Tag Archives: Attack

Facebook says it removed 1.5 million videos of the New Zealand mosque attack
March 17, 2019 6:00 am|Comments (0)

People take pictures on a pedestrian bridge, illuminated with colors of New Zealand’s national flag as a tribute to victims of the mosque shootings in Christchurch, in Jakarta, Indonesia, March 17, 2019. REUTERS/Willy Kurniawan

(Reuters) – Facebook Inc said it removed 1.5 million videos globally of the New Zealand mosque attack in the first 24 hours after the attack.

“In the first 24 hours we removed 1.5 million videos of the attack globally, of which over 1.2 million were blocked at upload…,” Facebook said in a tweet bit.ly/2HDJtPM late Saturday.

The company said it is also removing all edited versions of the video that do not show graphic content out of respect for the people affected by the mosque shooting and the concerns of local authorities.

The death toll in the New Zealand mosque shootings rose to 50 on Sunday. The gunman who attacked two mosques on Friday live-streamed the attacks on Facebook for 17 minutes using an app designed for extreme sports enthusiasts, with copies still being shared on social media hours later.

New Zealand Prime Minister Jacinda Ardern has said she wants to discuss live streaming with Facebook.

Reporting by Bhanu Pratap in Bengaluru; Editing by Richard Borsuk

Tech

Posted in: Cloud Computing|Tags: , , , , , , ,
Cyber attack on Malta bank tried to transfer cash abroad
February 13, 2019 6:03 pm|Comments (0)

VALLETTA (Reuters) – Bank of Valletta which accounts for almost half of Malta’s banking transactions, had to shut down all of its operations on Wednesday after hackers broke into its systems and shifted funds overseas.

FILE PHOTO: Malta’s Prime Minister Joseph Muscat at his office in Valletta, Malta January 9, 2019. REUTERS/Darrin Zammit Lupi/File Photo

Prime Minister Joseph Muscat told parliament the cyber attack involved the creation of false international payments totaling 13 million euros ($ 14.7 million) to banks in Britain, the United States, the Czech Republic and Hong Kong.

The funds have been traced and the Bank of Valletta is seeking to have the fraudulent transactions reversed.

Muscat said the attack was detected soon after the start of business on Wednesday when discrepancies were noticed during the reconciliation of international transactions.

Shortly after, the bank was informed by state security services that it had received information from abroad that the company had been the target of a cyber attack.

To minimize risk and review its systems, the Bank of Valletta suspended operations, shuttering its branches on the Mediterranean island, closing ATMs and disabling its website.

Muscat said the fact such an important financial institute had gone off line had impacted the economy and caused problems abroad for credit card holders who needed to make payments, such as to hotels.

Alternative arrangements were being made with credit card companies to help those affected.

Muscat said the Bank of Valletta was also considering how to resume its operations gradually to make sure that such an attack could not be repeated. He told lawmakers that depositors’ funds had not been touched.

“The money did not come from people’s (accounts) and the amounts have been traced,” he said.

The bank earlier told customers that their accounts and funds were “in no way impacted or compromised” and that it was working to resume normal services.

The bank is also carrying out an internal review to establish where exactly the attack originated from and how it was instigated.

Maltese banks have in the past reported cyber attacks but this was the first time that a lender had to shut down all of its operations as a result.

Reporting by Chris Scicluna; Editing by Crispian Balmer and Jane Merriman

Tech

Posted in: Cloud Computing|Tags: , , , , , , ,
Saipem revenues will not be impacted by cyber attack
December 13, 2018 12:01 pm|Comments (0)

MILAN (Reuters) – A cyber attack on Italian oil service contractor Saipem will have no impact on the group’s revenues, a spokesman said on Thursday.

Saipem, controlled by oil major Eni and Italian state-lender CDP, said earlier this week a hack had crippled more than 300 of its computers and brought down servers in the Middle East.

