Critical software bug sets ‘internet on fire’ — RT World News

https://www.rt.com/news/542927-critical-software-bug-internet-hackers/

The fault, known as ‘Log4Shell’, has been described as the “single biggest, most critical vulnerability of the last decade” – which puts it in the running for a place among the biggest glitches
in modern computing history. Researchers have warned that the flaw
affects servers run by tech giants like Microsoft, Apple, Amazon, and Twitter…

Report: Authoritarian Governments Use Huawei Technology To Censor Journalists

https://www.nationandstate.com/2021/12/02/report-authoritarian-governments-use-huawei-technology-to-censor-journalists/?amp
Authoritarian governments use Huawei’s technology to censor journalists, according to an internet freedom watchdog. Researchers at Top10VPN determined that 17 of the 69 countries studied use the Chinese telecom giant’s hardware to enforce censorship laws. Cuba uses Huawei’s “middlebox” devices to censor stories that criticize the country’s communist regime. In Burundi, the government blocks media…

Samsung Bricks Smart TVs | Hackaday

https://hackaday.com/2021/11/29/samsung-bricks-smart-tvs/

… it is a bit alarming to realize the implication of such a feature — the manufacturer can reach into your TV and disable it from afar. One can assume that Samsung won’t abuse this capability, because acting otherwise would harm their reputation. In a press release, Samsung announced in a press release that any consumers whose sets were incorrectly bricked can have their sets un-bricked after demonstrating proper ownership.

Despite such good intentions, the mere existence of such a feature is worrisome…

Linux Malware mulling to Spoil Black Friday – muunyayo

https://muunyayo.com/2021/11/22/linux-malware-mulling-to-spoil-black-friday/

TheCyberThrone

Researchers have discovered a new Linux backdoor on compromised ecommerce servers that intercepts and exfiltrates sensitive customer information, including credit card details.

The malicious agent, dubbed linux_avp is written in Golang, and was discovered by researchers at Sansec, who were approached by an affected merchant who couldn’t seem to get rid of malware from his store. Once deployed will take commands from china C2C.

The discovery of the malware across ecommerce stores all around the world comes mere days before the Black Friday shopping extravaganza. The attackers first run automated tests to probe ecommerce websites against dozens of known vulnerabilities. As soon as one is found, it installs a backdoor and uploads the linux_avp server agent.

The linux_avp agent injects fake payment forms on checkout pages displayed to customers of the compromised stores. Further analysis reveals that the fake payment form written in PHP is designed to steal and…

View original post 65 more words

Teen accused of North America’s biggest-ever single-person crypto heist — RT World News

https://www.rt.com/news/540726-teen-accused-canada-cryptocurrency-theft/

A Canadian teenager has been arrested after allegedly stealing $36.5 million in cryptocurrency from a person in the US. The police
claim it was the largest such heist involving one victim ever registered in North America.
Police in the city of
Hamilton, Ontario, arrested the unidentified perpetrator on Wednesday,
after over a year investigating what they have described as the
biggest-ever cryptocurrency theft from a single person in either the US
or Canada. Local police began a joint investigation with the Federal
Bureau of Investigation and the US Secret Service Electronic Crimes Task
Force in March 2020, when the theft was reported.

The Hamilton Police Service said it had made “multiple”
seizures in excess of CA$7 million (US$5.5 million) during the arrest,
which came after investigators noticed some of the stolen money had been
used to buy an online username considered “rare” in the gaming community, according to a police statement.

The
victim was apparently targeted by a cell phone hijack known as SIM
swapping. This method involves manipulating cellular network employees
to duplicate phone numbers in order to let the scammer intercept the
two-factor authorization requests that allow them access to a victim’s
account.

This method is considered especially potent because a lot
of people use the same password for multiple sites, according to
Detective Constable Kenneth Kirkpatrick, of the Hamilton Police’s
cybercrimes unit. He added that cyber and cryptocurrency crimes were
becoming increasingly common, but noted that the figures involved in
this case were “very surprising.”

“It’s a large amount of money in anybody’s opinion,” Kirkpatrick said, adding that the case was currently in the Hamilton court system.

The police haven’t revealed the age or gender of the youth, the username they purchased, or whether they were acting alone.

