August 17, 2018

Former Microsoft engineer sent behind bars for money laundering

Raymond Odigie Uadiale, age 41, is great with computers. Good enough to be hired by Microsoft as a network engineer. And good enough, according to the feds, to run a virus scamming ring that froze computers via a fake warning from the Federal Bureau of Investigation, charged people a $200 "fine" to unlock their laptops, and warned users they might be sent to prison if they didn't pay up.

Instead, it's Uadiale who's going to jail. The US Department of Justice (DoJ) announced Tuesday that Uadiale of Maple Valley, Washington, pled guilty to two counts of money laundering after admitting that while he was a Florida International University grad student, he was secretly running a computer "ransomware" scam that used a virus called "Reveton" to lock people's computers and demanded money to unlock them. Uadiale, who also went by the name "Mike Roland," will serve 18 months in prison after laundering nearly $100,000 to a co-conspirator in the United Kingdom identified only by the online handle "K!NG."

Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Benjamin C. Greenberg for the Southern District of Florida and Special Agent in Charge Matthew J. DeSarno of the FBI Washington Field Office’s Criminal Division, made the announcement.

“By cashing out and then laundering victim payments, Raymond Uadiale played an essential role in an international criminal operation that victimized unsuspecting Americans by infecting their computers with malicious ransomware,” Assistant U.S. Attorney General Brian Benczkowski announced. Uadiale pleaded guilty June 4.

The indictment charged Uadiale with one count of conspiracy to commit money laundering and one count of substantive money laundering. As part of the plea agreement, the government dismissed the substantive count. In addition to his prison sentence, Uadiale was also sentenced to three years of supervised release.

The ransomware in question executes on PCs and encrypts system files. A message is then shown on the home screen which claims that the user has violated federal law and downloaded illegal content.
August 17, 2018

Deadly threat for Intel devices

The updated Intel -powered smart devices, of late, have started grappling with a Spectre-like fatal flaw forcing the cyber security fraternity to engage in research in search of an effective mechanism to counter the threat causing concern for millions of users.
Identified as 'Foreshadow, it is exploited by the hackers to get access to details of password, encryption apart from other sensitive data stored in the device to be used as situation warrants.

 Cyber security experts engaged in the top firms say till the other day Spectre Meltdown was the most dangerous and deadly for the smart devices.

But by now the most fatal indeed is Forshadow. They say it easily can penetrate into the most sensitive and secured features of an Intel developed device.

 Since the most sensitive feature of an Intel developed device is the Software Guard Extensions (SGX), introduced with Sky Lake processors Forshadow strikes here to compromise the security feature.

 The moment Forshadow starts working, it creates an enclave to execute the crucial process of the system, the feature where sensitive information and data are stored.

When the device is infected, the data protecting mechanism refuses to work properly. SGE falls unused suggesting the deadly infection in the system.

 According to what the researchers claimed to have discovered, the hackers can easily breach SGE with the help of the deadly Foreshadow vulnerability.

 The famed IT manufacturing firm, however, has admitted the Foreshadow vulnerability saying that the hackers can exploit it in three separate conditions or situations which need to be researched further.

The cyber experts engaged there have already released a micro code to affected processors.

 Intel, further has urged its manufacturing fraternity to keep changing microcode based mechanism through BIOS updates.

The computing device manufactures have put in place the feature of security patches to tap the Spectre like vulnerability in the Intel devices.
August 16, 2018

Google is Tracking Your Location

Google knows where are you! The search engine giant records all your movements even if you have turned off the location tracker.

An Associated Press investigation report found out that the issue could affect more than two billion people who use Google maps or Google search directly or indirectly.

According to the study,  Google maps "stores a snapshot of where you are," an automatic daily weather updates track a location of your Android device, and even a small random search on Google searches gets to know about your exact latitude and longitude.

even random Google searches that you make will hand over information to the tech giant.
The study has been verified by the Computer science researchers at Princeton University after AP's requests.

However, in response to the allegations, Google has issued a description of tools and suggestions on how to turn off the location tracker and delete the location history.

Google says: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

Google's "Web and App Activity," which is turned on by default, let the company track your location.

To turn it off, you have to simply go to Activity Controls. Turn off both Web & App Activity and Location History.

