Over 12,000 Google Users Hit by Government Hackers in 3rd Quarter of 2019

By: sikur

By 

As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year.

According to a report published by Google’s Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with “credential phishing emails” that tried to trick victims into handing over access to their Google account.

Google’s TAG tracks over 270 government-backed hacking groups from over 50 countries that are involved in intelligence collection, stealing intellectual property, destructive cyber attacks, targeting dissidents, journalists, and activists, or spreading coordinated disinformation.

The alerts were sent to targeted users between July and September 2019, which is consistent within a +/-10 percent range of the number of phishing email warnings sent in the same period of 2018 and 2017, the company said.

These warnings usually get sent to the potential targets, which generally are activists, journalists, policy-makers, and politicians. However, if you have received any such alert, do not freak out straight away — it doesn’t necessarily mean that your Google account has been compromised.

Instead, it means a state-sponsored hacker has tried to gain access to your Google account using phishing, malware, or another method, and you should take a few extra steps to secure your account.

“We encourage high-risk users—like journalists, human rights activists, and political campaigns—to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts,” Google said.

While the government-backed phishing attack warnings were sent to affected users in 149 countries, the United States, Pakistan, South Korea, and Vietnam being the most heavily targeted ones, according to the map shared by Google.

Google has been warning individual Google account users since 2012 if the company believes government-backed hackers are targeting their account via phishing, malware, or some other tactics.

Just last year, Google also started offering these email attack alerts to G Suite administrators so they can take action to protect their users and so their organization as well.

High-risk users can take some necessary security measures that will help prevent compromise of their accounts, including keeping their apps and software up-to-date and enabling 2-step verification (Google recommends its Authenticator app or a Security Key as the best methods than regular old text message).

Have something to say about this article? Comment below or share it with us on FacebookTwitter or our LinkedIn Group.

Source: https://thehackernews.com/2019/11/google-government-hacking.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

My devices are sending and receiving data every two seconds, sometimes even when I sleep

By: sikur

By Simon Elvery

When I decided to record every time my phone or laptop contacted a server on the internet, I knew I’d get a lot of data, but I honestly didn’t think it would reveal nearly 300,000 requests in a single week.

On average, that’s about one request every two seconds.

In this instalment of the #DataLife project I’m going to take a broad look at what all those requests are doing and break down some details about what I’ve found in the data so far.

How much data did your phone and laptop send and receive?

There are a few different ways to answer the question ‘how much’. The easiest to understand is simply the number of times my devices contacted another server — that’s the 300,000 number from above, but that’s not at all evenly spread over the week.

In one hour — between 8am and 9am on a Tuesday morning — there were more than 11,000 requests. That’s more than three per second.

This is what it looks like as a chart covering the whole seven days.

Number of requests per 15-minute block

 

I’m a little taken aback at just how many requests — and by extension, how much data about me and what I do — gets sent to organisations around the world from my devices. And just how many organisations there are.

Of course not all of these requests are sharing intimate private details about my life, but all of them — every single one — is sharing something about me.

Exactly how that something is used depends entirely on the organisation at the other end of the request and has an unknown, maybe even unknowable, effect on my privacy.

Are your devices sending and receiving data when you’re not using them?

They sure are. The quietest times fall — predictably — overnight. But even while I’m sleeping my devices are pretty busy talking to various companies.


Apple was the company contacted most
frequently overnight, but there were
plenty of others.

  Source: ABC News

For example, here are the 841 times my devices made contact with 46 different domains between 10pm and 6:30am on the second night of the experiment.

Most of these requests are background updates for things like my email and calendar or synchronisation that various apps like Dropbox or iCloud perform.

But exactly what each of them is doing is quite difficult to tell.

And some of them are a little surprising, like the TripIt app, which seems to be checking in every hour or so, presumably to see if I’ve booked any new flights.

What’s doing the talking?

One of the first things that jumped out at me from the data was the astonishing number of different apps and programs that are accessing the internet from my devices.

