no image
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more
High Street pawnbroker Cash Converters has revealed that they have suffered a data breach that could affect a number of customers.

The company, which trades second-hand jewelry and electronics, has notified all its customers on Thursday by emails.

Cash Converters said that they had discovered that a third party gained unauthorized access to its old online website, which was taken down in September 2017.

According to  MoneySavingExpert, people who had Webshop accounts on older website  could be at higher risk.

Hackers may have accessed customer's personal details including usernames, passwords and purchase history from a website that was run by a third party, but they confirmed that no credit card data has been compromised.

The current webshop site is not affected, the firm said.

A statement released by the Cash Converters said: "Along with the relevant authorities we are investigating this as a matter of urgency.

"We are also actively implementing measures to ensure that this cannot happen again."
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more
Amid reports of Russian interference in the Brexit referendum, a UK government official said on Wednesday that Russian cyber operatives have attacked Britain's media, telecommunications and energy sectors over the past year.

"Russia is seeking to undermine the international system. That much is clear," Ciaran Martin, head of Britain's National Cyber Security Centre (NCSC) said at a London tech conference.

Though Martin said Russia is among the hostile threats posing a growing threat, alongside that from “rampant criminality”, he declined to provide any details on the attacks.
“The Prime Minister sent Russia a clear message on Monday night – we know what you are doing, and you will not succeed,” he told the summit.

The centre has coordinated the government's response to 590 significant incidents since its launch in 2016, although the government agency has not detailed which were linked to Russia.

“I can’t get into too much of the details of intelligence matters, but I can confirm that Russian interference, seen by the NCSC, has included attacks on the UK media, telecommunications and energy sectors.

Martin warned that the “international order as we know it is in danger of being eroded” amid a record number of detected cyber attacks and hacking attempts.

The remarks come after Prime Minister Theresa May on Monday accused Russia of spreading disinformation, echoing a heated debate in the United States over alleged Russian interference in the 2016 presidential election.

May on Monday accused Moscow of "seeking to weaponise information" and "sow discord in the West and undermine our institutions".

Russia's cyber activities include "deploying its state-run media organisations to plant fake stories and photo-shopped images", she said in a speech.

Researchers at the University of Edinburgh concluded that 400 fake Twitter accounts believed to be run from Russia published posts about Brexit in an apparent attempt to influence the EU referendum.

Russia, though has strongly denied any election interference in the United States.
no image
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more

WhatsApp rolled out ‘Delete for Everyone’ feature for everyone around the world, but using a third party app you can retrieve the deleted messages.

A Spanish Android blog Android Jefe claims that the deleted messages can be easily accessed by anyone regardless whether the sender has deleted it. "What we found is that the messages are stored in the notification register of the Android system. So, it's just a matter of entering that record to see the messages that the other person deleted," the blog said.

According to the blog, users who have  Android 7.0 Nougat or higher version can simply read the deleted messages via a third-party app called Notification History.  One has to download the Notification History app from Google Play Store, then they will be able to see a message that has been deleted in the Android Notification log.

“What we found is that the messages are stored in the notification register of the Android system. So, it’s just a matter of entering that record to see the messages that the other person deleted. The Notification History application is a shortcut to that record,” the post reads.

You can use another third party launcher like Nova Launcher, with this you don't have to download a third party to access deleted messages. Press the home screen for a long period of time, and then click on Widgets, tap on activities,   then Notifications log will launch to view notification log of the system.

However, both these third-party method work for the first 100 characters only. It means that users will only be able to read the first 100 characters of the deleted messages, and they won't be able to see the deleted photos and videos. 
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more
A few months back, an Android toast overlay message exploit abused the toast overlay system to craft a full-screen overlay pushed through the toast notification itself. This allowed a malicious attacker to craft a UI window through a toast overlay which made users unknowingly enable administrator access for an application or enable accessibility services for the application. Now, it seems, this overlay exploit attack has been found in the Google Play Store, with the attack detected as ANDROIDOS_TOASTAMIGO by TrendMicro. The exploit, found in the Google Play Store, was found in many applications including one with over 500,000 downloads as of November 6th, 2017.

