now browsing by tag


Hacker #stole £10k from #jazz #charity

Source: National Cyber Security News

A jazz centre, headed up by Westcliff musician Digby Fairweather, was targeted by an online fraudster, it has been revealed.

Hackers accessed an account belonging to the Southend-based Jazz Centre UK and stole £10,000.

Fortunately, the charity had its money refunded by the bank, but Mr Fairweather said people must be vigilant to rising cyber crime.

He said: “The Jazz Centre UK online account had two payees set up at the time for small sums. Someone hacked into the account and moved £4,950 twice in a day into these accounts. He then rang both firms saying he was from the jazz centre and the sums had been transferred by mistake and that we owed the money to someone else.

“He asked them to pay it back and then gave them his own account number.”

Mr Fairweather added: “It was virtually all the Jazz centre UK funds but after an inquiry it was the fault of the bank and all the money was refunded – apart from £216.

“It made us very wary of online banking. It could have left us in a great deal of trouble.”

The incident, which happened in October, came to light after it was raised in Parliament by Southend West MP Sir David Amess.

Read More….


View full post on National Cyber Security Ventures

Hacker #tricks official #Vatican News site into #declaring #God an #onion

Source: National Cyber Security News

A Belgian security researcher has discovered a vulnerability on the website of Vatican News — the official news publication of the Holy See — that could allow anyone to publish their own fake news.

The vulnerability was discovered by independent researcher Inti De Ceukelaire. Proving his work, he tweeted a picture of Vatican News falsely stating that Pope Francis had declared God to be an onion.

De Ceukelaire (who we’ve previously profiled) has been behind some high profile discoveries. In September, he disclosed ways to access corporate messaging apps like Slack and Yammer by exploiting publicly-accessible help-desks and bug trackers.

Last February, De Ceukelaire earned notoriety after he redirected several links in Donald Trump’s old tweets to content that would otherwise be embarrassing for the now-occupant of 1600 Pennsylvania Avenue. He did this by identifying websites Trump had tweeted out whose domain names had been allowed to expire. He then re-registered them under his own name.

Keeping with the Trump theme, he used publicly accessible online information to find the contact details of Melania Trump. He used this to invite FLOTUS to his home town.

In the case of Vatican News, De Ceukelaire encountered an unpatched cross site scripting (XSS) vulnerability, and exploited it to inject the blatantly fake news.

Read More….


View full post on National Cyber Security Ventures

Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says

Source: National Cyber Security – Produced By Gregory Evans

After eight months of maintaining his innocence in a massive data breach at Yahoo, Karim Baratov feels like he’s now, his lawyer says, doing the right thing by pleading guilty to charges stemming from his role as a hacker.

Baratov, who is from Hamilton, is scheduled for sentencing in February, after pleading guilty, in a U.S. court on Tuesday, to one count of conspiracy to commit computer fraud and abuse and eight counts of aggravated identity theft.

“He’s feeling like he’s doing the right thing … he’s happy that he’s doing the right thing, he’s happy that he’s opening up, and he’s not holding back,” said Amedeo DiCarlo, one of Baratov’s lawyers. “I think that’s what the justice system expects of him.”

Authorities say the hack affected at least a half billion user accounts, and was directed by two Russian intelligence agents. U.S. law enforcement officials call the 22-year-old Baratov a “hacker-for-hire” and say he was paid by members of Russia’s Federal Security Service to access more than 80 accounts.

DiCarlo wouldn’t say if Baratov turned over information on the two Russians linked to the case, but did say he has been “very forthcoming with his information” and “very transparent.”

“He told them everything they needed to know,” DiCarlo said.

Another one of his attorneys, Andrew Mancilla, echoed that sentiment outside of court after the guilty plea was made. “He’s been transparent and forthright with the government since he got here,” Mancilla said.

The Russian agents, Dmitry Dokuchaev and Igor Sushchin, used the information they stole from Yahoo to spy on Russian journalists, U.S. and Russian government officials and employees of financial services and other private businesses, according to prosecutors.

Dokuchaev, Sushchin and a third Russian national, Alexsey Belan, were also named in the indictment filed in February, though it’s not clear whether they will ever step foot in an American courtroom since there’s no extradition treaty with Russia.

Yahoo user accounts began being compromised at least as early as 2014. Prosecutors say Dokuchaev and Sushchin turned to Baratov after learning that one of their targets had accounts at webmail providers other than Yahoo.

After Baratov’s arrest, his parents said that their son was a “scapegoat.” DiCarlo said they are now finally seeing some sense of closure.