The apps at the top of the list are pretty unsurprising:

  • Google Chrome appears to account for the top two entries. It’s the browser I used by default (a decision I might review).
  • At number three is Airmail, the app I use most for email.
  • As a relatively heavy Twitter user, I’m unsurprised to find Tweetbot at number four.
  • At number five is Slack, which I use for work chat among other things.

But the full list shows that 298 different pieces of software made requests during the seven-day period.

What companies are getting that data?

The easiest place to start when trying to answer this question is to simply count the number of requests to each domain.

Google is absolutely dominant, with nearly one in five requests being made to a google.com server — and that doesn’t include the many country- or product-specific Google-owned domains also in the data.

Unfortunately, it’s extremely difficult to tell which requests are useful to me and which are simply for tracking my behaviour, interests and habits for commercial benefit while delivering me no benefit at all.

What about tracking? Can you tell how much it’s happening and who is getting that info?

Well, kind of.

One way to sift requests that are tracking my web-browsing or other behaviour from the rest is to identify which domain names are known to be used by tracking tools. And thanks to your help identifying them, along with a few other databases compiled by various privacy preserving products, that’s not too hard to do.

Using their list to summarise the whole week of request data, it looks like up to 72 per cent of all requests are made to a server which is likely to be tracking my behaviour in some way.

Google tops this list for me too, with 23 per cent of requests. The other big trackers identified in my data are Microsoft (14 per cent), Twitter (13 per cent) and Chartbeat (4 per cent).

Of course, a lot of these requests are part of providing me with useful services — search and email, for example — which highlights another problem with how the modern web works. Many of the requests that are tracking our behaviour are also integral to the site/app/service functioning at all.

So many apps and websites are simply impossible to use while also avoiding being tracked.


Source: https://www.abc.net.au/news/2018-11-16/datalife-i-spied-on-my-phone-and-here-is-what-i-found/10496450

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

More companies use multi-factor authentication, but security still weak from poor password habits

By: sikur

Users still have to juggle far too many passwords, which leads to password sharing, reuse, and other bad habits, according to a new report from password manager LastPass.

Organizations spend a lot of time, money, and energy protecting themselves from hackers and cybercriminals. Much of that effort goes toward securing their networks, data, and other assets. But all that security can go only so far if your employees aren’t protecting their own logins, accounts, and information. Such tools like multi-factor authentication has gained traction, but the poor use and management of passwords remains a thorn in the side of security, says a report released Tuesday by LastPass.

In an analysis of more than 47,000 organizations around the world that use LastPass for password management, LastPass found that 57% adopted multi-factor authentication (MFA), up 12 percentage points from last year’s report. Drilling down, 95% of employees who used MFA go through a software program such as a mobile app. Only 4% used a hardware solution, while just 1% used biometrics such as facial or fingerprint recognition.

Among employees using MFA with LastPass, LastPass Authenticator is the most popular option at 39%. Duo Security is the top choice among 31%, while Google Authenticator is most popular among 24of respondents. Other choices included Yubikey at 4% and Microsoft Authentication at 1%.

Among businesses, those in the technology and software sector were most likely to adopt MFA for login authentication, with 37% of employees using it. The education sector is next with 33% of employees using it, followed by banking and financial with 32%. At the bottom of the list, the insurance and legal industries scored lowest for MFA implementation with only 20% of employees using it at each of the two industries.

The larger the organization, the greater the likelihood of using MFA. At businesses with more than 10,000 workers, 87% of the employees use MFA for login authentication. At businesses with 1,001 to 10,000 staffers, 78% of employees use MFA. At the lower end of the scale, companies with 26 to 100 workers have only 34% of employees who use MFA. And for businesses with up to 25 workers, only 27% use MFA.

