Hacking

now browsing by tag

 
 

Digital #billboards in the #UK will today start #showing #hacking #attempts

Source: National Cyber Security News

The campaign, sponsored by an insurance company, intends to demonstrate how often hacking attempts are made on a typical small business site.

A variety of recent campaigns have employed digital billboards to show imagery in response to data from weather, traffic conditions, social posts from passersby and commute times.

Today, a new week-long campaign launches in the UK: Dozens of digital displays will demonstrate the frequency of hacking attempts on a typical small business’s website.

Called the Honeypot Poster by campaign sponsor Hiscox insurance, the displays show dots that demonstrate live hacking attempts on custom, “honeypot” proxy servers of the sort that might host a typical small business website, except there was no virus or firewall protection. The servers hold some data but no personal or sensitive info.

The displays show changing dots inside the words “Cyber Attack,” with each dot representing a hacking attempt and a numerical counter showing the daily attacks thus far. During the trial period for the campaign, the hacking attempts averaged 23,000 daily, sometimes peaking as high as 60,000, from Russia, Vietnam, the UK and elsewhere around the world.

The point, Hiscox Head of Marketing and Partnerships Olivia Hendrick said in a statement, is to make “small businesses more aware of the very real threat that cybercrime poses and challenging the belief that cyber criminals only target larger organisations.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Canada #build digital #Bitcoin vault to #protect investors from hacking

Source: National Cyber Security News

A CRYPTOCURRENCY vault aimed at protecting online currencies such as Bitcoin from hacking is about to be launched by a digital Canadian bank, it has been reported.

It comes after last month Japanese cryptocurrency exchange Coincheck announced it would have to pay back more than £300million to customers after their system was hacked, affecting 260,000 customers.

Now, Canadian bank VersaBank has announced they are setting up a “Blockchain-based digital safety deposit box” for digital currencies to protect investors from such attacks.

Announcing their brand new vault, VersaBank said: “Your digital assets are just as valuable as any family jewellery, property deed or stock certificate, but protecting them isn’t nearly as simple.

“No storage device or commercial cloud service is completely safe, and most blockchain-based secure storage is only for crypto-currency and offered by companies you’ve never heard of, in places you don’t know.

“Like a safety deposit box, only you have access to what’s inside, and like a safety deposit box, it’s been built by an institution you can trust to be there for the long run.”

President and CEO of the bank, David Taylor, has said he hopes his company’s latest offering to customers will help cement Canada as a cryptocurrency world leader.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Importance of #Banking Relationships In #Age of #Hacking

Source: National Cyber Security News

The banking industry is walking a narrow line between providing advanced digital solutions, while at the same time building a level personal relationship that doesn’t expose an organization to increased cybersecurity threats.

Recent ransomware attacks demonstrate the global and indiscriminate reach cyber attackers have. So, it is not surprising to see renewed calls for banks to reduce their reliance on technology, and even take certain services offline. That’s the opposite of what your strategy should be.

Yes, there are security and compliance concerns to address, and the digitization of the industry chips away at the personal touch of relationship banking. However, a retreat to manual processes and systems will stunt your efforts to differentiate your products and services. Instead, it is best to leverage technologies that facilitate online one-on-one collaboration with a consumer, while maintaining the same level of security and privacy that a meeting in your office to review confidential documents provides.

In the HuffPost editorial “Mass Hacking: Time To Go Off-Line,” Robert Kuttner, editor of The American Prospect and professor at Brandeis University’s Heller School, makes several arguments for moving banking offline. One is that because vital systems appear unable to withstand the cyber attacks, the best solution is to disconnect them from the internet.

Read More….

advertisement:

View full post on National Cyber Security Ventures

Toulouse Hacking Convention

Source: National Cyber Security – Produced By Gregory Evans

General Cybersecurity Conference

 March 9 – 10, 2018 | Toulouse, France

Cybersecurity Conference Description 

The Toulouse Hacking Convention is a day of computer security conferences, followed by a “Capture The Flag” type competition. Initiated in 2016 by a group of enthusiasts, the Toulouse Hacking Convention aims to bring together professionals, researchers and hackers from the sector.

Read More….

The post Toulouse Hacking Convention appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency

Source: National Cyber Security – Produced By Gregory Evans

North Korea has been accused of hacking server networks to install mining scripts for the Monero cryptocurrency. A new Monero mining hacker group has been seizing control of servers over the past year. It’s now been linked back to North Korea.

Bloomberg reports the hacking team called Andariel came to the attention of authorities after it successfully hijacked a South Korean company’s servers last summer. The group then used the extra computing power to mine Monero coins, a cryptocurrency that’s rapidly growing and is especially popular in Asian countries.

