Cybersecurity

Netflix Releases Tools That Can Detect Flawed APIs Prone to DDoS Attacks

Netflix Releases Tools That Can Detect Flawed APIs Prone to DDoS Attacks

Earlier this week, Netflix was reported to have posted public information and source codes that can help defenders in finding weak application program interfaces (APIs) that could be exploited by hackers to run distributed denial of service (DDoS) attacks. Netflix security engineers caution users that intruders can start taking advantage of application layer attacks because these widespread systems depend on microservices architecture, running independent applications that communicate with other services. In the Def Con convention last week, Netflix security engineers Bryan Payne and Scott Behrens explained that microservice architectures have APIs that are likely to send a single request to […]

Interpol and Group-IB Identify Pro-ISIS Hacking Group

Hackers running pro-ISIS organization United Islamic Cyber Force (UICF) have been uncovered by Interpol in collaboration with Russian cybersecurity firm Group-IB. The UICF had been orchestrating numerous disruptive hacktivist campaigns since January 2014. They have targeted organizations such as Operation Free Palestine, OpIndia, and the TV5Monde television network. Group-IB reported they traced UICF members’ usernames to people residing in India, Pakistan, Algeria, Kosovo, Indonesia, and Morocco. The hacking group is said to have had around 40 members who appear to be young, impressionable adults with limited experience. Group-IB found their websites with their actual names. Moreover, the hackers are not […]

UK Home Secretary Says Encryption is Problematic, Militant Content Should Be Banned

UK Home Secretary Says Encryption is Problematic, Militant Content Should Be Banned

In a report last Tuesday, UK Home Secretary Amber Rudd stated that use of encrypted messaging had become problematic in the wake of recent terror attacks. Rudd informed major tech companies like Facebook, Google, and Microsoft during the first Global Internet Forum to Counter Terrorism in San Francisco that militant content must not be uploaded online in any way. This entails blocking suspicious extremist content before it’s sent. She also explains that encryption is an issue for authorities because they cannot access implicating information without warrants. She said companies must also voluntarily give messages’ metadata to authorities. However, privacy rights […]

Expert Warns IoT-based Servers Without Encrypted Passwords Can Be Disastrous

Expert Warns IoT-based Servers Without Encrypted Passwords Can Be Disastrous

Last Monday, a report detailed how IOActive senior security expert Lucas Lundgren could easily open prison locks and modify pacemakers by exploiting MQTT protocols in IoT-based servers that are not secured with encrypted passwords. MQTT is a common messaging function in online IoT-based smart devices and sensors that use low bandwidth to communicate. It is found in online equipment such as industrial systems, electronic billboards, gauges, prison cell locks, and even medical devices. Lundgren said exposure to threats increase because many IoT servers lack the proper commands like encrypted usernames or passwords to stop attackers. According to his port scans, […]

HBO Confirms Data Breach, Hackers Claim to Steal Game of Thrones Script

HBO Confirms Data Breach, Hackers Claim to Steal Game of Thrones Script

Last Monday, HBO announced that attackers breached into their system and compromised information. Amid the incident, a group of anonymous hackers claimed to steal various data, including a Game of Thrones script for a succeeding episode. According to Entertainment Weekly, the hackers that came forward gave more information about the hack to get publicity. In their message, they persuaded users to download and spread the leaked files. They also wanted an interview with the person who gets to spread the most leaked material. Other sources said Season Seven’s Episode 4 was hacked from the show, which is currently being aired. […]

New Trojan “Bateleur” Targets Restaurant Chains

New Trojan “Bateleur” Targets Restaurant Chains

Researchers have recently discovered a new malware called “Bateleur” that has been targeting restaurant chains equipped with Windows systems.   Named after a breed of eagle, the trojan comes as a Word document attachment attached to a phishing email sent from an Outlook address. The email includes a message about a previously discussed check, and claims that the attachment uses ‘Outlook Protect Service’ or ‘Google Documents Protect Service’  to lure the recipient into opening the file. When the attachment is opened, Bateleur runs a series of scheduled tasks to avoid detection. Researchers also say that it is a robust Jscript […]

India Cyber Attack On Over 60,000 Routers Claimed by BrickerBot Developer

India Cyber Attack On Over 60,000 Routers Claimed by BrickerBot Developer

India — News last Monday revealed that the cyber attack that disconnected more than 60,000 routers in India was claimed by the developer of the BrickerBot malware. Users reported that the attack happened from July 25 to July 29 to routers issued by local ISPs, Mahanagar Telephone Nigam Limited (MTNL) and Bharat Sanchar Nigam Limited (BSNL). The BrickerBot author came forward and spoke to Bleeping Computer reporters, revealing he orchestrated the downtime. The malware strain affects Linux IoT networking systems, which can be used to gather devices into botnets for DDoS attacks. Furthermore, he created the malware to call out […]

Thousands of Macron Campaign Emails Allegedly Stolen and Published in WikiLeaks

Thousands of Macron Campaign Emails Allegedly Stolen and Published in WikiLeaks

Earlier this week, an unknown attacker allegedly stole and leaked an estimated 20,000 French electoral campaign emails that were digitally authenticated and published in WikiLeaks. The emails detailed President Emmanuel Macron’s crusade against election rival Marine Le Pen. The leaked messages were said to have been posted two days before France’s May 7 election. Following the issue, President Macron’s political group accused WikiLeaks of heading a destabilization plot, stating they will take the issue to the criminal court. In June, French cybersecurity firm ANSSI said they found no proof of any individual or group that linked the hacking to Macron’s […]

Putin Approves Law to Block VPNs in Russia

Putin Approves Law to Block VPNs in Russia

A bill in Russia forbidding the use of virtual private networks (VPNs) has been officially signed by Russian President Vladimir Putin to stop access to illegal websites.   Approved last Sunday, the law was sanctioned by the lower courts of the Russian parliament called Duma, and will be implemented on November 1, 2017. It will officially prohibit VPN and other tools that help users maintain an anonymous identity while going online. Chief of Duma information policy committee Leonid Levin stated that the rule ultimately aims to stop access to illegal information, and should not worry citizens who dutifully comply with […]

N. Korea Hackers Suspected of Attacks to Fund Weapons Development

N. Korea Hackers Suspected of Attacks to Fund Weapons Development

Last Friday, a South Korean government-linked source said that North Korean hackers are launching attacks to steal finances for weapons fund. Though the country has repeatedly refused accusations, South Korea’s Financial Security Institute (FSI) stated that North Korean attackers have been hounding their financial organizations based on researched cyber attacks from 2015-2017. Apart from FSI, other cybersecurity firms suspect North Korea was involved in the WannaCry outbreak, an international cyber attack that affected Britain’s healthcare facilities, extorting money from users in exchange for valuable data. Kaspersky also connected North Korea to Polish bank attacks that usurped cryptocurrency. According to a […]