Wednesday, April 1, 2020

The scariest hacks and vulnerabilities of 2019

The scariest hacks and vulnerabilities of 2019

The scariest hacks and vulnerabilities of 2019

Yes, this is one of the year-end products. And it's been a long time since 2019 that there has been a global catastrophe, or any other major news item that breaks down weekly.

Below is a summary of the last 10 months of training accidents by months.

HANUI
Powerful vulnerability in Apple FaceTime - An error in Apple's FaceTime application is that hackers can create and receive an automatic FaceTime phone without interaction from a helper, opening doors for confidential surveillance.



North Korean activists flocked to Russia in the Search Force after a Skype interview - the title of the article was clearer and well worth the read.

The protesters are trying to steal data from the Ministry of South Korea - the Seoul government claims that hackers have distributed over 30 computers and stole data from 10.

One was hit by the PHP PEAR website - We still don't know what happened, but someone broke the PHP PEAR report with the support of the PHP PEAR server.

Security can be found in 26 Pay-Credits - This report outlines the dangers of some low-cost cryptocurrencies and how hackers can steal assets all the time.

The scariest hacks and vulnerabilities of 2019


Oklahoma State Release Record Records FBI Investigation Investigation - Security and Exchange Server has allowed anyone to receive government files, such as internal files, and FBI interviews.

Iranian hackers accused of DNS training around the world - FireEye and later the Cisco Talos - have launched an Iranian hacker program that is turning traders from companies around the world through Iranian suppliers and recording company signals of future attacks. To do this, DNS management accounts are terminated by domain name registrations to perform DNS attacks. Attackers also violated the Greek high-register.

Implementation of SCP will result in 36-year-old security failure - the implementation of the 36-year-old Protocol (36P) since 1983 when four security breaches were approved were malicious SCP server disrupts the client (user) system with malicious actions that hide the cache.

LTE Security Loss - Two new LTE security features were announced this year. One affected 3G, 4G, and 5G, and another, a set of 36 vulnerabilities identified after a consolidation of South Korean security researchers.

Sites can steal browsing data by adding APIs - Researchers have found over 200 extensions for Chrome, Firefox and Opera that vulnerable to malicious websites.

WiFi software bugs related to computers, laptops, router, gaming devices - a security bug was discovered in the Marvell Avastar chip. The list of hardware related features includes the PS4, Xbox One, Samsung Chromebook and Microsoft Surface.

Malware has been updated to Android devices - sometime in 2019. First in January, when researchers discovered the problem with the Alcatel app, before installing it on Alcatel smartphones . Secondly, in June, when German internet authorities discovered a count of four smartphones.

The scariest hacks and vulnerabilities of 2019


THIS
Leaky DB reveals Chinese surveillance methods - Security researcher Victor Gevers has found a calendar release from a Chinese company that has found its test case for Muslim people, found by Chinese Uighur surveys .

Many WinRAR Errors Found - Web App researchers have identified a WinrAR bug that has affected all aspects of WinRAR since 2000. Over 500 million WinRAR users are at risk. As a result, more and more tribal and nationalist activists became involved.

Thanks to the new WinPot malware, Customers can buy - WinPot has been on the market since March 2018.

Trademarks and custom Android applications have been found with 97% accuracy - The latest machine learning algorithm can detect Tor when users are using a specific application such as YouTube, Instagram, Spotify and more.

US homeowners take VFEmail email - Doctors don't ask for payment. VFEmail called the process "attack and destruction".

The scariest hacks and vulnerabilities of 2019


Thunder vulnerability- The security bug affects the interface of Windows, Mac, Linux on Thiperbolt peripherals. You are allowed to create malicious scams that can steal your OS data.

Download PDF - A group of German researchers has found the way

Hide malicious software with a processor - Studies have found ways to keep malware on your computer using expensive execution and Intel SGX encoder system.

MAR .N
Hackers shut down offline sirens before the storm - Yes. That's bad.

ASUS Trainer in Supply Chain - Updates ASUS Live Hacks to perform malicious software on user programs. The hack is in 2018, but only released in March. There are more than millions of computers that are believed to be infected.

News GitHub News Provides 300+ Secondary Applications - GitHub Sound, which has 89 accounts, provides 73 repositories with more than 300 Windows, Mac and backdoor applications. Linux.

Bithumb cryptocurrency trading fell for the third time in two years - Police are believed to have smashed nearly $ 20 million in EOS and Ripple cryptocurrencies. At this point, it looks as if Bithumb has never been tested.

Chrome on Attack Attack Date - CVE-2019-5786, the Chrome FileReader API error, was eventually created to read content from a user's computer. Google said the error was used with zero day by the Windows 7 controller in the state.

New CPU error - Scientists have found the new Intel VISA Intel technology (internal signal transduction technology).

Hacks at French gas stations - The criminal group stole 120,000 liters of oil from Total Petrol stations in Paris when gas stations forgot to change the pin of the pump to oil.

Breaking the Citrix End - Citrix has learned of an FBI hacker. Hackers robbed business documents. Most Citrix customers are government agencies and Fortune 500 companies.

Problems unlocking smartphones - We've had a few years, but the first lawsuit was filed in October when the user discovered that the Samsung Galaxy S10's facial recognition could scam the video's owner. A month later, the user found it able to open a Nokia 9 fingerprint reader with a rubber band. Well, in October, users discovered that you can unlock the Pixel 4 Face Unlock technology while your eyes are closed, and the couple found out they could unlock their Samsung S10 to protect their fingers with any the finger of the user if the device is secure with the silicone material case. In fact, the problem of avoiding facial recognition is widespread. A non-profit Dutch study last year found that developers were able to prevent unlocked activities on 42 of the 110 smartphones they tested.

The scariest hacks and vulnerabilities of 2019



April
United Airlines seats - The airline emphasizes the cameras are not in use; however, customers pay special attention and concern through the presence of cameras.

Pusna researchers 'PWNED!' on hundreds of GPS tracking maps through an unauthorized API - More than 20 GPS tracking models have allowed scammers to track owners, acquaintances and tracking features.

Thousands of victims have been exposed to thieves via password encryption - security updates have been available for MyCar Android and iOS since mid-February to remove credentials.

The weather alert came out 90 minutes after the spyware attack - A similar attack to the French M6 in October did not happen.

Facebook agrees to saving naked passwords for millions of Instagram users - Event came a month before, Facebook also admitted to saving passwords for Facebook accounts.

Source code for Iran's Cyber ​​Mail has escaped the telegram - Tools have made it available to malware developers every day, learning more about attacks. In May and May, second and third sections are withdrawn from Iranian hackers.

The Indian government agency has released data online for millions of pregnant women online - more than 12.5 medical documents for pregnant women are available. The files were removed by the flight attendant after more than three weeks.

More iSCSI iSCSI storage clusters are streamed online without a password - The new hacker has opened an outdoor back office of NAS human resources storage devices and devices.

Gnosticplayer hacks - a hacker known as gnosticplayers saved over a billion internet user records in a few months.

A hack team can receive DNS traffic on D-Link routers for up to three months. Other router models, such as ARG, DSLink, Secutech and TOTOLINK, are also targeted. Strikes are active throughout Brazil.

is right
Hackers remove the Git repositories and request purchase

The scariest hacks and vulnerabilities of 2019


Thrangrycat Vulnerability - Thrangrycat Rescue accepts intruders to hold a naughty home on a Cisco machine. It is advisable that many Cisco devices are affected. No attacks were found in nature.

BlueKeep Nuclear Power - In mid-May, Microsoft warned of a new "terror" scandal against the RDP, later renaming BlueKeep. Later, BlueKeep (DejaBlue )'s two-anonymous attacks were released in August. After months of indirect attacks, the abuse report was released in September.

The unprotected server identifies the data to 85% of the entire population of Panama - the server has patient data, but no medical records have been processed - personally identifiable information (PII).