Monero is privacy-oriented and easier to conceal than more mainstream alternatives such as Bitcoin and Ethereum. These qualities make it attractive to hacking groups looking to either steal or surreptitiously mine large quantities of cryptocash. Andariel obtained control of the target server without its real owners noticing.

It’s unknown whether Andariel has compromised other organisations. However, South Korean hacking analysis expert Kwak Kyoung-ju told Bloomberg that the unit is sophisticated and looking to broaden its targets. Kyoung-ju said Andariel is “going after anything that generates cash these days,” searching for cryptocurrencies or information which could be used to create money.

Andariel has now been tracked back to North Korea as the country finds itself accused of growing numbers of cyberattacks. After being hit with stricter sanctions and trade bans from the United Nations, the country is looking to alternative forms of income as the pressure on its economy increases. Hijacking foreign servers to mine lucrative digital cash could be one way to survive under the tougher sanctions.

In the past year, North Korea has been blamed by U.S. investigators for the WannaCry ransomware attack. The campaign affected thousands of Windows computers around the world last year and forced several major organisations to suspend their operations. Hackers exploited a vulnerability in unpatched versions of Windows to install the ransomware, forcing PC users to pay in Bitcoin before unlocking the machine.

As Computing notes, North Korea has also been implicated in a string of attempted attacks against the SWIFT international payments network used by major banks. The country is thought to have been involved in an attempt to steal over $950 million from Bangladesh’s central bank back in 2016. The operation was only aborted because the attackers got one word wrong.

The post North #Korea allegedly #hacking #PCs to mine #Monero #cryptocurrency appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Man, 30, held over #hacking attacks on two #Hong Kong #travel #agencies

Source: National Cyber Security – Produced By Gregory Evans

Officers raid IT worker’s flat on Cheung Chau and also seize two desktop computers, two laptops, one tablet, three hard disks and five mobile phones

A 30-year-old Hong Kong man was arrested in connection with cyberattacks in which the computers of two travel agencies in the city were hacked and their clients’ sensitive personal information held for ransom, with payouts in bitcoin sought last week.

The two travel agencies reported the incidents to police on January 1 and 2.

One bitcoin (HK$123,735 or US$15,819) was demanded as a ransom in each hacking case, according to police.

Officers from the force’s Cyber Security and Technology Crime Bureau raided a flat in the outlying island of Cheung Chau and arrested the man on Saturday.

During the operation, police seized two desktop computers, two laptops, one tablet, three hard disks and five mobile phones in the flat.

At lunchtime on Monday, police escorted the suspect to his workplace on Hoi Yuen Road in the Kwun Tong district of Kowloon to gather evidence.

The Post understands the suspect, a computer technician, hacked into the computers of the agencies on New Year’s Day through security loopholes on their websites hours before the companies were hit with demands for a ransom to be paid in bitcoin.

“An email was sent to the persons in charge of the companies after the personal information of more than 20,000 customers was stolen from the computer servers of the agencies,” a police source said.

“The companies were told to pay in bitcoin in a newly opened account with threats that their customers’ data would be posted on the internet if the firms failed to pay on Saturday.”

The stolen information included customers’ names, identity card numbers and contact numbers but no credit card information was involved.

Officers from the Cyber Security and Technology Crime Bureau were understood to have worked around the clock and checked tens of thousands of log records to the servers to gather information.

“Investigations showed circuitous routes were used to hack into the computer servers, but officers eventually identified the suspect through his IP address,” another source said.

He said the man was nabbed at home on Cheung Chau hours before the payment deadline.

Officers would carry out a forensic examination of the victims’ computers and hard disks to gather information, he said.

At about 5pm on Monday, the suspect was still being held for questioning and had not been charged.

“We believe his motive was to look for money,” said bureau superintendent Swalikh Mohammed said.

Investigations were continuing and he did not rule out the possibility of further arrests.

“The cyber world is not a lawless place where criminals can hide. A majority of the laws applicable to the real world can also be applied to the internet,” he warned.

He said blackmail was a serious offence that carries a maximum penalty of 14 years in prison.

Travel agency Goldjoy Holidays revealed on Thursday that unauthorised parties accessed its customer database containing personal information such as names and identity card numbers, passport details and phone numbers.

The company apologised to customers and promised it was taking steps to tighten cybersecurity.

The other agency, Big Line Holiday, said on Wednesday night that hackers might have broken into its database a day earlier and gained possession of some of its customers’ personal information.

The data was believed to include ID card numbers, home return permit numbers and phone numbers.