Toastamigo is the first weaponisation of the concept and it affects all versions of Android except for Android Oreo and devices which have received the September 2017 or later security patch. Asking users to grant accessibility service access, the applications in question then used the exploit to draw an “analysing apps” overlay over the screen as it began to grant itself administrator access and install another application on the device dubbed Clickamigo, by formulating tap actions using the accessibility service granted. This works because the user does not need to grant window overlay access so the regular user won’t notice if anything seems malicious.
Clickamigo seems to be the main purpose of the attack. Loading ad networks and using a proxy server when they don’t load, Clickamigo simply clicks AdMob or Facebook ads to make the original creator of the application a profit. The application then protects itself through similar methods of giving itself administrator access and accessibility service access, along with disabling mobile security apps on the device and even rating itself on the Google Play Store.

It just goes to show that just because an application is available in the Play Store, it does not mean that it is safe. Users should still be careful of the applications they install and use.
no image
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more
Security researchers in Vietnam are claiming to have bypassed Apple's Face ID facial recognition technology with a composite mask of 3-D-printed plastic that cost less than $150.

Security firm Bkav released a blog post and video showing the hack achieved by them, but there are a number of unanswered questions which leave room for doubt about the applicability.

In a blog post on the Bkav website, the firm has explained on how they created a  mask. "We had an artist make it by silicone first. Then, when we found that the nose did not perfectly meet our demand, we fixed it on our own, then the hack worked. That's why there's a part on the nose's left side that is a different color (photo attached). So, it's easy to make the mask and beat Face ID."

Then they added, "some special processing on the cheeks and around the face, where there are large skin areas, to fool [the] AI of Face ID."

According to the Bkav researchers, the potential targets are billionaires, leaders of major corporations, national leaders, and agents like FBI need to understand the Face ID's issue.

However, Bkav declined to clarify on questions regarding the clarity of the hack at the time of publication.

Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more

British Intelligence service is reportedly worried that Kaspersky Antivirus offered by Barclays to its customers may be being used by Russian Intelligence agency to spy, according to The Financial Times.

An unnamed official told The Financial Times that GCHQ, British intelligence agency has concerns over widespread distribution of Kaspersky in the UK.

Intelligence officials fear that this might allow Russia to gather intelligence from the computers of Government employees members of the military who are customers of the Bank and have downloaded the software.

The Financial Times added that "No evidence suggests that any data of Barclays customers have been compromised by use of Kaspersky software on their computers."

However, the bank said they were planning to end the deal with Kaspersky for commercial reasons that doesn't have any connection with the GCHQ concerns.

Kaspersky denied the allegations and said the company does not have inappropriate ties with any government.

"No credible evidence has been presented publicly by anyone or any organization. The accusations of any inappropriate ties with the Russian government are based on false allegations and inaccurate assumptions, including the claims about Russian regulations and policies impacting the company." Kaspersky said.

Earlier this year, US Spymasters and FBI chief said that they do not trust software from Russian antivirus company Kaspersky.

- Christina
no image
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more
United States's intelligence agency, the National Security Agency,  is considered as one of the world's largest and secretive intelligence agency, has been reportedly hacked, robbed, mocked, and breached by an anonymous hacker.

A cybersecurity expert who worked with on the NSA's hacking group, Jake Williams had written on his company blog that the Shadow Brokers, a mysterious group has obtained many of the hacking tools the United States used to spy on other countries.

NSA has been accused of cyberstalking of US as well as foreign citizens. It complies huge data troves of data was breached by the group.

“They had operational insight that even most of my fellow operators at T.A.O. did not have,” said Mr. Williams. “I felt like I’d been kicked in the gut. Whoever wrote this either was a well-placed insider or had stolen a lot of operational data.”

Mr. Williams now founded a cybersecurity firm Rendition Infosec.

"These leaks have been incredibly damaging to our intelligence and cyber capabilities," Leon E. Panetta, the former defense secretary and director of the Central Intelligence Agency told the Times. "The fundamental purpose of intelligence is to be able to effectively penetrate our adversaries in order to gather vital intelligence. By its very nature, that only works if secrecy is maintained and our codes are protected."

However, according to another NSA source, the attack was possible due to the NSA's fault.

“It’s a disaster on multiple levels,” Mr. Williams said. “It’s embarrassing that the people responsible for this have not been brought to justice.”

Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more
As the threat of malware grows more and more dangerous every day, antivirus programs evolve and help to keep our systems protected. But how do you safeguard your computer if the protector of your digital friend can’t be trusted?

A newly-discovered exploit could allow malware to escape quarantine and infect your system. A vulnerability found in several antivirus solutions gives an attacker a way to bypass usual mechanisms and gain full control of sensitive file system areas.

