Over 12,000 Google Users Hit by Government Hackers in 3rd Quarter of 2019

By: sikur


As part of its active efforts to protect billions of online users, Google identified and warned over 12,000 of its users who were targeted by a government-backed hacking attempt in the third quarter of this year.

According to a report published by Google’s Threat Analysis Group (TAG), more than 90 percent of the targeted users were hit with “credential phishing emails” that tried to trick victims into handing over access to their Google account.

Google’s TAG tracks over 270 government-backed hacking groups from over 50 countries that are involved in intelligence collection, stealing intellectual property, destructive cyber attacks, targeting dissidents, journalists, and activists, or spreading coordinated disinformation.

The alerts were sent to targeted users between July and September 2019, which is consistent within a +/-10 percent range of the number of phishing email warnings sent in the same period of 2018 and 2017, the company said.

These warnings usually get sent to the potential targets, which generally are activists, journalists, policy-makers, and politicians. However, if you have received any such alert, do not freak out straight away — it doesn’t necessarily mean that your Google account has been compromised.

Instead, it means a state-sponsored hacker has tried to gain access to your Google account using phishing, malware, or another method, and you should take a few extra steps to secure your account.

“We encourage high-risk users—like journalists, human rights activists, and political campaigns—to enroll in our Advanced Protection Program (APP), which utilizes hardware security keys and provides the strongest protections available against phishing and account hijackings. APP is designed specifically for the highest-risk accounts,” Google said.

While the government-backed phishing attack warnings were sent to affected users in 149 countries, the United States, Pakistan, South Korea, and Vietnam being the most heavily targeted ones, according to the map shared by Google.

Google has been warning individual Google account users since 2012 if the company believes government-backed hackers are targeting their account via phishing, malware, or some other tactics.

Just last year, Google also started offering these email attack alerts to G Suite administrators so they can take action to protect their users and so their organization as well.

High-risk users can take some necessary security measures that will help prevent compromise of their accounts, including keeping their apps and software up-to-date and enabling 2-step verification (Google recommends its Authenticator app or a Security Key as the best methods than regular old text message).

Have something to say about this article? Comment below or share it with us on FacebookTwitter or our LinkedIn Group.

Source: https://thehackernews.com/2019/11/google-government-hacking.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

Member of group that hacked Twitter CEO Jack Dorsey’s account arrested

By: sikur

Photo: Burhaan Kinu/Hindustan Times via Getty Images

By .

Motherboard reported Sunday that a former member of a hacker group notorious for taking over social media accounts was arrested earlier this month, citing law enforcement and members of the group.

Driving the news: According to Motherboard, authorities arrested a onetime member of “Chuckling Squad,” a notorious group that, among other mischief, took over Twitter CEO Jack Dorsey’s Twitter account in August. That hacker, an unnamed minor, had previously been kicked out of the group

How it works: Chuckling Squad is a prolific user of SIM swapping, a technique through which hackers cajole cellphone companies to transfer a victim’s phone number to phones that the hacker controls. From there, SIM swappers can use their access to a supposedly secure phone number to reset account passwords or otherwise tamper with accounts.

The big picture: The lesson from groups like Chuckle Squad and others using this mode of account takeover is that for people who require the most security and attach cell numbers to their accounts, it’s important to turn on whatever added protections a mobile provider has to prevent SIM swapping. Those often including adding a passcode to move the phone number or to only allow that service to be done in person.

Source: https://www.axios.com/jack-dorsey-twitter-account-hacker-arrested-5103beb9-50f2-4e1b-a4c3-72af7ececf78.html

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

My devices are sending and receiving data every two seconds, sometimes even when I sleep

By: sikur

By Simon Elvery

When I decided to record every time my phone or laptop contacted a server on the internet, I knew I’d get a lot of data, but I honestly didn’t think it would reveal nearly 300,000 requests in a single week.

On average, that’s about one request every two seconds.

In this instalment of the #DataLife project I’m going to take a broad look at what all those requests are doing and break down some details about what I’ve found in the data so far.

How much data did your phone and laptop send and receive?

There are a few different ways to answer the question ‘how much’. The easiest to understand is simply the number of times my devices contacted another server — that’s the 300,000 number from above, but that’s not at all evenly spread over the week.

In one hour — between 8am and 9am on a Tuesday morning — there were more than 11,000 requests. That’s more than three per second.

This is what it looks like as a chart covering the whole seven days.

Number of requests per 15-minute block


I’m a little taken aback at just how many requests — and by extension, how much data about me and what I do — gets sent to organisations around the world from my devices. And just how many organisations there are.

Of course not all of these requests are sharing intimate private details about my life, but all of them — every single one — is sharing something about me.

Exactly how that something is used depends entirely on the organisation at the other end of the request and has an unknown, maybe even unknowable, effect on my privacy.

Are your devices sending and receiving data when you’re not using them?

They sure are. The quietest times fall — predictably — overnight. But even while I’m sleeping my devices are pretty busy talking to various companies.

Apple was the company contacted most
frequently overnight, but there were
plenty of others.

  Source: ABC News

For example, here are the 841 times my devices made contact with 46 different domains between 10pm and 6:30am on the second night of the experiment.

Most of these requests are background updates for things like my email and calendar or synchronisation that various apps like Dropbox or iCloud perform.

But exactly what each of them is doing is quite difficult to tell.

And some of them are a little surprising, like the TripIt app, which seems to be checking in every hour or so, presumably to see if I’ve booked any new flights.

What’s doing the talking?

One of the first things that jumped out at me from the data was the astonishing number of different apps and programs that are accessing the internet from my devices.

The apps at the top of the list are pretty unsurprising:

  • Google Chrome appears to account for the top two entries. It’s the browser I used by default (a decision I might review).
  • At number three is Airmail, the app I use most for email.
  • As a relatively heavy Twitter user, I’m unsurprised to find Tweetbot at number four.
  • At number five is Slack, which I use for work chat among other things.

But the full list shows that 298 different pieces of software made requests during the seven-day period.

What companies are getting that data?

The easiest place to start when trying to answer this question is to simply count the number of requests to each domain.

Google is absolutely dominant, with nearly one in five requests being made to a google.com server — and that doesn’t include the many country- or product-specific Google-owned domains also in the data.

Unfortunately, it’s extremely difficult to tell which requests are useful to me and which are simply for tracking my behaviour, interests and habits for commercial benefit while delivering me no benefit at all.

What about tracking? Can you tell how much it’s happening and who is getting that info?

Well, kind of.

One way to sift requests that are tracking my web-browsing or other behaviour from the rest is to identify which domain names are known to be used by tracking tools. And thanks to your help identifying them, along with a few other databases compiled by various privacy preserving products, that’s not too hard to do.

Using their list to summarise the whole week of request data, it looks like up to 72 per cent of all requests are made to a server which is likely to be tracking my behaviour in some way.

Google tops this list for me too, with 23 per cent of requests. The other big trackers identified in my data are Microsoft (14 per cent), Twitter (13 per cent) and Chartbeat (4 per cent).

Of course, a lot of these requests are part of providing me with useful services — search and email, for example — which highlights another problem with how the modern web works. Many of the requests that are tracking our behaviour are also integral to the site/app/service functioning at all.

So many apps and websites are simply impossible to use while also avoiding being tracked.

Source: https://www.abc.net.au/news/2018-11-16/datalife-i-spied-on-my-phone-and-here-is-what-i-found/10496450

Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist Lorep ipsum Lorep ipsum, journalist

FBI Warns of Cyber Attacks Targeting US Automotive Industry

By: Sergiu Gatlan

The U.S. Federal Bureau of Investigation (FBI) Cyber Division warned private industry partners of incoming cyberattacks against the US automotive industry targeting sensitive corporate and enterprise data.

The Private Industry Notification (PIN) detailing this alert was seen by BleepingComputer after it was issued to partners by the FBI on November 19, Cyber Attack2019.

“The FBI has observed incidents since late 2018 in which unidentified cyber actors have increasingly targeted the automotive industry with cyberattacks to obtain sensitive customer data, network account passwords, and internal enterprise network details,” the agency says in the PIN.

“The FBI assesses the automotive industry likely will face a wide-range of cyber threats and malicious activity in the near future as the vast amount of data collected by Internet-connected vehicles and autonomous vehicles become a highly valued target for nation-state and financially-motivated actors.”

Financially motivated and state-backed actors taking on more targets

The automotive industry is facing an increased barrage of incoming malicious attacks and threats according to the FBI seeing that the wide range and large quantity of information it collects becomes progressively more valuable for threat actors.

More: https://www.bleepingcomputer.com/news

New WhatsApp Bug Could Have Let Hackers Secretly Install Spyware On Your Devices

By: Mohit Kumar

The recent controversies surrounding the WhatsApp hacking haven’t yet settled, and the world’s most popular messaging platform could be in the choppy waters once again.

The Hacker News has learned that last month WhatsApp quietly patched yet another critical vulnerability in its app that could have allowed attackers to remotely compromise targeted devices and potentially steal secured chat messages and files stored on them.

The vulnerability — tracked as CVE-2019-11931 — is a stack-based buffer overflow issue that resided in the way previous WhatsApp versions parse the elementary stream metadata of an MP4 file, resulting in denial-of-service or remote code execution attacks.

To remotely exploit the vulnerability, all an attacker needs is the phone number of targeted users and send them a maliciously crafted MP4 file over WhatsApp, which eventually can be programmed to install a malicious backdoor or spyware app on the compromised devices silently.

The vulnerability affects both consumers as well as enterprise apps of WhatsApp for all major platforms, including Google Android, Apple iOS, and Microsoft Windows.

According to an advisory published by Facebook, which owns WhatsApp, the list of affected app versions are as follows:

  • Android versions before 2.19.274
  • iOS versions before 2.19.100
  • Enterprise Client versions before 2.25.3
  • Windows Phone versions before and including 2.18.368
  • Business for Android versions before 2.19.104
  • Business for iOS versions before 2.19.100

The scope, severity, and impact of the newly patched vulnerability appear similar to a recent WhatsApp VoIP call vulnerability that was exploited by the Israeli company NSO Group to install Pegasus spyware on nearly 1400 targeted Android and iOS devices worldwide.

More: https://thehackernews.com

Australia’s parliamentary IT system hacked earlier this year: report

By: Reuters

The computer network of Australia’s parliament was hacked earlier this year and data was stolen from the computers of several elected officials, the Australian Broadcasting Corp reported.

Security agencies discovered the attack on Jan. 31 this year and monitored it for a week before shutting down the network, Senate President Scott Ryan told a parliamentary committee, according to the ABC.

During the time the network was compromised, two senators and a small number of lower house members had “non-sensitive” data stolen, the ABC reported without giving detail of the theft.

“A small number of users visited a legitimate external website that had been compromised,” the broadcaster quoted Ryan as telling the parliamentary committee on Thursday. “This caused malware to be injected into the parliamentary computer network.”

The parliament’s cybersecurity team stopped another attempted attack in late October, sending an email to users saying that malware had been detected in the system, the ABC reported. People on the parliamentary computer network were temporarily banned from accessing personal email accounts like Gmail, the broadcaster reported without citing sources.

In September, Reuters reported Australian intelligence officials had determined China was responsible for a cyber-attack on its national parliament and its three largest political parties before a general election in May.

The cyber intelligence agency, the Australian Signals Directorate, concluded in March that China’s Ministry of State Security was responsible for the attack but recommended keeping the findings secret to avoid disrupting trade relations with Beijing, Reuters reported.

More: https://mobile-reuters-com

That Bombshell Call Taylor Revealed Was Quite Possibly Monitored By Russians

By: Kate Riga

Despite the fact that Russians have proven themselves adept at listening in on U.S. officials’ calls made from Ukraine, Ambassador to the EU Gordon Sondland spoke to President Donald Trump on his cellphone from a restaurant in the country’s capitaol, as top Ukraine diplomat Bill Taylor revealed Wednesday.

In his testimony during the first public hearing of the impeachment inquiry, Taylor relayed that one of his staffers, David Holmes, overheard the call in which Trump expressed a keen an interest in launching a sham investigation against the Bidens.

As experts told the Washington Post, it is extremely unsafe in general to hold such calls over unencrypted cellphone lines, and all the more in a country infiltrated by Russian intelligence.

In 2014, the Kremlin actually leaked a call made in Ukraine that spies intercepted between the then-U.S. ambassador to Ukraine and an assistant secretary of state, where the latter made a rude remark about the EU, in an attempt to embarrass the U.S. and alienate its European allies.

More: https://talkingpointsmemo.com

Spyware Maker NSO Promises Reform but Keeps Snooping

By: Vindu Goel and Nicole Perlroth

The NSO Group’s building in Herzliya, Israel.Credit…Jack Guez/Agence France-Presse, via Getty Images

Recent revelations in India show that the threat from the company’s spyware to activists and journalists isn’t limited to autocratic regimes.

MUMBAI, India — Bela Bhatia, a human rights lawyer in the Indian state of Chhattisgarh, is accustomed to surveillance. She works in a region prone to both guerrilla violence and government reprisals, and the authorities do not like many of her clients.

Still, Ms. Bhatia said she was shocked to learn her phone had been infected with invasive spyware delivered through missed video calls on WhatsApp, a messaging service that is used by about 400 million people in India, WhatsApp’s biggest market.

“You are carrying the spy in the pocket with you everywhere you go,” she said. “It is much more than one had imagined that the Indian state could do.”

Ms. Bhatia is one of more than a hundred Indians who learned in recent months that every keystroke, call and GPS location on their phones had probably been recorded by the surveillance software, which is sold by the NSO Group, an Israeli firm.

More: https://www.nytimes.com

Privacy protection essential to shield human rights, says Microsoft’s Smith

By: Reuters

(Reuters) – Microsoft President Brad Smith said on Wednesday a “new wave” of data privacy protection and other security measures was needed to safeguard people’s rights at a time when “everything has gone digital”.

Speaking at Lisbon’s Web Summit, Europe’s largest tech conference, Smith said it was important to protect privacy, something he sees as a “fundamental human right” and one of the next decade’s most critical issues.

“It’s why I believe we will not only need a new wave of technology but a new wave of privacy protection as well, a new wave of security protection, a new wave of measures to protect the ethics and human rights associated with artificial intelligence (AI),” he said.

He gave no details of any concrete measures he was proposing.

Tech companies such as Microsoft and rival company Apple have been under mounting pressure to do more to protect users’ data.

In August this year, the Dutch Data Protection Agency said Microsoft was remotely collecting data from users of Windows Home and Windows Pro.

More: https://www.nytimes.com

Sikur anuncia plataforma de comunicação segura na nuvem

By: TI Inside Online

Os especialistas em comunicações seguras do Sikur estão lançando, no WebSummit 2019, em Lisboa, o SIKUR Messenger – uma Plataforma de Comunicação Segura pronta para ambientes de Nuvem Privada e em White Label, atendendo a crescente demanda do Mercado Corporativo e Governamental, onde a questão de soberania fundamental é crucial.

“Desde 2016 estudamos e analisamos as necessidades destes mercados para proteger um dos seus maiores ativos – a informação. Notamos o crescente uso de soluções não corporativas – WhatsApp e Telegram – por exemplo, são ineficientes do ponto de vista de segurança e geram inúmeros problemas de Governança”, diz Fábio Fischer, CEO do Sikur.

Aplicativos gratuitos, como WhatsApp e Telegram, cresceram e ganharam muito em popularidade nos últimos anos. Aproximadamente 90% dos usuários de dispositivos móveis possuem um destes aplicativos instalados. No entanto, apesar da estatística estar muito relacionada a usuários de consumo, muitas organizações (incluindo entidades governamentais) também utilizam tais aplicativos para suas atividades – um erro estratégico.

Consultorias especializadas, como o Gartner – que produzem relatórios relevantes como Market Guide for Secure Mobile Communications – indicam que:

  • Líderes de mobilidade e segurança nas organizações devem selecionar e implementar soluções seguras de comunicação instantânea;
  • Aplicativos gratuitos, como o WhatsApp, não oferecem recursos e a segurança que as organizações precisam;
  • Estes produtos devem proteger a confidencialidade das comunicações em redes móveis e sem fio.

Apesar do WhatsApp não ser usado como um aplicativo oficial de mensagens corporativas, ele é amplamente utilizado nos dispositivos pessoais dos funcionários e nos dispositivos das empresas, e uma vez explorado através de um ataque, o invasor tem controle completo e visibilidade de todos os dados no telefone.

O número crescente de casos de vazamento de informações nos últimos anos, como ocorreram no Governo Federal do Brasil, está diretamente ligado ao uso de aplicativos não corporativos ou e-mails, para assuntos Estratégicos do País, e geraram um grande alerta. Uma das perguntas mais frequentes é em qual domicílio esta informação está armazenada, qual o nível de segurança real do App, modelos de autenticação, bem como a segurança do dispositivo e do sistema operacional. A fragilidade de apenas uma dessas frentes gera um problema estrutural na questão de privacidade dos dados.

O amadurecimento quanto ao uso de ferramentas de comunicação apropriadas para o ambiente Corporativo vem ganhando espaço em grandes corporações – vide o caso da Gigante Alemã Continental – do ramo de autopeças, com mais de 240.000 empregados, que baniu o uso de WhatsApp para atividades corporativas, preocupando-se com questões de privacidade e vazamento de dados estratégicos.

Mais: https://tiinside.com.br