now browsing by tag
Apple dropped plans to offer end-to-end encrypted cloud back-ups to its global customer base after the FBI complained, a new report has claimed.
Citing six sources “familiar with the matter,” Reuters claimed that Apple changed its mind over the plans for iCloud two years ago after the Feds argued in private it would seriously hinder investigations.
The revelations put a new spin on the often combative relationship between the law enforcement agency and one of the world’s biggest tech companies.
The two famously clashed in 2016 when Apple refused to engineer backdoors in its products that would enable officers to unlock the phone of a gunman responsible for a mass shooting in San Bernardino.
Since then, both FBI boss Christopher Wray, attorney general William Barr and most recently Donald Trump have taken Apple and the wider tech community to task for failing to budge on end-to-end encryption.
Silicon Valley argues that it’s impossible to provide law enforcers with access to encrypted data in a way which wouldn’t undermine security for hundreds of millions of law-abiding customers around the world.
They are backed by world-leading encryption experts, while on the other side, lawmakers and enforcers have offered no solutions of their own to the problem.
Apple’s decision not to encrypt iCloud back-ups means it can provide officers with access to target’s accounts. According to the report, full device backups and other iCloud content was handed over to the US authorities in 1568 cases in the first half of 2019, covering around 6000 accounts.
Apple is also said to have handed the Feds the iCloud backups of the Pensacola shooter, whose case sparked another round of calls for encryption backdoors from Trump and others.
It’s not 100% clear if Apple dropped its encryption plan because of the FBI complaint, or if it was down to more mundane usability issues. Android users are said to be able to back-up to the cloud without Google accessing their accounts.
#infosec #itsecurity #hacking #hacker #computerhacker #blackhat #ceh #ransomeware #maleware #ncs #nationalcybersecurityuniversity #defcon #ceh #cissp #computers #cybercrime #cybercrimes #technology #jobs #itjobs #gregorydevans #ncs #ncsv #certifiedcybercrimeconsultant #privateinvestigators #hackerspace #nationalcybersecurityawarenessmonth #hak5 #nsa #computersecurity #deepweb #nsa #cia #internationalcybersecurity #internationalcybersecurityconference #iossecurity #androidsecurity #macsecurity #windowssecurity
The post #infosec | Apple Dropped iCloud Encryption Plans After FBI Complaint: Report appeared first on National Cyber Security.
View full post on National Cyber Security
Search engine for leaked passwords shut down
Police have seized WeLeakInfo.com, an online service that turned selling access to data exposed by breaches into a business.
The site offered subscription-based access to billions of compromised user login credentials, essentially offering a search engine for breached personal data including names, email addresses, phone numbers, IP address, and passwords.
A joint law enforcement action led by the UK’s National Crime Agency (NCA), in collaboration with international law enforcement partners including the FBI and the East Netherland Cyber Crime Unit (Politie), has led to the seizure of the domain and the arrest of two suspects.
A 22-year-old male was arrested in Fintona, Northern Ireland by the country’s police service on suspicion of fraud and serious crime offences before being released on bail, pending further inquiries.
Another man, also 22, was arrested in Vriendin, The Netherlands, by Dutch authorities.
Neither suspect has been named but police allege the duo made £200,000 ($261,000) through the dodgy site they ran together.
The pair became suspects after police traced online payments for hosting and other services linked to the site back to IP addresses used by the two men.
Police also established “links between the purchase of cybercrime tools, such as remote access Trojans (RATs) and cryptors, and weleakinfo.com.”
Robert Ramsden-Board, VP EMEA at Securonix, commented in a press release: “Weleakinfo.com was a useful resource for threat actors.
“Hackers could perform unlimited searches for exposed data for as little as $2 a day.
“Hence, providing them with all the information they would need, such as exposed usernames and passwords, to be able to perform credential stuffing attacks and phishing attacks.”
The FBI took ownership of the WeLeakInfo.com domain name and added a notice stating it was seized.
Prior to the takedown, police allege that the site hosted credentials taken from around 10,000 data breaches. The details were used in subsequent cyber-attacks in an unspecified number of cases.
Although WeLeakInfo.com has been taken out of commission, other similar services exist and may well expand to fill the gap in the market occasioned by a rival’s takedown.
In a blog post, security industry veteran Graham Cluley explains the difference between WeLeakInfo and legitimate services like Troy Hunt’s HaveIBeenPwned. The latter only offers warnings – free of charge – that a person’s email address and associated info has been part of a breach without ever storing or offering access to passwords.
