption for messages to keep chats private. Careful examination of the survey showed that there was one typographical error on a page that read “ecrypt” instead of […]

Dark Web Market Down Following Police Raids

Last Friday, Dark Web marketplace AlphaBay was reported to have been taken down on July 5, following a series of law enforcement raids across Canada, U.S., and Thailand. Canada first reported on the raids, with the Royal Canadian Mounted Police confirming two raids at residences in Trois-Rivières and at a business district in Montreal. Equipment were confiscated but no arrests were made. The exact number of raids in the US have not yet been revealed. The final raid was conducted in Thailand where Canadian, Alexander Cazes was seized in Bangkok. The U.S. requested for his extradition, but Cazes was found […]

WikiLeaks Reveal CIA Malware That Acts as SMS Proxy

A manual of another CIA hacking device that is part of the Vault 7 leak series was published on Friday by WikiLeaks. Called “HighRise” by the CIA, the malware is an Android app that can intercept and redirect SMS messages to a remote web server. Despite its capability, HighRise was not made for social engineering attacks. According to the leaked manual, the app is primarily installed on a CIA field agent’s phone to provide a secondary encrypted communications channel between agents and supervisors. The HighRise tool is packaged inside an app called TideCheck. When starting the tool for the first […]

WannaCry Leaves Thousands Vulnerable to EternalBlue Exploit

A report on Thursday revealed that 60,000 hosts are still to the NSA-developed EternalBlue exploit after it was used in the ransomware WannaCry attack that has been leaked by the Shadow Brokers hacker group in April 2017. According to researchers that scanned over 8 million IP addresses worldwide, the 3 most vulnerable countries had over 30,000 endangered hosts combined. Imperva Director of Innovation Elad Erez said he believed there are many more EternalBlue-based attacks that are not yet detected. He warns users to check systems and be more cautious because it’s possible they were still infected. To fight the threats, […]

Google to Stop Using SMS Two-Step Sign-In for User Verification

Reports last Friday say that Google will be discontinuing its SMS two-factor verification sign-in starting next week. The account authentication will used instead  to ensure verification occurs through an encrypted connection. The National Institute of Standards and Technology (NIST) have disapproved the authentication method last year, but Google kept using it. To date, the SMS two-step sign-in is not in the NIST’s preferred list of out-of-band authentication prompts. The current verification procedure is unsafe, enabling an attacker to target a network operator to redirect the SMS code to their phone. Moreover, there are many suspicious Android apps that can get […]