Reveals

now browsing by tag

 
 

New #Book Reveals How #Obama Team #Plotted #Cyberattacks Against #Russia in #2016

Source: National Cyber Security News

On March 13, a book titled “Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump” will hit the shelves. Written by Michael Isikoff and David Corn, the book specifically focuses on Russia’s alleged interference in the 2016 US presidential elections.

In the summer of 2016, the Obama team prepared a plan for a large-scale cyber-operation against the Russian media, the country’s most influential businessmen and President Vladimir Putin personally, according to former White House cybersecurity coordinator Michael Daniel.

His remarks are included in “Russian Roulette: The Inside Story of Putin’s War on America and the Election of Donald Trump,” a book by Michael Isikoff’s and David Corn’s which is due to go on sale on March 13. Excerpts were released by Yahoo News earlier this week.

Daniel explained that the cyber-offensive against Moscow was co-authored by Celeste Wallander, the US National Security Council’s former chief Russia expert.

The plan stipulated that the National Security Agency (NSA) would conduct a number of cyberattacks to neutralize Russian websites and the Guccifer 2.0 hacker, who compromised the emails of the campaign headquarters of former Secretary of State Hillary Clinton and the Democratic Party’s National Committee.

Read More….

advertisement:

View full post on National Cyber Security Ventures

State #institutions in #Denmark #vulnerable to #hacking, expert #reveals

Source: National Cyber Security News

Last summer one of Denmark’s biggest companies, Maersk, was hit by a hacking attack that paralysed its computer systems and ended up costing the firm an estimated 1.9 billion kroner.

And the shipper is not the only one. Twice in 2017, the Southern Denmark region experienced ransomware attacks that locked users out of their accounts and databases.

A survey of state institutions undertaken by the national auditor, Rigsrevisionen, has shown that the Foreign Ministry, health service databank Sundhedsdatastyrelsen, state railway track owner Banedanmark and the emergency response service Beredskabsstyrelsen are all potentially vulnerable to similar attacks, reports DR Nyheder.

Update your security systems!
The auditors noted that security to prevent ransomware attacks was not sufficient and that none of the institutions have fully ensured that their programs all have the latest security updates.

IT security expert Christian Dinesen from the consultancy firm NNIT feels that these institutions are making it much too easy for cyber criminals.

“It is critical, because all these institutions perform vital functions in our society,” said Dinesen.

“What the report shows unfortunately is an immaturity that is also found in other places. Things like local administrators’ rights and security programs not being updated have been in the spotlight for the last 15 years.

Read More….

advertisement:

View full post on National Cyber Security Ventures

A new #Facebook #security feature reveals #fraudulent #Facebook-like #mails

Source: National Cyber Security – Produced By Gregory Evans

A new Facebook security feature protects users from identity theft, the tech giant is taking note of every email it has “recently” sent to its users.

Facebook has rolled out a new security feature to protect users from identity theft, the tech giant is taking note of every email it has “recently” sent to its users.

The full list of email sent by Facebook is available under the Settings menu on the social network platform.

Facebook users that will receive a message allegedly sent by the social network giant can check its authenticity by viewing the new “See recent emails from Facebook” section at the bottom of the Security and Login page.

Facebook security feature

If the message is not included in the list it is fraudulent and must be discarded.

“Facebookmail.com is a common domain that Facebook uses to send notifications when we detect an attempt to log in to your account or change a password. If you’re unsure if an email you received was from Facebook, you can check its legitimacy by visiting facebook.com/settings to view a list of security-related emails that have been recently sent.” states the announcement published by Facebook. 

Even if threat actors are able to disguise emails, to make them look like official messages sent by Facebook, the new Facebook security feature will help users to identify phishing attacks.

Crooks use phishing attacks to obtain victim’s credentials, access their profile, and perform a wide range of fraudulent activities.

Compromised accounts could be used to send out phishing messages or to spread malware.

Users that will discover email scam pretending to be sent from the Facebook platform can report it to phish@facebook.com.

If your account has been compromised due to a phishing attempt, visit facebook.com/hacked.

“If you’ve checked this tool and determined that an email you received is fake, we encourage you to report it to phish@facebook.com, and if you believe your account has been compromised due to a phishing attempt, you may attempt to regain access to your account at: facebook.com/hacked. ” concludes Facebook.

The post A new #Facebook #security feature reveals #fraudulent #Facebook-like #mails appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Hackers Obtained #Access to #NSA Employee’s Home #Computer, #Kaspersky Lab Reveals

Source: National Cyber Security – Produced By Gregory Evans

Kaspersky Lab has updated its investigation on the hacking of a home computer used by an NSA employee.

MOSCOW (Sputnik) — Kaspersky IT security company has announced that access to information on the home computer of the employee of the US National Security Agency (NSA) could have been obtained by an unknown number of hackers.