YOU MIGHT ALSO LIKE Massive stolen credit card sale features 1.3 mostly Indian records
The post #hacking | International police arrest two after WeLeakInfo takedown appeared first on National Cyber Security.
View full post on National Cyber Security
Criminals have been caught trying to sneak a malicious package on to the popular Node.js platform npm (Node Package Manager).
The problem package, 1337qq-js, was uploaded to npm on 31 December, after which it was downloaded at least 32 times according to figures from npm-stat.
According to a security advisory announcing its removal, the package’s suspicious behaviour was first noticed by Microsoft’s Vulnerability Research team, which reported it to npm on 13 January 2020:
The package exfiltrates sensitive information through install scripts. It targets UNIX systems.
The data it steals includes:
- Environment variables
- Running processes
- uname -a
- npmrc file
Any of these could lead to trouble, especially the theft of environment variables which can include API tokens and, in some cases, hardcoded passwords.
Anyone unlucky enough to have downloaded this will need to rotate those as a matter of urgency in addition to de-installing 1337qq-js itself.
What to do
The offending versions of the package are versions 1.0.11 to 1.0.9 inclusive.
The advice is to check for dependencies by generating a report using the npm audit command from the command line. This alerts admins to packages known to be malevolent as well as any other security issues that need addressing. In a perfect world, an audit will return this:
No known vulnerabilities found (x packages audited].
Malicious npm packages, particularly ones installing backdoors, have become a recurring theme in the last year or two.
A good example was last June’s targeting of the Agama cryptocurrency wallet. The thinking behind this attack was simple – upload what appears to be a useful package, wait until the specific target starts using it in their ‘build chain’, and then update the package with a malicious payload.
This kind of ruse puts a lot of pressure on npm’s security testers to spot malevolence before any damage is done. In this case, the attack was foiled.
There have been at least four other incidents with malicious packages trying to sneak backdoor attacks on npm users since 2017.
Instances of attackers targeting libraries and packages to target cryptocurrency apps by the backdoor are also on the increase.
Today’s applications are assembled from different pieces of software in a format that resembles a supply chain. Clearly, as with physical supply chains, this brings with it new risks.
The post Malicious npm package taken down after Microsoft warning – Naked Security appeared first on National Cyber Security.
View full post on National Cyber Security
Source: National Cyber Security – Produced By Gregory Evans Do you know what you were doing 3736 days ago? We do! (To be clear, lest that sound creepy, we know what we were doing, not what you were doing.) Admittedly, we didn’t remember all on our own – we needed the inexorable memory of the […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans Right at the end of 2019, we wrote about the “decade-ending Y2K bug that wasn’t” in a serious article with a humorous side. In that article, we described a perennial “gotcha” facing Java programmers faced with the simple task of printing out the year. If you […] View full post on AmIHackerProof.com
Source: National Cyber Security – Produced By Gregory Evans There were a bunch of big data hacks in 2019, and 2020 will likely be just as bad as the number of cyberattacks increase. (The average number of security breaches in the last year grew by 11% from 130 in 2017 to 145 in 2018, according to Accenture research.) Companies […] View full post on AmIHackerProof.com
#cybersecurity | #hackerspace | Marketing Agency Temporarily Halts Operations after Ransomware Attack
Source: National Cyber Security – Produced By Gregory Evans A marketing agency announced just days before Christmas that it would be temporarily suspending operations as it works to recover from a ransomware attack. Sandra Franecke, CEO of the Heritage Company, sent a letter to employees that the company would temporarily be suspending its operations. She […] View full post on AmIHackerProof.com
A MUM has revealed her heartache over her teenage son’s death – after taking prescription drugs a friend bought on the dark web.
William Horley, 17, from Herne Bay, Kent, had an accidental overdose on painkiller Tramadol, which he took on a night out in July last year.
His mum Kim Webster, 48, told how her son was a sensible lad who didn’t normally do drugs – and knew his future career in the army had a zero tolerance policy.
The project manager said: “Will wasn’t a drug addict. This was an awful accident, a teenager out having fun his friends, making a momentary bad decision and paying the ultimate price.
“Such a terrible waste of a promising young life. Tramadol is a prescription drug and as a naive young person, my son would have assumed that made it safe.
“But of course it isn’t. Any drug is dangerous if it’s not prescribed and not taken in the correct dosage.”
Kim has another son Jack, 22, and twin stepdaughters Hannah and Zoe, 24, through her husband Rob, 53, a builder.
She added: “Will was 6ft 6ins tall, a handsome, sports-mad lad who’d achieved his long term ambition and been accepted into the Royal Artillery.
