Over 12,000 Google Users Hit by Government Hackers in 3rd Quarter of 2019

By: sikur

By 

As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year.

According to a report published by Google’s Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with “credential phishing emails” that tried to trick victims into handing over access to their Google account.

Google’s TAG tracks over 270 government-backed hacking groups from over 50 countries that are involved in intelligence collection, stealing intellectual property, destructive cyber attacks, targeting dissidents, journalists, and activists, or spreading coordinated disinformation.

The alerts were sent to targeted users between July and September 2019, which is consistent within a +/-10 percent range of the number of phishing email warnings sent in the same period of 2018 and 2017, the company said.

These warnings usually get sent to the potential targets, which generally are activists, journalists, policy-makers, and politicians. However, if you have received any such alert, do not freak out straight away — it doesn’t necessarily mean that your Google account has been compromised.

Instead, it means a state-sponsored hacker has tried to gain access to your Google account using phishing, malware, or another method, and you should take a few extra steps to secure your account.

“We encourage high-risk users—like journalists, human rights activists, and political campaigns—to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts,” Google said.

While the government-backed phishing attack warnings were sent to affected users in 149 countries, the United States, Pakistan, South Korea, and Vietnam being the most heavily targeted ones, according to the map shared by Google.

Google has been warning individual Google account users since 2012 if the company believes government-backed hackers are targeting their account via phishing, malware, or some other tactics.

Just last year, Google also started offering these email attack alerts to G Suite administrators so they can take action to protect their users and so their organization as well.

High-risk users can take some necessary security measures that will help prevent compromise of their accounts, including keeping their apps and software up-to-date and enabling 2-step verification (Google recommends its Authenticator app or a Security Key as the best methods than regular old text message).

Have something to say about this article? Comment below or share it with us on FacebookTwitter or our LinkedIn Group.

Source: https://thehackernews.com/2019/11/google-government-hacking.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

FBI Warns of Cyber Attacks Targeting US Automotive Industry

By: Sergiu Gatlan

The U.S. Federal Bureau of Investigation (FBI) Cyber Division warned private industry partners of incoming cyberattacks against the US automotive industry targeting sensitive corporate and enterprise data.

The Private Industry Notification (PIN) detailing this alert was seen by BleepingComputer after it was issued to partners by the FBI on November 19, Cyber Attack2019.

“The FBI has observed incidents since late 2018 in which unidentified cyber actors have increasingly targeted the automotive industry with cyberattacks to obtain sensitive customer data, network account passwords, and internal enterprise network details,” the agency says in the PIN.

“The FBI assesses the automotive industry likely will face a wide-range of cyber threats and malicious activity in the near future as the vast amount of data collected by Internet-connected vehicles and autonomous vehicles become a highly valued target for nation-state and financially-motivated actors.”

Financially motivated and state-backed actors taking on more targets

The automotive industry is facing an increased barrage of incoming malicious attacks and threats according to the FBI seeing that the wide range and large quantity of information it collects becomes progressively more valuable for threat actors.

More: https://www.bleepingcomputer.com/news

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

By: Mohit Kumar

The recent controversies surrounding the WhatsApp hacking haven’t yet settled, and the world’s most popular messaging platform could be in the choppy waters once again.

The Hacker News has learned that last month WhatsApp quietly patched yet another critical vulnerability in its app that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them.

The vulnerability — tracked as CVE-2019-11931 — is a stack-based buffer overflow issue that resided in the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks.

To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be programmed to install a malicious backdoor or spyware app on the compromised devices silently.

The vulnerability affects both consumers as well as enterprise apps of WhatsApp for all major platforms, including Google Android, Apple iOS, and Microsoft Windows.

According to an advisory published by Facebook, which owns WhatsApp, the list of affected app versions are as follows:

  • Android versions before 2.19.274
  • iOS versions before 2.19.100
  • Enterprise Client versions before 2.25.3
  • Windows Phone versions before and including 2.18.368
  • Business for Android versions before 2.19.104
  • Business for iOS versions before 2.19.100

The scope, severity, and impact of the newly patched vulnerability appear similar to a recent WhatsApp VoIP call vulnerability that was exploited by the Israeli company NSO Group to install Pegasus spyware on nearly 1400 targeted Android and iOS devices worldwide.

