Search This Blog
Powered by Blogger.

Blog Archive

Labels

About Me

Load More
Trendy Right Now

Popular Posts

Showing posts with label Information Security News. Show all posts
Mobile Security Threats
Information Security News Mobile Security Mobile Security News Mobile Security Threats

Russian expert give tips on how to protect yourself from "eavesdropping" on your smartphone

A smartphone can "eavesdrop" on its owner, said information and computer security expert Sergei Vakulin. In an interview with Radio Sputnik, he explained who might need to record conversations and how to protect sensitive information

Some smartphone applications may record our conversations when we do not expect them to. Moreover, we ourselves provide them with this opportunity, giving them permission to access the microphone during the installation of the application, explained the expert on information and computer security Sergei Vakulin.

According to him, advertisers are primarily interested in obtaining such information.

"The app can spy on you to analyze your data and sell. Not just to collect it, but to sell it. We often have the situation where you took a loan from one bank, and you immediately get a call from another bank and offer another loan. Selling data - this is already a banal topic," the expert said in an interview with Radio Sputnik.

He clarified that once the app has gained access to the microphone, it will be able to turn it on whenever it wants, not just during a phone call. Sergey Vakulin claims that the recording function can be turned on even on a locked device.

"If you've given the app permission to access the microphone, it will be able to 'listen' to you even when it's locked. If you have access, the app can turn on the microphone at any time it wants and collect information," the expert explained.

According to him, you can protect yourself from eavesdropping by limiting the number of applications with access to the microphone.

Also, for particularly important conversations you can buy a phone without the ability to connect to modern communication networks.

"If you look closely at many officials and billionaires, both Russian and foreign, they walk around with push-button phones. A pushbutton phone will be very difficult to listen to, because there is no 3G, LTE and so on," explained Sergei Vakulin.

Read more »
Sberbank
Bank Cyber Security Cyber Attacks Information Security News Russia Sberbank

Sberbank is the most targeted organization in Europe by hackers, says Herman Gref

 At the moment, Sberbank is more often than other institutions in Europe is subjected to hacker attacks, but successfully repels them, said the head of the credit institution Herman Gref speaking at a plenary session in the Federation Council with a presentation on artificial intelligence (AI).

“We are the most attacked institution in Europe. Every day, artificial intelligence inside our Cyber ​​Security Center analyzes billions of events. During this entire period of time, we did not allow a single penetration into our systems,” said Mr. Gref.

Gref stressed that the AI protects not only the credit institution itself but also its customers. According to the banker, citizens who use the services of Sberbank are protected in 97% of cases: the systems recognize that a person is trying to transfer funds to a fraudster.

"In 97% of cases, our algorithms recognize fraud, stop these transactions, contact the person, the person confirms that he made this transaction, and we tell him that it was a fraudster," added Gref.

According to the head of Sberbank, in cyber attacks, scammers use artificial intelligence technologies, in particular, deepfake technologies, which allow simulating the face and voice of the client.

"Scammers can call from your phone that belongs to you, speak with your voice. And this is a gigantic threat. It is extremely difficult for a normal person to fight this, and therefore powerful systems for protecting a person from such fakes should come to the rescue,” noted Gref.

According to the Bank of Russia, in the first nine months of 2020, fraudsters stole about 6.5 billion rubles from bank customers from their cards and accounts. Sberbank estimates that since the beginning of 2020, fraudsters have called customers about 15 million times. Sberbank recorded more than 3.4 million customer complaints about phone fraud in the first half of the year, which is 30 times more than in 2017 and more than twice as much as in 2019.

"The number of fraudulent calls in Russia reaches 100 thousand per day", said Stanislav Kuznetsov, deputy chairman of the bank.

Earlier, E Hacking News reported that according to Sberbank cyber criminals are using Artificial Intelligence in banking Trojan which is quite difficult to recognize.

Read more »
Privacy Breach
Information Security News Interviews Privacy Privacy Breach

Naavi: Information collected from WhatsApp would be shared with Facebook and eventually be used for advertising

The WhatsApp messenger, which is owned by Facebook, began to notify its users (which is about 2 billion) about the update of the privacy policy. Do you want to keep using the popular messaging app?

On 18 January we conducted an interview with a veteran Cyber Law specialist in India Vijayashankar Na (Mr. Naavi) and he shared with us his opinion on the new privacy policy of WhatsApp messenger and how it impacts the users.

Please introduce yourself to our readers.

