FBI study guide showed what data law enforcement officers can get from instant messengers

An FBI study guide has been made publicly available as part of a Freedom of Information law request filed by Property of the People, an American non-profit organization that deals with government transparency. he resulting document contains training tips for agents and explains what kind of data can be obtained from the operators of various messengers and what legal permissions will be required for this. The document is dated January 7, 2021 and, in general, does not contain any fundamentally new information, but it gives a good idea of what information the FBI can currently receive from services such as Message, Line, WhatsApp, Signal, Telegram, Threema, Viber, WeChat and Wickr. In general, the training document confirms that usually the FBI …

FBI study guide showed what data law enforcement officers can get from instant messengers Read More »

FBI study guide

Hackers introduced a web skimmer on the site of the Sealand Principality

The Record reported that unknown hackers attacked the site of the Sealand Principality (a self-proclaimed virtual state in the North Sea) and introduced a web skimmer on it. he attackers posted malicious code on Sealand’s online store, which the unrecognized micro-state government uses to sell titles of nobility. The Principality of Sealand is a virtual state proclaimed in 1967 by Paddy Roy Bates, a British retired major and one of the operators of the pirate radio station Radio Caroline. The virtual state is located in the North Sea, 10 kilometers off the coast of Great Britain on the once abandoned offshore platform Rafs Tower. Bates also proclaimed himself monarch (prince) of Sealand and his family the ruling dynasty. Although Sealand …

Hackers introduced a web skimmer on the site of the Sealand Principality Read More »

web skimmer on Sealand website

Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service

Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service Access to Work or School. The problem is present on devices running Windows 10, version 1809 (and later). The bug is related to a bypass of the information disclosure patch (CVE-2021-24084) released by Microsoft engineers in February this year. This month, cybersecurity researcher Abdelhamid Naseri, who initially discovered the problem, noticed that the vulnerability was not fully fixed and can be used to gain administrator rights. 0patch confirms that by using the method described in the blog of researcher Raj Chandel, combined with a bug discovered by Abdelhamid Naseri, it is possible to be able to run code as a local administrator.” While Microsoft has likely already taken …

Unofficial fixes released for 0-day issue in Windows Mobile Device Management Service Read More »

Mobile Device Management Service

Ukrainian law enforcement officers arrested members of the hacker group Phoenix

The Security Service of Ukraine (SBU) announced thearrest of five members of the international hacker group Phoenix, which specializes in remote hacking of mobile devices and collection of personal data. Law enforcement officers report that the group included five citizens of Ukraine (residents of Kyiv and Kharkiv), and all of them had a higher technical education. The group’s activity lasted at least two years, and during this time the hackers managed to break into the accounts of several hundred people. The goal of the Phoenix hack group was to gain remote access to user accounts of mobile devices, and then monetize this access by hacking e-wallets and bank accounts, as well as by selling victims’ personal information to third parties. …

Ukrainian law enforcement officers arrested members of the hacker group Phoenix Read More »

members of the hacker group Phoenix

Cybersecurity researchers published an exploit for Windows that allows escalating privileges

Bleeping Computer reported that cybersecurity researcher has published an exploit for a new zero-day vulnerability that can be used to escalate local privileges in all supported versions of Windows, including Windows 10, Windows 11 and Windows Server 2022. he journalists write that they have already tried the exploit in action and were able to open the command line with SYSTEM privileges using an account with Standard privileges. And posted a video demonstration: This month, as part of Patch Tuesday, Microsoft patched the Windows Installer privilege escalation vulnerability CVE-2021-41379. This problem was discovered by cybersecurity researcher Abdelhamid Naceri, who has now reported that the patch can be bypassed, and the vulnerability then transforms into a more serious problem. Naseri has already …