The attack used a variant of the notorious Shamoon virus, a development that links the case to a massive attack in 2012 on Saudi Aramco.

Reporting by Stephen Jewkes

Tech

Posted in: Cloud Computing|Tags: , , , ,
Cyber researchers, Ukraine warn of possible Russian attack
May 23, 2018 6:05 pm|Comments (0)

TORONTO/KIEV (Reuters) – Hackers have infected at least 500,000 routers and storage devices in dozens of countries, some of the world’s biggest cyber security firms warned on Wednesday, in a campaign that Ukraine said was preparation for a future Russian cyber attack.

The U.S. Department of Homeland Security said it was investigating the malware, which targets devices from Linksys, MikroTik, Netgear Inc (NTGR.O), TP-Link and QNAP, advising users to install security updates.

Ukraine’s SBU state security service said the activity showed Russia was readying a large-scale cyber attack ahead of the Champions League soccer final, due to be held in Kiev on Saturday.

“Security Service experts believe the infection of hardware on the territory of Ukraine is preparation for another act of cyber-aggression by the Russian Federation aimed at destabilising the situation during the Champions League final,” it said in a statement.

Cisco Systems Inc (CSCO.O), which has been investigating the threat for several months, has high confidence that the Russian government is behind the campaign, according to Cisco researcher Craig Williams. He cited the overlap of hacking code with malware used in previous cyber attacks that the U.S. government have attributed to Moscow.

Cisco, which uncovered the campaign several months ago, alerted authorities in Ukraine and the United States before going public with its findings about the malware it dubbed VPNFilter.

It also shared technical details with rivals who sell security software, hardware and services so they could issue alerts to their customers and protect against the threat.

Cisco described the mechanisms that the malware uses to hide communications with hackers and a module that targets industrial networks like ones that operate electric grids, said Michael Daniel, chief executive officer of Cyber Threat Alliance, a nonprofit group.

Slideshow (3 Images)

“We should be taking this pretty seriously,” said Daniel, whose group’s 17 members include Cisco, Check Point Software Technologies Ltd (CHKP.O), Palo Alto Networks Inc (PANW.N) and Symantec Corp (SYMC.O).

Cyber security firms, governments and corporate security teams closely monitor events in Ukraine, where some of the world’s most costly and destructive cyber attacks have been launched.

They include the first documented cases where hacks have caused power outages and the June 2017 NotPetya cyber attack that quickly spread around the world, causing network outages that lasted weeks at some companies. Victims included Beiersdorf AG (BEIG.DE), FedEx Corp (FDX.N), Merck & Co Inc (MRK.N), Mondelez International Inc (MDLZ.O) and Reckitt Benckiser Group Plc (RB.L).

Cisco said it does not know what the hackers have planned. The malware could be used for espionage, to interfere with internet communications or launch a destructive attack like NotPetya, according to Williams.

The Kremlin did not immediately respond to a request for comment. Russia has denied assertions by nations including Ukraine and Western cyber-security firms that it is behind a massive global hacking program that has included attempts to harm Ukraine’s economy and interfering in the 2016 U.S. presidential election.

VPNFilter has infected devices in at least 54 countries, but by far the largest number is in Ukraine, according to Cisco.

Netgear representative Nathan Papadopulos said the company was looking into the matter. He advised customers to make sure their routers are patched with the latest version of its firmware, disable remote management and make sure they have changed default passwords shipped with the device.

A Linksys spokeswoman had no immediate comment. MikroTik, TP-Link and QNAP could not be reached.

Reporting by Jim Finkle in Toron to and Pavel Polityuk in Live; Writing by Jim Finkle and Jack Stubbs; Editing by Mark Heinrich and Jeffrey Benkoe

Tech

Posted in: Cloud Computing|Tags: , , , , , ,
'Trustjacking' Could Expose iPhones to Attack
April 18, 2018 6:04 pm|Comments (0)

Have you used a friend’s laptop to charge your iPhone and gotten a prompt that says, “Trust This Computer?” Say yes, and the computer will be able to access your phone settings and data while they’re connected. And while it doesn’t feel like your answer really matters—your phone will charge either way—researchers from Symantec warn that this seemingly minor decision has much higher stakes than you’d think.