For Android device follow these steps:
1) Go to settings.
Next click on Google, and then Google Account
There you will find a tab "data & personalisation"  inside it "web & app Activity"
Turn off "Web & App Activity"

For iPhones, iPads, and computers:
Sign into your Google account, click on the activity controls page.
There you will find "the web & app Activity" tab
Turn off the "Web and App Activity"

August 16, 2018

Personal Data Leakage of Russian Railways Passengers

Pavel Medvedev, a specialist in search engines of Rush Agency, came to the conclusion that users of sites of such large companies as Russian Railway, VTB Bank, Sberbank, as well as the Moscow city hall, can at any moment become victims of fraud.

"I believe that many good specialists and developers have shifted to the West and the quality of staff in IT has decreased because of the crisis in Russia," said Pavel.

People who serve the Internet resources of companies make stupid mistakes. For example, they do not write down which pages the search engines can enter and which cannot. Search engines don't care where they collect information. The reasons behind data leakage are Unprofessionalism and incompetence of IT professionals and the attempts of companies to save money.

How can it be dangerous? For example, a person buys a train ticket with a departure date in six months. He receives an SMS with a link to his personal account to view and edit information. At the same time, "Yandex.Browser", Android or metric counter tells the search engine that a previously unknown page has appeared. The search engine sees that the page is working and indexes it.

Hackers who does searches related to train ticket booking gets the data and access the user's personal account, rewrites the document in his own name and after six months leaves on the train instead of the real ticket holder.

It is important to note that the personal data leakage happened not for the first time in Russian Railway. In 2016, a group of hackers found in the open access database of 3,500 passengers, including customers of the railway monopoly.
August 16, 2018

An unknown Malware led to loss of Rs 94 crores in Two days from a Pune-based Cosmos Bank

Hackers transferred over Rs 94 crores from a 112-year-old Pune-based Cosmos Co-operative Bank through a malware attack that was directed on the server of the bank and on its thousand's of debit cards.

The attack was carried out for over multiple days in which about Rs 78 crore was withdrawn from more than 12,000 ATM transactions in 28 countries. While another 2,800 transactions of amount Rs 2.5 crore were made from different cities in India.

As per the reports, Rs 13.9 crore was transferred to foreign banks through SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction.

“A complaint has been filed with Pune police about the malware attack and the bank is doing internal audits to investigate the breach,” the official said.

According to the bank, their core banking system (CBS) was intact and the malware attacked the switch, which is responsible for payment gateways of Visa and Rupay debit cards, as all the credit cards which were used in the hack was of Rupay or Visa.

"The core banking system (CBS) of the bank receives debit card payment requests via 'switching system'. During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system," said the statement.

On August 11, the bank came to know about the suspicious transactions were taking place through their debit cards, and they immediately aborted all its credit card payment system in India as well as in foreign countries.

“None of the customers’ accounts were touched and it is the bank which has incurred the loss of this money,” the official said.

The Bank has said there is no need to panic as there have no fraudulent transactions from any of the customer's account.

The statement underscored: "As it is a malware attack on the Switch which is operative for the payment gateway of VISA/RuPay debit cards and not on the CBS of the bank, the customers' accounts and its balances are not at all affected."

A professional forensic investigation team has been called up to look into the matter, and they will submit their report in the next few days regarding the modus operandi of the attack and the exact amount involved therein.

August 14, 2018

Police body cameras can be easily hacked

Body cameras used by the law enforcement nowadays have already remained controversial but no one has, so far, attempted to assess the credibility of the device itself. But, a demonstration at Defcon 2018, in Las Vegas over the weekend showed police body cameras are increasingly becoming popular with U.S. police forces can be hacked and footage stolen or replaced. Associated metadata can be manipulated (such as the location, time, and date where the video was shot) as well as expose police officers to tracking and surveillance.

According to the findings of a security consultant at Australia based cybersecurity firm Nuix, by attacking police body cameras, a hacker can easily manipulate footages. Researcher Josh Mitchell assessed five different body camera models from different manufacturers: Vievu LLC (which was acquired by Axon in May 2018), Patrol Eyes, Fire Cam, Digital Ally Inc. and CeeSc and found these cameras to be vulnerable to remote digital attacks. These are the main companies that sell their devices to law enforcement authorities in the US. Surprisingly though, Mitchell left out the market leader Axon.

In theory, body cameras can act as an “objective” third party during police encounters with civilians, thereby protecting civilians from excessive use of force and protecting police departments from unfounded claims of abuse.

