Archive for May 31, 2020

A Series Of Cyber Essentials Toolkits Released To Address Cyber-Security Risks


As a major starting point for small businesses and government agencies to comprehend and address cybersecurity risk as they indulge with other risks, Cyber Essentials, the Cybersecurity and Infrastructure Security Agency (CISA) released the first in a series of six Cyber Essential Toolkits following its own November 2019 release.

CISA's toolkits will give greater detail, insight, and assets on every one of the Cyber Essential' six "Essential Elements" of a Culture of Cyber Readiness.

The launch of the introductory "Essential Element: Yourself, The Leader" will be followed every month by another toolkit to compare with every one of the six "Essential Elements." Toolkit 1 targets on the role of leadership in fashioning a culture of cyber readiness in their organization with an accentuation on methodology and investment.

CISA Director Christopher Krebs says “We thank all of our partners in government and the private sector who played an essential role in the development of CISA’s Cyber Essentials Toolkit. We hope this toolkit and the ones we are developing, fills gaps, and provides executives the tools they need to raise the cybersecurity baseline of their teams and the organizations they lead.”

Cyber Essential created in collaboration with small businesses and state and local governments, plans to prepare smaller organizations that generally have not been a part of the national dialogue on cybersecurity with basic steps and assets to improve their cybersecurity.

The CISA incorporates two sections, the core values for leaders to build up a culture of security, and explicit activities for them and their IT experts to put that culture into action. Every one of the six Cyber Essential incorporates a list of noteworthy items anybody can take to bring down cyber risks.

These are:

  •  Drive cybersecurity strategy, investment, and culture; 
  •  Develop a heightened level of security awareness and vigilance;
  •  Protect critical assets and applications; 
  •  Ensure only those who belong on your digital workplace have access; 
  •  Make backups and avoid loss of info critical to operations; 
  • Limit damage and restore normal operations quickly.

Github Escapes from Octopus Malware that Affected its 26 Software Projects


Github, a platform where every malicious software report is equally different in its place, manages to escape from a malware threat.  Github, an organization that united the world's largest community of coders and software developers, revealed that hackers exploited an open-source platform on its website to distribute malware. The hackers used a unique hacking tool that enabled backdoors in each software project, which the hackers used to infiltrate the software systems.


"While we have seen many cases where the software supply chain was compromised by hijacking developer credentials or typosquatting popular package names, a malware that abuses the build process and its resulting artifacts to spread is both interesting and concerning for multiple reasons," said Github on its security blog. Fortunately, the hackers attempt to exploit the open-source platform was unsuccessful. Still, if it were, on the contrary, hackers could've secured a position in the softwares, which were to be used later by corporate applications and other websites.

Since recent times, open-source websites have become a primary target for hackers. It is because once the hackers exploit backdoor vulnerabilities on open-source platforms, thousands of apps are exposed to remote code execution. As for Github, the company's website currently has more than 10 Million users. In the Github incident, 26 software projects were infected through malicious codes, which is a severe warning for the potential threat of the open-source compromises. The experts have identified the malware as "Octopus Scanner," which is capable of stealing data by deploying remote access codes.

The malware spread with the help of projects using software called Apache Beans, tells Github. "On March 9, we received a message from a security researcher informing us about a set of GitHub-hosted repositories that were, presumably unintentionally, actively serving malware. After a deep-dive analysis of the malware itself, we uncovered something that we had not seen before on our platform: malware designed to enumerate and backdoor NetBeans projects, and which uses the build process and its resulting artifacts to spread itself," says Github on its blog. These attacks can be highly threatening as the tactics used here gives the hackers access to various systems.

Religion Biased Algorithms Continue to Depict How Facebook Doesn’t Believe in Free Speech


Facebook's brand image has taken a critical hit long ago falling from the top ten global brands list, the brand value has gone down by remarkable margins as the platform fell short in living up to its own standards and promises and continued making headlines for censure. Amid big scandals like Cambridge Analytica, data leaks, congressional scrutiny, the social media giant has constantly been under the radar for preferring certain gender, ethics groups, and race over others as seen in the company's allegedly flawed ad-serving algorithm. 

Owing to its discriminatory ways, Facebook became a subject of critics' accusations in October 2019 when the social media giant faced a class-action lawsuit for charges of bias against gender and age. To substantiate, with the use of several advertising experiments, researchers from Northeastern University, the University of South California demonstrated in a study that Facebook has been discriminatory in ad targeting for years now and indeed has an automated advertising system delivering ads to selected audiences. 

It's a well-established fact that algorithms are biased and Facebook has been no exception to it. To give you an idea, in 2019, the tech giant faced legal charges by the US government for allowing advertisers to deliberately target ads on the basis of religion, race, and gender – businesses could exclude people of a certain race, age  or gender from viewing housing ads, a blatant violation of Fair Housing Act. While settling its case, the company said that it won't be allowing the businesses to targets ads in discriminating ways, however, the issues were never truly addressed given the recent biases in Facebook's actions. 

'The Enlightened souls(https://6enlightened.blogspot.com/) is a spiritual group posting content regarding enlightenment, spirituality, ancient spiritual practices, goddess worship and etc., the spiritual website became one of the latest victims of Facebook's biased ad-targeting algorithms. 
Religion bias in particular as Facebook removed one of their ads containing images of the goddess 'Kali' along with other goddesses labeling it as sexual content. 
Later, Facebook was seen to be running a Netflix ad about a show wherein the girl was almost naked. The findings are critical of Facebook's claims regarding 'changed Ad tools' wherein the tech giant promised to amend its ways of managing the advertisements and preventing discrimination against certain groups, gender, religion, or age. 

Disappointed by Facebook's never-ending bias and existing issues despite the changes made by the company, 6enlightened made the decision of cutting Facebook off and using Twitter as the only social media.

FACEBOOK SHOULD STOP SUPPRESSING FREE SPEECH 

Given a whopping 2.5 million people use at least one of the Facebook's app, the social media platform should be more responsible in its advertising ways, however, unfortunately, the platform doesn't appear to believe in free speech but in censorship that they have actively practiced – evidently so for years now.

Russian hackers attacked Poland due to NATO exercises


The Polish government announced a large-scale information attack by Russia, which is aimed at worsening relations between Warsaw and Washington, as well as the Polish army

Poland announced about hacker attacks on Internet pages and posting false and manipulative information about the NATO exercises Defender Europe 2020 on Polish and foreign resources.

"Poland again became the target of information attacks that coincide with the Kremlin's actions against the West, especially against NATO countries. The organizers of such actions used well-known methods: hacking, spoofing content on web pages, as well as a fake interview with an American General," said Stanislav Zharin, the speaker of the coordinating Minister in the Government of Poland for Special Services.

He added that the disinformation attack coincides with the beginning of the next phase of the Defender Europe-2020 exercise and concerns military cooperation between Poland and the United States.
As noted, as a result of hacker attacks on several Polish sites, materials about the training of Defender Europe 2020 were posted. The article was posted on the Internet pages of Niezalezna[dot]pl, Olsztyn24[dot]com, RadioSzczecin[dot]pl, ePoznan[dot]pl, which makes fun of Poland and its army.

These materials were blocked by the administrators of information resources, but after that, some of them again became targets of cyberattacks. 

The speaker of the coordinating Minister noted that the theses published in the articles coincide with the long-term actions of the Russian Federation against Poland. According to Zharin, the purpose of this was to strike at the unity of NATO and the possibility of joint actions of US and Polish forces, to destabilize relations between Warsaw and Washington, as well as question official documents regarding threats to Poland.

It is interesting to note that Poland plans to completely abandon Russian gas from 2022.

StrandHogg is Back and Stronger As a More Sophisticated Vulnerability


Android is vulnerable anew owing it to a new vulnerability which goes by the name of “StrandHogg 2.0”

That is right. StrandHogg is back and now has affected numerous Android devices putting over a Billion Android devices in jeopardy.

The vulnerability is a pretty typical way aids hackers disguise illegitimate applications as legitimate ones with the ultimate aim of making them grant permissions which could end up releasing really important information.

The posing applications then find a way to the users’ sensitive data that too in real-time. Surprisingly, the worst part about the vulnerability is that the users would have no idea at all that they have been attacked and they’d be completely unaware of the malicious applications on their device.

This vulnerability is referenced as “CVE-2020-0096” and is known by the name “StrandHogg 2.0”. This version aids the hackers to make more sophisticated attacks.

As of last year StrandHogg was already listening in on conversations and recording them, accessing login credentials, read/sending unwanted texts and with complete control of the photo album, call logs, and contacts.

Allegedly, StrandHogg 2.0 excepting the latest version of the Android 10 OS, exists on most Android devices.

As per sources, the Google website has it that from a minimum of 2 Billion Android users, just 16% of them have updated to Android 10 hence the rest are allegedly vulnerable.

To fight or prevent any mishap that could be caused by StrandHogg 2.0, steer clear off pop up notifications asking permission for sending notifications, messages, or other related things and applications asking to log in again despite being already logged in.

Due to the Coronavirus Pandemic, not as per usual, Google will be releasing its Android 11 Beta version via an online conference at the Google I/O. Reportedly this conference is scheduled for June 3, 2020.

Sources mention that this conference will be a fresh source for many new updates and news about official events. The schedule for the launching of Android 11 has been released and according to it Android 11 will undergo 3 Beta releases in the upcoming months that are June, July, and August. Word has it that the official version would finally hash out in or near October.