Archive for October 31, 2019

The Central Bank will strengthen control over IT-security of credit institutions


In Russia, hackers may be involved in measures to strengthen control over the stability of credit institutions to cyber attacks. IT-auditors may be obliged in a test mode to crack the security systems of Russian banks with the involvement of white hackers.

Artem Sychev, Deputy head of the information security department of the Central Bank, said that the regulator, together with the FSB and the Federal Service for Technical and Export Control, is currently developing standards to assess the quality of work of independent companies that verify the reliability of bank infrastructure.

The representative of the Central Bank refused to clarify any details, however, sources say that one of the main standards for IT auditors will be a "full simulation of cyber attacks" with the participation of specialists with the same skills as potential hackers.

It is assumed that during such tests, specialists will reproduce the actions of real attackers, from penetration into the company's network to gain full control over its infrastructure or individual applications.

The head of the information security department of the Moscow Credit Bank Vyacheslav Kasimov agreed that the only way to qualitatively assess the security of the Bank's IT system can only be a complete simulation of a hacker attack.

Banks often make checks of their stability not for themselves, but for the regulator, so it has the right to set its own rules for conducting IT-audit, said Viktor Dostov, head of the Electronic Money Association.

According to Dostov, additional control will strengthen the protection of Russian money in the conditions of regular leakage of information from credit organizations.

Earlier E Hacking News reported that the Central Bank has a new punishment for banks for poor cyber defense. It will launch a new feature for credit institutions, it will be the risk profile on the level of information security. Depending on the risk profile on the level of cyber security, the Central Bank will give recommendations to banks. A financial institution that receives a low-risk profile will have consequences ranging from enhanced supervision to penalties.

iPhone 5 users may lose access to internet services



Users who are still using iPhone 5 are advised to update their device software by the end of this weekend. If not, users can lose their internet access. The users are being pushed to update their former iOS gadgets. Many of them have got the popups on iPhone 5. However, software update notifications on iPad 4 have not appeared yet. The issue with this is that those devices are jailbroken. The main problem is that these devices are now outdated.


"People who are unable to install iOS 10.3.4 updates by 3 November can be deprived of features that depend on the right time and date," says Apple. This covers Apple's iStore, email, online surfing, and iCloud. While iOS 10.3.4 may not be the newest variant of the iOS system, it is the most up-to-date available for the model. Users of former iPhones are also notified to revive their system software if they want to have precise GPS tracking services.

How can iPhone 5 users update their devices?

The users have been getting pop-up notes recently, prompting them to replace it with the newest iOS update. The software updates can be installed either wirelessly or by using a computer before November 3. Following November 3, the users would have to attach their iPhone 5 to a Mac or computer as the wireless updates option will no longer function. The company also says that "the users of the iPhone 5 should check if their devices are running on software version 10.3.4."

Other Apple models that are concerned- 

"Users of the iPhone 4S and some earlier variants of the iPad should update to the newest software for the proper working of the GPS location services." says the technology giant. Users of first-generation iPad mini, 4th generation iPad, and other earlier models are also covered in the list. Fortunately, users of the newer models are not concerned with this. Devices that run on wifi only are also safe. "iPhone 5 was a huge success story when it was first launched in 2012. Around 2 million devices were pre-ordered inside the 24 hrs of the launch. It was also the first phone to have a lightning charger. To date, around 70 million phones have been sold," says Apple.

Vulnerability has been found in the Xiaomi Feeder through which thousands of cats and dogs around the world can be left without food


Russian IT specialist Anna Prosvetova discovered a vulnerability in Xiaomi Furrytail Pet Smart Feeder. Since feeders are used when the owners leave the house for a long time, pets may starve to death. The vulnerability was discovered in the application API through which feeders are controlled. The researcher believes that she has access to all such feeders, which are now active in the world.

Smart feeders work on the principle of a dispenser that gives a cat or dog a certain amount of dry food at a time. The owner of the animal can set the schedule of meals and the amount of portions in the mobile application. Thanks to this device, the animal can be left for a long time in an empty apartment, without worrying that it will die of hunger.