There is scant evidence to suggest that body cameras limit the use of force or complaints about the use of force, however, and now even their ability to faithfully record a police interaction is being cast into doubt.

With the exception of the Digital Ally device, the vulnerabilities allow a hacker to download footage off a camera, edit things out or make modifications and then upload it again with no record of the change. Hackers can use the addresses to identify the cameras remotely, as soon as the device is switched on. This would allow hackers to keep a check on police activities as they can easily watch footages from various cameras that are switched on at the same time and place.
August 14, 2018

Hacker bribes Czech Police in effort to get the seized hard drive containing details of 3200 Bitcoins

Hacker Peter Krzhystka, who is accused of cyber-fraud, offered a bribe to police officer at 384 million kroons (17 million USD) for the return of the hard drive that was seized during the search. However, police officer Lukasz Lazetskiy from the city Brno refused a bribe.

The police consider Peter one of the most dangerous hackers in the country. Earlier, he was already sentenced to four years in prison for hacking Bank accounts and stealing financial information.

During a search of the hacker's apartment, the investigators seized his hard drive and other computer equipment to understand his criminal activities. The hacker showed special interest to the disc. But the police did not know what was on it, as no one was able to decipher the access codes to the digitized data.

According to the Prague News media, one of the hacker's friends offered to the police officer a bribe at 17 million $ and asked him to return the hard drive and to delete it from the list of confiscated property. As it turned out later, the hacker hid information related to more than 3,200 Bitcoins on the hard drive, the total cost of which is about 800 million kroons (about 35 million USD).

Police officer Lukasz Lazetskiy refused a bribe and reported the incident to his superiors. A criminal case was initiated on the fact of the attempted bribery.
August 14, 2018

Hacking a brand new Mac during setup process

Planning to get a brand new Mac that is free from all kind of bugs and has a robust security system, but there is no such device.

According to security researchers, a brand new Mac could be easily compromised remotely just after it connects to Wi-fi.

The researchers will demonstrate the Mac security flaw on Thursday at the Black Hat security conference in Las Vegas. The attack is done by taking advantage of Apple’s Device Enrollment Program (.pdf) and its Mobile Device Management platform.

The flaw in the enterprise tools allows hackers to install malware inside the operating system remotely.

Jesse Endahl, chief security officer of Mac management firm Fleetsmith, “We found a bug that allows us to compromise the device and install malicious software before the user is ever even logged in for the very first time.”

 “By the time they’re logging in, by the time they see the desktop, the computer is already compromised,”  Endahl says.

Last month, the security researchers had notified Apple about the flaw, and in response to that the company has released a patch for macOS High Sierra 10.13.6, however, the devices that have already been manufactured and ship with an older version of the operating system will still be vulnerable.

August 13, 2018

Korean trojan spreading tentacles

A newly discovered ‘Key Marble’ strikes the cyber world causing huge concern for millions of internet users these days. The north korean Trojan, according to what the cyber security experts claim, helps the hackers get access to the details of a device at ease.

 Apart from these, ‘Key Marble’ keeps capturing the screenshots and can download files on every passing moments forcing the experts at the cyber security firms to evolve out an affective mechanism to counter the escalating threat of cybercrimes.

 After an initial study, the experts have stressed an updated anti virus software, strongest passwords to keep these hacking forces at bay.

Further, the internet users can configure personal firewalls on the workstation which could help them ignore unwanted requests.

 The existence of the malware in question surfaced as clear as broad day light when the top cyber security experts from McAfee had a great deal of deliberations at the Black Hat 2018 early this week.

Each of the speakers dwelt at length how the North Korean malware can infect the system. After code analysis the cyber experts successfully identified the links of the vital points acting on the case studies of how North Korea has been aiding and abetting the hackers.

 Both the companies---McAfee and Intezer code go to engine to ensure that the automated analysis process is done. The analysis of both the companies have some common striking similarities.

 The country’s top cyber research experts are learnt to have been possessing the details of the cyber attacks in North Korea. The cyber world experts claimed to have been in the possession of a link between a bank which keeps running at the leadership of a billionaire.

The bank in question got listed more than once in the very code of the malware which happens to be the possessor of fund that has gone missing.
According to the available records, the biggest one attacks, beyond doubt, targetted the Bangladesh Bank. Others in the hit list include the central bank of Bangladesh