Archive for February 28, 2019

The Kremlin told about hacker attacks on the website of the President of Russia



Foreign hackers are constantly attacking the website of Russian President Vladimir Putin. Intelligence agencies record a large number of attacks from Europe and the United States said the Kremlin.

As the Press Secretary of the Russian leader, Dmitry Peskov, noted, Western countries like to talk about" Russian hackers", but foreign partners themselves are waging an information war against Russia.

"A huge number of cyber attacks on Russian organizations, individuals and legal entities are constantly organized from the territory of the United States," he said.

According to him, hackers from Europe and North America regularly try to commit hacks. He noted that a new draft law on Autonomous RUnet is aimed at countering this.

The draft law on the Autonomous operation of the Russian Internet segment, if it is disconnected from the global network infrastructure, was submitted to the State Duma on December 14, 2018. The document is aimed at protecting the stable operation of the Internet in Russia in case of external threats. The bill defines the necessary traffic routing rules and organizes the control of their compliance.

Indian students create an app for detecting fake news





A team of Indian students from Indraprastha Institute of Information Technology (IIIT), Delhi has developed an app WhatsFarzi for verifying a piece of fake news by using a custom logarithm.

The app is capable of scanning all the internet content, authenticate the images that could have been tampered.  “One of my students started researching on the rapid spread of fake content on Twitter and Facebook, which inspired him to develop a Google Chrome browser extension for both the platforms.

The continuous research by the team gradually gave birth to WhatsFarzi, which is now helping the vexed Indians to fight back such terrors”, said Ponnurangam Kumaraguru, associate professor at IIIT-Delhi.

WhatsFarzi is the concept of three students studying B.Tech computer science at the IIIT Delhi. The team includes  Madhur Tandon (22), Suryatej Reddy Vyalla (20) and Dhruv Kuchhal (23).

Suryatej Reddy, a third-year student, said, “We use a knowledge graph to extract relevant information from people, organizations, locations, and products available on the internet, update this graph with credible news and store it in a secured database. We follow this process to verify textual claims.”

In-Browser Cryptomining Service, ‘Coinhive’ to Shut Down on March 8, 2019



Coinhive, an in-browser Monero cryptocurrency miner which was designed to provide web developers a JavaScript will be terminating its operations soon.  

Officials at Coinhive put the news forth in a blog post on February 26 where they cited various reasons for their decision of shutting down all their operations. The post suggested that following a 50 percent drop in hash rate, Cryptocurrency service, Coinhive decided to discontinue its operations on March 8, 2019.  

Referencing from the blog post, "The drop in hash rate (over 50%) after the last Monero hard fork hit us hard," the company said. "So did the 'crash' of the crypto currency market with the value of XMR depreciating over 85% within a year."

"This and the announced hard fork and algorithm update of the Monero network on March 9 has lead us to the conclusion that we need to discontinue Coinhive," said the officials.

The project which no longer is economically viable was launched in September 2017 as an alternative to traditional banner ads.

Before Coinhive’s in-browser Monero mining stops working on March 8, the registered users will be made dashboards accessible until April 30 so that they can withdraw funds from their respective accounts.

The digital currency mining service, despite the consistent efforts of the team never become one of the major websites in the league. Moreover, it was subjected to heavy criticism for skyrocketing the CPU usage inside browsers. 

Afterward, it went on becoming immensely popular among cybercriminals for cryptojacking and recently a report from Kaspersky Labs suggested that cryptojacking left behind ransomware and became the biggest cybersecurity threat. 

Referencing from the announcement made by the company,

“Some of you might have anticipated this; some of you will be surprised. The decision has been made. We will discontinue our service on March 8, 2019. It has been a blast working on this project over the past 18 months, but to be completely honest, it isn’t economically viable anymore.”

“The drop in hash rate (over 50%) after the last Monero hard fork hit us hard. So did the “crash” of the cryptocurrency market with the value of XMR depreciating over 85% within a year. This and the announced hard fork and algorithm update of the Monero network on March 9 has lead us to the conclusion that we need to discontinue Coinhive.”



Attackers Launched a Rapidly Changing Malware which uses .DOC Extension




A new malware has been discovered by security experts, they observed that it is constantly altering its behavioral patterns in an attempt to bypass the email security protection.

As dissemination of malware through email campaigns is becoming common day by day, email security providers are devising new ways to battle and terminate such malicious activities.

However, cybercriminals are employing subtle and sophisticated methods to bypass all the layers of security, which has led to a massive upsurge in successful malware campaigns.

In the aforementioned case, the infected emails are sent to the potential victims, which on being accessed leads to the downloading of a word template with a .doc extension.

Notably, the attack is configured quite differently than most of the attacks which make use of a single pattern with little customizations. In this attack, a number of different email addresses, subject headings, display name spoofs, body content, and URLs are used.

The attackers send the malspam email which entails an infected link which takes the user to a corrupted website that has the malware all set to sneak into the system and infect it.

Referencing from the findings of researchers at the only cloud-native security platform, Greathorn, “Initially, this attack pattern identified  at 12:24pm on Wednesday, February 20th, the attack has (so far) consisted of three distinct waves, each wave corresponding with a different destination URL, one at 12:24pm ET, one 2:05pm ET, and a third at 2:55pm ET, suggesting an attack pattern that anticipated and planned for relatively quick shutdowns of the destination URLs. “


The Australian Parliament’s Anti –Encryption Law Opening Doors to Potential Cyber Attacks




The Australian Parliament recently gave a green light to an "anti-encryption" law i.e. the Assistance and Access Bill, broadly recognized by numerous U.S. tech giants, to give the nation's intelligence and law enforcement agencies access to end-to-end encrypted communications.

The bill passed, regardless of vocal opposition from cyber security and technology groups far and wide who cautioned that even secondary passages structured solely for law implementation will without a doubt is exploited by those keen to make way to potential cyber-attacks.

Portrayed as a "secondary passage" or "backdoor" the move is said to, in a general sense debilitate Australia's cyber security and perhaps the other users of these innovations as well.

There is additionally a "far reaching concern" that this law will eventually have a negative impact on the employment status from the Australian technology firms as the global network will never again trust these products.

Lawmakers, who in the present digital economy ought to work to close the "cyber exposure gap", not augment it are rather debilitating Australia's overall cyber security posture, with causing a major impact to the economic outcomes also.

There is no denying the fact that law implementation organizations around the world face reasonable difficulties, however laws that debilitate encryption are the wrong solution.

Therefore, as opposed to following Australia's hazardous point of reference, other nations must work to guarantee open wellbeing while likewise shutting the "cyber exposure gap" and reinforcing cyber security standards for all devices. The dangers related with Australia's activity ought not to be downplayed because cyber security is as much important as national security.