“I have logs running on the screen from all existing feeders, I see data on the Wi-Fi networks of poor Chinese who bought these devices. I can suddenly feed all the cats and dogs with a couple of clicks, but I can delete the schedules from the devices and not give them food. In addition, I see how much food is in the bowl now," writes the researcher. She has such a smart feeder at home.

Prosvetova did not provide a detailed description of the vulnerability because it is not yet closed. However, she reported that the feeders used a microcontroller ESP8266, which makes it possible to install special firmware on all devices.

As the programmer notes, the vulnerability in Furrytail is ideal for hackers who plan DDoS attacks: the whole process can be easily automated and scaled.

Prosvetova found almost 11 thousand of such gadgets on which she could change the feeding schedule without a password.

She sent a letter to Xiaomi with a detailed analysis of the vulnerability, indicating the method of finding it and advice on how to fix it. Xiaomi confirmed the bug in the smart feeders and promised to fix it. However, the company does not have a mechanism to reward researchers for finding vulnerabilities.

Microsoft launches on-demand service for emergency security threats



Microsoft has launched a new service, providing customers a direct line to the top security experts from the company when the threat is bad enough that it can't be dealt with by the customer alone.

Threat hunting service, Threat Experts on Demand is now a part of Microsoft Defender Advanced Threat Protection (ATP) and will be available to the customers with Windows 10 Enterprise E5 and the Microsoft 365 bundle subscription. The venture is basically for large organizations that although have good and strong security but may encounter a sticky problem such as NotPetya outbreak, insider threats, and cyber-espionage threats.

This is a development and adds on to Microsoft security services for customers, complimenting targeted attack notifications and Azure Sentinel cloud-SIEM service, which became available in September.

Microsoft says, that once clicking the button, the security team will send the problem to Microsoft's incident response services and it also promises technical consultation to customers on adversaries and relevant issues by their threat experts.

"Customers do what they can to deal with these threats but sometimes they need additional help," said Brian Hooper, senior research lead at the Microsoft Defender research group. "Sometimes they just want a trusted partner. Microsoft has visibility of over a billion machines worldwide and we're able to use that to bring out and deeply understand the threats that enterprises face. We help them become aware of those threats in their environment, reduce dwell time, and give them visibility into those critical threats so they can prioritize and respond with confidence."

He also said Threat Experts on Demand does allow enterprise customers to "tap into the 3,500-plus security professionals Microsoft has globally". After receiving a threat, which the customer can't deal with, he/she can contact Threat Experts with a click of a button and there will be a full-time Microsoft employee to handle each and every request for help.

"This is our managed threat hunting capability. It combines expert human hunters with our own artificial intelligence and automation to help our enterprise customers deal with those critical threats", said Hooper.

ZDNet explains that the Experts on Demand human element includes: 

1.Additional clarification on alerts, including the root cause or scope of the incident.
2. Clarity into suspicious machine behavior and recommended next steps if faced with an advanced attacker.
3. Determines risk and protection regarding threat actors, campaigns, or emerging attacker techniques.
4. Seamlessly transitions to Microsoft Incident Response (IR) services when necessary.

Bitcoin and the Cryptocurrency Market Surged At Large


The bitcoin and the cryptocurrency market yet again become the center of attention as they experience a colossal upsurge at large.

While this surge is by all accounts partially predicated by many economists, investors as well as commentators on equities and other hazard or risk assets arriving at new highs or flooding to the upside, they likewise bring into center a couple of other factors at play as well that may further explain the cryptocurrency market's outstanding performance on the 25th and the 26th of October.

BitcoinEconomics, a Twitter account investigating this space, noticed that they accept that this 42% move (42% at the pinnacle of $10,600) was something driven by the news that Chinese President Xi Jinping had embraced blockchain innovations, as on the 25th the 'world leader 'openly support blockchain advancement and appropriation to improve quite a few numbers of industries.

The previously mentioned analyst even claims that this announcement from Xi likely has driven traders to theorize on a mass deluge of interest for Bitcoin and cryptocurrencies and subsequently started to purchase digital assets "en-mass".


However other contributing components particularly the technical ones, including the mass collection/purchases observed by some traders at the $7,400 price point, combined with the possibility that the sellers had become exhausted after a 47% drop from the year-to-date high of $14,000, additionally may be an extremely strong reason for the said upsurge.