More: https://thehackernews.com

Australia’s parliamentary IT system hacked earlier this year: report

By: Reuters

The computer network of Australia’s parliament was hacked earlier this year and data was stolen from the computers of several elected officials, the Australian Broadcasting Corp reported.

Security agencies discovered the attack on Jan. 31 this year and monitored it for a week before shutting down the network, Senate President Scott Ryan told a parliamentary committee, according to the ABC.

During the time the network was compromised, two senators and a small number of lower house members had “non-sensitive” data stolen, the ABC reported without giving detail of the theft.

“A small number of users visited a legitimate external website that had been compromised,” the broadcaster quoted Ryan as telling the parliamentary committee on Thursday. “This caused malware to be injected into the parliamentary computer network.”

The parliament’s cybersecurity team stopped another attempted attack in late October, sending an email to users saying that malware had been detected in the system, the ABC reported. People on the parliamentary computer network were temporarily banned from accessing personal email accounts like Gmail, the broadcaster reported without citing sources.

In September, Reuters reported Australian intelligence officials had determined China was responsible for a cyber-attack on its national parliament and its three largest political parties before a general election in May.

The cyber intelligence agency, the Australian Signals Directorate, concluded in March that China’s Ministry of State Security was responsible for the attack but recommended keeping the findings secret to avoid disrupting trade relations with Beijing, Reuters reported.

More: https://mobile-reuters-com

That Bombshell Call Taylor Revealed Was Quite Possibly Monitored By Russians

By: Kate Riga

Despite the fact that Russians have proven themselves adept at listening in on U.S. officials’ calls made from Ukraine, Ambassador to the EU Gordon Sondland spoke to President Donald Trump on his cellphone from a restaurant in the country’s capitaol, as top Ukraine diplomat Bill Taylor revealed Wednesday.

In his testimony during the first public hearing of the impeachment inquiry, Taylor relayed that one of his staffers, David Holmes, overheard the call in which Trump expressed a keen an interest in launching a sham investigation against the Bidens.

As experts told the Washington Post, it is extremely unsafe in general to hold such calls over unencrypted cellphone lines, and all the more in a country infiltrated by Russian intelligence.

In 2014, the Kremlin actually leaked a call made in Ukraine that spies intercepted between the then-U.S. ambassador to Ukraine and an assistant secretary of state, where the latter made a rude remark about the EU, in an attempt to embarrass the U.S. and alienate its European allies.

More: https://talkingpointsmemo.com

Spyware Maker NSO Promises Reform but Keeps Snooping

By: Vindu Goel and Nicole Perlroth

The NSO Group’s building in Herzliya, Israel.Credit…Jack Guez/Agence France-Presse, via Getty Images

Recent revelations in India show that the threat from the company’s spyware to activists and journalists isn’t limited to autocratic regimes.

MUMBAI, India — Bela Bhatia, a human rights lawyer in the Indian state of Chhattisgarh, is accustomed to surveillance. She works in a region prone to both guerrilla violence and government reprisals, and the authorities do not like many of her clients.

Still, Ms. Bhatia said she was shocked to learn her phone had been infected with invasive spyware delivered through missed video calls on WhatsApp, a messaging service that is used by about 400 million people in India, WhatsApp’s biggest market.

“You are carrying the spy in the pocket with you everywhere you go,” she said. “It is much more than one had imagined that the Indian state could do.”

Ms. Bhatia is one of more than a hundred Indians who learned in recent months that every keystroke, call and GPS location on their phones had probably been recorded by the surveillance software, which is sold by the NSO Group, an Israeli firm.

More: https://www.nytimes.com

Privacy protection essential to shield human rights, says Microsoft’s Smith

By: Reuters

(Reuters) – Microsoft President Brad Smith said on Wednesday a “new wave” of data privacy protection and other security measures was needed to safeguard people’s rights at a time when “everything has gone digital”.