Cybersecurity researchers published an exploit for Windows that allows escalating privileges Read More »

published an exploit for Windows

Researchers have suggested using smartphones to find hidden cameras

A team of researchers from the National University of Singapore and Yonseo University have described an interesting concept: the use of time-of-flight (ToF) sensors in modern smartphones to find hidden cameras. ime-of-flight cameras are sometimes called “depth cameras”, and it’s all about how ToF works. Such a sensor works almost like sonar, only it uses light, not sound: the sensor emits light in the infrared spectrum and records the time it takes for it to be reflected from an object. In fact, such a sensor consists of two parts – a diode and a special light-sensitive matrix and is able to determine not only the distance to objects, but also their shape. ToF sensors have appeared in smartphones relatively recently, …

Researchers have suggested using smartphones to find hidden cameras Read More »

smartphones to find hidden cameras

Researchers noticed that the darknet is discussing exploits as a service

Analysts at Digital Shadows have prepared a report on the exploit market on the darknet – it is noticed that the criminals have come up with an “exploits as a service” scheme. Some cybercriminals have multimillion-dollar budgets to acquire 0-day exploits. The researchers explain that attackers, financially motivated cybercriminals and “government hackers” are rapidly adopting new attack methods and are constantly on the lookout for new exploits. The researchers write that although most often buying and selling exploits occurs in private conversations, sometimes vulnerabilities are bought and sold directly on hacker forums. For example, in early May 2021, a hacker openly offered $25,000 for a PoC exploit for the CVE-2021-22893 critical vulnerability affecting Pulse Secure VPN. This problem has been …

Researchers noticed that the darknet is discussing exploits as a service Read More »

exploits as a service on the darknet

New Rowhammer Attack Breaks DDR4 Memory Protection

Researchers have unveiled a new fuzzing attack technique, Blacksmith, which proves that a Rowhammer attack on DDR4 memory is possible and bypasses existing defense mechanisms. It is worth noting that many of the authors of this work have previously participated in the creation of a similar TRRespass attack. et me remind you that the original Rowhammer attack was invented by experts from Carnegie Mellon University back in 2014. Its emergence relates to the fact that a certain effect on memory cells can lead to the influence of electromagnetic radiation on neighbouring cells, and the values of the bits in them will change. Over the years, researchers have managed to prove that a wide variety of memory can be vulnerable to …

New Rowhammer Attack Breaks DDR4 Memory Protection Read More »

Rowhammer attack on DDR4 memory

Hackers broke into FBI mail server and sent fake cyberattack alerts

Last weekend, unknown hackers managed to broke into the mail server of the Federal Bureau of Investigation (FBI). Hackers used the access to send letters that imitated FBI alerts about cyberattacks and data theft. pamhaus, a non-profit spam-tracking organization, reported that such emails were delivered to tens of thousands of recipients in two waves. At the same time, experts believe that about 100,000 letters are only a small part of the campaign. According to Spamhaus, messages came from a legitimate address eims@ic.fbi.gov, with IP 153.31.119.142 (mx-east-ic.fbi.gov), and the subject line said “Urgent: Threat actor in systems”. Spamhaus said the mailing was followed by a rash of phone calls and letters from concerned organizations seeking more information on the attacks on …

Hackers broke into FBI mail server and sent fake cyberattack alerts Read More »

FBI mail server

Clop ransomware exploits vulnerability in SolarWinds Serv-U

The NCC Group warns of a spike of Clop ransomware attacks (hack group also known as TA505 and FIN11), which exploits a vulnerability in SolarWinds Serv-U. ost of them start off by exploiting the CVE-2021-35211 bug in Serv-U Managed File Transfer and Serv-U Secure FTP. This issue allows a remote attacker to execute commands with elevated privileges on the affected server. SolarWinds fixed this bug back in July 2021, after discovering the “only attacker” who used this vulnerability in attacks. Then the company warned that the vulnerability affects only clients who have enabled the SSH function, and disabling SSH prevents the exploitation of the bug. As the NCC Group now reports, Clop operators have also begun to exploit the vulnerability …

Clop ransomware exploits vulnerability in SolarWinds Serv-U Read More »

Clop exploits a vulnerability in SolarWinds

NUCLEUS: 13 Problems Threat to Medical Devices, Automobiles and Industrial Systems

Forescout and Medigate Labs issued a report on NUCLEUS:13 problems – A Set of 13 vulnerabilities which affect Siemens Software Library that is widely used in medical devices, automotive and industrial systems. UCLEAUS:13 affects Nucleus NET, the TCP/IP stack that is part of Siemens’ RTOS Nucleus. Typically, Nucleus runs on SoCs in medical devices, cars, smartphones, IoT devices, industrial equipment, aerospace, and so on. According to experts, more than 5,000 devices are still using the vulnerable version of Nucleus RTOS, and most of these devices are in the healthcare industry. The problems discovered by researchers can be used to capture and disable such devices, as well as to “drain” information. The most dangerous vulnerability from the NUCLEUS: 13 “suite” is …

NUCLEUS: 13 Problems Threat to Medical Devices, Automobiles and Industrial Systems Read More »

NUCLEUS: 13 Problems

US authorities arrest Kaseya hacker and attacker associated with REvil and GandCrab

Law enforcement agencies, as well as European and American authorities, have taken up the fight against ransomware in earnest and the other day they arrested a Kaseya hacker. owever, over the past few days, several important events have taken place at once. Operation Cyclone, which was carried out by Interpol, the law enforcement agencies of Ukraine and the United States, lasted more than 30 months and was aimed at fighting Clop ransomware (aka Cl0p). As part of this operation, six Ukrainian citizens were arrested in June 2021. The US Department of Justice has also indicted Yaroslav Vasinsky, a 22-year-old citizen of Ukraine, who is suspected of organizing a ransomware attack on Kaseya’s servers in July this year. The suspect was …

US authorities arrest Kaseya hacker and attacker associated with REvil and GandCrab Read More »

arrest a Kaseya hacker

US authorities offer $10 million for information on DarkSide operators

The US government has offered a $10,000,000 reward for any information that could lead to the identification or arrest of members and operators of the DarkSide hack group. t is emphasized that this reward can be obtained for any information about the heads of the Darkside, who occupy key positions in the faction. If the informant provides information that will lead to the arrest of DarkSide partners (in any country) who help hackers to carry out attacks, this information can get up to $5,000,000. The US authorities said they are offering such a large reward due to an attack on the largest pipeline operator in the United States, the fuel transportation company Colonial Pipeline. Let me remind you that we …

US authorities offer $10 million for information on DarkSide operators Read More »

information about DarkSide operators

Trojan Source attack is dangerous for compilers of most programming languages

Scientists at the University of Cambridge, Ross Anderson and Nicholas Boucher, have published information about the Trojan Source attack concept (CVE-2021-42574), which can be used to inject malicious code into legitimate applications through comment fields. The PoC exploit is already available on GitHub. he attack is based on the use of bidirectional control characters in source code comments. Such characters, known as BiDi (“bidirectional”), are Unicode control characters that are used within a text string to signal the transition from LTR (left to right) to RTL (right to left) mode and vice versa. In practice, these characters are used exclusively for software applications and are invisible to humans, since they are only used to embed text with a different reading …

Trojan Source attack is dangerous for compilers of most programming languages Read More »

Trojan Source Attack

Operators of the BlackMatter ransomware announced the termination of activity

The hackers behind the BlackMatter ransomware the termination of activity experiencing pressure from local authorities. he group announced it was “shutting down” on November 1, 2021, in the backend part of its darknet site, which is usually used by attackers’ partners. Representatives of the group did not explain what kind of pressure they are talking about, but this statement was published after a number of major events that have occurred in recent weeks. First, Microsoft and Gemini Advisory recently linked the FIN7 criminal group (believed to be the developer of the DarkSide and BlackMatter malware) with the fake information security company Bastion Secure, which was looking for and hiring researchers. Secondly, last week it was revealed that Emsisoft secretly created …

Operators of the BlackMatter ransomware announced the termination of activity Read More »

termination of BlackMatter
Scroll to Top