Despite the increased adoption of MFA, the need for passwords is still a source of frustration and a persistent area of weakness in the face of other security measures. Much of that is due to the sheer number of passwords that workers must juggle, a burden that varies based on the size of the company. At large companies with 1,001 to 10,000 workers, where single sign-on methods may be more prevalent, the average employee must maintain around 25 passwords. But at smaller companies with 1 to 25 workers, where fewer authentication resources and technologies are available, the average employee must grapple with 85 different passwords.

The volume of passwords as well as other factors can lead to such tendencies as password sharing. Many departments and groups may own just one or two licenses for a service that several employees and external contractors must access. The one or two passwords set up and required to use this service may then get shared among all the parties involved, opening the door to security risks.

The need to juggle so many passwords also leads to password reuse. Employees easily rely on the same or similar passwords across multiple accounts, applications, services, and sites. A password that’s stolen or compromised for one account can then be used by a hacker to gain access to other accounts from the same user.

To help organizations better manage their login security and authentication, LastPass offers the following pieces of advice:

  • Take access security seriously. Too often, we see businesses ignore password security altogether or only half-heartedly attempt to address it. When 80% of breaches are still linked to passwords, an investment in Single Sign-On and Enterprise Password Management is one of the most effective ways to reduce risks across the organization.
  • Make a plan. Be thoughtful about the problems you’re trying to solve, the use cases you need to support, the features you require, and the solution you ultimately purchase. Understand what it will take to configure and deploy the solution. Create a detailed schedule for on-boarding employees and following up with those who are slow to adopt. Ensure that training for an access solution – including SSO and EPM features – is a part of your company’s new employee on-boarding and ongoing security education programs.
  • Mandate the use of a password manager. If you want to proactively secure your company and enforce the use of stronger passwords, you need to strongly consider requiring usage of a password manager for storing, generating, and sharing passwords.
  • Train, train, and train some more. Not only does training need to be a part of your original on-boarding plan, it needs to be an ongoing effort to encourage adoption and usage of security tools. Employees need to understand why they should use the tool, and how best to use it. They need to know how to generate new passwords and replace old ones that are weak or reused.
  • Add multi-factor authentication. Adding multi-factor authentication to your deployment of an access solution provides an extra layer of protection against bad passwords.
  • Regularly check your security score and keep tweaking your approach. When you first deploy an access solution, take note of your security score. Regularly check your scores and notice any trends that emerge. Consider creating a small group of people who are tasked with evaluating the success of implementation and try to keep improving security scores. Identify employees with low scores that need additional training.

To generate the report’s findings, LastPass anonymized and aggregated data from more than 47,000 organizations using LastPass. Though the data came only from LastPass users, the company said it feels that the conclusions are broad enough to apply to businesses at large.

Source: https://www-techrepublic-com.cdn.ampproject.org/c/s/www.techrepublic.com/google-amp/article/more-companies-use-multi-factor-authentication-but-security-still-weak-from-poor-password-habits/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Hong Kong Hacker Arrested in Blackmail for Bitcoin Case

By: sikur

By  Lubomir Tassev

Hong Kong Hacker Arrested in Blackmail for Bitcoin Case

A suspect in a case involving hacking, blackmailing and Bitcoin has been arrested in Hong Kong. A 30-year-old computer technician has been taken in custody in connection with cyberattacks against two travel agencies. The man risks years of imprisonment. Personal data of customers was held for ransom. Tour operators were asked to pay 1 Bitcoin for its release.

“Send the Bitcoin if You Want It Back”

Names, identity card numbers, passport details and phone numbers of 20,000 clients were part of the sensitive information. The companies, Big Line Holiday and Goldjoy Holidays, reported the hacking of their computers on January 1 and 2. They told police they had received emails from the unknown culprit who demanded 1 Bitcoin (about $15,000) to be paid as ransom.

Officers from Hong Kong’s Cyber Security and Technology Crime Bureau (CSTCB) raided an apartment on Cheung Chau Island and arrested the man, South China Morning Post reported. During the operation, police seized two desktop computers, two laptops, a tablet, three hard disks and five mobile phones. They also escorted the suspect to his workplace in Kowloon on Monday to gather more evidence. He has been described by local media as an “IT worker”, a “computer technician”. The man was handcuffed on Saturday night, January 6, at his home in Cheung Chau, The Standard reported.