In fact, the Symantec team has found that hacks exploiting that misplaced “Trust” comprise a whole class of iOS attacks they call “trustjacking.” Once a user authorizes a device, they open themselves to serious and persistent attacks while their phone is connected to the same Wi-Fi network as a hacker, or even remote attacks when the devices are separated.

Adi Sharabani, Symantec’s senior vice president of modern operating system security, and Roy Iarchy, the modern operating system research team leader, will make that case Wednesday, in a presentation at the RSA security conference in San Francisco.

“Once this trust is established, everything is possible,” Sharabani told WIRED last week. “It introduces a new vector of attack.”

Sharabani and Iarchy’s presentation focuses largely on a feature known as iTunes Wi-Fi Sync, the tool that lets iOS devices sync with desktop iTunes over Wi-Fi. For this process you physically connect a mobile device to a computer once, indicate that the iOS device can trust the computer going forward, and then enable iTunes Wi-Fi Sync from the PC. After that the two devices can sync and communicate whenever they are on the same Wi-Fi network without any further approval from the iPhone or iPad.

It’s a reasonable and useful feature when used as intended. But an attacker could also plant a malicious computer—perhaps one shaped like a charging station or external battery—and trick people into connecting their devices and granting trust out of confusion or disinterest.

Once a trusted Wi-Fi Sync connection is established, attackers can not only do basic syncing, but also take advantage of controls meant for developers to manipulate the victim iOS device. A hacker could work quickly to install malware on the phone, or initiate a backup to gather data like a victim’s photos, app information, and SMS/iMessage chats. Attackers with trust privileges could also start watching a target device’s screen in real-time by initiating screenshots on the phone and then syncing them to the attack computer. Or they could play a long game, silently retaining their trusted status until it is long forgotten, for a future attack.

“We discovered this by mistake actually,” Sharabani says. “Roy was doing research and he connected his own iPhone to his own computer to access it. But accidentally he realized that he was not actually connected to his own phone. He was connected to one of his team members’ phones who had connected their mobile device to Roy’s desktop a few weeks before. So Roy started to dig into what exactly he could do and find out if he were an attacker.”

You can imagine a number of scenarios where this could work as a targeted attack. Everyone has places they visit regularly: an office, a coffee shop, the local library. Attackers could anticipate that a victim iOS device would regularly connect to the same Wi-Fi network as the trusted attacker computer—enabling clandestine, malicious backups with iTunes Wi-Fi Sync. The researchers point out that an attacker wouldn’t necessarily be geographically limited; after gaining a foothold, they could combine trustjacking with a type of attack called “malicious profiles,” which takes advantage of how iOS manages configuration packages for apps to get around access restrictions, establish continuous remote access. Beginning in iOS 10, though, Apple started making it harder for hackers to carry out malicious profile attacks.

It’s tempting to put the onus on the iPhone owner here; you shouldn’t, after all, connect with sketchy computers an trust them in the first place. And Apple, which declined to comment for this story, seems to agree. When Sharabani and Iarchy disclosed their findings to the company, it did add a second prompt in iOS 11 to require a device’s passcode as part of authorizing a new computer as trusted. This makes it more difficult for anyone other than the device owner to establish trust.

But Sharabani and Iarchy argue that it’s unreasonable to put it entirely on the user to make the correct choice about trusting a device, especially since the authorization persists indefinitely once it’s established. There’s also currently no way to see a list of devices that have outstanding trusted status.

In these transactions, iOS’s wording is also unhelpful. The prompts say, “Trust this computer? Your settings and data will be accessible from this computer when connected,” which might seem to mean that nothing will be exposed when the devices are no longer physically connected. In fact, given that Wi-Fi sync can be enabled in desktop iTunes without any involvement of the mobile device, there’s much more potential for long-term connection than users may realize.