I'm the chairman of a foundation of data protection professionals in India, which is the primary organization in India working on data protection, providing certifications, audit, support and so on. Since 1998 I was working on cyber law issues which was based on our law called the information technology act. Moreover, I'm the founder of Cyber Law College, a virtual Cyber Law Education institution. Now we have extended it to data protection.

On January 4, WhatsApp announced that from February 8, all users of the messenger (except for residents of the EU and the UK) will be forced to share their personal data with Facebook — the social network will have access to phone numbers, transaction information and IP addresses. What has changed?

Actually, compared to what happened before, there may not be significant changes. We know that WhatsApp has been acquired by Facebook, but we are not very sure whether the information from WhatsApp was being shared with Facebook. But I believe it was happening in the background which we do not know. But maybe now, because they don't want to take any chances with particularly the GDPR (General Data Protection Regulation) authorities they wanted to actually be transparent about what they would like to do. I think this was driven more by the GDPR considerations to just polish their current privacy policies so that any problems could be sorted out.

WhatsApp wanted to disclose the fact that some part of the information collected from WhatsApp would be shared with Facebook and eventually be used for advertising.

So we all know that WhatsApp is a free app. In fact, it's popularity or growth in popularity was because it was free. But it cannot continue like that forever because there has to be a revenue model for any company. Now WhatsApp has come out to the open and through the new policy has declared what kind of information they are likely to share.

WhatsApp contains two sets of data. One is the metadata - contact list, location, status, financial information and data such as your unique phone ID. So, it all reflects a certain characteristic of persons. That usage information itself is actually a treasure if properly analyzed for the purpose of profiling the person.

As we know from the news, WhatsApp's innovations have already angered technology experts, privacy advocates, billionaire entrepreneurs and government organizations. But the main thing is that they provoked the flight of users. Why did this happen?

WhatsApp made a big mistake in the sense that they did not clarify properly what do they want to do. They said that this change is only for business applications. But pop up about update actually came for all individuals who are having a personal WhatsApp account. Subsequently, WhatsApp said in the Press release that this is only for business accounts, not for individual accounts. Then the people asked, "why did WhatsApp show this particular pop up to me at all? If it was not meant for me?" It was psychologically, very disturbing for people.

Moreover, the problem with WhatsApp today is PR. Actually, they drafted it in such a manner that it would actually create revulsion amongst the people. In my opinion, it was a bad PR "Get it or Leave it". We know that the privacy policy should be return in clear and precise terms that an ordinary person can understand. Going that WhatsApp should have been a little more careful.

So, it has become easy for people to download Signal, Telegram. And of course in India, there will be a moment to develop our own indigenous apps. So maybe WhatsApp is going to lose more than what, perhaps it could have.

What do you think, why does Facebook need this metadata?

Instagram and Facebook are now going to be able to show even more targeted ads on Facebook and Instagram, having carefully studied the interests and preferences of users in the messenger. In addition, businesses will be able to accept payments in WhatsApp for products that users have selected in Instagram ads.

Whether we like WhatsApp or not, whether we like Facebook or not, they also have the right to say that I cannot do it on free service forever. Now advertising requests profiling, without profiling advertisements cannot be targeting.

If the person wants to give the information by way of consent, let him give it. So this is a fair game between business interests and personal privacy interests. It's how GDPR is building. There has to be a legal basis.

WhatsApp will read our messages. Is it true?

As it is generally stated, they are not supposed to be reading our messages. Our conversations are encrypted using end-to-end encryption, and, the company says, even WhatsApp itself can not access them. So, the content is getting encrypted with some device-related ID. So, at the moment it leaves my device, It should get encrypted.

Now in case people actually go for backups, storage in the cloud, then there is an issue. So people should avoid cloud storage and make the backup only within the mobile.

In your article "WhatsApp needs to change its Jurisdiction clause in the Terms or else, exit from India" you said that "WhatsApp has created two different sets of policies, one offered by WhatsApp Ireland Ltd to the EU region and the other by WhatsApp LLC  to other countries". How does this apply to India?

In India, on 8 February we were expecting the parliament to pass the Indian data protection law. In my opinion, WhatsApp decided to change the privacy policy on 8 February only to preempt the data protection law.

When I said that "we need to look for a change of WhatsApp in India" was not because of the privacy issue, it's a question of analyzing the privacy policy, that is a matter of revising the privacy policy.

My issue was in the terms of use one of the clauses - jurisdictions. Of course, this is not exclusive to WhatsApp. It happens in many other international web services. The jurisdiction clause says that if there is any dispute between the user of WhatsApp and WhatsApp, then the dispute has to be resolved in accordance with the Californian law and in the district court of California automated binding arbitration there. It means that the use of WhatsApp in India is not going to have any grievance mechanism in India, this is not in accordance with our law, our law doesn't permit it. It is almost denying the government's interest. I'm not happy with that. I would like that to be changed.

Will you continue to use WhatsApp, or have you changed Messenger?

In our professional circles, actually, we have made some moves. Many of the professionals prefer Signal. Of course, some people prefer to Telegram a bit more. Earlier Telegram was the most used platform due to the number of people in the groups. In fact, we were thinking of shifting our FDPPI group to Telegram.

What do you can recommend to our readers?

If somebody is going to have serious professional discussions, financial discussions, then obviously they should look at shifting to Signal. If it is purely personal, family discussions, you can keep using WhatsApp. So, you need to make a distinction between personal use, family use and professional use. If you want 500 people to be in your group then no have a choice, but to leave a WhatsApp. If it's a small group that handles confidential information, need to change to Telegram.

We've covered quite a bit in this conversation. Before we wrap up, is there anything else you'd like to to add?

The only thing I want to say is that we need clarity amongst the ordinary people on what is privacy and what is that we are willing to protect in privacy. It is not absolute protection. It is always the protection of the choice. And the fact that there are, even if you shift from WhatsApp to Telegram, we don't know whether Telegram will remain free forever.

I feel there is a need for this harmonious relationship between the users and the organizations that make use of the data. And that is the purpose of the data protection law. And when we interpret data protection law, again, we should not be totally one-sided. That is the beauty of this issue, balancing the whole thing.


Read more »
Vulnerability and Exploits
Information Security News Information Security risk Russia Russian Cyber Security Russian Hackers Vulnerability and Exploits

Russian hackers hacked the first level Olympiad in a second

A new Olympic season has begun in Russia. Many competitions have been moved online due to the COVID-19 pandemic. The first level Olympiad allows the winner to enter the university without exams.

It turns out that the hacker could theoretically ensure admission to the best universities in the country, putting graduates in unequal conditions.

SQL injections and XSS vulnerabilities were discovered on the site, which make it is possible to influence the results of the competition. As a result, according to the hacker, it is easily possible: 1) find out the tasks in advance and change the answer data during the Olympiad; 2) see the sessions and data of other users; and 3) massively upload user information, including personal information (information from the passport, registration, phone, e-mail).

"SQL injection is one of the easiest ways to hack a site. Indeed, in a very short period of time and by replacing several characters, an attacker can gain access to all personal data of the Olympiad and to all tasks," said Oleg Bakhtadze-Karnaukhov, an independent researcher on the Darknet.

According to the researcher, most likely, there was not enough time to detect such errors during the programming of this site, although it takes little time to find and fix them.

"If the site contains vulnerabilities, then a command in a specific programming language can be inserted, for example, in a link, and the page will display information that was not intended for users initially," explained Dmitry Galov, Cybersecurity Expert at Kaspersky Lab.

According to Alexei Drozd, head of the information security department at SearchInform, the reason may be design errors, as a result of which the site, for example, poorly checks or does not check incoming information at all.

"Unfortunately, when developing websites and applications, security issues are always in the background. First, there is a question of functionality," concluded Alexey Drozd.


Read more »
Vulnerabilities and Exploits
Information Security News Russia Russian Cyber Security Vulnerabilities and Exploits

Hackers accessed thousands of surveillance cameras, network devices and even the displays on the platforms of Russian Railways

 A user of the Habr website discovered a vulnerability that allows him to penetrate the video surveillance system of Russian Railways. According to him, during the day, the holding's specialists managed to close it. Information security experts said that now Russian Railways needs to conduct an audit of internal systems to make sure that the attackers who gained access could not go further.

Specialists of Russian Railways closed the vulnerability that allowed access to video cameras and internal services of Russian Railways, as follows from the blog of one of the Habr users. Earlier, on the morning of January 13, the author of the blog published an article about how he managed to gain access to the Russian Railways system by exploiting a vulnerability in its perimeter. According to him, the problem was related to non-changed passwords installed by default on MikroTik routers.

"The vulnerability could allow attackers to block all cameras on the railways in a week, which would cost the holding at least 130 million rubles ($1,8 million), and the restoration of video surveillance would take at least a month," warned the hacker.

Russian Railways were unable to promptly confirm information about the vulnerability and its elimination and stressed that illegal access to computer information is a criminal offense.

"After changing the accounts of Russian Railways, it is necessary to check for traces of outsiders in its infrastructure, conduct a large-scale audit of all IT systems, as well as review existing threat detection scenarios", recommended information security expert Alexey Lukatsky.

MikroTik routers, which, according to the author of the blog, are used by Russian Railways, belong to the segment of home and office equipment, and users often leave default passwords on such devices and on video cameras of any manufacturer. Attackers often use this in automated DDoS attacks.

Russian Railways had security problems before: in August 2019, the personal data of 703 thousand employees of the state monopoly were publicly available, and in November 2020, the database of the Russian Railways Bonus website "leaked" to the network.

Read more »
Information Security News
Check Point Cyber Attacks Cyber War Information Security News

Check Point: What to expect from hackers in 2021

The pandemic has made its own adjustments in all areas of modern life. The attackers changed the targets of their attacks, choosing new priority areas of hacking, including focusing on the medical industry. Founder and CEO of information security company Check Point Software Technologies Gil Shwed told how hacker attacks have changed in the pandemic and what to expect from cybercrime in the future.

Gil Shwed suggested that in 2021, first, since the coronavirus and the fight against it will continue to bother humanity, then pharmaceutical companies working on the development of vaccines and medicines will most likely be attacked.

Secondly, while schoolchildren and students study from home, most likely, hackers will be interested in distance learning systems as well.

Third, it can be expected that botnets will increasingly be used in attacks. Hackers have already transformed many existing malicious applications into botnets to create entire armies of infected computers for cyber attacks.

The fourth expected point is that cyberwarfare will be at the global level.

Mr. Shwed noted that attacks on hospitals, research laboratories, especially during the period of COVID-19 are an opportunity for attackers to get ransom or attention.

The goals of cybercriminals who attack medical institutions can be different - both obtaining financial gain, and causing harm, and gaining widespread publicity. For example, medical records are sold in Darkweb for up to $1,000 per record.

In addition, medical devices such as insulin injectors, heart monitors, and pacemakers can be targeted.  

Check Point researchers have demonstrated the ease with which an ultrasound machine running on an old Windows operating system can be hacked, revealing an entire database of patient images. Unsurprisingly, there has been a 75% increase in ransomware attacks on healthcare facilities in recent months.

Microsoft's researchers said that hackers from only three countries carried out 89% of national cyberattacks this year. Attacks were extremely common, and their target was events of various levels, from elections to the Olympic Games. And also in 2021, the active use of deepfakes is expected.

Earlier E Hacking News reported that Russian hackers gained access to the source codes of Microsoft programs and systems. The organization assured that there is no reason to believe that hackers gained access to services for maintenance of its products or to customer data.

Read more »
Information Security News
Cyber Security Cyber War Information Security Information Security News

Declaring War Against Cyber Negligence

Amidst perhaps the most widespread and impactful cyberattack in history, American businesses and government agencies alike must take a drastically different approach to cybersecurity. Unfortunately, many cybersecurity professionals have become complacent and have become far too dependent on a handful of well-marketed tools designed for yesterday’s threats that underperform against modern attacks.

It is far easier for cybersecurity manufacturers to deliver services from their own cloud. It may be less expensive for the vendor but relying on a “trusted 3rd party” for your security is a foundational vulnerability that has been proven to be disastrous for you as a customer.

We are currently in a state of cyber-warfare. Nation-states regularly use their practically limitless resources and technical sophistication to overpower companies and government agencies. Cybersecurity professionals need to shift their focus from “indicators of compromise” to data protection, which will limit how widespread these vicious digital attacks can have an impact.

Most cloud providers claim they alone provide the “best cloud protection” and brag billions spent on beefing up the many layers surrounding their server farms to reassure their clients that “everything will be alright.” But will it?

Vulnerabilities from security vendors will likely continue far into the future. While much of the industry has moved towards promoting “zero-trust” infrastructures, they often forget to remove themselves from the client’s circle of trust. Instead, everyone from individuals to multinationals should take security into their own hands. Firewalls, antivirus, and network monitoring tools indeed still have their place, but a shift must be taken to provide more independence between the owner of data and its protectors.

Active Cypher, a California-based cybersecurity startup led former-Microsoft/Cisco/U.S. intelligence with decades of experience protecting (and at times stealing data), has led the charge against what it calls “cyber-negligence”.

“IT organizations need to stay nimble, test and adopt new approaches quickly, and don’t be afraid to throw out solutions that were simply inherited,” says Active Cypher’s CEO, Mike Quinn.

Active Cypher has pioneered a unique, independent security infrastructure that provides its clients the automated tools, proprietary cryptography, and advanced anti-ransomware sensors to control their data with the utmost precision. Yet unlike the numerous SaaS applications which plague the market and create undue “man-in-the-Middle” vulnerabilities, Active Cypher deploys and operates its software directly within the client’s tenant. Cryptographic keys, the soft underbelly of security, are held not by Active Cypher, who knows well it may be a target of state actors and cybercriminals but by the client alone. Once deployed, the security solution uniquely runs alone without contact with any 3rd party home base.

While the solution Active Cypher provides is certainly not an end-all, it gives a much-needed last line of defence against increasingly menacing (and successful) threats. “We believe cybersecurity is a human right. Something that is sacrosanct and should be upheld with the highest degree. Yet, too many executives still see it as just another budget line within often ballooning IT budgets without considering what kind of impact a security breach will have on their brand, and ultimately their revenue,” explains Mike Quinn.

Based in Newport Beach, California, with partners and operations across the US and in Western Europe, Active Cypher and the rest of its industry saw an uptick in business when Covid-19 forced companies to rapidly extend its security frontier to its employee’s homes.

“It has become increasingly clear that the focus for cybersecurity needs to be on data protection. Once the perimeter is breached, and it will be, there’s nothing to stop them. We’ve built great systems to observe and record cyber theft in action but little to defend the data inside.” says Devin Jones, Active Cypher’s new Chief Product Officer and a veteran of both Cisco, Juniper Networks, and a variety of cyber-startups.

Active Cypher uncovered that many major companies had regulated the management of vital security infrastructures to the “back-office” of IT but often hadn’t evolved and updated systems, like the prolific Active Directory in years. The result was growing technical messes that left gaping holes in security. Active Cypher also encountered a level of defeatism; one company declined to expand and solidify its cybersecurity posture, choosing instead to continue to pay ransomware demands at the cost of an astounding $1million per month. In this firm’s view, it was easier to keep paying and therefore avoid the risk of negative press surrounding disclosures of data breaches.

“But thankfully, not all companies have been so lethargic. We are thrilled to be working with a variety of innovating clients ranging from state agencies, healthcare providers, and sports teams who understand that the success of their future protection should be in their own hands. Active Cypher provides them with the tools to own their own destiny,” says Devin Jones.

As IT organizations across the nation take time over the next few weeks to uncover the extent of their firm’s exposure to recent and still unfolding cyberattacks, one only hopes they seek to not simply install a short-lived patch but take a leap towards the zero-trust, zero-vendor contact future; only then can cyber-negligence be finally tackled.

Read more »
Russia
Cyber Security Information Security Information Security News Russia

Russian expert warned about the dangers of password theft during video conferencing

Anton Kardanov, head of the information security sector at AT Consulting, warned that motion recognition systems can be used by cybercriminals to steal the personal data of users during video conferences. According to him, a special algorithm can read the movement of hands over the keyboard if they fall into the field of view of the camera, which poses risks to the user's privacy.

“The Artificial intelligence (AI) algorithm with high precision can restore the typed text if the video shows the movement of the arms and shoulders," said Mr. Kardanov.

It is reported that the program first removes the background and turns the image into gray tones, and then focuses on the hands — as a result, the algorithm leaves only the contours of the hands and shoulders and monitors their movements. They are used to restore the text typed on the keyboard.

Thus, an attacker can recognize passwords, passport data, Bank card numbers, and other information that the user types on the keyboard during a video call.

Meanwhile, Maxim Smirnov, commercial Director of IVA Technologies, believes that visual recognition of hand movements and, in particular, text typed on the keyboard is quite realistic, but developers will have to work hard on the quality and accuracy of the technology, which is not an easy task.

"Remote work and video conferences are our new reality, as well as new opportunities for fraudsters and new threats to users", said Sergey Zabula, head of the group of system engineers for working with partners, Check Point Software Technologies in Russia.

Earlier, Group-IB also reported possible attacks using motion recognition technology. According to the company, you can protect yourself from scammers by hiding important information from the camera's field of view.

Read more »
Subscribe to: Posts (Atom)