“He was due to join the army just three months after he passed away. In the meantime, he had a job waiting tables in a restaurant.
“Will was a sensible boy and we had talked about drugs. He always told me ‘Mum, I’m not stupid. I’m going into the army which has a zero tolerance drugs policy’.
“There was one occasion when I caught him smoking a joint and gave him a real rollicking – but what teenager hasn’t done that?
“I had no fears about my son getting involved with drugs, because I believed he’d never put his future in jeopardy.”
Will wasn’t a drug addict. This was an awful accident, a teenager out having fun his friends, making a momentary bad decision and paying the ultimate price
On the day Will died, July 23, he went to the beach in Whitstable with some friends for some beers – after a 12-hour shift working at the seaside town’s Oyster Festival.
Kim said: “I didn’t think anything of it. My last words to him were ‘have a good time and don’t be too late, the key’s under the mat’.
“I went to bed as usual. At 5am the next day, I woke with an uneasy feeling.
“I went into Will’s bedroom and he wasn’t there. That wasn’t typical for him, so I woke my family.
“They thought he’d probably crashed at a friend’s house but I had a nagging feeling something must be wrong.”
Will wasn’t answering his phone, and neither were any of his mates, so his mum set off to look for him in her car.
Kim said: “A couple of hours later, I phoned the restaurant where he worked.
“The manager told me he hadn’t turned up for his shift, but there was a call from a friend who also worked there, reporting them both sick.
Tramadol is a prescription drug and as a naive young person, my son would have assumed that made it safe – but of course it isn’t
“I asked the manager to ring that friend and tell Will to contact me.
“Shortly afterwards, the manager called back and said Will was on his way to hospital.
“Hearing that, I thought perhaps he’d drunk too much. I had no inkling it might be anything to do with drugs.”
But by the time Kim arrived at Margate’s Queen Elizabeth the Queen Mother Hospital, she was told Will had already died.
The heartbroken mum was left to identify her son’s body.
An autopsy revealed that Will was killed by an overdose of the prescription drug Tramadol, which one of his friends is thought to have bought on the dark web.
I tell teenagers how, as a mother, I had to identify my son’s body, break the news he was dead, and decide whether his body should be buried or cremated
Kim said: “Will died because he did something that was out of character for him, when he took a prescription drug to get high.
“It was a naive teenager’s one-off lapse of judgement, but it cost my boy his life.”
Will would have turned 18 that November. In January, an inquest recorded a verdict of Tramadol overdose with pneumonia.
During the hearing, Will’s friend said he had known him to occasionally smoke weed, but this was the first time he was known to have taken Tramadol.
A Kent Police investigation into where the drug came from is ongoing.
One person has been arrested but nobody has been charged with any offence.
In February 2019, Kim asked Will’s school if she could speak to other pupils about the dangers of taking prescription drugs.
Tramadol: the facts
Tramadol is a strong painkiller used to treat moderate to severe pain – i.e. after an operation or serious injury.
It’s only legally available on prescription, to those aged 12 or older.
Like other opiod drugs, overdosing on Tramadol can kill and the drug can be addictive.
In June 2014, Tramadol was upgraded to a Class C substance and placed in Schedule III to the Misuse of Drugs Regulations – in a bid to reduce prescriptions.
It’s estimated one in six teens have taken prescription meds to get high.
Statistics show the vast majority of teenagers who abuse prescription medications obtain them from home and family members.
Addiction Helper advises parents to talk to kids about the dangers of prescription drug abuse, and keep pills in a locked cabinet.
Kim said: “I felt the need to warn other young people, that this could happen to any one of them.
“These drugs are so easy for teenagers to obtain. They don’t have to go out and locate a drug dealer.
“They can find substances to abuse in the family medicine cabinet.
“Or they can order them over the internet from the privacy of their bedroom, then the postman will bring them right to their front door.”
Kim now gives regular talks about the dangers of prescription drugs in schools and colleges across the country.
She said: “Young people think drugs like Tramadol and Xanax are safe because doctors can prescribe them. There are even adverts for prescription drugs popping up on Snapchat, so the temptation’s constant.
“But drugs on the dark web are often mixed with other chemicals, so nobody can be entirely sure what they’re taking.
“I urge young people to think about their family and what would happen to the people they love, if things go wrong.
“I tell them how, as a mother, I had to identify my son’s body, break the news he was dead to his brother, father and grandparents, and decide whether his body should be buried or cremated.