“It’s a big strain on everybody — it’s kind of like you’re biting your fingernails, waiting for the result. Now, here is a final result in their opinion … they see an end in the future.”

Baratov’s sentencing is set to happen in February, and the threshold for how much jail time he could face ranges from zero to 20 years, DiCarlo said — though he would not disclose what sentence the defence will submit as appropriate. It’s also not clear if Baratov would serve a sentence in Canada or the United States.

“We’ve got our ranges to work with, and that’s where the lawyering takes place,” DiCarlo said.

The post Yahoo #hacker feels he’s ‘doing the #right thing’ after #pleading #guilty, #lawyer says appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker #demands #money, #threatens #terrorist #claims

Source: National Cyber Security – Produced By Gregory Evans

A 72-year-old Plymouth man’s computer was hacked by someone who threatened to report him as a terrorist sympathizer unless he paid money, a police report said.

The victim told police he received several telephone calls Nov. 21 after his computer was hacked. He said the caller demanded $300 for three years of computer protection or $2,000 for lifetime coverage.

The caller became aggressive, the report said, threatening to contact the U.S. president and the CIA to accuse the victim of supporting a terrorist network.

The victim notified police and no money was lost.

Suspicious visitor

A 51-year-old Plymouth man notified police after he was twice awakened by someone pounding on his door and leaving behind a smashed pumpkin on his driveway and a plant dumped on the windshield of his Ford Fusion, a report said.

The man said the knocking occurred about 2:30 a.m. Nov. 23 and then an hour later. He called police both times, but the prankster had fled when officers arrived.

The incident occurred in the 1000 block of Quail Circle. The windshield of the Ford Fusion sustained some damage when the plant was dumped on it.

Drunken crash

Plymouth Township police arrested a 36-year-old Westland man after he crashed his 2013 Ford Econoline into a building at 14937 Northville Road, a report said.

Police cited the man for operating while impaired and his vehicle was impounded.

The crash happened just before midnight Nov. 21, near Northville Road and Five Mile, the report said. The driver was bleeding from the head and mouth and was taken to St. Mary Mercy Hospital for treatment, the report said.

The suspect told police another vehicle cut him off and caused him to crash into the building after he left a bar, the report said. Police got a search warrant to have the man’s blood drawn to test for blood-alcohol level.

Vehicle larceny

A 43-year-old Canton woman called police after her purse was stolen by someone who smashed out her car window while she was parked at Applied Fitness Solutions on Ann Arbor Road in Plymouth, a report said.

She said the incident happened between 6:45 p.m. and 8 p.m. Nov. 9. She said she had tried to hide her purse under the back of the passenger seat, but apparently it was still visible.

She said she locked the doors, but the intruder broke out the rear passenger window. She told police the purse contained credit cards, $30 in cash and her driver’s license.

Home break-in?

A 34-year-old man told Plymouth Township police $500 was stolen from his bedroom closet while he was out of town, a report said.

He told police he returned Nov. 12 to his home in the 2300 block of Hackberry to find that five $100 bills had been stolen from his closet. He said he locked the house before he left.

He told police the money had been given to him as a family gift.

The post Hacker #demands #money, #threatens #terrorist #claims appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Prague #appeals court allows #Russian #hacker extradition to #US

Source: National Cyber Security – Produced By Gregory Evans

A Prague appeals court on Friday upheld a lower court ruling that a Russian man who faces charges of hacking computers at American companies can be extradited to the United States.

Czech authorities arrested Yevgeniy Nikulin in Prague in cooperation with the FBI in October last year. He is accused by U.S. prosecutors of penetrating computers at Silicon Valley firms including LinkedIn and Dropbox in 2012.

Moscow also wants him extradited on a separate charge of internet theft in 2009.

Prague’s Municipal Court ruled in May that both extradition requests meet the necessary legal conditions.

Nikulin appealed his extradition to both countries but later withdrew an appeal against his extradition to Russia.

Following the ruling by Prague’s High Court, it is now up to the justice minister to approve or dismiss the extradition. It is not clear when a decision can be expected.

Nikulin’s defense attorney said he was “surprised, astonished and disappointed.”

“I don’t share the legal opinion of the High Court and I will take the steps I can to reverse it,” Martin Sadilek said.

State Prosecutor Marcela Kratochvilova welcomed the ruling.

“There are no reasons to prevent extradition,” she said.

Nikulin denied he was a hacker and claimed he’s a car lover. He ran a popular Instagram account devoted to sports cars and socialized with the children of the Kremlin’s elite, including the daughter of Russian Defense Minister Sergei Shoigu.

