August 19, 2018

Cybersecurity Vulnerabilities in Philips IntelliSpace System Exposes Sensitive Cardiac Patient Information

The Industrial Control Systems Cyber Emergency Readiness Team (ICS-CERT) and Philips Healthcare issued a warning after discovering cybersecurity vulnerabilities in the Philips' IntelliSpace Cardiovascular (ISCV) and Xcelera cardiology image and information management software.

According to the ICS-CERT, “Successful exploitation of these vulnerabilities could allow an attacker with local access and users privileges to the ISCV/Xcelera server to escalate privileges on the ISCV/Xcelera server and execute arbitrary code."

The ICS-CERT found two different vulnerabilities in the Philips IntelliSpace System that are identified as Improper Privilege Management (CVE-2018-14787) and Unquoted Search Path or Element (CVE-2018-14789). Luckily, both the vulnerabilities are not critical, but it could allow hackers to execute arbitrary code, and gain access to the patient details.

The vulnerabilities affect Version 3.1  or earlier of IntelliSpace Cardiovascular, and the version 4.1 or earlier versions of Xcelera. However, it seems that both the flaws have not been exploited yet.

"At this time, Philips has received no reports of exploitation of these vulnerabilities or incidents from clinical use that we have been able to associate with this problem, and no public exploits are known to exist that specifically target these vulnerabilities,"  said security advisory of Philips.
The company has reported the matter to the National Cybersecurity and Communications Integration Center (NCCIC).

Philips will release patches for the vulnerabilities in their next version  ISCV 3.2, which is scheduled for release in October 2018.

Meanwhile, the company has advised the users to limit the network access, review and restrict files permissions, and use secure VPNs for remote access.

August 19, 2018

Criminal Case Filed Against Hackers For Hacking Koltsovo Airport Database And Stealing Money From Banks

Two residents of the city Yekaterinburg are in custody for stealing money from several bank accounts and hacking into Database of Koltsovo international airport(Yekaterinburg, Russia).

Authorities found out that Cyber criminals Konstantin Melnik and Igor Makovkin created a virus through which they got access to the accounts of Bank customers.

Hackers stole 1.2 billion rubles (about 18 million USD) from their cards. In addition, hackers infected the computers of Yekaterinburg airport "Koltsovo" with malicious programs and got access to the air harbor database. The airport could not say the amount of the company's losses.

It is important to note that the hacker group was called Lurk and consisted of 24 members. Igor is one of the organizers, and Konstantin is his active participant.

The group of hackers successfully worked for five years, as it was difficult to detect the virus. The virus was self-removing and left no traces after gaining access to the accounts.

Specialists of Kaspersky Lab helped to find cyber criminals. They identified the virus in corporate networks with Sberbank's programmers.

According to some sources, the hacker group Lurk probably stole more than 124 million rubles (about 1.9 million USD) from the Bank accounts of members of the Liberal Democratic Party of Russia, holding senior positions in the party.

August 19, 2018

Federal Service for Veterinary and Phytosanitary Surveillance (Rosselkhoznadzor) reported a DDoS attack

Hackers attacked the system of electronic veterinary certification "Mercury". It became known on August 16.

According to Rosselkhoznadzor, the attack was carried out on August 13. One of the servers of the state information system in the field of veterinary medicine, providing access through the web interface to components "Argus" and "Mercury" became the goal of hackers.

"Mercury" is a system of electronic veterinary certification. "Argus" is a system for issuing permits for the import of controlled products to Russia, as well as for its import and transit through the territory of the Russian Federation.

The agency noted the attack occurred at the same time with the beginning of shipments of food products to warehouses and registration of the necessary documentation. The failure of the system at this time would have the greatest negative effect. The police believed that the attack did not happen by accident.

Measures were taken on time, so the attack did not cause a malfunction in the information system. However, it was decided to strengthen the prevention of traffic control. On August 14, preventive measures were lifted.