Florian Bogner, an Austrian IT security professional, dubbed the exploit as 'AVGater. Many AV software provides functionality to quarantine files, but the users can restore the quarantined files whenever they want. ' Bogner detailed his findings in a blog post late last week, explaining that it takes advantage of the function of modern antiviruses to take out a certain entry from quarantine, and place it somewhere else on the host system to re-introduce the malware. This is a fundamental capability in most security packages.

When antivirus software finds a new threat on your device, it usually quarantines it to prevent it operating. The malware isn't deleted entirely though, in case it was detected as a false positive or the file's required for investigative work. If you need to, you can restore the malware from quarantine and put it back on your machine.

Using AVGator a local attacker can manipulate the antivirus' scanning engine to bring the malicious file out. Typically, a non-administrator user would not be allowed to write a file to system folders like 'Program Files' or 'Windows', but by abusing NTFS directory junctions, access to these directories would be granted.

To be able to do all of this, however, the attacker must have access to the computer they want to infect; enterprise customers can be seen more as the ones who can be a target, as users could accidentally or even intentionally release a file from quarantine, potentially infecting others on their network.
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more
The latest target of pro-ISIS hackers is none other than 800 school websites across the United States.

Early morning on November 6, the websites for schools and school districts were hijacked and redirected to a YouTube recruitment video in Arabic and the statement “I Love Islamic State” in English with an image of former Iraqi dictator Saddam Hussein on a black background, according to Jim Brogan, director of technology services for schools in Gloucester County, Virginia.

The attack, which lasted a few hours, affected schools in Arizona, Connecticut, Virginia and New Jersey. The hack also affected private companies and government websites.
This should all ring a bell, given that hackers going by the same name have been more or less making the same defacements for years. Namely, a photo of Hussein accompanied by an Arabic message seen on an IS flag that reportedly reads “There is no god but Allah” and “Mohammed is the Messenger of God.”

“Unless we have irrefutable evidence to suggest otherwise, we need to assume confidential data has been compromised,” Hamid Karimi, vice president of business development and the security expert at Beyond Security. “That should be a cause for concern. To remedy the situation, all schools and institutions that serve minors must submit to (a) stricter set of cybersecurity rules.”

According to the International Business Times, the web hosting company, SchoolDesk that services the school websites, which spanned nationwide from New Jersey to Arizona and Virginia to Connecticut confirmed the attack and said that a group going by the name “Team System DZ” claimed responsibility.

The company since has handed over its server — which runs out of Georgia — to the FBI for investigation and also has hired external security firms to trace the hackers.

The Atlanta-based company said after the hack that technicians detected that a small file had been injected into the root of one of its websites. It has advised administrators to change passwords.
no image
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more

The Facebook has collaborated with a small Australian Government agency in an effort to tackle revenge porn, in order to hash sexual or intimate images of the victims.

Ones who have shared their intimate, nude or sexual images with their someone and fear that they might release those images without their consent can now send those images to Facebook's Messenger to be “hashed”. 'Hashing' means that the images would be converted into a unique digital fingerprint which will be used to identify and block the images for being re-upload.

The agency is headed by the e-Safety Commissioner Julie Inman Grant said that this would allow victims of "image-based abuse" to take action before photos were posted to Facebook, Instagram or Messenger.

“We see many scenarios where maybe photos or videos were taken consensually at one point, but there was not any sort of consent to send the images or videos more broadly,” she said.

Carrie Goldberg, a New York-based lawyer, said: “We are delighted that Facebook is helping solve this problem – one faced not only by victims of actual revenge porn but also individuals with worries of imminently becoming victims.

“With its billions of users, Facebook is one place where many offenders aggress because they can maximize the harm by broadcasting the nonconsensual porn to those closest to the victim. So this is impactful.”

How the company is assuring the victims that their images will not get hacked? What if someone gets to hold on these images? What steps Facebook has taken to ensure the privacy of the victims?

The company has said that they will save these images for a very short period of time, and they will delete them to ensure it is enforcing the policy correctly.
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more
Back in September 2017, Positive Technologies’ experts had expressed interest in the development of a technique that can attack the yet secretive Intel’s Management Engine (IME) technology from the USB port. Now, they have revealed additional information about their plans. According to experts, in December 2017 they intend to demonstrate that they indeed have identified the way to “run unsigned code in the Platform Controller Hub” on any given motherboard through the God-mode hack.

Intel recently switched to the embedded Minix operating system. Researchers have found a vulnerability in IME’s CPU component, a tiny microprocessor that exists within the platform controller, or chipset, of every PC motherboard built for Intel processors.

The IME was introduced to allow functions such as remote booting and administration, but it also handles the initialization of the CPU and its power management.
The Platform Controller Hub is the central point where IME is located; it has its operating system, Minix, its CPU and lets sysadmins to control/configure/wipe machines across a network remotely. The platform is quite useful provided if you need to manage a large network of computers especially in situations where the endpoint’s OS breaks down and does not boot properly.

The security flaw reportedly affects almost every CPU that is part of the Intel 6th Gen 'Skylake' Core CPU or newer. It can be bridged to the USB subsystem allowing remote access, which is a common attack vector.

So, when experts state that they can hijack the Management Engine, this means they can take over the control of a box completely regardless of which operating system or antivirus is installed. This is made possible through the powerful God-mode hack attack, which is relatively new and used discreetly to spy upon users or hijack corporate data.

It has long been suspected that the IME allows for undetectable backdoors that governments and other agencies can use to spy on users, but has been difficult to disable because of its deep low-level integration with the system. Some security experts have even touted it to be a black box of exploitable flaws and bugs.
Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more

The phishing attack hugely attacking organizations financial departments by tricking victims into downloading trojans and malicious code meant for stealing credentials and causing other serious network threats.

According to the researchers at Barracuda Networks, the attacker focuses on tricking the victim that the message is from someone that they trust or the idea that might lead them into panic mode causing them to click on a malicious link which downloads different malware into the system which may lead users to lose money and data.

The phishing attack which has caused havoc among millions involves attacker sending legitimate looking invoices which may look crucial, authentic and a threat to the reviewer coming from someone they might trust, thus making them vulnerable enough to click on the malicious link provided in the email or text messages.

In one of the examples of this attack, the attacker sends an email to the target asking about the payment status of an invoice.A legitimate looking invoice number is written in the email and the sender name is chosen such that receiver trust the source. The information regarding receiver's close connections can be curated very easily from public profiles like LinkedIn or Facebook.

The message may look authentic at first glance, but an invitation to click on the link should be treated with suspicion. Once the recipient clicks on the link it supposedly downloads the invoice containing the word document but goes on further by downloading trojans and other malicious codes which are meant to steal data from the system.

The attackers are using different templates to lure potential victims. The second type of template tries to convince the recipient to check the address change of someone they trust through the malicious link.

"Impersonation is a proven tactic that criminals are regularly using to attract victims into believing that they are acting on an important message when that couldn't be further from the truth," said Lior Gavish, VP at Barracuda Networks.

For the protection against this kind of phishing attacks, training of employees can be very helpful.

Hacker News UK Leading source of Info on Security, Hacking News, Network Security, Mobile Protection, Internet Security and more
A new ransomware strain called Ordinypt (also known under the cryptic name "HSDFSDCrypt" or completely Win32.Trojan-Ransom.HSDFSDCrypt.A) is currently targeting victims in Germany, but instead of encrypting users’ documents, the ransomware rewrites files with random data. The malware is distributed via e-mail with an alleged application for a job posting.

When originally discovered by Michael Gillespie when one of its ransom notes was uploaded to ID-Ransomware, it was named HSDFSDCrypt for lack of a better name but has since been changed to Ordinypt by G Data. According to G Data, it is currently mainly affecting users from Germany.

This Monday, G Data analyst Karsten Hahn has taken a closer look at the ransomware and found a sample and discovered that it has been targeting German users (based on VirusTotal detections) via emails written in German, and delivering ransom notes in an error-free German language.
Similar to how the original Petya Ransomware was distributed, Ordinypt is also pretending to be resume being sent in reply to job adverts. These emails contain two files — a JPG image of the woman supposedly sending a resume, and a ZIP file containing the resume and a curriculum vitae. These attachments are named Viktoria Henschel - Bewerbungsfoto.jpg and Viktoria Henschel -

Striking is first of all that Ordinypt is written in a ransomware unusual programming language (Delphi). The data is encrypted as with any Ransomware, the file names seemingly randomly were chosen. In the files themselves, the encrypted data is encoded again (in base64); why this is so and what purpose the creators pursue with it, is still unclear at the present time.

Such an attack, targeted at HR departments with customized cover letters, made headlines at the turn of the year 2016/17. At that time, police and federal authorities warned of a ransomware called Goldeneye, which was distributed in attached Excel files.