The agencies were hacked on New Year’s Day when the attacker supposedly took advantage of weakened security of their websites. The companies received an email shortly after and were told to send the Bitcoin to a newly opened address. The author of the blackmail letter threatened that if they failed to pay the ransom the personal data of their customers would be posted on the internet Saturday, a police source told SCMP. After checking thousands of logs on the servers, the Cyber Security Bureau agents managed to identify the attacker’s IP address and trace it back to the suspect.

MORE: https://news.bitcoin.com/hong-kong-hacker-arrested-in-blackmail-for-bitcoin-case/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Bittrex Wallets Are Taken Offline as Companies Scramble to Patch the Intel Bug

By: sikur

By Kai Sedgwick

intel-bug

On Wednesday, the tech world was rocked by revelations of a computer chip vulnerability that exposes critical data. Meltdown and Spectre are the names assigned to the newly discovered flaws which primarily affect Intel chips. From a security perspective, the bug concerns everyone who uses an Intel-powered device to connect to the internet, which is pretty much everyone. But from a practical perspective, the bug is already making its presence felt: today Bittrex exchange was forced to take numerous wallets offline while Azure servers were patched.

Computer bugs and vulnerabilities are discovered all the time, but the Intel one is particularly nasty. It risks leaving passwords and other critical data exposed on billions of internet connected devices, from smartphones to PCs. While patches are being rushed out for the major operating systems, hackers are trying to find ways to exploit the vulnerability, which could provide them with complete system access. Spectre forces programs to leak confidential data, while Meltdown noses around in the system kernel for the same purpose.

Cryptocurrency holders, who already face a heightened threat from hackers, have good reason to be concerned. In addition to affecting personal computers, Spectre and Meltdown spell danger for cloud-based systems. Cloud computing providers store data from multiple clients on the same server. If that server were to be exploited, it would theoretically be possible for an attacker to access multiple accounts.

MORE: https://news.bitcoin.com/bittrex-wallets-taken-offline-companies-scramble-patch-intel-bug/?utm_source=OneSignal%20Push&&utm_medium=notification&&utm_campaign=Push%20Notifications

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Major chip flaws affect billions of devices

By: sikur

By Selena Larson

05ecb2e5b91941e7c06b5e848bd483e5.jpg

Two major flaws in computer chips could leave a huge number of computers and smartphones vulnerable to security concerns, researchers revealed Wednesday.

And a U.S. government-backed body warned that the chips themselves need to be replaced to completely fix the problems.

The flaws could allow an attacker to read sensitive data stored in the memory, like passwords, or look at what tabs someone has open on their computer, researchers found. Daniel Gruss, a researcher from Graz University of Technology who helped identify the flaw, said it may be difficult to execute an attack, but billions of devices were impacted.

Called Meltdown and Spectre, the flaws exist in processors, a building block of computers that acts as the brain. Modern processors are designed to perform something called “speculative execution.” That means they predict what tasks they will be asked to execute and rapidly access multiple areas of memory at the same time.

MORE: http://money.cnn.com/2018/01/03/technology/computer-chip-flaw-security/index.html?iid=hp-toplead-dom

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Segurança cibernética na era da advocacia 3.0

By: sikur

seguranca-cibernetica.jpg

A revolução digital é uma realidade que alcança os mais diferentes setores da economia e o mundo jurídico não constitui exceção. Pelo contrário. Na atual era da Advocacia 3.0, há inúmeros recursos advindos com a tecnologia que transformaram radicalmente o exercício da profissão.

Hoje, a rotina do setor envolve processos eletrônicos, documentos digitalizados, videoconferências, identificação biométrica, entre outras inovações. E a despeito da dificuldade experimentada por alguns profissionais na relação com essas novidades, elas vieram para conferir facilidade, dinamismo, escala e, consequentemente, vantagens a todos os lados da cadeia em um mundo global, sem fronteiras. Logo, são inexoráveis.