Consider, too, that an attacker who successfully infects a target’s PC with malware can exploit the trust a victim grants his own computer. A user will obviously trust their own computer, and their phone and PC will frequently be on the same Wi-Fi network. So an attacker who has infected a target’s computer can get a two-for-one of also having regular access to the victim’s iOS devices.

“Apple took the very quick act of adding the passcode,” Sharabani notes. “With that said, this is a design problem. They could better design the future behavior of the features, but it will take them time to implement. That’s why it’s so important to alert users and raise awareness. Users need to understand the implications.”

Sharabani and Iarchy say they haven’t seen trustjacking attacks in the wild so far, but that doesn’t mean they aren’t out there or coming. And though Apple doesn’t offer a list of the computers an iOS device trusts, it is possible to scrub the trusted computers list entirely. In iOS 11 users can go to Settings > General > Reset > Reset Location & Privacy to get a clean slate, after which people can start to be more cognizant of which computers they authorize. (Note that doing this reset also revokes all specially granted app permissions.) Another helpful defense for users is to encrypt iOS device backups with a strong password. With this turned on, an attacker abusing Wi-Fi Sync can still make their own backups of a victim device, but they will be encrypted with whatever password the target chose.

The researchers see iOS’s authorization prompts as a single point of failure, where the operating system could provide a few more prompts in exchange for more layers of defense against trustjacking. No one wants one seemingly insignificant mistake to blow up in their face weeks or months later. But while users wait for Apple to architect long-term solutions, their best defense is to become discerning and extremely selective about doling out trust.

Smartphone Safety

Tech

Posted in: Cloud Computing|Tags: , , , ,
Games organizers confirm cyber attack, won't reveal source
February 11, 2018 6:00 am|Comments (0)

PYEONGCHANG, South Korea (Reuters) – Pyeongchang Winter Olympics organizers confirmed on Sunday that the Games had fallen victim to a cyber attack during Friday’s opening ceremony, but they refused to reveal the source.

The Games’ systems, including the internet and television services, were affected by the hack two days ago but organizers said it had not compromised any critical part of their operations.

“Maintaining secure operations is our purpose,” said International Olympic Committee (IOC) spokesman Mark Adams.

“We are not going to comment on the issue. It is one we are dealing with. We are making sure our systems are secure and they are secure.”

Asked if organizers knew who was behind the attack, Adams said: “I certainly don’t know. But best international practice says that you don’t talk about an attack.”

The Winter Games are being staged only 80km (50 miles) from the border with North Korea, which is technically still at war with the South since their 1950-1953 war ended in a truce rather than a peace treaty.

The two teams marched together at an Olympics opening ceremony for the first time since 2006.

South Korea has been using the Pyeongchang Games to break the ice with the reclusive North, which has been trading nuclear threats with the United States recently.

“All issues were resolved and recovered yesterday morning,” Pyeongchang organizing committee spokesman Sung Baik-you told reporters.

“We know the cause of the problem but that kind of issues occurs frequently during the Games. We decided with the IOC we are not going to reveal the source (of the attack),” he told reporters.

Russia, which has been banned from the Games for doping, said days before the opening ceremony that any allegations linking Russian hackers to attacks on the infrastructure connected to the Pyeongchang Olympic Games were unfounded.

“We know that Western media are planning pseudo-investigations on the theme of ‘Russian fingerprints’ in hacking attacks on information resources related to the hosting of the Winter Olympic Games in the Republic of Korea,” Russia’s foreign ministry said.

“Of course, no evidence will be presented to the world.”

Cyber security researchers said in January they had found early indications that Russia-based hackers may be planning attacks against anti-doping and Olympic organizations in retaliation for Russia’s exclusion from the Pyeongchang Games.