Sadilek suggested again Friday that the case was politically motivated. He had previously said U.S. authorities appeared to be using Nikulin as a pawn in the investigation into alleged Russian hacking in the U.S. election.

Nikulin previously claimed he was twice approached by U.S. authorities while in detention, in the absence of his previous lawyer. He said they urged him to falsely testify that he cooperated in the hacking attack on the Democratic National Committee ordered by Russian authorities. He said U.S. authorities would, in exchange, give him money and a life in the United States, which he refused.

The U.S. has accused Russia of coordinating the theft and disclosure of emails from the Democratic National Committee and other institutions and individuals in the U.S. to influence the outcome of the 2016 presidential election. Russia has vigorously denied that.

There is no indication that Nikulin’s case is connected to the DNC hacking accusation.

Judge Karel Semik said Friday what what Nikulin is accused of is a normal criminal act and not a politically motivated criminal activity. Semik stressed it is not a task for the Czech court to decide whether he’s guilty but whether the extradition request meets all necessary legal conditions.

The hearing took place in the presence of heavily armed police officers. Nikulin was transported from a nearby prison to the court room via an underground tunnel.

Copyright 2017 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed.


The post Prague #appeals court allows #Russian #hacker extradition to #US appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Cybersecurity on the #plant floor: #fighting the #Hacker Machine #Interface

Source: National Cyber Security – Produced By Gregory Evans

SCADA systems and cybersecurity: it remains a challenge and according to ample research even one of the major restraining elements in SCADA market growth.

While being a multi-faceted challenge, one of the many means through which attackers infiltrate SCADA systems is the Human Machine Interface (HMI).

With HMI/SCADA software being in fully evolution in the age of Industry 4.0 and Industrial IoT, exploiting vulnerabilities in the software still happens a lot.

Security expert Trend Micro looked at the state of SCADA HMI vulnerabilities and had its Zero Day Initiative Team investigate all the publicly disclosed vulnerabilities with regards to SCADA software that were fixed from 2015 and 2016. The result: a report and recommendations. An overview and some additional thoughts.

The Hacker Machine Interface: focus on patching

The majority of found SCADA software vulnerabilities are preventable using secure development practices Trend Micro states.

The major areas where SCADA software vulnerabilities occur as you can see in the graphic below are, respectively:

  • Memory corruption.
  • Credential management.
  • Lack of authentication/authorization and insecure defaults.
  • Code injection.
  • A big chunk of other areas.

The press release, revealing the findings and serving as an announcement of the report “Hacker Machine Interface: The State of SCADA HMI Vulnerabilities”, also states that the average time it takes a SCADA/HMI vendor to release a patch once a bug has been disclosed can go up to 150 days.

Patching is a significant challenge for multiple reasons. The mentioned 150 days is approximately 30 days longer than it takes highly deployed software from the likes of Microsoft or Adobe, yet far less than enterprise applications from firms such as HPE or IBM, Trend Micro says.

However, knowing that SCADA systems are a bit everywhere and certainly in critical infrastructure, making them of course interesting for the ‘bad guys’ there is certainly room for improvement in the area of patching. As per usual we need to emphasize that 150 days is an average. So, when you’re in the market for HMI/SCADA software it might be a good idea to look at the security and patching practices of the various vendors out there.

Among the many concerns with regards to the security of SCADA systems, according to Trend Micro’s Fritz Sands the weak link really is the human machine interface software part and patching comes in again.

According to Sands most HMI systems still run on old Windows operating systems whereby there are no more security upgrades for the several versions of the Windows OS. Quoting Sands from a November 2017 article, entitled ‘Dated Windows software the weak link for SCADA systems‘, “Windows is a sphere where hackers feel very comfortable. Instead of needing a complex tool set to attack SCADA controllers, they have 20 years of hacking skills used against Windows, SQL server, browsers and Adobe products.”

Top SCADA/HMI security issues according to the Hacker Machine Interface report

On top of the fact that in the age of Industrial IoT everything is increasingly connected and we shifted away from the isolated HMI and SCADA system that runs on a trusted network whereby end-to-end security by design has simply become a must, as well as many other security issues (from the inevitable human factor and insider attacks to the traditional challenge of removable media and the ever more sophisticated ways hackers use beyond old tactics such as phishing and malware) solving the old Windows version security issue seems like a no-brainer. Certainly as the stakes, scale and indeed complexity of cybercrime expand.

Back to the announcement of Trend Micro and some of the preventable SCADA/HMI issues the company found.

Below is an overview as mentioned in the announcement of the “Hacker Machine Interface: The State of SCADA HMI Vulnerabilities”. We added some quotes from the report which you can download in PDF here.