“No mum should ever have to do those things for their child. What I have to tell these teenagers is the truth and it’s very powerful.”
Kim now works with Kent-based rehabilitation unit Kenward Trust – www.kenwardtrust.org – to raise awareness of the dangers of buying prescription drugs.
She said: “It isn’t easy for me to go out and tell a roomful of strangers about how I lost my son.
“I’m still grieving for him – sometimes it feels as if my heart is being squeezed in my chest, to the point that I can’t catch my breath.
Mum creates stunning glittery staircase for a fiver using B&M wrapping paper
‘Exhausted’ new mum shares emotional pic as she begs visitors to stay away
CORRIE ON QUEEN
Corrie’s Samia has ‘mum guilt’ over barely seeing kids when busy filming
Genius hack reveals how to wrap a gift when you’ve cut wrapping paper too small
Needing to pee more when it’s cold can be sign of deadly condition, docs warn
“But I need to get his message out there. Will had his life before him and was about to start living the dreams he’d held since a little boy.
“He didn’t want this to happen to him and wouldn’t want it to happen to others.”
The family have also launched a charity, the Will Horley Foundation, to fund boxing for children in need.
The post #deepweb | <p> My sensible son, 17, died after taking painkiller Tramadol on a night out <p> appeared first on National Cyber Security.
View full post on National Cyber Security
#nationalcybersecuritymonth | Fears of Russian interference hit U.K. election as Reddit bans accounts after U.S. trade talks leak
LONDON — Fears of Russian interference reared their head in the U.K. election this weekend after social media platform Reddit said it believed confidential British government documents were posted to the site as “part of a campaign that has been reported as originating from Russia.”
Reddit launched an investigation after opposition Labour Party leader Jeremy Corbyn brandished the leaked documents at a press conference last month.
The 451-page dossier appeared to reveal rounds of trade negotiations with the U.S. for a post-Brexit trade deal included mention of the country’s beloved National Health Service. Labour claimed they proved Prime Minister Boris Johnson would put the NHS “up for sale” to secure a deal with President Donald Trump.
The British government has not denied the authenticity of the documents. NBC News has not verified their authenticity.
Johnson, whose ruling Conservative Party leads in the polls entering the final week, has denied Corbyn’s claims about what they show.
A British government spokesperson told NBC News Sunday that “online platforms should take responsibility for content posted on them, and we welcome the action Reddit have taken.”
“The U.K. government was already looking into the matter, with support from the National Cyber Security Centre,” the spokesperson said.
Let our news meet your inbox. The news and stories that matters, delivered weekday mornings.
“We do not comment on leaks, and it would be inappropriate to comment.”
Reddit said late Friday that its investigation into the posts related to the leak revealed “a pattern of coordination” by suspect accounts that were similar to a Russian campaign called “Secondary Infektion” discovered on Facebook earlier this year.
The site also said it had banned 61 accounts suspected of violating policies against vote manipulation related to the original post, which was published in October.
Corbyn has not revealed how his party obtained the documents but defended the decision to use them.
Asked about Reddit’s conclusions at a campaign stop Saturday, Corbyn said the news was an “advanced stage of rather belated conspiracy theories.”
“When we released the documents, at no stage did the prime minister or anybody deny that those documents were real, deny the arguments that we put forward. And if there has been no discussion with the USA about access to our health markets, if all that is wrong, how come after a week they still haven’t said that?” he added.
He also criticized the government for failing to release a Parliamentary intelligence committee report on Russian interference in British politics before the election campaign began.
Thursday’s vote was called in an effort to break the deadlock that has left the future of the country’s relationship with the European Union uncertain.
But the future of Britain’s health care has emerged as a powerful rejoinder to the notion of a purely ‘Brexit election.’
Asked about the source of the leak this weekend, Johnson said: “I do think we need to get to the bottom of that.”
Culture minister Nicky Morgan claimed the leak raises concerns of Russian influence on British democracy and said the government is taking steps and “watching for what might be going on.”
“From what was being put on that (Reddit) website, those who seem to know about these things say that it seems to have all the hallmarks of some form of interference,” Morgan told the BBC. “And if that is the case, that obviously is extremely serious.”
But if Russia was behind the leak, its aim may not have been to help any particular side in the election, Lisa-Maria Neudert, a researcher at Oxford University’s Project on Computational Propaganda, told Reuters.
“We know from the Russian playbook that often it is not for or against anything,” she said.
“It’s about sowing confusion, and destroying the field of political trust.”
Michele Neubert contributed.
View full post on National Cyber Security