Speaking at Lisbon’s Web Summit, Europe’s largest tech conference, Smith said it was important to protect privacy, something he sees as a “fundamental human right” and one of the next decade’s most critical issues.

“It’s why I believe we will not only need a new wave of technology but a new wave of privacy protection as well, a new wave of security protection, a new wave of measures to protect the ethics and human rights associated with artificial intelligence (AI),” he said.

He gave no details of any concrete measures he was proposing.

Tech companies such as Microsoft and rival company Apple have been under mounting pressure to do more to protect users’ data.

In August this year, the Dutch Data Protection Agency said Microsoft was remotely collecting data from users of Windows Home and Windows Pro.

More: https://www.nytimes.com

Sikur anuncia plataforma de comunicação segura na nuvem

By: TI Inside Online

Os especialistas em comunicações seguras do Sikur estão lançando, no WebSummit 2019, em Lisboa, o SIKUR Messenger – uma Plataforma de Comunicação Segura pronta para ambientes de Nuvem Privada e em White Label, atendendo a crescente demanda do Mercado Corporativo e Governamental, onde a questão de soberania fundamental é crucial.

“Desde 2016 estudamos e analisamos as necessidades destes mercados para proteger um dos seus maiores ativos – a informação. Notamos o crescente uso de soluções não corporativas – WhatsApp e Telegram – por exemplo, são ineficientes do ponto de vista de segurança e geram inúmeros problemas de Governança”, diz Fábio Fischer, CEO do Sikur.

Aplicativos gratuitos, como WhatsApp e Telegram, cresceram e ganharam muito em popularidade nos últimos anos. Aproximadamente 90% dos usuários de dispositivos móveis possuem um destes aplicativos instalados. No entanto, apesar da estatística estar muito relacionada a usuários de consumo, muitas organizações (incluindo entidades governamentais) também utilizam tais aplicativos para suas atividades – um erro estratégico.

Consultorias especializadas, como o Gartner – que produzem relatórios relevantes como Market Guide for Secure Mobile Communications – indicam que:

  • Líderes de mobilidade e segurança nas organizações devem selecionar e implementar soluções seguras de comunicação instantânea;
  • Aplicativos gratuitos, como o WhatsApp, não oferecem recursos e a segurança que as organizações precisam;
  • Estes produtos devem proteger a confidencialidade das comunicações em redes móveis e sem fio.

Apesar do WhatsApp não ser usado como um aplicativo oficial de mensagens corporativas, ele é amplamente utilizado nos dispositivos pessoais dos funcionários e nos dispositivos das empresas, e uma vez explorado através de um ataque, o invasor tem controle completo e visibilidade de todos os dados no telefone.

O número crescente de casos de vazamento de informações nos últimos anos, como ocorreram no Governo Federal do Brasil, está diretamente ligado ao uso de aplicativos não corporativos ou e-mails, para assuntos Estratégicos do País, e geraram um grande alerta. Uma das perguntas mais frequentes é em qual domicílio esta informação está armazenada, qual o nível de segurança real do App, modelos de autenticação, bem como a segurança do dispositivo e do sistema operacional. A fragilidade de apenas uma dessas frentes gera um problema estrutural na questão de privacidade dos dados.

O amadurecimento quanto ao uso de ferramentas de comunicação apropriadas para o ambiente Corporativo vem ganhando espaço em grandes corporações – vide o caso da Gigante Alemã Continental – do ramo de autopeças, com mais de 240.000 empregados, que baniu o uso de WhatsApp para atividades corporativas, preocupando-se com questões de privacidade e vazamento de dados estratégicos.