Stakeholders of the Olympics have been wary of the threat from hacking and some sponsors have taken out insurance to protect themselves from a cyber attack. [nL4N1PX1HV]

Editing by Peter Rutherford

Tech

Posted in: Cloud Computing|Tags: , , , , , , ,
U.S. to blame North Korea for 'WannaCry' cyber attack: sources
December 19, 2017 12:50 am|Comments (0)

WASHINGTON (Reuters) – The Trump administration is expected on Tuesday to publicly blame North Korea for unleashing a cyber attack that crippled hospitals, banks and other companies across the globe earlier this year, said two sources familiar with the matter.

The accusation that the North Korean government was behind the so-called WannaCry attack comes as worries mount about North Korea’s hacking capabilities and its nuclear weapons program.

The U.S. government has assessed with a “very high level of confidence” that a hacking entity known as Lazarus Group, which works on behalf of the North Korean government, carried out the WannaCry attack, a senior administration official said. The official spoke on condition of anonymity to discuss details not yet public.

The White House did not immediately respond to a request for comment.

The public condemnation will not include any indictments or name specific individuals, the official said. But the shaming is designed to hold North Korea accountable for its actions and “erode and undercut their ability to launch attacks,” the official said.

North Korean government representatives could not be immediately reached for comment. The country has repeatedly denied responsibility for WannaCry and called other allegations about cyber attacks a smear campaign.

Lazarus Group is widely believed by security researchers and U.S. officials to have been responsible for the 2014 hack of Sony Pictures Entertainment, which destroyed files, leaked corporate communications online and led to the departure of several top studio executives.

Sony also suspended release of a comedy film that portrayed North Korea’s ruler, Kim Jong Un, because of threats issued by the hackers.

Then-U.S. President Barack Obama condemned Pyongyang for the Sony hack, vowing at the time to “respond proportionally.” No indictments have been brought in the Sony case.

Reporting by Dustin Volz; Editing by Jonathan Weber and Peter Cooney

Tech

Posted in: Cloud Computing|Tags: , , , , , , ,
British shipping firm Clarkson reports cyber attack
November 29, 2017 12:16 pm|Comments (0)

(Reuters) – British shipping services provider Clarkson Plc said it was subject to a cyber security incident and warned that the person or persons behind the incident may release some data on Wednesday.

“As soon as it was discovered, Clarkson took immediate steps to respond to and manage the incident,” the company said.

“Our initial investigations have shown the unauthorized access was gained via a single and isolated user account which has now been disabled,” Clarkson said.

The London-headquartered company said it had been working with the police on the incident.

Reporting by Rahul B in Bengaluru; Editing by Maju Samuel

Our Standards:The Thomson Reuters Trust Principles.

Tech

Posted in: Cloud Computing|Tags: , , , , , ,
In WannaCry’s Wake, a New Rapidly Spreading Ransomware Attack Appeared Today
June 21, 2017 5:20 am|Comments (0)

A week after WannaCry induced worldwide panic, another vicious ransomware attack is currently underway.

Read more…


Uncategorized

Posted in: Web Hosting News|Tags: , , , , , , ,
Supply chain attack hits Mac users of HandBrake video converter app
May 8, 2017 3:40 pm|Comments (0)

Hackers compromised a download server for HandBrake, a popular open-source program for converting video files, and used it to distribute a macOS version of the application that contained malware.

The HandBrake development team posted a security warning on the project’s website and support forum on Saturday, alerting Mac users who downloaded and installed the program from May 2 to May 6 to check their computers for malware.

The attackers compromised only a download mirror hosted under download.handbrake.fr, with the primary download server remaining unaffected. Because of this, users who downloaded HandBrake-1.0.7.dmg during the period in question have a 50/50 chance of having received a malicious version of the file, the HandBreak team said.

To read this article in full or to leave a comment, please click here


Uncategorized

Posted in: Web Hosting News|Tags: , , , , , , ,