According to the Kaspersky Lab probe that is linked to media reports about the company’s software allegedly having been used to search and download classified information from the home computer of a NSA employee, the user’s computer was infected with Mokes backdoor, a malware that allows the hackers to obtain access to a device.

“The malware… was a full blown backdoor which may have allowed third parties access to the user’s machine,” the Kaspersky Lab has stated.

However, it is possible that Mokes was not the only malware that infected the computer in question, the company said, adding that while Kaspersky software on the computer was enabled, it reported 121 alarms on different types of malware.

“The interesting thing about this malware is that it was available for purchase on Russian underground forums in 2011. Also noteworthy is that the command-and-control servers of this malware were registered to a (presumably) Chinese entity going by the name ‘Zhou Lou’ during the period of September to November 2014,” the statement explained.

Allegations Against Kaspersky Lab

The internal investigation by Kaspersky Lab was launched after The Wall Street Journal reported in October that a group of hackers allegedly working for the Russian officials had stolen classified data through the National Security Agency (NSA) contractor, which used antivirus software made by the Russian software producer.

Shortly later, the New York Times reported that Israeli intelligence services have hacked into the network of Kaspersky, and warned their US colleagues that the Russian government was allegedly using Kaspersky software to gain access to computers around the world, including in several US government agencies.

Both reports came a month after the US Department of Homeland Security ordered state agencies and departments to stop using Kaspersky Lab software within the next 90  days, with the company’s CEO Eugene Kaspersky refuting all the allegations spread by the media regarding the Russian cybersecurity company’s involvement in spying on US users through its products and calling such claims groundless and paranoiac.

When commenting on the situation in an interview to Die Zeit newspaper, Eugene Kaspersky has, “There is a feeling that we just had been doing our job better than others, that we had been protecting our clients better than others … Probably, someone in the United States is very unhappy about it.”

Most recently, Wikileaks has revealed that the CIA had written a code to “impersonate” Russia-based Kaspersky Lab, which had been used at least three times.

READ MORE: WikiLeaks: CIA Wrote Code to ‘Impersonate’ Russia-Based Kaspersky Lab

Kaspersky Lab is one of the largest private cybersecurity companies in the world, with its technologies protecting over 400 million users and 270,000 corporate clients.

The post Hackers Obtained #Access to #NSA Employee’s Home #Computer, #Kaspersky Lab Reveals appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Wikileaks release #reveals #CIA impersonated #Kaspersky Lab while #hacking people

Source: National Cyber Security – Produced By Gregory Evans

The Central Intelligence Agency created and used code that pretended to be from Kaspersky Lab while hacking people, a big twist on what has been an ongoing saga of allegations of Kaspersky colluding with the Russian government, according to the latest release by Wikileaks of leaked top secret U.S. government files.

The Vault 8 release, issued Thursday, detailed the source code and development logs behind the CIA’s “Project Hive,” designed by the agency to implant malware to spy on targets outside the country. Within the released code was evidence that the CIA used fake certificates pretending to have been from Kaspersky Lab, meaning essentially that the agency was hacking people across the globe while impersonating Kaspersky.

“This publication will enable investigative journalists, forensic experts and the general public to better identify and understand covert CIA infrastructure components,” WikiLeaks said in a statement. “Hive solves a critical problem for the malware operators at the CIA. Even the most sophisticated malware implant on a target computer is useless if there is no way for it to communicate with its operators in a secure manner that does not draw attention.”

Kaspersky Lab has been in the spotlight since June after the Federal Bureau of Investigation raided the company’s employees as part of an investigation into claims the company was colluding with the Russian government to hack and steal information from the U.S. government. Despite there being no solid evidence to date, the company has since been banned by The White House and Department of Homeland Security from use by U.S. government agencies.

In a surprising twist in a story that already reads like a poorly edited self-published spy drama in Amazon.com Inc.’s Kindle book store, Kaspersky claimed last month that it had indeed gained access to top secret spying tools used by the National Security Agency, but only because a contractor accidentally installed malware on his or her computer. The company then claimed that after being made aware that it had accidentally accessed the code, it immediately deleted it.

Although much of the story to date has appeared to be nothing more than a witch hunt against Kaspersky Lab, the fact that Wikileaks has now revealed that the CIA itself was pretending to be the company while hacking people may finally provide some relief to the company going forward.

The post Wikileaks release #reveals #CIA impersonated #Kaspersky Lab while #hacking people appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches

Source: National Cyber Security – Produced By Gregory Evans

Google has released the results of a year-long investigation into Gmail account hijacking, which finds that phishing is far riskier for users than data breaches, because of the additional information phishers collect.

Hardly a week goes by without a new data breach being discovered, exposing victims to account hijacking if they used the same username and password on multiple online accounts.