Mais: https://tiinside.com.br

Brasileira Sikur vai se mudar para a França

By: Fernando Paiva

A startup brasileira Sikur, especializada em soluções móveis seguras para comunicação corporativa, vai mudar sua sede no ano que vem para a França, mais precisamente para o parque tecnológico de Sophia Antipolis, na Côte D’Azur. Trata-se do maior parque tecnológico da Europa. A primeira etapa da mudança consistirá na abertura de um escritório de pesquisa e desenvolvimento no local, em janeiro de 2020. A troca da sede acontecerá no segundo semestre do ano que vem, com a ida dos principais executivos, incluindo CEO, CFO, CTO e CSO. No Brasil ficará apenas a equipe comercial.

“Vamos ficar dentro de um cluster de cybersegurança de lá. Será um diferencial competitivo. Vai ter cross-selling com grandes empresas de segurança instaladas no mesmo lugar”, explica Fábio Fischer, CEO da Sikur.

Haverá também benefícios fiscais. O governo francês devolve em créditos fiscais entre 30% e 120% do que a empresa investir em pesquisa e desenvolvimento – o percentual depende de uma série de variáveis, como a formação e a origem dos pesquisadores envolvidos.

No próximo Mobile World Congress (MWC), em Barcelona, a Sikur já estará dentro do pavilhão francês, em vez do brasileiro.

Aporte e expansão

A mudança na sede acontece paralelamente ao anúncio de um aporte de US$ 5 milhões na Sikur por parte da DXA Investments, empresa brasileira que gere fundos de private equity. 60% desse valor será aplicado em pesquisa e desenvolvimento e 40%, em expansão internacional com foco nos mercados dos EUA, Japão e Emirados Árabes Unidos.

A Sikur tem hoje 3 mil usuários da sua plataforma de comunicação móvel corporativa segura Sikur Messenger. Ela compreende uma série de funcionalidades de comunicação, como chat, email, videoconferência, chamada de voz, troca de arquivos e navegação web, tudo criptografado. Essa base terá um salto de 200 vezes no ano que vem, quando a companhia espera conquistar 600 mil novos usuários. Um dos principais motivos para tal crescimento é a assinatura de acordos de parceria para distribuição em mercados-chave, como Japão, EUA,  Emirados Árabes e Brasil. “Até então a gente estava focado na qualidade do produto. Agora temos o apoio de um fundo de investimento e distribuidores globais”, explica Fischer.

Mais: https://www.mobiletime.com.br

Chinese Hackers Just Gave Us All A Reason To Stop Sending SMS Messages

By: Zak Doffman

 

If you take any interest in the nation-state cyberattacks that have picked up apace in recent months, then you’ll be no stranger to China’s attacks on international telecoms networks. As data sources go, telcos are an intel goldmine—personally identifiable information, call metadata, unstructured patterns to mine. Now the country’s state-sponsored hackers have demonstrated just how insecure the open SMS technology built into those telco infrastructures has become. Put simply, if you haven’t already shifted to an encrypted platform, now is the time to do so. Such is the vulnerability of SMS messaging, that attackers can monitor for keywords en masse within the network itself. And, as ever, if one attack has shown the way others will be sure to follow.

Back in June, I reported on research claiming that APT10—one of China’s state-sponsored hacking groups, had compromised the systems of at least ten cellular carriers, targeting specific individuals. Now, a new report from FireEye has outed another campaign along similar lines. Meet APT41—I last reported on this group of “prolific” hackers back in August, when they were exposed—again by FireEye—for “brute force” campaigns against selected industries to collect large volumes of data, from which specific entries could be mined. In that campaign, telcos were front and centre. As one of FireEye’s analysts told me at the time, APT41 was likely targeting “a specific set of individuals, but it’s also interesting for telcos more generally, the role they play, being a first target within new regions that APT41 is moving into.”

And so to this latest research. FireEye has reported that APT41 has been infecting Short Message Service Centre (SMSC) servers within cellular carriers with a malware tool dubbed MESSAGETAP. Those SMSC servers route messages from sender to receiver, they also store the message content itself, enabling it to be forwarded when a recipient connects to a cellular network. To successfully attack this architecture gives open access to the core SMS traffic and content across the entire network.

More: https://www-forbes-com.cdn.ampproject.org