August 17, 2018

Former Microsoft engineer sent behind bars for money laundering

Raymond Odigie Uadiale, age 41, is great with computers. Good enough to be hired by Microsoft as a network engineer. And good enough, according to the feds, to run a virus scamming ring that froze computers via a fake warning from the Federal Bureau of Investigation, charged people a $200 "fine" to unlock their laptops, and warned users they might be sent to prison if they didn't pay up.

Instead, it's Uadiale who's going to jail. The US Department of Justice (DoJ) announced Tuesday that Uadiale of Maple Valley, Washington, pled guilty to two counts of money laundering after admitting that while he was a Florida International University grad student, he was secretly running a computer "ransomware" scam that used a virus called "Reveton" to lock people's computers and demanded money to unlock them. Uadiale, who also went by the name "Mike Roland," will serve 18 months in prison after laundering nearly $100,000 to a co-conspirator in the United Kingdom identified only by the online handle "K!NG."

Assistant Attorney General Brian A. Benczkowski of the Justice Department’s Criminal Division, U.S. Attorney Benjamin C. Greenberg for the Southern District of Florida and Special Agent in Charge Matthew J. DeSarno of the FBI Washington Field Office’s Criminal Division, made the announcement.

“By cashing out and then laundering victim payments, Raymond Uadiale played an essential role in an international criminal operation that victimized unsuspecting Americans by infecting their computers with malicious ransomware,” Assistant U.S. Attorney General Brian Benczkowski announced. Uadiale pleaded guilty June 4.

The indictment charged Uadiale with one count of conspiracy to commit money laundering and one count of substantive money laundering. As part of the plea agreement, the government dismissed the substantive count. In addition to his prison sentence, Uadiale was also sentenced to three years of supervised release.

The ransomware in question executes on PCs and encrypts system files. A message is then shown on the home screen which claims that the user has violated federal law and downloaded illegal content.
August 17, 2018

Deadly threat for Intel devices

The updated Intel -powered smart devices, of late, have started grappling with a Spectre-like fatal flaw forcing the cyber security fraternity to engage in research in search of an effective mechanism to counter the threat causing concern for millions of users.
Identified as 'Foreshadow, it is exploited by the hackers to get access to details of password, encryption apart from other sensitive data stored in the device to be used as situation warrants.

 Cyber security experts engaged in the top firms say till the other day Spectre Meltdown was the most dangerous and deadly for the smart devices.

But by now the most fatal indeed is Forshadow. They say it easily can penetrate into the most sensitive and secured features of an Intel developed device.

 Since the most sensitive feature of an Intel developed device is the Software Guard Extensions (SGX), introduced with Sky Lake processors Forshadow strikes here to compromise the security feature.

 The moment Forshadow starts working, it creates an enclave to execute the crucial process of the system, the feature where sensitive information and data are stored.

When the device is infected, the data protecting mechanism refuses to work properly. SGE falls unused suggesting the deadly infection in the system.

 According to what the researchers claimed to have discovered, the hackers can easily breach SGE with the help of the deadly Foreshadow vulnerability.

 The famed IT manufacturing firm, however, has admitted the Foreshadow vulnerability saying that the hackers can exploit it in three separate conditions or situations which need to be researched further.

The cyber experts engaged there have already released a micro code to affected processors.

 Intel, further has urged its manufacturing fraternity to keep changing microcode based mechanism through BIOS updates.

The computing device manufactures have put in place the feature of security patches to tap the Spectre like vulnerability in the Intel devices.
August 16, 2018

Google is Tracking Your Location

Google knows where are you! The search engine giant records all your movements even if you have turned off the location tracker.

An Associated Press investigation report found out that the issue could affect more than two billion people who use Google maps or Google search directly or indirectly.

According to the study,  Google maps "stores a snapshot of where you are," an automatic daily weather updates track a location of your Android device, and even a small random search on Google searches gets to know about your exact latitude and longitude.

even random Google searches that you make will hand over information to the tech giant.
The study has been verified by the Computer science researchers at Princeton University after AP's requests.

However, in response to the allegations, Google has issued a description of tools and suggestions on how to turn off the location tracker and delete the location history.

Google says: “You can turn off Location History at any time. With Location History off, the places you go are no longer stored.”

Google's "Web and App Activity," which is turned on by default, let the company track your location.

To turn it off, you have to simply go to Activity Controls. Turn off both Web & App Activity and Location History.

For Android device follow these steps:
1) Go to settings.
Next click on Google, and then Google Account
There you will find a tab "data & personalisation"  inside it "web & app Activity"
Turn off "Web & App Activity"

For iPhones, iPads, and computers:
Sign into your Google account, click on the activity controls page.
There you will find "the web & app Activity" tab
Turn off the "Web and App Activity"

August 16, 2018

Personal Data Leakage of Russian Railways Passengers

Pavel Medvedev, a specialist in search engines of Rush Agency, came to the conclusion that users of sites of such large companies as Russian Railway, VTB Bank, Sberbank, as well as the Moscow city hall, can at any moment become victims of fraud.

"I believe that many good specialists and developers have shifted to the West and the quality of staff in IT has decreased because of the crisis in Russia," said Pavel.

People who serve the Internet resources of companies make stupid mistakes. For example, they do not write down which pages the search engines can enter and which cannot. Search engines don't care where they collect information. The reasons behind data leakage are Unprofessionalism and incompetence of IT professionals and the attempts of companies to save money.

How can it be dangerous? For example, a person buys a train ticket with a departure date in six months. He receives an SMS with a link to his personal account to view and edit information. At the same time, "Yandex.Browser", Android or metric counter tells the search engine that a previously unknown page has appeared. The search engine sees that the page is working and indexes it.

Hackers who does searches related to train ticket booking gets the data and access the user's personal account, rewrites the document in his own name and after six months leaves on the train instead of the real ticket holder.

It is important to note that the personal data leakage happened not for the first time in Russian Railway. In 2016, a group of hackers found in the open access database of 3,500 passengers, including customers of the railway monopoly.
August 16, 2018

An unknown Malware led to loss of Rs 94 crores in Two days from a Pune-based Cosmos Bank

Hackers transferred over Rs 94 crores from a 112-year-old Pune-based Cosmos Co-operative Bank through a malware attack that was directed on the server of the bank and on its thousand's of debit cards.

The attack was carried out for over multiple days in which about Rs 78 crore was withdrawn from more than 12,000 ATM transactions in 28 countries. While another 2,800 transactions of amount Rs 2.5 crore were made from different cities in India.

As per the reports, Rs 13.9 crore was transferred to foreign banks through SWIFT (Society for Worldwide Interbank Financial Telecommunication) transaction.

“A complaint has been filed with Pune police about the malware attack and the bank is doing internal audits to investigate the breach,” the official said.

According to the bank, their core banking system (CBS) was intact and the malware attacked the switch, which is responsible for payment gateways of Visa and Rupay debit cards, as all the credit cards which were used in the hack was of Rupay or Visa.

"The core banking system (CBS) of the bank receives debit card payment requests via 'switching system'. During the malware attack, a proxy switch was created and all the fraudulent payment approvals were passed by the proxy switching system," said the statement.

On August 11, the bank came to know about the suspicious transactions were taking place through their debit cards, and they immediately aborted all its credit card payment system in India as well as in foreign countries.

“None of the customers’ accounts were touched and it is the bank which has incurred the loss of this money,” the official said.

The Bank has said there is no need to panic as there have no fraudulent transactions from any of the customer's account.

The statement underscored: "As it is a malware attack on the Switch which is operative for the payment gateway of VISA/RuPay debit cards and not on the CBS of the bank, the customers' accounts and its balances are not at all affected."

A professional forensic investigation team has been called up to look into the matter, and they will submit their report in the next few days regarding the modus operandi of the attack and the exact amount involved therein.