Software updates bring police ankle inspectors to the Netherlands - the latest update prevents ankle owners from returning data to police control rooms. As a result, it is imperative to get some suspects and put them in jail.

Israel faces response to Hamas hackers by air strike - Israeli army announces it has attacked Hamas cyber base.

Google Replace Titanium Titan Security Keys - Bluetooth synchronization capability forces Google to replace Titan keys sold in the United States. Ultimately, Microsoft was forced to issue a specific problem fix.

Hack Canva - one of the victims of Gnosticplayer. The company has crashed by 139 million user records.

StackOverflow Hack - Stack Overflow says hackers have broken the production system and hackers are insecure for more than a week.

Flipboard Hack - The hacker extension is unknown, but Flipboard says hackers have had access to their plans for nearly nine months.

London Securities to start patrols via Wi-Fi Hotspots - London for TfL says it plans to launch a vehicle search system that will use public Wi-Fi destinations in June London forthcoming.

Errors The Greatest Safe Browser - Chrome, Safari, and Firefox have not been able to see your own alerts for more than a year.

May
The hackers have smashed 10 telephone providers - Cybereason scientists say a nationwide intelligence service has scared at least 10 telecommunications companies - as hackers work de facto "IT shadow" Complex ”.

The new Silex button scams thousands of IoT devices - The attack for several days, but the hacker finishes and an unknown code for Silex malicious software.

NASA has attacked a rebel because of an unauthorized connection of the Raspberry Pi to its network - NASA has described hackers as a "progressive threat," which is generally used by hackers in the state, but gave no further details.

The scariest hacks and vulnerabilities of 2019

The famous Facebook support page has hacked - Facebok has been hacking the hack for weeks.

Google nest cameras can allow old owners to spy on new owners - Google has finally released an update.

Firefox Two Zero Days - Mozilla Adjusted Two Zero Days of Firefox [1,2] used to attack Coinbase employees.

AMCA data breach - A healthcare provider was cut off last year and hackers could sell patient data online. The change applies to many health care providers and is limited to over $ 20 million.

CBP says hackers steal licenses and photos of travelers - CBP says the subcontractor stored photos on their internal servers unauthorized and then attacked them.

HSM Major Vulnerabilities Subject Banks, Cloud Service Providers, Governments - Two security scientists have identified vulnerabilities that can be used remotely to obtain encrypted data on important software packages. called Hardware Security Modules (HSM).

The flood of SIM swap attacks has hit US cryptocurrency users - In the week of June, dozens of US cryptocurrency users are victims of SIM swap attacks.

July
The Kazakh government recognizes all local HTTPS communications - Efforts to improve HTTPS target Facebook, Google, Twitter, and other sites. Finally, Apple, Google and Mozilla have agreed to drop the certification used for HTTPS MTM attacks.

Millions of Bulgarian Data Militants - a hacker stole personal data of millions of Bulgarians and sends local newsletters via e-mails of broadcast links to stolen data. The day was stolen

Instant Potential Power - 11 - A major error in TCP libraries has affected routers, printers, SCADA, virtual machines, and many IoT devices.

The scariest hacks and vulnerabilities of 2019

Apple's AWDL strategy was offset by a lack of security - Apple introduced the virus in March, but scientists say other deficiencies need to be promoted to some Apple services. Bugs allow tracking and MitM attacks.

DHS warns of the failure of CAN buses in low-cost aircraft - DHS CyS Security Agency recommends that airline owners limit access to aircraft "to their best ability" to protect against the weaknesses they can use to fight an aircraft.

Harmful errors found in GE cosmetics - GE recommends that manufacturers do not connect harmful cosmetics to the hospital's primary networks. The company has also denied that errors can cause harm to patients, but later apologized and admitted that these problems could be life-threatening.

Los Angeles Police arrested the data breach - a personal record of more than 2,500 LA police officers stole in a hack. The insurer sent an email directly to the company as well as an example of information stating that they stole to validate its recommendations.

The Louisiana governor has declared a state of emergency following an outbreak of regional redemption - Yes. Ransomware is very bad. Then tipped Texas, dental practices and dental care providers.

Using Bluetooth can monitor and identify iOS users, Microsoft mobile devices - This vulnerability can be used to alert users regardless of native OS protections in the world and affect Bluetooth devices on Windows 10, iOS and macOS computers. These include iPhones, iPads, Apple Watch models, MacBooks, Microsoft tablets and tablets.

The 7-Eleven Japanese retailer lost $ 500,000 for a mobile app error - 7-Eleven will eventually be sold in the app.

in glory
CPAP Error SWAPGSAttack - Scientists explain the inherent weakness of CPU and Meltdown Specter CPUs - and affect all methods used by 2012 Intel devices.

Dragonblood's new anonymity - Earlier this year, two security scientists released details of five vulnerabilities (collectively known as Dragonblood) in a recent demonstration of WPA3 security and security.

Daily News 14 News - Google discovers the weaknesses of iOS 14 divided into five substance chains that have developed in the wild since September 2016. Attacks for Chinese Uyghuru users.

Weaknesses in VPN security - Hackers combine attacks on VPN Pulse Secure and Fortinet - with national players.

Windows CTF Vulnerability - Microsoft CTF Vulnerability recovered from Windows XP. The error allows hackers to hack any Windows application, unlock it exclusively, gain executive benefits.

WS-Discovery Guide Made for DDoS Attacks - The protocol adopted by DDoS for rental, is already used in real-world attacks.

Hacker One - Hacker hits Capitol One, where it stole the record of 100 million users. It also hacked another 30 companies.

Hy-Vee Card Verification - Supermarket supermarket chain has adopted a security breach on some of its Point-of-Sale (PoS) programs. They are finally given the data for sale on hacking conventions.

Workers connect nuclear power to the Internet to my cryptocurrency - The workers of the Ukrainian nuclear power plant accept the only inherent security risks of bitcoin mining. They were finally caught.

Moscow's blockchain voting system was broken a month before the election - a French scientist with a $ 15,000 net worth to find mistakes in Moscow's Ethereum-based voting system.

The US military buys $ 32.8 million worth of equipment with known security risks - List of weak products purchased by DoD including Lexmark printers, GoPro cameras, and Lenovo computers.

AT&T employees have been fined for installing malware on the company's network - DOJ says Pakistani is earning $ 1 million for AT&T employees on its network, opening more than devices 2 million goes.

Users Logs Windows Badware on Adult Web Sites - The new Varenyky Trojan horse records videos of users browsing adult sites. Currently, they are intended for French users only.

Trojan TrickBot has the ability to help exchange SIM card violations - Trojan TrickBot has detected transactions and PINs received for Sprint, T-Mobile, and Verizon Wireless accounts.

The scariest hacks and vulnerabilities of 2019

Warship Technology - Hackers can use package delivery services to send hacking software directly to your company door.

Instagram launches Hyp3r advertising company - Instagram runs a promotional company that collects data about its users.

September
Tech Attack - Security researchers have analyzed SMS-based attacks in information that can allow malicious readers to track users' devices using small apps known on SIM cards. This is found to affect SIM cards in 29 countries. There is also a second attack called WIBAttack.

Television TV Signs - Two school newspapers have found that smart TVs are collecting data on TV viewing habits.

Check Jailbreak Checkm8 - The latest Checkm8 Jailbreak released for all iOS devices using the A5 to chipset A11 on iPhone 4S to iPhone 8 and X.

Elasticsearch data filter for most Ecuador residents - personal data about Ecuadorian citizens, their feet and children, and financial records and author registration information. Then follow.

PDF Challenge Distribution - More than 24.3 million PDF Lumin users shared by users at the hacking forum in mid-September. A day later, the company admitted the crime.

Heyyo in the dating app - Almost everything except private messages have escaped.

vBulletin day and subsequent hacks - Anonymous security researcher releases zero days on vBulletin conference software. This vulnerability is used immediately to hack multiple conventions.