  • Memory corruption problems, which account for about 20 percent of all identified vulnerabilities, mainly represent traditional code security issues with the likes of stack- and heap-based buffer overflows and out-of-bounds read/write vulnerabilities.
  • Credential management challenges, accounting for a pretty impressive 19 percent of all vulnerabilities range from not protecting credentials enough and storing passwords in a recoverable format to the use of hard-coded passwords.
  • The category of vulnerabilities in the area of lack of authentication/authorization and of insecure defaults accounts for close to a quarter of all found SCADA vulnerabilities (23 percent to be precise). One of the issues: missing encryption. Another one: unsafe ActiveX controls marked safe for scripting.
  • The issues with regards to code injection are relatively minor in comparison with the others, accounting for 9 percent of all identified vulnerabilities. But of course, although perfect security is close to impossible, that is still far too much, certainly given the mission-critical role of SCADA and the fact that on top of the more common injection types there are also domain-specific injections as Trend Micro states.

Security strategies and security by design as the stakes get higher

Mentioning the crucial types of information such as a facility’s layout and critical thresholds SCADA system hackers can obtain (on top of the in the world of IoT not unknown phenomenon of getting device settings for future attacks) and threats such as the Stuxnet attack on an Iranian nuclear plant and Ukranian power grid attacks to provide an idea of the scope of potential damages, Trend Micro invites you to check out the various vulnerability types, cases of vulnerably SCADA Human Machine Interfaces and the much needed advice in its paper “Hacker Machine Interface: The State of SCADA HMI Vulnerabilities”.

By the way: needless to say that in times of ongoing digitization and digitalization, organized cybercrime, state-sponsored attacks and ‘cyber’ as a real weapon in warfare, cybersecurity cannot be an afterthought.

Not in SCADA/HMI software, not in SCADA systems, not in industrial transformation, not in critical infrastructure, not in Industry 4.0 and not in digital transformation or IoT projects overall.

Security by design and security strategies need to be included from the very start of any project, not just because of the risks but also because of the fact that calling in your cybersecurity folks too late is a slowing factor in digital transformation to begin with and, the other way around, security is a digital transformation accelerator.

In a SCADA/HMI security context the call to do more in the words of Trend Micro’s ‘ The State of SCADA HMI Vulnerabilities: “despite the obvious risks of obtaining unauthorized access to critical systems, the industry behind the development of SCADA systems, specifically HMI vendors, tend to focus more on equipment manufacture and less on securing the software designed to control them”.

The post Cybersecurity on the #plant floor: #fighting the #Hacker Machine #Interface appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Utah #charity’s #funds #wiped out by #hacker

Source: National Cyber Security – Produced By Gregory Evans

Utah Association for Intellectual Disabilities said Wednesday a hacker had locked them out of most of their systems and drained their bank accounts. This comes right as the group was gearing up for holiday giving season.

UAID gives Christmas gifts to adults who are intellectually disabled, often don’t have family, and stay in assisted living facilities.

The group only meets once a month and was getting together to plan their holiday strategy for buying and distributing gifts. The group serves around 1,200 – 1,400 people ever holiday season. Although Vice President Laura Henderson said they noticed no new email applications for help had come in since October 22nd.

“As we investigating the email issue, I opened the bank statements and started seeing things that just weren’t right,” said Henderson.

After speaking with their bank the group noticed around $5,000 from multiple accounts had been transferred, or stolen from their accounts. According to records the hackers used a series of apps and services to get the money out.

The transfers started small around October 22nd, but went into the thousands by the 25th.

It wasn’t just the money the hackers messed with. They also took over their PayPal, opened new accounts, and locked them out of their email and website. Even when they tried to change the passwords the hackers regained access a short time later.

Co-Founder Katherine Scott said she devastated because so many rely on their gifts, and often don’t get anything else for Christmas. With email accounts compromised they don’t know who needs services this year.

“That’s one of the things that’s making us real sad this year is we don’t know who needs help,” said Scott.

Doug Lind has been a recipient of gifts for the last six years, and said for many it’s the one thing that brightens up their holidays. He couldn’t believe the news.

“You have to be really low to do something like that to people who don’t have that much,” said Lind.

The groups is now scrambling for donations of money and clothes for those they serve. Because their email and website has been compromised they are asking everyone to call their new number at 385-887-4145.

The post Utah #charity’s #funds #wiped out by #hacker appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info

Source: National Cyber Security – Produced By Gregory Evans

Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info

A hacker is trying to extort a Canadian university, threatening to dump student information unless university top brass pay 30,000 CAD (23,000 USD).