Pegasus-style spyware found on thousands of smartphones — RT World News

https://www.rt.com/news/540024-pegasus-spyware-android-apps/

Cybersecurity researchers have found spyware, similar to the
notorious ‘Pegasus’ malware peddled by Israeli company NSO Group, on
thousands of South Korean smartphones. The software is disguised as
innocent yoga and photo apps.
Used by governments
worldwide to spy on rival politicians, foreign powers, journalists,
lawyers, and business figures, NSO Group’s Pegasus malware has gotten
significant media attention since its existence was revealed earlier
this year by activists. While the Israeli firm has found itself maligned
by the press and blacklisted
by Washington, similar snooping software is reportedly still active and
going unnoticed, as highlighted in a report published on Wednesday by
cybersecurity company Zimperium.

The article examines the PhoneSpy software, which is aimed at South Korean Android users. According to Zimperium, “PhoneSpy
hides in plain sight, disguising itself as a regular application with
purposes ranging from learning Yoga to watching TV and videos, or
browsing photos.” These apps aren’t found on the Android app store,
meaning users had to download them directly, likely by clicking
malicious links or through “social engineering.”

Once
installed, PhoneSpy gives snoops access to virtually every function of
the target’s smartphone. Cameras and microphones can be remotely
activated, call logs and messages retrieved, GPS coordinates tracked,
and web traffic monitored.

Zimperium’s report did not identify who was actually using PhoneSpy to surveil targeted phones, but it said that “thousands of South Korean victims have fallen prey to the spyware campaign.” As the fake apps were all South Korean, the spying operation is believed to be limited to that country.

PhoneSpy
is one of several Pegasus-like programs currently suspected of being in
operation. When the US added NSO Group to its trade blacklist earlier
this month, it also added Russian firm Positive Technologies and
Singapore’s Computer Security Initiative Consultancy, claiming that both
trafficked in “cyber tools” used to gain “unauthorized access to computer systems.”

Hackers stole passwords, targeted US Defense Department entities in sweeping raid – security firm — RT USA News

https://www.rt.com/usa/539636-hackers-dod-raid-report/

…Hackers have breached at least nine organizations globally in
sensitive sectors and targeted US Department of Defense entities, a
cybersecurity company has said.
According to a report by
security firm Palo Alto Networks, a group of unidentified criminals
scanned at least 370 servers across the US in September and October. The
scans were “largely indiscriminate in nature,” the firm said, with targets ranging from educational institutions to servers linked to the Department of Defense.

Using
publicly available Chinese-language tools, hackers breached at least
nine organizations globally, the firm said. Palo Alto Networks did not
identify which organizations were compromised, but said they worked in
industries related to technology, defense, healthcare, energy and
education.

The Palo Alto Networks vice president responsible for threat intelligence, Ryan Olson, told CNN the nine victims were the “tip of the spear”
of a larger apparent spying campaign. Olson said hackers have stolen
passwords from targeted organizations hoping to maintain long-term
access to their networks.

CNN reported that the US National
Security Agency (NSA) and the Cybersecurity and Infrastructure Security
Agency (CISA) were tracking the hackers’ activities, and the NSA has
helped Palo Alto Networks to analyze the threat. The NSA and CISA
declined to comment on the identity of the hackers, the channel said.

Cyber
criminals around the world have managed to successfully breach multiple
large corporations and government agencies in recent years, demanding
ransom money for sensitive data, or trying to sell it on the darknet.
Just weeks ago, hackers broke into the Indian servers of Taiwanese
electronics giant Acer, reportedly obtaining personal information on
millions of customers.



Also on rt.com
Ransomware hackers,
presumably Russian-linked, steal personal data on Trump, Oprah &
others in online jewelry firm heist – media

Daily SA: China using 5G to spy on Americans – Nwo Report

Comment by tonytran2015: Australia was the first to ban Huawei and alerted her allies. The action angered China tremendously and triggered the “punishment” against Australia.

https://nworeport.me/2021/11/04/daily-sa-china-using-5g-to-spy-on-americans/

NSA: The National Security Agency and U.S. Cybersecurity Infrastructure and Security Agency (CISA) jointly warned that hackers, without naming China, could target American 5G networks through existing security gaps. In part, the warning encouraged 5G providers to take recommended steps to close security holes, focusing on preventing lateral movement for hackers who have gained access to 5G cloud servers. (Analyst Comment: Earlier this year, we reported from the annual Blackhat hacking convention, where security researchers stressed that criminal and state-backed hacking groups had adopted new tactics, including targeting upstream networks to gain wider access to downstream targets. You can read our full report in the 09 August 2021 issue of Early Warning. Attacks against critical infrastructure are increasing, and conditions are likely to worsen. Readers should continue preparing for disruptions to the supply chain, oil and gas, and the information and communications environment – M.S.)