YouTube's biggest rivals have created YouTube creators - YouTube creators whose car and driver community have been hit by attacks that could trigger 2FAs, allowing hackers to broadcast Google and YouTube accounts.

Pipe Recovery Application (Thousand) - Thousands of Linux servers have been infected by a new forced ransomware application.

More than 47,000 Supermicro Servers Introduce BMC Ports on the Internet - Scientists have discovered a new remote control controller on Supermicro servers that have been found to find their BMC ports on the Internet.

Ransomware Insurance Insurance Company $ 95 Million - The Ransomware incident at the Danish Demant Center, which reviews analysts, lost nearly $ 95 million, one of the most expensive cases to date.

Vulnerability Exim (CVE-2019-15846) - Millions of Exim servers are vulnerable to security vulnerabilities that could allow teachers to execute malicious code with root privileges when used.

October
Avast Hack - A Czech anti-virus vendor launched a second attack aimed at threatening CCleaner's release following its covenant in 2017. Hacker said the company was attacked by a viral VPN profile.

Android Day in the Park - Scientists at Google Project Zero have discovered that Android Android was broken on a free day that coincided with Pixel, Samsung, Huawei, Xiaomi.

Alexa and Google Home have used it themselves and ereaddropping - Amazon, Google could not fix security gaps in Alexa and Home more than a year after the initial transactions.

The scariest hacks and vulnerabilities of 2019

Czech authorities disseminate Russia's cybercrime website - Czech officials say Russian officials are using local companies to launch cybercrime attacks against foreign sites. Officials say the services have received FSB support and financial assistance from government agencies in the area.

Johannesburg handle gay hacking - A group called "Shadow Kill Hackers" is asking local officials for bitcoins 4 or sending public data online. The second attack was against Johannesburg after a redemption charge came in July, when some areas were left without fire.

CPDoS attacks - CloudFront, Cloudflare, Fast, Akamai and others affected by attacking the new CPDoS cache website.

PHP7 RCE - Bug CVE-2019-11043 PHP7 can receive non-technical attacks to recover Nginx servers running PHP-FPM.

MacOS programs exploit in DDoS attacks - Approximately 40,000 macOS systems launch a specific web portal that can be used for large DDoS attacks.

The scariest hacks and vulnerabilities of 2019

The scariest hacks and vulnerabilities of 2019

The scariest hacks and vulnerabilities of 2019


Yes, this is one of the year-end products. And it's been a long time since 2019 that there has been a global catastrophe, or any other major news item that breaks down weekly.

Below is a summary of the last 10 months of training accidents by months.

HANUI
Powerful vulnerability in Apple FaceTime - An error in Apple's FaceTime application is that hackers can create and receive an automatic FaceTime phone without interaction from a helper, opening doors for confidential surveillance.

North Korean activists flocked to Russia in the Search Force after a Skype interview - the title of the article was clearer and well worth the read.

The protesters are trying to steal data from the Ministry of South Korea - the Seoul government claims that hackers have distributed over 30 computers and stole data from 10.

One was hit by the PHP PEAR website - We still don't know what happened, but someone broke the PHP PEAR report with the support of the PHP PEAR server.

Security can be found in 26 Pay-Credits - This report outlines the dangers of some low-cost cryptocurrencies and how hackers can steal assets all the time.



Oklahoma State Release Record Records FBI Investigation Investigation - Security and Exchange Server has allowed anyone to receive government files, such as internal files, and FBI interviews.

Iranian hackers accused of DNS training around the world - FireEye and later the Cisco Talos - have launched an Iranian hacker program that is turning traders from companies around the world through Iranian suppliers and recording company signals of future attacks. To do this, DNS management accounts are terminated by domain name registrations to perform DNS attacks. Attackers also violated the Greek high-register.

Implementation of SCP will result in 36-year-old security failure - the implementation of the 36-year-old Protocol (36P) since 1983 when four security breaches were approved were malicious SCP server disrupts the client (user) system with malicious actions that hide the cache.

LTE Security Loss - Two new LTE security features were announced this year. One affected 3G, 4G, and 5G, and another, a set of 36 vulnerabilities identified after a consolidation of South Korean security researchers.

Sites can steal browsing data by adding APIs - Researchers have found over 200 extensions for Chrome, Firefox and Opera that vulnerable to malicious websites.

WiFi software bugs related to computers, laptops, router, gaming devices - a security bug was discovered in the Marvell Avastar chip. The list of hardware related features includes the PS4, Xbox One, Samsung Chromebook and Microsoft Surface.

Malware has been updated to Android devices - sometime in 2019. First in January, when researchers discovered the problem with the Alcatel app, before installing it on Alcatel smartphones . Secondly, in June, when German internet authorities discovered a count of four smartphones.



THIS
Leaky DB reveals Chinese surveillance methods - Security researcher Victor Gevers has found a calendar release from a Chinese company that has found its test case for Muslim people, found by Chinese Uighur surveys .

Many WinRAR Errors Found - Web App researchers have identified a WinrAR bug that has affected all aspects of WinRAR since 2000. Over 500 million WinRAR users are at risk. As a result, more and more tribal and nationalist activists became involved.

Thanks to the new WinPot malware, Customers can buy - WinPot has been on the market since March 2018.

Trademarks and custom Android applications have been found with 97% accuracy - The latest machine learning algorithm can detect Tor when users are using a specific application such as YouTube, Instagram, Spotify and more.

US homeowners take VFEmail email - Doctors don't ask for payment. VFEmail called the process "attack and destruction".



Thunder vulnerability- The security bug affects the interface of Windows, Mac, Linux on Thiperbolt peripherals. You are allowed to create malicious scams that can steal your OS data.

Download PDF - A group of German researchers has found the way

Hide malicious software with a processor - Studies have found ways to keep malware on your computer using expensive execution and Intel SGX encoder system.

MAR .N
Hackers shut down offline sirens before the storm - Yes. That's bad.

ASUS Trainer in Supply Chain - Updates ASUS Live Hacks to perform malicious software on user programs. The hack is in 2018, but only released in March. There are more than millions of computers that are believed to be infected.

News GitHub News Provides 300+ Secondary Applications - GitHub Sound, which has 89 accounts, provides 73 repositories with more than 300 Windows, Mac and backdoor applications. Linux.

Bithumb cryptocurrency trading fell for the third time in two years - Police are believed to have smashed nearly $ 20 million in EOS and Ripple cryptocurrencies. At this point, it looks as if Bithumb has never been tested.

Chrome on Attack Attack Date - CVE-2019-5786, the Chrome FileReader API error, was eventually created to read content from a user's computer. Google said the error was used with zero day by the Windows 7 controller in the state.

New CPU error - Scientists have found the new Intel VISA Intel technology (internal signal transduction technology).

Hacks at French gas stations - The criminal group stole 120,000 liters of oil from Total Petrol stations in Paris when gas stations forgot to change the pin of the pump to oil.

Breaking the Citrix End - Citrix has learned of an FBI hacker. Hackers robbed business documents. Most Citrix customers are government agencies and Fortune 500 companies.

Problems unlocking smartphones - We've had a few years, but the first lawsuit was filed in October when the user discovered that the Samsung Galaxy S10's facial recognition could scam the video's owner. A month later, the user found it able to open a Nokia 9 fingerprint reader with a rubber band. Well, in October, users discovered that you can unlock the Pixel 4 Face Unlock technology while your eyes are closed, and the couple found out they could unlock their Samsung S10 to protect their fingers with any the finger of the user if the device is secure with the silicone material case. In fact, the problem of avoiding facial recognition is widespread. A non-profit Dutch study last year found that developers were able to prevent unlocked activities on 42 of the 110 smartphones they tested.




April
United Airlines seats - The airline emphasizes the cameras are not in use; however, customers pay special attention and concern through the presence of cameras.

Pusna researchers 'PWNED!' on hundreds of GPS tracking maps through an unauthorized API - More than 20 GPS tracking models have allowed scammers to track owners, acquaintances and tracking features.

Thousands of victims have been exposed to thieves via password encryption - security updates have been available for MyCar Android and iOS since mid-February to remove credentials.

The weather alert came out 90 minutes after the spyware attack - A similar attack to the French M6 in October did not happen.

Facebook agrees to saving naked passwords for millions of Instagram users - Event came a month before, Facebook also admitted to saving passwords for Facebook accounts.

Source code for Iran's Cyber ​​Mail has escaped the telegram - Tools have made it available to malware developers every day, learning more about attacks. In May and May, second and third sections are withdrawn from Iranian hackers.

The Indian government agency has released data online for millions of pregnant women online - more than 12.5 medical documents for pregnant women are available. The files were removed by the flight attendant after more than three weeks.

More iSCSI iSCSI storage clusters are streamed online without a password - The new hacker has opened an outdoor back office of NAS human resources storage devices and devices.

Gnosticplayer hacks - a hacker known as gnosticplayers saved over a billion internet user records in a few months.

A hack team can receive DNS traffic on D-Link routers for up to three months. Other router models, such as ARG, DSLink, Secutech and TOTOLINK, are also targeted. Strikes are active throughout Brazil.

is right
Hackers remove the Git repositories and request purchase



Thrangrycat Vulnerability - Thrangrycat Rescue accepts intruders to hold a naughty home on a Cisco machine. It is advisable that many Cisco devices are affected. No attacks were found in nature.

BlueKeep Nuclear Power - In mid-May, Microsoft warned of a new "terror" scandal against the RDP, later renaming BlueKeep. Later, BlueKeep (DejaBlue )'s two-anonymous attacks were released in August. After months of indirect attacks, the abuse report was released in September.

The unprotected server identifies the data to 85% of the entire population of Panama - the server has patient data, but no medical records have been processed - personally identifiable information (PII).

Software updates bring police ankle inspectors to the Netherlands - the latest update prevents ankle owners from returning data to police control rooms. As a result, it is imperative to get some suspects and put them in jail.

Israel faces response to Hamas hackers by air strike - Israeli army announces it has attacked Hamas cyber base.

Google Replace Titanium Titan Security Keys - Bluetooth synchronization capability forces Google to replace Titan keys sold in the United States. Ultimately, Microsoft was forced to issue a specific problem fix.

Hack Canva - one of the victims of Gnosticplayer. The company has crashed by 139 million user records.

StackOverflow Hack - Stack Overflow says hackers have broken the production system and hackers are insecure for more than a week.

Flipboard Hack - The hacker extension is unknown, but Flipboard says hackers have had access to their plans for nearly nine months.

London Securities to start patrols via Wi-Fi Hotspots - London for TfL says it plans to launch a vehicle search system that will use public Wi-Fi destinations in June London forthcoming.

Errors The Greatest Safe Browser - Chrome, Safari, and Firefox have not been able to see your own alerts for more than a year.

May
The hackers have smashed 10 telephone providers - Cybereason scientists say a nationwide intelligence service has scared at least 10 telecommunications companies - as hackers work de facto "IT shadow" Complex ”.

The new Silex button scams thousands of IoT devices - The attack for several days, but the hacker finishes and an unknown code for Silex malicious software.

NASA has attacked a rebel because of an unauthorized connection of the Raspberry Pi to its network - NASA has described hackers as a "progressive threat," which is generally used by hackers in the state, but gave no further details.


The famous Facebook support page has hacked - Facebok has been hacking the hack for weeks.

Google nest cameras can allow old owners to spy on new owners - Google has finally released an update.

Firefox Two Zero Days - Mozilla Adjusted Two Zero Days of Firefox [1,2] used to attack Coinbase employees.

AMCA data breach - A healthcare provider was cut off last year and hackers could sell patient data online. The change applies to many health care providers and is limited to over $ 20 million.

CBP says hackers steal licenses and photos of travelers - CBP says the subcontractor stored photos on their internal servers unauthorized and then attacked them.

HSM Major Vulnerabilities Subject Banks, Cloud Service Providers, Governments - Two security scientists have identified vulnerabilities that can be used remotely to obtain encrypted data on important software packages. called Hardware Security Modules (HSM).

The flood of SIM swap attacks has hit US cryptocurrency users - In the week of June, dozens of US cryptocurrency users are victims of SIM swap attacks.

July
The Kazakh government recognizes all local HTTPS communications - Efforts to improve HTTPS target Facebook, Google, Twitter, and other sites. Finally, Apple, Google and Mozilla have agreed to drop the certification used for HTTPS MTM attacks.

Millions of Bulgarian Data Militants - a hacker stole personal data of millions of Bulgarians and sends local newsletters via e-mails of broadcast links to stolen data. The day was stolen

Instant Potential Power - 11 - A major error in TCP libraries has affected routers, printers, SCADA, virtual machines, and many IoT devices.


Apple's AWDL strategy was offset by a lack of security - Apple introduced the virus in March, but scientists say other deficiencies need to be promoted to some Apple services. Bugs allow tracking and MitM attacks.

DHS warns of the failure of CAN buses in low-cost aircraft - DHS CyS Security Agency recommends that airline owners limit access to aircraft "to their best ability" to protect against the weaknesses they can use to fight an aircraft.

Harmful errors found in GE cosmetics - GE recommends that manufacturers do not connect harmful cosmetics to the hospital's primary networks. The company has also denied that errors can cause harm to patients, but later apologized and admitted that these problems could be life-threatening.

Los Angeles Police arrested the data breach - a personal record of more than 2,500 LA police officers stole in a hack. The insurer sent an email directly to the company as well as an example of information stating that they stole to validate its recommendations.

The Louisiana governor has declared a state of emergency following an outbreak of regional redemption - Yes. Ransomware is very bad. Then tipped Texas, dental practices and dental care providers.

Using Bluetooth can monitor and identify iOS users, Microsoft mobile devices - This vulnerability can be used to alert users regardless of native OS protections in the world and affect Bluetooth devices on Windows 10, iOS and macOS computers. These include iPhones, iPads, Apple Watch models, MacBooks, Microsoft tablets and tablets.

The 7-Eleven Japanese retailer lost $ 500,000 for a mobile app error - 7-Eleven will eventually be sold in the app.

in glory
CPAP Error SWAPGSAttack - Scientists explain the inherent weakness of CPU and Meltdown Specter CPUs - and affect all methods used by 2012 Intel devices.

Dragonblood's new anonymity - Earlier this year, two security scientists released details of five vulnerabilities (collectively known as Dragonblood) in a recent demonstration of WPA3 security and security.

Daily News 14 News - Google discovers the weaknesses of iOS 14 divided into five substance chains that have developed in the wild since September 2016. Attacks for Chinese Uyghuru users.

Weaknesses in VPN security - Hackers combine attacks on VPN Pulse Secure and Fortinet - with national players.

Windows CTF Vulnerability - Microsoft CTF Vulnerability recovered from Windows XP. The error allows hackers to hack any Windows application, unlock it exclusively, gain executive benefits.

WS-Discovery Guide Made for DDoS Attacks - The protocol adopted by DDoS for rental, is already used in real-world attacks.

Hacker One - Hacker hits Capitol One, where it stole the record of 100 million users. It also hacked another 30 companies.

Hy-Vee Card Verification - Supermarket supermarket chain has adopted a security breach on some of its Point-of-Sale (PoS) programs. They are finally given the data for sale on hacking conventions.

Workers connect nuclear power to the Internet to my cryptocurrency - The workers of the Ukrainian nuclear power plant accept the only inherent security risks of bitcoin mining. They were finally caught.

Moscow's blockchain voting system was broken a month before the election - a French scientist with a $ 15,000 net worth to find mistakes in Moscow's Ethereum-based voting system.

The US military buys $ 32.8 million worth of equipment with known security risks - List of weak products purchased by DoD including Lexmark printers, GoPro cameras, and Lenovo computers.

AT&T employees have been fined for installing malware on the company's network - DOJ says Pakistani is earning $ 1 million for AT&T employees on its network, opening more than devices 2 million goes.

Users Logs Windows Badware on Adult Web Sites - The new Varenyky Trojan horse records videos of users browsing adult sites. Currently, they are intended for French users only.

Trojan TrickBot has the ability to help exchange SIM card violations - Trojan TrickBot has detected transactions and PINs received for Sprint, T-Mobile, and Verizon Wireless accounts.


Warship Technology - Hackers can use package delivery services to send hacking software directly to your company door.

Instagram launches Hyp3r advertising company - Instagram runs a promotional company that collects data about its users.

September
Tech Attack - Security researchers have analyzed SMS-based attacks in information that can allow malicious readers to track users' devices using small apps known on SIM cards. This is found to affect SIM cards in 29 countries. There is also a second attack called WIBAttack.

Television TV Signs - Two school newspapers have found that smart TVs are collecting data on TV viewing habits.

Check Jailbreak Checkm8 - The latest Checkm8 Jailbreak released for all iOS devices using the A5 to chipset A11 on iPhone 4S to iPhone 8 and X.

Elasticsearch data filter for most Ecuador residents - personal data about Ecuadorian citizens, their feet and children, and financial records and author registration information. Then follow.

PDF Challenge Distribution - More than 24.3 million PDF Lumin users shared by users at the hacking forum in mid-September. A day later, the company admitted the crime.

Heyyo in the dating app - Almost everything except private messages have escaped.

vBulletin day and subsequent hacks - Anonymous security researcher releases zero days on vBulletin conference software. This vulnerability is used immediately to hack multiple conventions.

YouTube's biggest rivals have created YouTube creators - YouTube creators whose car and driver community have been hit by attacks that could trigger 2FAs, allowing hackers to broadcast Google and YouTube accounts.

Pipe Recovery Application (Thousand) - Thousands of Linux servers have been infected by a new forced ransomware application.

More than 47,000 Supermicro Servers Introduce BMC Ports on the Internet - Scientists have discovered a new remote control controller on Supermicro servers that have been found to find their BMC ports on the Internet.

Ransomware Insurance Insurance Company $ 95 Million - The Ransomware incident at the Danish Demant Center, which reviews analysts, lost nearly $ 95 million, one of the most expensive cases to date.

Vulnerability Exim (CVE-2019-15846) - Millions of Exim servers are vulnerable to security vulnerabilities that could allow teachers to execute malicious code with root privileges when used.

October
Avast Hack - A Czech anti-virus vendor launched a second attack aimed at threatening CCleaner's release following its covenant in 2017. Hacker said the company was attacked by a viral VPN profile.

Android Day in the Park - Scientists at Google Project Zero have discovered that Android Android was broken on a free day that coincided with Pixel, Samsung, Huawei, Xiaomi.

Alexa and Google Home have used it themselves and ereaddropping - Amazon, Google could not fix security gaps in Alexa and Home more than a year after the initial transactions.


Czech authorities disseminate Russia's cybercrime website - Czech officials say Russian officials are using local companies to launch cybercrime attacks against foreign sites. Officials say the services have received FSB support and financial assistance from government agencies in the area.

Johannesburg handle gay hacking - A group called "Shadow Kill Hackers" is asking local officials for bitcoins 4 or sending public data online. The second attack was against Johannesburg after a redemption charge came in July, when some areas were left without fire.

CPDoS attacks - CloudFront, Cloudflare, Fast, Akamai and others affected by attacking the new CPDoS cache website.

PHP7 RCE - Bug CVE-2019-11043 PHP7 can receive non-technical attacks to recover Nginx servers running PHP-FPM.

MacOS programs exploit in DDoS attacks - Approximately 40,000 macOS systems launch a specific web portal that can be used for large DDoS attacks.

Tuesday, March 31, 2020

AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

These times are unmatched, and everyone goes through a trial period with more than 3 billion people detained around the world.

AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak


Businesses want to stay connected and transition to digital technologies in real time without much training. As these companies enter the digital world, the internet is becoming increasingly angry.
Indusface, an internet expert specializing in Internet application security, has decided to move forward with the community.

Meanwhile, Indusface has not announced support for organizations that violate COVID-19 by offering computer-aided security training to their internet businesses for at least a month.
Indusface provides a free security assessment service for the Web site, and as part of this offer, companies can receive a 30-day free trial.
Customers can access the following plans.

AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

Indusface WAS - Advance


The Web site application helps you to identify website application vulnerabilities, problems and logical errors and to scan the date or the range.
Managed by a certified security professional, the Indusface application inspector helps organizations to better deal with business logic errors by detailing through project validation.
With Indusface WAS, consumers are able to understand their problems and their willingness to publish.
Indusface AppTrana - Progress

AppTrana provides website protection at all times via web browsing, website application buttons, CDN and DDoS protection. AppTrana is the only comprehensive and manageable solution on the market to help organizations manage their business in the short term.
Indusface is an example of an Indian WAF provider that provides a standard web-based application portal. This type of solution is a great opportunity for businesses that don't want to buy new equipment or hire train staff to operate it, "says Gartner.
Indusface's FREE entry criteria:
The following people are entitled to support through the project:

Special international NGOs, training institutions and government agencies around the world.
Or:
A machine business that has been owned by at least 1 year, and
And part of the area / business that Covid-19 Lockdown breached,
There has also been no Indusface customer or person who has worked with its sales team for the last 3 months.

AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

How to apply:


First and foremost, check it out as many times as you like,
Advertise the sales (at - indusface.com) of the company with the following information:
Briefly describe the transition to the internet space (words, scope, preferences),
Write online or mobile applications, cloud and SaaS systems,
Remember to provide your contact details,
With the plan you want to select - WAS-Advance or AppTrana - Add,
The company will produce the users it wants within the next 24 hours.

AppTrana Offers Protection to Online Businesses During Coronavirus Outbreak

"The COVID-19 feature is a turning point in human history, whether it be long or short of destruction, and a new world awaits us on the other end. It is clear that with little information from the online business, WFH is not pursuing a new initiative taken by technology companies, "says Venkatesh Sundar, founder (CMO) of Indusface.

"I see that schools, schools and homes are operating in this testing phase. The desire is to gain an education, and I know it will grow by doing business around the world." and the corporate world. "

"During this phase of the transaction, Indusface, as a project expert, has decided to assist the transfer operations by providing our equipment for one month free of charge. At that time, however, the situation, if necessary, will be reviewed if the project lasts longer than a month. "
"It is our hope that this initiative will help businesses change and strengthen the new world."

COVID-19: Hackers Begin Exploiting Zoom's Overnight Success to Spread Malware

As people progress from online platforms and communications such as Zoom, becoming more popular after the outbreak of coronavirus, they are increasingly forced to use the registry of new fake Zoom domains. and Zoom's malicious actions in an attempt to get people to remove malicious software on their devices.

COVID-19: Hackers Begin Exploiting Zoom's Overnight Success to Spread Malware


According to a report by Check Point that The Hacker News already distributes, more than 1,700 new Zoom zones have been registered since the deadly virus, with 25 percent of them registered within seven days. they are gone.

"We are seeing a significant increase in the number of Zoom zones being registered, especially over the last week," said Omer Debinski, an online research director at Check Point.
"The rise of modernization has led the hackers to embrace the COVID-19 paradigm from work back home, and see it as an opportunity to cheat, understand and use. you get the Zoom link, or any article that was sent to you or sent to you and I will check it to make sure it is not a trap. "
With over 74,000 customers and 13 million monthly active users, Zoom is one of the most popular cloud-based communication platforms that offers chat, video and audio conferencing, as well as websites and virtual meetings.
Zoom has grown in popularity in recent weeks as students, business people and public servants around the world are encouraged to work and communicate from home at home. timing of coronavirus infection.

COVID-19: Hackers Begin Exploiting Zoom's Overnight Success to Spread Malware


The report was released after a massive surge in several regions linked to malignant coronaviruses as insurgents discover new ways to benefit from the global health crisis by transporting from numerous attacks, propaganda campaigns, and the creation of corrupt websites and malicious activities.
Also, the researchers said they found a malicious file labeled "zoom-us-zoom _ ###########". Use "to install unwanted computer systems (PUP), such as InstallCore, a simple batch application known to integrate with other types of malicious software.
But Zoom is the only application for cybercriminals. College researchers say schools that are turning to online learning platforms to engage students have identified access points referred to as Google Classroom websites (such as googloclassroom \ .com and googieclassroom \ .com) to drag them inside. users take abuse.
Zoom adjusts the privacy of the iOS app

As for its Zoom platform, it also has its own range of security and security features. Last year, a vulnerable application was launched on a video computer system that allowed websites to capture users' web content and "powerfully" connect them to Zoom phones without their permission.
Then, in early January of this year, the company fixed a bug that would allow hackers to suspend meeting IDs or participate in a shooting session, by launching special audio, video and text access throughout the season. After opening, Zoom will enter the default passwords for each meeting, and participants will need to log in and log in to the meeting ID.

COVID-19: Hackers Begin Exploiting Zoom's Overnight Success to Spread Malware


And finally, over the weekend, Zoom updated its iOS app after it caught posting a toolbar with a unique Advertiser ID on Facebook using a computerized software package (SDK). , and is afraid that it may not be possible to disclose data in its privacy policy.
Understanding some of the privacy concerns associated with the use of Zoom products, the Electronic Frontier Foundation (EFF) said by noting that Zoom is aware of or calling because Zoom is active or active. video callers to make sure they're listening. Managers can also see each participant's IP address, location, and device information.

To protect yourself from such threats, it is important to update your requests and seek emails from unknown suppliers and similar domains that may have typographical errors.
Also, do not open unrecognized attachments and do not resort to promotional links in emails, remedies from Corona do not appear via email, and you guarantee the release of the content derived from reliable sources only.
Anything to say about this article? Leave a comment below and share it with us on Facebook, Twitter or our LinkedIn groups.

COVID-19: Hackers Begin Exploiting Zoom's Overnight Success to Spread Malware

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

The Marriott International Hotel Network today announced data breach of 5.2 million guests, resulting in a second attempt to kill the company in recent years.
"At the end of February 2020, we will determine which visitor information will be obtained using two police credentials," Marriott said.

"We believe this work will begin in mid-January 2020. As a result, we have confirmed that the awards have been obtained, are being inspected, and are being monitored, and preparing resources to clarify and helping guests. "
Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests


The activity displayed personal information for visitors, such as contact information (name, mailing address, email address and telephone number), account information (billing address and number of points), and additional information such as by company, gender, day. birth, room temperature and language preferences.

The navigation agency said the investigation into the breach was ongoing, but found no evidence that Marriott Bonvoy's account, password, or credit card information had been obtained. passport, national identification, or driver's license number completed.

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests


Marriott has also set up a web-based service for visitors to check if their information has been compromised and the content of the content has been published. Offensive users are also given the opportunity to sign up for Identity, a more personalized 1-year monitoring service.
The company has taken steps to clear the privacy of members of Marriott Bonvoy, who published information in the event of an accident and will explain their changes the next time they enter. them, they are requested in order to enable multi-purpose authentication.
The accident resulted in the payment of a record of Starwood Hotel Reserves in 2014 acquired by Marriott in 2016. The breach, which resulted in personal data of more than 339 million Visitors around the world, unavailable until November 2018, will receive a $ 99 million (US $ 123 million) grant from the British Foreign Office. according to the law of GDP

Marriott Suffers Second Breach Exposing Data of 5.2 Million Hotel Guests

"The variety of information presented in Marriott's latest sentence may not be beneficial, but it is the nature of this understanding that allows real estate agents to target consumers," said Gerrit Lansing, CTO of STEALTHbits , told Hacker News in an email today.
"It's simple: the more I know you, the greater my chance of being deceived. Certified credentials remain one of the key agents for this type of authenticity, with a validity in advance." adding additional information is one of the best barriers. "

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

Researchers of the Qihoo 360 Helping Hurricanes today filled in on two of the two solar-powered training programs found in the wild, designed for off-the-grid network equipment created by Taiwanese DrayTek.

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks


According to the report, two separate groups of hackers used two major vulnerabilities related to the implementation of remote commands (CVE-2020-8515), related to business changes, DrayTek Vigor VPN account load, access and access points and listeners. settings are next.

Zero Day attacks that began in late November or early December are likely to continue with thousands of DrayTek people, Vigor 2960 3900, 300B unmanned devices. the new trader. The updates were released last month.

The non-everyday vulnerabilities mentioned can cause remote attackers who do not have the authority to send and execute breach orders on the system and have been described by a private researcher on his blog.

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

"The two 0-day deployment options include KeyPath and rtick located at /www/cgi-bin/mainfunction.cgi, and the downstream web interface is / usr / sbin / lighttpd," i the report said.



NetLab researchers have not yet launched two attacks against one group, but confirmed that, while the first group only explored on the network, the second group of malicious users used vulnerabilities to implement the rtick commands to create:

the backlash of the late website event

SSH backdoor on TCP ports 22335 and 32459,

backdoor system with user account w and password caonimuqin.

It should be noted that if you have installed the firmware or are currently installing it, you will not be able to remove all the backups until they have passed.

"We recommend that DrayTek Vigor users check and update their time, and check for their tcpdump protocol, SSH backdoor account, website backdoor, etc."

"If you have a problem with your router, turn it off if you don't want it and use the access control list whenever possible," the company says.

List of broken firmware components:

Vigor2960 <v1.5.1

Vigor300B <v1.5.1

Vigor3900 <v1.5.1

VigorSwitch20P2121 <= v2.3.2

VigorSwitch20G1280 <= v2.3.2

VigorSwitch20P1280 <= v2.3.2

VigorSwitch20G2280 <= v2.3.2

VigorSwitch20P2280 <= v2.3.2

Interested companies and citizens are encouraged to introduce new firmware updates to protect their valuable networks from malware and new cyber threats.

Hackers Exploit Zero-Day Bugs in Draytek Devices to Target Enterprise Networks

North Korean Hackers Rob Banks Around the World

North Korean Hackers Rob Banks Around the World


Most systems are designed to detect fraud without finding any arrests. The sheer force of fraudulent practices that have brought these bills back decades has passed. Many observers are linked to North Korea's ironclad accounts, and some have set themselves up against former leader Kim Jong Il, claiming that he had filed a lawsuit in 1970 the beginning of his rise to power. Hundreds of hundreds, he believed, at the same time provided the government with the hard-earned money needed by those who violated the integrity of the US economy. Self-deception is an attempt to eliminate it.

According to the Task Force Service, at the height of the fraud, the North Korean government receives about $ 15 million annually. The bills ended around the world, supposedly spreading to an Irish citizen and encouraged by a small bank in Macau. The North Koreans are believed to have added to the forgotten agenda and other atrocities. They range from the illicit sale of opiates and metamphetamines to the sale of western misconduct and the bankruptcy of animals killed in diplomatic bags. In total, the Official Research Service claims that it makes more than $ 500 million a year from its malicious activities.

North Korean Hackers Rob Banks Around the World

In the first decade of the 2000s, the United States attempted to end North Korea's atrocities, especially its treachery. It is a legal scheme that extends to more than 130 countries in the area of ​​human trafficking, millions of dollars in fraudulent loans. In a dramatic incident, authorities arranged a wedding on the coast of Atlantic City, New Jersey to allow suspects to be arrested at the time of the incident. The US Treasury has expanded its powers under the Patriot Act by imposing fines on the alleged Macau bank and freezing assets of up to $ 25 million.

A great deal in the US has worked. By 2008, the volume of information had dropped dramatically. An FBI agent at the US operations with Vice added: "If the labels are gone, I would probably expect North Korea to end. Maybe they'll find something else easier to do. fake after losing their distribution network for writing. "Under pressure from US researchers and affiliates for 2013 of the $ 100 bill, North Koreans are turning to the norm new way of filling their wallets.

Don't be surprised if evil becomes one of them. According to The New York Times, North Korea's leadership is responsible for identifying young people and educating them on computer systems in China, or - representing the United Nations - in the United States. At the end of their research, the Koreans lived abroad, mainly in China, while working hard. They have a better Internet connection, and disregard the links between the North Korean government, but at the same time prevent US sanctions.

These North Korean hackers are increasingly pursuing financial institutions around the world. Their methods are bold, though not always successful. In their most successful endeavors, they coordinate the integration of financial institutions with the global financial system. By redefining the features of this system, and threatening to think that their competitors are potential users, they have allowed millions of dollars to transfer to the accounts they control. They have produced their files and documents and financial records, triggering warnings and updates at IFI. Most people mistake that hackers have protected hundreds of thousands of computers around the world to collect ransomware expensive data. Through their successes and failures, they have learned to adapt and refine their careers and to develop their work to become stronger.

Even with a record-breaking record, these attempts to crack down on the global financial system have been a failure. There has been a lot of repercussions from the protests in the North; Almost all of the United Nations was responsible for $ 2 billion, a huge investment in the country and a net worth of nearly $ 28 billion. As North Korea continues its nuclear weapons and intercontinental ballistic missiles, cyber attacks are helping to raise funds. These jobs are so large that they have little to no prioritizing their actions before the law. The benefit of robbers is much better now.

North Korean Hackers Rob Banks Around the World

However, as with hunting, the advantage of making money for North Korea is far more than seeking money. If successful, it would be less likely to violate the integrity of global markets by removing transactional records and distorting the financial reality. This tactic is good for the public authorities, but the risk is huge. On the eve of the Iraq war, the New York Times reported that the United States had planned to recover Saddam Hussein's loans, but decided not to do so, in fear of a possible counterfeit of diplomatic fraud. government, harming the US economy and global stability. , In 2014, the NSA Review Committee of President Barack Obama and the US pledged not to break and break financial records. This, he says, can have negative effects on the future of the economic world.

NGEST INTERNATIONAL DEVELOPMENT It is a scary subject in the imagination. Not only is it illegal, it is a huge return on investment. In the US, the average bank robber is bringing in $ 4,000 cash, and the average bank robber only had three robberies before being arrested. The property market of the other is better, but not by much. Powerful helmets, such as the Banco Central robbery in Brazil in 2005, often cost months in secret shootings, worth millions of dollars, but most of the great work ends in in vain.

North Korean Hackers Rob Banks Around the World

North Korean authorities have found good ways to loot the banks. They did not need to push the concrete or towels under the curtains to earn money, and it was not necessary to use force or intimidation. Instead, they simply hacked the bank's computer to give it a go. To do this, they are aiming for a major international business system called the Worldwide Interbank Financial Telecommunication Society, or SWIFT. SWIFT has been around since the 1970s. Its 11,000 financial institutions in more than 200 countries process millions of dollars daily. Daily exports are in the trillions of millions of dollars, surpassing the national revenues of most countries. Many SWIFT financial institutions have specialized user accounts for selected SWIFT systems to transact their business to other banks around the world. BAE Systems and Kaspersky's analysis of microbial enterprises, as well as reports from the Telephone, illustrate how the non-Northern people are responding to these accounts.

The Central Bank is the winner of some of its funds at the Federal Reserve Bank of New York, which is used by the Central Bank to negotiate international agreements. On February 4, 2016, the Bank initiated a three-million-day bankruptcy. According to SWIFT transfer applications, the bank expects some of its assets in New York to be about $ 1 billion. The US has been reduced to more counties in Sri Lanka and the Philippines.

Related imageNorth Korean Hackers Rob Banks Around the World

About the same time and halfway around the world, a painter at the Central Bank of Bangladesh stopped working. A full HP LaserJet 400 burner, located in a 12-by-8-foot window. The tool is very important: day and night it publishes physical records of SWIFT bank transactions. When workers arrived on the morning of February 5, nothing was found in the publisher's car. They were assigned a hand towel but failed; a computer retailer affiliated with the SWIFT network sent an error message saying the file was missing .. The staff was blind to the work done on their clothes. The resident dog publisher is an uninvited dog - a sign that something is wrong, but it is not immediately known.

This is not just a mechanical failure. However, this is the end of the Korean and North Korean training camp. The smart hacking mechanism was directed not to the SWIFT system itself, but to the machine to which Bangladeshis connect. The Special Accounts used by the Central Bank of Bangladesh to communicate with the system are powerful, including the ability to create, approve and submit new transactions. By focusing their spies on the network and bank users, hackers will eventually gain access to these accounts.

North Korean Hackers Rob Banks Around the World

It took a long time to figure out how Bangladeshis can connect with SWIFT and access their opportunities. However, despite the fact that the bankers are working on the banking network to coordinate their work - a process that has long been clear - the Central Bank of Bangladesh cannot find it. Part of the reason is that banks do not pay close attention. After the hack, according to Reuters, police revealed that there were several unsafe operations, including low hardware and no security system, which made it easier for the lazy to participate. to sensitive computers.

Once hackers have access to fast pockets, they can run projects such as any authorized user. To avoid detection, they have put in place a special malicious code to prevent internal checks on the SWIFT system. The worst thing is that they produce drugs, which pass the bank's whereabouts of money, and question the authenticity of the journals that support these and all major financial institutions. The North's casualty over these failures is the steam at the heart of the system. They replaced the machine with a malicious code and had the opportunity to process their requests for criminal translation.

Thus, the assailants filed their bail application in New York with no one in Bangladesh. But New York Fed officials have found something wrong. When they saw a strange kind of Bangladeshi exchange, they thought that most of the hosting accounts were foreigners, not other banks. They questioned many interpretations and requested clarification.

North Korean Hackers Rob Banks Around the World

After Bangladesh managed to re-establish their computer systems, they were aware of the complexity of the situation. A recently updated converter has shattered the transfer records, including many who appear to be depressed. Once the central bankers have approached their counterparts in New York, it has been a long time. The week had come, and American workers returned home; Fortunately Korean tourists were available during the operation, or at least well planned. Bangladeshi banks stayed days until Fed workers returned to work.

On Monday brought some announcements. The good news is that cautious lenders at the New York Fed prevented much of the deal worth more than $ 850 million. This included applying for a $ 20 million transaction with a different beneficiary: the Shawl Fund in Sri Lanka. It seems that the activists are calling for the establishment of the "Scarf Foundation", although there is no non-profit organization with this name, despite its proper title, it seems to exist. If this misunderstanding helped the analysts warn about fraud, it would be considered one of the highest rates in history, not least for publishers.

The bad news is that many agreements have been passed. The transaction resulted in $ 81 million being sent to banks at the Bank of Rizal in the Philippines. There is less luck with Rizal Bank, which has invested in many casino related accounts. The man, claiming the money was allegedly stolen from the accounts on February 5 and 9 - was the last to come after Bangladeshis warned Bank Bank of deception. (The bank did not respond to requests for comment.) Of the $ 81 million it sent to Rizal's bank, it was estimated at only $ 68,356. The rest is resting.

Researchers from BAE Systems, an English company, began investigating bank players and found several pieces of evidence indicating North Koreans were criminals. They linked some of the code used during the Bangladesh invasion of North Korean hackers, especially in 2014 against Sony. The indictment turned out to be a strategic decision: from the distant world and their homes and offices, North Korean insurgents smuggled trade records, used by a commercial intelligence agency, and carried one of the largest bank robber in history.

North Korean Hackers Rob Banks Around the World

WHEN it comes to conformity with Bangladesh's policy, it is only part of what has been accepted as an international conference. The target for this project is the Bank of South Asia, not publicly named. In this second round, the hunters achieved a series of well-organized events. It looks like they organized their project through a server hosted by the bank's website.

In December 2015, these firms celebrated their unfortunate move from one investor to another at the bank. He led a powerful SWIFT program that linked the bank to the global financial system. Last month, hackers offered additional tools to start navigating the target network and allowing malicious code to interact with SWIFT. On January 29, 2016, hackers tested several of these devices. They did the same in their work in Bangladesh.

On February 4, when the insurgents began to crack down on payment applications in Bangladesh, they also adopted the SWIFT Bank system in Southeast Asia. However, unlike the reforms in Bangladesh, they have not yet developed fraudulent practices. Less than three weeks later, activists stopped operations at the second bank. Little is known about the nature of this violation.

Even after withdrawing funds from the Central Bank of Bangladesh, the lenders are still focusing on their secondary goals. In April, they released the key points to the bank's SWIFT server, likely to receive additional credit for strong credit ratings. These powers, which are key to SWIFT bank governance, are important for money theft.

But lately, the global financial crisis has plagued the world thanks to a study of BAE. SWIFT released new security updates in May in response to Bangladesh's catastrophe and concern over the integrity of the financial system. Ministries need to close down these tasks to achieve their goal. By July, they had begun testing new malicious code for this purpose. In August, they started adding code to the bank's SWIFT server, possibly with a view to transferring money quickly.

North Korean Hackers Rob Banks Around the World

It is here that, despite all the temptation and the introduction of the malicious code, the North Koreans face a major secret: the bank in Southeast Asia is doing better and better protected against and Bangladesh. In August 2016, more than seven months after the attackers were introduced in the beginning, the bank discovered the defects. They hired Kaspersky, a leading Russian news agency for surveillance. The attackers, knowing that the inspectors were happy and acted swiftly to prevent any bank activity, had taken large quantities of files to hide their footsteps, but lost some. This error allowed Kaspersky to see that most of the malicious code would be linked to one that would be used on the server side. side-by-side with a side-by-side headset. side-by-side with the retailer.

Research conducted by BAE Systems and Kaspersky has uncovered signs of controversy in the North. He has a fantasy that is bigger than a double bag. In fact, in January 2017, the North Koreans unveiled the system of law enforcement for our Polish and demanded that all visitors to its websites be sent a malicious code, most of which were financial institutions. North Korea has resolved this malicious code on over 100 corporate offices around the world, including telecommunications and telecommunications firms. The list includes World Bank, central banks from countries such as Brazil, Chile and Mexico, and other well-known financial institutions.

North Korean Hackers Rob Banks Around the World

The non-North Koreans are not always ready to make money. Their campaign involved many attempts to steal the most valuable resources, such as bitcoins, that were ignored by users around the world. They have also been considered for a number of bitcoin transactions, including a major one in South Korea called Youbit. In this case, Northern Ireland lost 17 billion dollars worth of its financial assets, despite refusing to say how much it meant. According to estimates by Group-IB, a microbrewery company, North Korea's revenues in cryptocurrency exchanges are less than $ 500 million. While the details or details of cryptocurrency exchanges cannot be confirmed, the magnitude of the problem illustrates the potential for devastation of North Korean nations and other financial institutions. special, almost hidden from view.

Cybersecurity companies are reaching out: North Korean people are paying attention to some of their tools for hacking and skulls from financial and security forces. In the same country that launched non-service attacks in 2009, it dismantled computers in South Korean firms in 2013 and sacked Sony in 2014, now breaking into financial institutions. The country's most independent and preventative government in the world, as it continues to raise funds for the purchase of deadly nuclear weapons, has been funded through advertising. A new way of exchanging land and online activities. More than ever.

The owners of the North have been very careful about some of the major development projects that are far from their borders. They can access the networks of banks around the world by using malicious codes, controlling knowledge, and most of them. They also developed an understanding of the SWIFT system and how banks are linked to it, and updated their strategies and tools to keep SWIFT's security updates up-to-date and on-going financial institutions. .

North Korean Hackers Rob Banks Around the World

But they do have a problem: in many cases, they have been committing fraud without receiving any money back. In some cases robbery has been prevented in the last stages of robbery. The North Island did not want a better way.

In the summer of 2018, hunters will try a new formula. The management of the Cosmos Cooperative Bank in India began a few months in June. In all cases, a deep understanding of the role of the bank has been given access to key components of their software framework. In the summer of 2018, these firms will be preparing for a new venture. Currently, they use ATM cards and electronic bank transfer to generate cash.

What is needed for a cash transaction with ATM is clear in the face of many North American executives: when bankers enter the banker's credentials, the bank returns in an ATM and withdraw money from this bank. The lack of a bank or physical office can significantly reduce the risk of detention. Earlier activists had created numerous criminal defenders on a small scale, including the National Bank of Blacksburg in Virginia. The trick is to get a credit card and a PIN to cheat an ATM and spend it.

North Korean Hackers Rob Banks Around the World

But even before the North Koreans did, the US intelligence service knew something was wrong. Despite the fact that the US government did not know about the financial institutions that the North Koreans regulated on August 10, the FBI issued a separate statement to the banks. In this regard, the board warned of a speedy program for withdrawing loans for ATMs through the disruption of small and medium sized banks. The violation is part of the pattern of what researchers call "free exercise" because it can be easily distributed by many. The FBI urged banks to monitor and improve their security practices.

North Korean Hackers Rob Banks Around the World

It doesn't matter. On August 11, the people of the North took their steps. In a window of just two hours, money transfers to 28 countries are made by working with ATM cards to make a real choice, moving money from machines around the world cost $ 100 to $ 2500. Although previous attempts in the North were unsuccessful because large bank transactions were difficult to get lost, they were easy to cancel, these tasks are broad, easy and fast. The total cost is $ 11 million.

North Korean Hackers Rob Banks Around the World

One question remained: how did the people of the North act? For each withdrawal, they violate Cosmos Bank's compliance system to allow ATMs to be released. Although they do have some information on customer accounts, it is not possible to obtain multiple PINs. Failure to provide these credentials will result in a failure to enforce the removal request.

Sacher Naumaan and other researchers at BAE Systems have proposed a project that is fully compatible with available data. They said that the North East ecosystem of Cosmos' computer systems would be fully integrated so that hackers could manipulate fraudulent registry applications. Finally, once the withdrawal request has been made through Cosmos Bank's international lending system, it may be redirected to a solution created by the lenders. This system validates the request and eliminates any false alarms from Space. The latest Indian police later confirmed this allegation in the Times of India.

As the end was successful, the hackers resumed Plan A. Two days later, three transactions began using Space Bank's SWIFT system at a Hong Kong intelligence firm. Kong, earning another $ 2 million. ALM Trading Limited was formed and registered with the government just a few months ago. His mysterious and invisible reputation on the internet makes it hard to know who he is or the end of the coin he wrote, even though it is claimed that the Giants collected money.

As Operation Cosmos raises questions about the legitimacy and credibility of financial institutions, it shows how North Koreans have a tendency to steal, remove, and manipulate financial information that may otherwise occur. it is a benefit that goes beyond raising money for the government. Future efforts can be made to do what is right, by using the SWIFT system and deception, to raise doubts about its reliability.

North Korean Hackers Rob Banks Around the World

There is no reason to think that the North American financial crisis has ended. For many years, its major brand has been a growing symbol of continuous improvement and improvement. The fact that the North Koreans are nothing but insignificant in comparison to their NSA counterparts is a hindrance to violence and fantasy. Or they may be underestimating the impact such as overcoming the effects of the destruction of thousands of computers, or changes to the most powerful financial information. By acquiring the necessary funds, they are changing the geopolitical landscape and improving their positions. Failing that, they will fail, but as long as their boxers have long been a major source of revenue for the government, they are aiming to see the credibility of global financial institutions. The days of discovery of the writing are over, but North Korea has posted a series of frauds and declines.

North Korean Hackers Rob Banks Around the World