Mas usufruir de todos esses benefícios não é apenas uma questão de costume, familiaridade ou investimento em ferramentas. Quem precisa, deseja ou já está inserido nesse contexto virtual não pode negligenciar controles para proteção da informação.

Esse cuidado, que já compete a todo cidadão presente nos meios digitais, é ainda mais crítico no universo jurídico pela própria natureza da área, às voltas com dados sensíveis e sigilosos.

MORE: https://www.kroll.com/pt-br/intelligence-center/blog/seguranca-cibernetica-na-era-da-advocacia

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

15-Year-Old Apple macOS 0-Day Kernel Flaw Disclosed, Allows Root Access

By: sikur

By Swati Khandelwal
InkedCapture_LI.jpg

A security researcher on New Year’s eve made public the details of an unpatched security vulnerability in Apple’s macOS operating system that can be exploited to take complete control of a system.

On the first day of 2018, a researcher using the online moniker Siguza released the details of the unpatched zero-day macOS vulnerability, which he suggests is at least 15 years old, and proof-of-concept (PoC) exploit code on GitHub.

The bug is a serious local privilege escalation (LPE) vulnerability that could enable an unprivileged user (attacker) to gain root access on the targeted system and execute malicious code. Malware designed to exploit this flaw could fully install itself deep within the system.

From looking at the source, Siguza believes this vulnerability has been around since at least 2002, but some clues suggest the flaw could actually be ten years older than that. “One tiny, ugly bug. Fifteen years. Full system compromise,” he wrote.

MORE: https://thehackernews.com/2018/01/macos-kernel-exploit.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Fake Bitcoin Wallet Apps Removed from Google Play

By: sikur

By Ionut Arghire

bitcoin

Three fake Bitcoin applications were recently removed from Google Play after security researchers discovered they were tricking users into sending funds to their developers, mobile security firm Lookout has discovered.

The impressive increase in Bitcoin value over the past several months has stirred interest from individuals worldwide, including cybercriminals. The number of attacks involving the cryptocurrency has increased recently, and it appears that they moved to mobile as well.

Detected as PickBitPocket, the rogue applications in Google Play were designed in such a way that they provide the attacker’s Bitcoin address instead of the seller’s. The malicious programs registered a total of up to 20,000 downloads before Google removed them from the application storefront.

Basically, when attempting to buy goods or services from an Android device where a PickBitPocket wallet app is installed, the user ends up routing the Bitcoin payment to the attacker.

The three fake Bitcoin apps, Lookout reports, included Bitcoin mining, which had between 1,000 and 5,000 installs at the time it was removed, Blockchain Bitcoin Wallet – Fingerprint, which had between 5,000 and 10,000 installs, and Fast Bitcoin Wallet, with between 1,000 and 5,000 installs.

MORE: http://www.securityweek.com/fake-bitcoin-wallet-apps-removed-google-play

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Snowden Explains Why Telegram Messenger App is Unsafe

By: sikur

By Waqas

Snowden Explains Why Telegram Messenger App is Unsafe

For years, the ex-NSA (National Security Agency) whistleblower Edward Snowden has been raising awareness about so-called secure messaging applications or programs and publically criticised apps like Skype, Google Allo, and Telegram.

In fact, NSA documents leaked by him showed how Microsoft handed over plain text Skype chats of users to the agency. But today, citing the tense situation in Iran, the whistleblower has posted a series of tweets explaining why Telegram Messenger app is unsafe and it can be secured with little effort.

In his first tweet, Snowden wondered why an app like Telegram has unsafe and censorable public channels when it claims to provide secure messenger service. According to Telegram FAQ page, “Channels are a tool for broadcasting public messages to large audiences.”

MORE: https://www.hackread.com/snowden-explains-why-telegram-messenger-is-unsafe/

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist