Cybersecurity

Ukranian Company to Be Sued for NotPetya Ransomware Damages

Ukranian Company to Be Sued for NotPetya Ransomware Damages

Ukranian firm Intellect-Service LLC is likely to face a lawsuit filed by Juscutum Attorneys Association, a law firm that encouraged NotPetya ransomware victims to go after the company responsible for the program that was used in the hacking.. Juscutum is calling on affected users via social media and the press to join in collective action against Intellect-Service LLC, the firm behind accounting program M.E.Doc used by TeleBots hackers to spread the NotPetya ransomware. According to investigations, Intellect-Service gravely mishandled its hacked servers, failing to install security updates since 2013. The company failed to contain the outbreak, infecting individual users and […]

Estonia Bolsters Anti-Cyber Attack Efforts by Offshoring Data

Estonia Bolsters Anti-Cyber Attack Efforts by Offshoring Data

Estonia has signed an agreement with Luxembourg to operate a data embassy that safeguards critical data within its territory. The contract stipulates consular immunity for its systems which will be replicated and managed in the facility. The embassy is intended to house services and databases, run copies of its critical framework, and protect data centers on foreign premises. According to Ministry of Economic Affairs spokesperson Mikk Lellsaar, the first data center will most likely be opened in early 2018. One of their primary goals is to ensure Estonia’s state departments continue to work, even if their servers encounter service setbacks […]

WannaCry Attackers Cashes Out Bitcoin Earnings

WannaCry Attackers Cashes Out Bitcoin Earnings

Hackers responsible for the infamous global WannaCry ransomware attack were reported to have withdrawn their Bitcoin ransom payments last Thursday. The global outbreak affected over 300,000 computers from organizations throughout China, Europe, Russia, and America. It infected systems and locked out users from their programs, extorting payments in exchange for system access. Since the outbreak in May, wallets with the extorted payments were left uncashed by attackers. However, after changes in Bitcoin value resulted in $140,000 worth of cryptocurrency, the wallets began to get empty. The widespread attack may have infected thousands of computers, but a flaw in its makeup […]

McAfee-based Security Experts Reveal TCU Flaw in Vehicles Infiniti, Ford, BMW

McAfee-based Security Experts Reveal TCU Flaw in Vehicles Infiniti, Ford, BMW

Last Tuesday, security experts from McAfee’s Advanced Threat Research Team discovered some security flaws in a couple of luxury vehicle models, specifically in the built-in telematics control units (TCUs) of various car models. Affected high-end vehicles include units manufactured by Ford, Nissan, BMW, and Infiniti. The Department of Homeland Security (DHS) also released an alert listing which car models had flawed TCUs. TCUs are modems with 2G networks that connect vehicles to mobile apps, online panels, and various remote setting tools. Experts explained that attackers can exploit one TCU flaw via remote access, and the other by directly tampering with […]

Netflix Releases Tools That Can Detect Flawed APIs Prone to DDoS Attacks

Netflix Releases Tools That Can Detect Flawed APIs Prone to DDoS Attacks

Earlier this week, Netflix was reported to have posted public information and source codes that can help defenders in finding weak application program interfaces (APIs) that could be exploited by hackers to run distributed denial of service (DDoS) attacks. Netflix security engineers caution users that intruders can start taking advantage of application layer attacks because these widespread systems depend on microservices architecture, running independent applications that communicate with other services. In the Def Con convention last week, Netflix security engineers Bryan Payne and Scott Behrens explained that microservice architectures have APIs that are likely to send a single request to […]

Interpol and Group-IB Identify Pro-ISIS Hacking Group

Hackers running pro-ISIS organization United Islamic Cyber Force (UICF) have been uncovered by Interpol in collaboration with Russian cybersecurity firm Group-IB. The UICF had been orchestrating numerous disruptive hacktivist campaigns since January 2014. They have targeted organizations such as Operation Free Palestine, OpIndia, and the TV5Monde television network. Group-IB reported they traced UICF members’ usernames to people residing in India, Pakistan, Algeria, Kosovo, Indonesia, and Morocco. The hacking group is said to have had around 40 members who appear to be young, impressionable adults with limited experience. Group-IB found their websites with their actual names. Moreover, the hackers are not […]

UK Home Secretary Says Encryption is Problematic, Militant Content Should Be Banned

UK Home Secretary Says Encryption is Problematic, Militant Content Should Be Banned

In a report last Tuesday, UK Home Secretary Amber Rudd stated that use of encrypted messaging had become problematic in the wake of recent terror attacks. Rudd informed major tech companies like Facebook, Google, and Microsoft during the first Global Internet Forum to Counter Terrorism in San Francisco that militant content must not be uploaded online in any way. This entails blocking suspicious extremist content before it’s sent. She also explains that encryption is an issue for authorities because they cannot access implicating information without warrants. She said companies must also voluntarily give messages’ metadata to authorities. However, privacy rights […]

Expert Warns IoT-based Servers Without Encrypted Passwords Can Be Disastrous

Expert Warns IoT-based Servers Without Encrypted Passwords Can Be Disastrous

Last Monday, a report detailed how IOActive senior security expert Lucas Lundgren could easily open prison locks and modify pacemakers by exploiting MQTT protocols in IoT-based servers that are not secured with encrypted passwords. MQTT is a common messaging function in online IoT-based smart devices and sensors that use low bandwidth to communicate. It is found in online equipment such as industrial systems, electronic billboards, gauges, prison cell locks, and even medical devices. Lundgren said exposure to threats increase because many IoT servers lack the proper commands like encrypted usernames or passwords to stop attackers. According to his port scans, […]

HBO Confirms Data Breach, Hackers Claim to Steal Game of Thrones Script

HBO Confirms Data Breach, Hackers Claim to Steal Game of Thrones Script

Last Monday, HBO announced that attackers breached into their system and compromised information. Amid the incident, a group of anonymous hackers claimed to steal various data, including a Game of Thrones script for a succeeding episode. According to Entertainment Weekly, the hackers that came forward gave more information about the hack to get publicity. In their message, they persuaded users to download and spread the leaked files. They also wanted an interview with the person who gets to spread the most leaked material. Other sources said Season Seven’s Episode 4 was hacked from the show, which is currently being aired. […]

New Trojan “Bateleur” Targets Restaurant Chains

New Trojan “Bateleur” Targets Restaurant Chains

Researchers have recently discovered a new malware called “Bateleur” that has been targeting restaurant chains equipped with Windows systems.   Named after a breed of eagle, the trojan comes as a Word document attachment attached to a phishing email sent from an Outlook address. The email includes a message about a previously discussed check, and claims that the attachment uses ‘Outlook Protect Service’ or ‘Google Documents Protect Service’  to lure the recipient into opening the file. When the attachment is opened, Bateleur runs a series of scheduled tasks to avoid detection. Researchers also say that it is a robust Jscript […]