While data breaches are bad news for internet users, Google’s study finds that phishing is a much more dangerous threat to its users in terms of account hijacking.

In partnership with the University of California Berkeley, Google pointed its web crawlers at public hacker forums and paste sites to look for potential credential leaks. They also accessed several private hacker forums.

The blackhat search turned up 1.9 billion credentials exposed by data breaches affecting users of MySpace, Adobe, LinkedIn, Dropbox and several dating sites. The vast majority of the credentials found were being traded on private forums.

Despite the huge numbers, only seven percent of credentials exposed in data breaches match the password currently being used by its billion Gmail users, whereas a quarter of 3.8 million credentials exposed in phishing attacks match the current Google password.

The study finds that victims of phishing are 400 times more likely to have their account hijacked than a random Google user, a figure that falls to 10 times for victims of a data breach. The difference is due to the type of information that so-called phishing kits collect.

Phishing kits contain prepackaged fake login pages for popular and valuable sites, such as Gmail, Yahoo, Hotmail, and online banking. They’re often uploaded to compromised websites, and automatically email captured credentials to the attacker’s account.

Phishing kits enable a higher rate of account hijacking because they capture the same details that Google uses in its risk assessment when users login, such as victim’s geolocation, secret questions, phone numbers, and device identifiers.

The researchers find that 83 percent of 10,000 phishing kits collect victims’ geolocation, while 18 percent collect phone numbers. By comparison, fewer than 0.1 percent of keyloggers collect phone details and secret questions.

The study finds that 41 percent of phishing kit users are from Nigeria based on the geolocation of the last sign-in to a Gmail account used to receive stolen credentials. The next biggest group is US phishing-kit users, who account for 11 percent.

Interestingly, the researchers found that 72 percent of the phishing kits use a Gmail account to send captured credentials to the attacker. By comparison, only 6.8 percent used Yahoo, the second most popular service for phishing-kit operators. The phishing kits sent were sending 234,887 potentially valid credentials every week.

Gmail users also represent the largest group of phishing victims, accounting for 27 percent of the total in the study. Yahoo phishing victims follow at 12 percent. However, Yahoo and Hotmail users are the largest group of leaked credential victims, both representing 19 percent, followed by Gmail at 12 percent.

They also found most victims of phishing were from the US, whereas most victims of keyloggers were from Brazil.

The researchers note that two-factor authentication can mitigate the threat of phishing, but acknowledges that ease of use is an obstacle to adoption.

The post Google: Our #hunt for #hackers reveals #phishing is far #deadlier than #data #breaches appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

WikiLeaks reveals CIA malware for hacking Linux computers

Source: National Cyber Security – Produced By Gregory Evans

The CIA has developed strains of malware specifically designed to target Linux computers. The existence of the malware, known as OutlawCountry, was revealed by WikiLeaks. It demonstrates the CIA is intent on accessing all kinds of computer system. Generally, mainstream malware attacks tend to focus on consumer-oriented operating systems like…

The post WikiLeaks reveals CIA malware for hacking Linux computers appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

CIA’s Windows XP to Windows 10 malware: WikiLeaks reveals Athena

Source: National Cyber Security – Produced By Gregory Evans

CIA’s Windows XP to Windows 10 malware: WikiLeaks reveals Athena

The latest file revealed in WikiLeaks’ Vault 7 catalog of CIA hacking toolkit is Athena, a surveillance tool apparently designed to capture communications from Windows XP to Windows 10 machines. Details of the Athena malware are available in a document allegedly created by the CIA in November 2015. The malware is said to have been made in conjunction with US …

The post CIA’s Windows XP to Windows 10 malware: WikiLeaks reveals Athena appeared first on National Cyber Security Ventures.

View full post on National Cyber Security Ventures

New data reveals the exact words women respond to in online dating profiles

To Purchase This Product/Services, Go To The Store Link Above Or Go To http://www.become007.com/store/ What a greater response rate to your online dating activities? Here is how you should describe yourself to optimize your chances. New research shows that men who hope to get women …

The post New data reveals the exact words women respond to in online dating profiles appeared first on Become007.com.

View full post on Become007.com

Dating Expert Reveals 6 Tips For Turning A Dating App Convo Into An Actual Date

We’ve all been there: We’re hitting it off with a guy on Tinder, but we don’t know how to make the jump from casual emojis and goofy texts to a real-life, face-to-face date. Clicking with someone via a dating app (beyond the expected dick pic or two or 1,000) is already rare enough, and initiating an IRL meet-up can be intimidating. Who is in charge of the initiating? How can you make sure you don’t blow the date before the date even happens? Read More….

The post Dating Expert Reveals 6 Tips For Turning A Dating App Convo Into An Actual Date appeared first on Dating Scams 101.

View full post on Dating Scams 101