The extortion attempt’s victim is the University of Fraser Valley (UFV), a Canadian university located in the town of Abbotsford, south-east of Vancouver.

Based on the currently available information, a hacker or hacker group breached the university’s network from where it gathered information such as names, email addresses, phone numbers, physical addresses, grades information, some instances, limited financial details, and possibly more.

Hacker circulated personal data of 29 UFV students

The time of the intrusion is unknown, but over the last weekend, the hacker sent an email to UFV students with the personal information of 29 UVF students.

The same email also contained a ransom demand of 30,000 CAD (23,000 USD). The hacker gave UFV officials 48 hours to pay, or he’d release more info.

The University came clean on Monday and admitted the breach in series of four security alerts sent over the course of the week.

“The students directly affected have been contacted and UFV is working with them to take steps to secure their privacy and personal information,” a UFV spokesperson said.

University shuts down email system

On Wednesday, UFV shut down its email system until November 6, in an attempt to prevent the proliferation of other emails containing data of other students.

The hacker’s point of entry and the number of compromised systems are currently unknown. The University is still investigating the breach, together with Abbotsford police.

The deadline has passed, but it’s unclear if the University paid the ransom demand.

In mid-September, a hacker group known as TheDarkOverlord (TDO) tried to extort schools in the US state of Montana. The hacker’s extortion attempts failed, even after he made bomb threats against the school and physical violence against students.

Bleeping Computer reached out to the hacker group through an intermediary and TDO denied it was behind this recent extortion attempt.

The post Hacker Holds #University for #Ransom, #Threatens to Dump #Student Info appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Basic #Payment #cash raises #computer #hacker #threat

Source: National Cyber Security – Produced By Gregory Evans

Basic #Payment #cash raises #computer #hacker #threat

EASY access to information about Scottish farmers’ Basic Payments has made them prime targets for cyber crime, the Scottish Business Resilience Centre has warned.

At the end of October, payments worth £254million were issued to farmers and crofters across the country, and SBRC advised farmers to be “extra vigilant” regarding their internet safety, including being aware of suspicious emails or phone calls.

Chief ‘ethical hacker’ with the SBRC, Gerry Grant, said: “I know how vital these payments are to the livelihood of farmers and crofters. This makes it even more important that they’re fully aware that it can make them an easy target for criminals to try and scam them.

“Criminals can easily work out an accurate estimation of what a farmer is likely to receive in CAP payments and armed with this information, they can try and steal the money. They can send various emails to try and get passwords for bank accounts or even try and trick unsuspecting farmers into making payments to the wrong account.”

The types of emails and calls farmers may receive will generally consist of them being asked to take urgent action regarding their finances/bank accounts. SBRC said that any unusual emails or phone calls should be investigated fully, and the contact details should be verified before any action is taken.

Things to look out for include:

• Emails from suppliers asking for funds to be transferred to a different bank account;

• Emails claiming that there is a problem with an account;

• Phone calls from banks saying that there appears to be unusual activity on their account.

The post Basic #Payment #cash raises #computer #hacker #threat appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

Source: National Cyber Security – Produced By Gregory Evans

‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks

‘The weakest part of security is us’

This was the message from ethical hacker Mike G.

Speaking at the Irish Independent annual Dublin Information Sec cyber-security event taking place in Dublin today, Mike G, who helps organisations in their fight against cyber security and hacking, said that humans are very easily hacked.

Citing the hacking of US actress Jennifer Lawrence’s Apple iCloud, Mike G said that the hacking was done through the actresses’ password for iCloud being her dog’s name, and the fact that Ms Lawrence had posted a picture of her dog on Instagram – the hacker went from there and leaked photos apparently showing her in the nude on the internet.

In addition, bad systems design and/or insecure security policies can leave people and organisations vulnerable to hacking.

Mike G, who describes himself as a pilot, engineer, and ethical hacker,  described the various was in which hackers can gain information about a person or a company, including through social media, certain types of jobs – “sales people often give out everything” – and even job listings.

In a sobering talk, he listed spoofing texts, calls and emails among the ways in which people and companies can get hacked.

In addition he said that anything can get hacked including pins, biometrics, TVs, and even our fitbits.

However when a person’s phone can be taken over, it’s “huge” he said.

In what was a stark message to businesses, Mike G asked those present at the event whether their company would be able to recover if the competition had all of their data?

However, the news from the ethical hacker was not all bad.

Mike G and his team do a lot of forensic planning, providing, among other services, cyber security awareness training, and impact penetrating testing to show companies their weak spots and how these can be overcome.

The post ‘The #weakest part of #security is us’ – #Ethical hacker on the #fight against #cyber attacks appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures