Relator da Lava Jato no TRF-2 sofre tentativa de invasão de dados no celular

By: G1 Rio

Polícia Federal está periciando o aparelho e investigando o caso, segundo a Corte. Tentativa invasão ocorreu na última quarta-feira (5).

O desembargador federal Abel Gomes, relator dos processos da Lava Jato no Tribunal Regional Federal da 2ª Região (TRF-2), sofreu uma tentativa de invasão a dados do seu celular. A Polícia Federal está investigando o caso e periciando o aparelho, segundo a Corte.

Os hackers tentaram também ter acesso ao aplicativo de mensagens Telegram. A Corte trata o caso como atentado digital e informa que ocorreu na última quarta-feira (5). O TRF-2 não informou se o ataque foi bem sucedido.

O juiz federal Flávio de Oliveira Lucas, que atuou no gabinete do desembargador e o substitui no período de férias, também foi atacado.

One of New York’s largest nonprofits suffers data breach

By: Charlie Osborne

People Inc. says an employee email account was the source.

People Inc., one of western New York’s largest non-profit agencies, has revealed a data breach which has exposed sensitive medical information belonging to current and former clients.

This week, the non-profit human services agency said that an employee email account appears to be the source of the leak, in which a vast array of client data has been exposed.

In total, it is reported that up to 1,000 clients may be involved.

People Inc. offers residential care, employment assistant, community outreach programs, healthcare, and recreation schemes for seniors, the vulnerable, and both the families and those who have disabilities.

The non-profit discovered the breach on February 19, 2019. An unknown hacker had managed to infiltrate an email account belonging to an employee of the organization. A second email account may have also been compromised, but People Inc. has not been able to verify whether or not this is the case.

The accounts in question contained personal, sensitive information belonging to clients. Names, addresses, Social Security numbers, financial data, medical information, health insurance details, and government IDs have potentially been compromised and stolen.

More: https://www.zdnet.com/article/one-of-new-yorks-largest-nonprofits-suffers-data-breach/

CELULARES DE DEZ PROCURADORES DA REPÚBLICA SÃO HACKEADOS

By: Guilherme Amado e Eduardo Barreto

Em alguns ataques, há roubos de identidade e “sequestro de contas” de aplicativos de mensagens

Celulares de pelo menos dez procuradores do Ministério Público Federal foram hackeados nas últimas duas semanas.

A Procuradoria-Geral da República (PGR) está investigando os casos. Além de Rodrigo Janot, cujo aparelho foi hackeado na véspera de se aposentar do MPF, também foram vítimas o procurador regional Danilo Dias e o subprocurador Nicolao Dino.

Tanto Dias quanto Dino foram da equipe mais próxima de Janot. Dino foi seu vice-procurador-geral.

Também foi vítima o procurador Márcio Barra Lima, da força-tarefa da Operação Greenfield.

Em alguns ataques, há roubos de identidade e “sequestro de contas” de aplicativos de mensagens, como Telegram e WhatsApp. Nesses casos, mensagens falsas podem levar os usuários a clicar ou fornecer informações que permitem a fraude.

Mais: https://epoca.globo.com/guilherme-amado/celulares-de-dez-procuradores-da-republica-sao-hackeados-23675789

 

WhatsApp discovers ‘targeted’ surveillance attack

By: Dave Lee

Hackers were able to remotely install surveillance software on phones and other devices using a major vulnerability in messaging app WhatsApp, it has been confirmed.

WhatsApp, which is owned by Facebook, said the attack targeted a “select number” of users, and was orchestrated by “an advanced cyber-actor”.

A fix was rolled out on Friday.

On Monday, WhatsApp urged all of its 1.5 billion users to update their apps as an added precaution.

The attack was developed by Israeli firm NSO Group, according to a report in the Financial Times.

Facebook first discovered the flaw in WhatsApp earlier in May.

WhatsApp promotes itself as a “secure” communications app because messages are end-to-end encrypted, meaning they should only be displayed in a legible form on the sender or recipient’s device.

However, the surveillance software would have let an attacker read the messages on the target’s device.

“Journalists, lawyers, activists and human rights defenders” are most likely to have been targeted, said Ahmed Zidan from the non-profit Committee to Protect Journalists.

Presentational grey line

How do I update WhatsApp?

Android

  • Open the Google Play store
  • Tap the menu at the top left of the screen
  • Tap My Apps & Games
  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  • The latest version of WhatsApp on Android is 2.19.134

iOS

  • Open the App Store
  • At the bottom of the screen, tap Updates
  • If WhatsApp has recently been updated, it will appear in the list of apps with a button that says Open
  • If WhatsApp has not been automatically updated, the button will say Update. Tap Update to install the new version
  • The latest version of WhatsApp on iOS is 2.19.51

How was the security flaw used?

It involved attackers using WhatsApp’s voice calling function to ring a target’s device. Even if the call was not picked up, the surveillance software would be installed, and, the FT reported, the call would often disappear from the device’s call log.

WhatsApp told the BBC its security team was the first to identify the flaw, and shared that information with human rights groups, selected security vendors and the US Department of Justice earlier this month.

“The attack has all the hallmarks of a private company reportedly that works with governments to deliver spyware that takes over the functions of mobile phone operating systems,” the company said on Monday in a briefing document note for journalists.

More: https://www.bbc.com/news/technology-48262681

Binance Hacked — Hackers Stole Over $40 Million Worth Of Bitcoin

By: Mohit Kumar

Binance, one of the largest cryptocurrency exchanges in the world, confirmed today that the company lost nearly $41 million in Bitcoin in what appears to be its largest hack to date.

In a statement, Binance’s CEO Changpeng Zhao said the company discovered a “large scale security breach” earlier on May 7, as a result of which hackers were able to steal roughly 7000 bitcoins, which worth 40.6 million at the time of writing.

News of the hack comes just hours after Zhao tweeted that Binance has “to perform some unscheduled server maintenance that will impact deposits and withdrawals for a couple of hours.”

According to the company, malicious attackers used a variety of attack techniques, including phishing and computer viruses, to carry out the intrusion and were able to breach a single BTC hot wallet (a cryptocurrency wallet that’s connected to the Internet), which contained about 2% of the company’s total BTC holdings, and withdraw stolen Bitcoins in a single transaction.

What’s more disturbing is that the company admitted the hackers managed to get their hands on user critical information, such as API keys, two-factor authentication codes, and potentially other information, which is required to log in to a Binance account.

Zao also warned that “hackers may still control certain user accounts and may use those to influence prices.”

Fortunately, the Binance cold storage—the offline wallets where the majority of funds are kept—remain secure. Also, Internet-connected individual user wallets were not directly affected.

More:  https://thehackernews.com/2019/05/binance-cryptocurrency-hacked.html?m=1

TinyPOS: Handcrafted Malware in Assembly Code

By: Kacy Zurkus

Legacy software vulnerabilities have created opportunities for hackers to steal credit card data and other personal information using tiny point of sale (POS) malware, according to research published by Forcepoint.

Researchers reportedly analyzed 2,000 samples of POS malware and found that many are handcrafted, written in assembly code and very small; thus, researchers aptly named the malware TinyPOS.

Of the samples analyzed, 95% were loaders used to distribute malware to systems. In addition, researchers found that system compromises can go months without detection due to the small code size (2.7kb). Though researchers suggested that protecting against these attacks is not difficult, the issue for many organizations is that they are using old, outdated POS software and hardware that can do a lot of damage.

The samples were grouped into four categories: loaders, mappers, scrapers and cleaners, wrote Robert Neumann, senior security researcher at Forcepoint. “The most probable initial vector would be a remote hack into the POS system to deliver the Loaders. Other options could include physical access (unlikely) or a rogue auto-update to deliver a compromised file to the POS operating system.”

That attackers are targeting POS systems is nothing new, particularly because they collect large amounts of personal data. Because of their vulnerabilities, Ryan Wilk, VP of customer success for NuData Security, a Mastercard company, said POS systems have long been a prime target for cyber-criminals.

More: https://www.infosecurity-magazine.com/news/tinypos-handcrafted-malware-in-1/

Hackers Compromise Microsoft Support Agent to Access Outlook Email Accounts

By: Swati Khandelwal

If you have an account with Microsoft Outlook email service, there is a possibility that your account information has been compromised by an unknown hacker or group of hackers, Microsoft confirmed The Hacker News.

Earlier this year, hackers managed to breach Microsoft’s customer support portal and access information related to some email accounts registered with the company’s Outlook service.

Yesterday, a user on Reddit publicly posted a screenshot of an email which he received from Microsoft warning that unknown attackers were able to access some information of his OutLook account between 1 January 2019 and 28 March 2019.

 Another user on Reddit also confirmed that he/she too received the same email from Microsoft.

According to the incident notification email, as shown below, attackers were able to compromise credentials for one of Microsoft’s customer support agents and used it to unauthorisedly access some information related to the affected accounts, but not the content of the emails or attachments.

microsoft outlook email hacked

The information that a Microsoft’s customer support agent can view is limited to account email addresses, folder names, subject lines of emails, and the name of other email addresses you communicate with.

Hackers Could Turn Pre-Installed Antivirus App on Xiaomi Phones Into Malware

By: Swati Khandelwal

What could be worse than this, if the software that’s meant to protect your devices leave backdoors open for hackers or turn into malware?

Researchers today revealed that a security app that comes pre-installed on more than 150 million devices manufactured by Xiaomi, China’s biggest and world’s 4th largest smartphone company, was suffering from multiple issues that could have allowed remote hackers to compromise Xiaomi smartphones.

According to CheckPoint, the reported issues resided in one of the pre-installed application called, Guard Provider, a security app developed by Xiaomi that includes three different antivirus programs packed inside it, allowing users to choose between Avast, AVL, and Tencent.

Since Guard Provider has been designed to offer multiple 3rd-party programs within a single app, it uses several Software Development Kits (SDKs), which according to researchers is not a great idea because data of one SDK cannot be isolated and any issue in one of them could compromise the protection provided by others.

“The hidden disadvantages in using several SDKs within the same app lie in the fact that they all share the app context and permissions,” the security firm says.

“While minor bugs in each individual SDK can often be a standalone issue, when multiple SDKs are implemented within the same app it is likely that even more critical vulnerabilities will not be far off.”

 

xiaomi antivirus for android

It turns out that before receiving the latest patch, Guard Provider was downloading antivirus signature updates through an unsecured HTTP connection, allowing man-in-the-middle attackers sitting on open WiFi network to intercept your device’s network connection and push malicious updates.

More: https://thehackernews.com/2019/04/xiaomi-antivirus-app.html?fbclid=IwAR29C9Pesa–Tw72HK8rsvvSGtqKVFUdb2MOK1iZ4yO6dki1SQT7_j-9TLw&&m=1

THE WIRED GUIDE TO DATA BREACHES

By: Lily Hay Newman

Another week, another massive new corporate security breach that exposes your personal data. Names, email addresses, passwords, Social Security numbers, dates of birth, credit card numbers, banking data, passport numbers, phone numbers, home addresses, driver’s license numbers, medical records—they all get swept up by shadowy, amorphous hackers for fraud, identity theft, and worse. Sometimes the affected company will send you an email suggesting that you change a password or credit card number, but for the most part, these incidents are invisible—until they aren’t.

Think of data breaches as coming in two flavors: breaches of institutions that people choose to entrust with their data—like retailers and banks—and breaches of entities that acquired user data secondarily—like credit bureaus and marketing firms. Unfortunately, you can’t keep your information perfectly safe: It is often impossible to avoid sharing data, especially with organizations like governments and health insurers. Furthermore, in cases where a company or institution gives your information to an additional party, you’ve often agreed to sharing more data than you realize by clicking “I accept” on a dense user agreement.

Many of these incidents don’t necessarily even involve hackers. Data “exposures” occur when information that should have been locked down was accessible, but it’s unclear if anyone actually stole it.

Even after a data breach has occurred, though, and an unauthorized actor definitely has your data, you won’t necessarily see an immediate negative impact. Hackers who steal a trove of login credentials, for example, may quietly use them for under-the-radar crime sprees instead of selling or publishing the data. As a result, the repercussions of a breach can be very delayed, sometimes not fully manifesting for years.

More: https://www.wired.com/story/wired-guide-to-data-breaches/amp

Vale é hackeada e documentos mostram como empresa lida com acidentes

By: Felipe Payão

A mineradora multinacional brasileira Vale foi invadida e documentos internos supostamente confidenciais foram retirados e vazados por invasores. Hackers teriam se aproveitado de uma porta aberta no Microsoft SharePoint, ferramenta de software para colaboração em equipe, para resgatar atas, para extrair ocorrências e incidentes de segurança pelo mundo.

TecMundo recebeu os documentos na terça-feira (29) por uma fonte anônima. São cerca de 40 mil arquivos em uma pasta de 500 MB. Por lá, é possível encontrar incidentes de segurança que aconteceram entre 2017 e 2019 em áreas da Vale no Brasil, Canadá, Moçambique, Nova Caledônia e Indonésia.

“Um dos documentos relata assalto a mão armada em um duto, e não houve registro de ocorrência policial posterior”, afirmou a fonte no email em que enviou os documentos. O TecMundoencontrou o documento citado em específico, mas não a questão da ocorrência policial citada.

A Vale foi contatada sobre o incidente, contudo, não ofereceu qualquer resposta até o momento da publicação desta matéria — atualização: após a publicação, a companhia enviou uma nota que você confere abaixo. Do outro lado, os hackers não detalharam como a companhia foi invadida, apenas notaram que os documentos foram extraídos por meio de uma brecha na URL oculta que estava aberta ao público — “Indexação de documentos secretos em um subdomínio oculto, por meio de motores de busca”, notaram.

Mais: https://www.tecmundo.com.br/seguranca/138314-vale-hackeada-documentos-mostram-empresa-lida-acidentes.htm?f&utm_source=facebook.com&utm_medium=referral&utm_campaign=thumb