In a statement, Big Line said: “Our company attaches great importance to this incident and deeply apologises to the affected clients.”

Big Line, which has 13 branches and organises tours to mainland China and Asia, said it received a letter from perpetrators demanding a sum of money for the release of the information.

In November, one of the city’s largest travel agencies, Hong Kong-listed WWPKG Holdings, revealed that its customer database had also been hacked, putting at risk personal data such as ID card numbers and credit card information of some 200,000 customers.

The culprits had asked for a seven-figure ransom, to be paid in bitcoin, but the firm did not pay and instead called the police, who later managed to decrypt the data. Because of the hacking incident, all four of the agency’s branches -in Tsim Sha Tsui, Mong Kok, Causeway Bay and Sha Tin – were closed for a day.

The force recorded 653 cases of cybercrimes in 2005, the first year it began tracking such offences, and saw the number reach 5,939 in 2016, with financial losses hitting HK$2.3 billion.

The post Man, 30, held over #hacking attacks on two #Hong Kong #travel #agencies appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Intel #confirms reports of #hacking #vulnerability in its #chips, promises to #fix asap

Source: National Cyber Security – Produced By Gregory Evans

The world’s top chip maker Intel Corp on Wednesday confirmed a report about a potential security flaw in its Chips that is vulnerable to hacking and promised to fix the bug as soon as possible.

Security researchers at Google said they discovered serious security flaws in Intel chips and other chipmakers. The security bug, if used for malicious purposes, has the potential to improperly gather sensitive data from computing devices. “Recent reports that these exploits are caused by a ‘bug’ or a ‘flaw’ and are unique to Intel products are incorrect,” Intel was quoted as saying.

Intel also said that the vulnerability is not unique to their products. It argued that “many types of computing devices – with many different vendors’ processors and operating systems – are susceptible to these exploits.”

However, Intel said it is working with its tech partners such as AMD, ARM Holdings and several operating system vendors, to develop an industry-wide approach to resolve this issue “promptly and constructively.”

AMD said in a statement that it believes its chips are safe because they use different designs, reported Los Angeles Times.

“Intel has begun providing software and firmware updates to mitigate these exploits,” and average computer user won’t experience significant slowdowns as it’s fixed, noted press statement from Intel.

The post Intel #confirms reports of #hacking #vulnerability in its #chips, promises to #fix asap appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

County #still weighing #options after #hacking

Source: National Cyber Security – Produced By Gregory Evans

The Latest on a hacking attack on a North Carolina county (all times local):

2:35 p.m.

A North Carolina county says it’s still weighing options on how to deal with data frozen by a hacker.

Mecklenburg County Manager Dena Diorio told reporters Wednesday afternoon that local officials haven’t decided whether to pay a hacker who’s ransoming county data frozen on dozens of servers.

Diorio said that it appears the hacking came from Iran or the Ukraine but didn’t elaborate. A forensic review is underway.

Whether or not the ransom is paid, Diorio says it will take days to get county computer systems running in normal fashion. A 1 p.m. deadline set by hackers has passed, but Diorio says talks with the hacker continue.

County services ranging from transportation to Medicaid patients to processing of arrestees have been slowed as employees use manual instead of computer-based controls.

___

1:30 p.m.

A hacker’s deadline has passed for a North Carolina county to pay for access to frozen computer data, but it’s not clear if local officials paid ransom.

Mecklenburg County officials said that a hacker that was ransoming data on its servers gave a 1 p.m. Wednesday deadline to pay more than $23,000 to get the data back.

After 1 p.m., multiple county sites including an online jail inmate search were still not functioning.

County spokesman Leo Caplanides said in an email that he could offer no further information. The county manager has scheduled a 2 p.m. news conference to discuss the case.

___

12:20 p.m.

North Carolina’s largest city says its computer system hasn’t been affected by a hacking attack on the surrounding county.

Charlotte government officials released a statement Wednesday saying that its separate computer systems have not been affected and that it has severed direct connections to county computers. The release noted that the city and county maintain separate servers.

Mecklenburg County officials say that a hacker is seeking a ransom of more than $23,000 after freezing county computer files. Departments including the sheriff’s office and code enforcement have had to use paper records for at least some of their functions.

The sheriff’s office said emergency calls are processed by the city and haven’t been affected.

___

11:30 a.m.

A North Carolina sheriff’s office is checking in arrestees by hand after a hacking attack on county government computers.

Mecklenburg County Sheriff spokeswoman Anjanette Flowers Grube said in an email that the problems don’t extend to the processing of emergency calls, which is handled by the city of Charlotte. Charlotte officials have said their computers aren’t affected by the hacking.

The sheriff’s office also posted a message that its website wasn’t able to process requests for information on jail inmates that are normally easily accessed by the public.

Mecklenburg County officials say that the hacking has affected its computer system and that a hacker is seeking a ransom of more than $23,000.

___

10:30 a.m.

A deadline is approaching for one of North Carolina’s largest counties to respond to a hacker who froze county servers and is demanding ransom.

Mecklenburg County Manager Dena Diorio told reporters that local officials face a deadline of 1 p.m. Wednesday to decide whether to pay a ransom of two bitcoin, or more than $23,000.

On Wednesday morning, some county sites such as the jail inmate search function were down. Diorio said departments including the code enforcement office were using paper records.

The county issued a statement on Twitter Wednesday asking residents to contact county offices before visiting to see whether they are offering services.

Diorio said leaders are working with a technology consultant and haven’t ruled out paying the ransom. Charlotte officials say city government computers haven’t been hacked.

The post County #still weighing #options after #hacking appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Apple #HomeKit #bug made #smart locks #vulnerable to #hacking

Apple #HomeKit #bug made #smart locks #vulnerable to #hacking

The software bug in HomeKit can apparently allow bad actors to control accessories in smart homes.

Following the news of Apple’s recent security flaw in High Sierra OS for Macs, news has broken of a zero-day vulnerability in the firm’s HomeKit.

According to 9to5Mac, a flaw in the current version of iOS 11.2 could theoretically allow unauthorised individuals access to smart accessories such as smart locks and garage doors, using the home automation platform. 9to5Mac described the vulnerability as “difficult to reproduce” and said it also affected other smart accessories such as lights and thermostats.

The issue was not with the smart accessories, but with the HomeKit framework itself, which connects products from a broad range of companies together in a single interface. The details of the vulnerability itself are scant, but it required at least one iPhone or iPad running iOS 11.2 connected to the HomeKit user’s iCloud account.

Apple quick to remedy the HomeKit issue
Apple has released a temporary server-side fix that remedies the issue. On the user end, nothing needs to be done, but they will notice that the ‘remote access to shared users’ feature for HomeKit-connected devices has been disabled temporarily.

A full patch that completely solves the issue will arrive early next week along with the next iOS update.

The discovery of this vulnerability highlights existing concerns around smart home devices, and the general need for more robust protocols in terms of IoT, particularly in a domestic setting.

It also raises questions for Apple in terms of its own security-auditing process for its operating systems and products, especially considering its otherwise positive reputation as a technology vendor and innovator. Bugs are not uncommon in the development process but when it comes to home security, a certain level of trust is required in order to get customers on board.

More than 50 brands worldwide are compatible with HomeKit, including some models of Honeywell thermostats, the August smart lock and Chamberlain MyQ Home Bridge, a garage-door opener.

View full post on National Cyber Security Ventures

Two #Women #Charged With #Hacking Bucks #Computer #Systems

A Bucks student and her cohort were arrested and charged with hacking the college’s computer system to alter her grades and the grades of other students in a microbiology course.
The two women arrested were Aleisha Morosco, a 30-year-old part-time student, and Kelly Margaret Marryott, a 37-year-old employed at a medical office.

Bucks officials have suspected since July that someone had been meddling with students’ grades, and once it was reported to the police, the suspicion was confirmed.

Police said Marryott used the personal information of a Bucks faculty member she gained from her employment at a medical office. From there Morosco allegedly hacked the school’s computer network to change her own grade and the grades of other students.

Stephanie H. Shanblatt, president of Bucks County Community College, released the following statement about the incident:
“Dear Colleagues: Last week, the Newtown Township Police arrested two women in connection with an attempt to change grades at the college last summer. I wanted to assure you that this was an isolated incident. When the college discovered the problem, we reported it to Newtown Township Police and worked cooperatively with law enforcement to resolve the case. Bucks takes the integrity of our data systems very seriously. All of the grades altered in the breach were restored to their correct level. I would like to thank the Newtown Township Police Department for their professionalism in bringing this investigation to its appropriate conclusion. In addition, our gratitude goes out to the Office of Security and Safety, Information Technology, and Online Learning for their prompt attention to this matter.”

Both women have been charged with unlawful use of computer, computer crimes, computer trespass, identity theft, and criminal conspiracy.

Computer trespassing is a very serious crime. PhiladelphiaCriminal- Attorney.com states that “If you are indicted on federal computer crime charges, you can face being sent to a federal prison for years.” The two women were arraigned before District Judge Mick Petrucci and released on $40,000 unsecured bail.

View full post on National Cyber Security Ventures