Archive for Cyber Security

The white hat hacker has estimated the probability of a hacker attack on the websites of Internet giants

There is no need to worry about the security of Russian systems after a global failure in the work of world sites, since the servers of all state institutions are located on the territory of Russia

Information security expert Denis Batrankov explained that the problem of modern systems is that many companies do not have the opportunity to create their own office to host their servers there. As a result, they order servers from other hosting providers where they host their product. All responsibility in this case falls on the hosting provider, but the risk of failures increases significantly.

Vakulin illustrated his opinion with an example of Amazon Web Services hosting.

"Many sites are hosted by Amazon Web Services, including small and medium — sized businesses. Since there was a large and large-scale failure, then all the sites that were generally hosted on this platform go down after it", the hacker said.

The expert believes that, despite the recent attacks on the American pipeline company Colonial Pipeline and World’s Biggest Meat Supplier JBS, Russia should not worry too much about industrial safety.

"As for government agencies, their servers are located in Russia. The data is stored in our country. From a security point of view, everything has been done to prevent third parties from accessing this data", the expert said.

The programmer also drew attention to the fact that the State Duma was going to oblige foreign IT companies with an audience of more than 500 thousand people a day to open branches in Russia.

"This law can still be finalized to the point that all data will be stored on Russian servers," Vakulin said.

In conclusion, the programmer shared his vision of the future in the IT field. He believes that neural networks will control the servers.

"I carefully monitor how our technologies and knowledge of artificial intelligence and neural networks are improving," Vakulin said. " Most likely, neural networks will simply monitor everything in the future: they will be engaged in tracking the site. In 20 years, programmers and cryptographers will simply observe the work of artificial intelligence, somehow refine it, and it will already do the work for them."

Earlier, Internet users reported a global failure in the work of the sites of a number of media outlets, companies and social networks around the world. Problems were observed, for example, at CNN, Twitter, Guardian, Amazon, Reddit, New York Times. The problems occurred due to a failure in the work of the American cloud service provider Fastly. Within an hour, the problems were fixed.

Inadvertently Exposed Secrets and Tokens are promptly Scanned by GitHub

 

GitHub recently updated its insights to include repositories that contain registry secrets for PyPI and RubyGems. This approach protects millions of Ruby and Python programmers' who can unintentionally commit secrets and credentials to their GitHub repository. 

GitHub, Inc. is a software development and version control Internet hosting service utilizing Git. It provides Git's distributed version control, source code management as well as its features. GitHub provides users with Advanced Security licenses with security features available. These functionalities are also available for public repositories on GitHb.com. 

It was recently reported by GitHub that repositories that expose PyPI and RubyGems secrets, such as passwords and API tokens are now routinely scanned. 

To take advantage of this functionality, developers must make sure that GitHub Advanced Security is activated for their repository that is the default situation for public repositories. 

"For public repositories on GitHub.com, these features are permanently on and can only be disabled if you change the visibility of the project so that the code is no longer public," states GitHub. 

Secrets or tokens are strings that one can validate themselves when using a service, comparable to a username and a password. 

Third-party API applications often utilize private secrets in their code to access API services. As being such, one should be careful not to expose secrets, since this can lead to far more attacks in the broader supply chain. 

GitHub might inspect, among other things, for the secrets of the mistakenly committed npm, NuGet, and Clojars. 

As observed the list of GitHub Advanced Security currently supports more than 70 distinct kinds of secrets which are comprehensive. 

The advisory further read, “For other repositories, once you have a license for your enterprise account, you can enable and disable these features at the organization or repository level. For more information, see "Managing security and analysis settings for your organization" and "Managing security and analysis settings for your repository." If you have an enterprise account, license use for the entire enterprise is shown on your enterprise license page. For more information, see "Viewing your GitHub Advanced Security usage”."

GitHub tells the administrator when it spots a password, an API token, private SSH keys, or any other secrets that have been disclosed in public repositories. For instance, recently introduced PyPI and RubyGems, the registry maintainers would then remove the disclosed authorization and email the developer as to why. 

"If we find one, we notify the registry, and they automatically revoke any compromised secrets and notify their owner," explains GitHub software engineer Annie Gesellchen in a blog post. The benefit of GitHub's RubyGems and PyPI cooperation is that it revokes disclosed secrets automatically in seconds instead of waiting for the developer to take manual action. 

Automated secrecy scanning takes the user one inch ahead to protecting the developer's infrastructure from inadvertent leakage and increasing security in the supply chain.

International Sting Operation Cracks Down Encryption Criminal Groups

In an international sting operation targeting drug suppliers led to an arrest of a man. The suspect's face was blurred by the Australian Federal Police on privacy matters. The criminals while dealing with drug smuggling and money laundering, texted with each other, they were pretty confident that they'd not get caught because of a special encrypted platform the criminals were using for communication. However, the was only one issue with the group, that all these texts, which were in millions, were being tapped by the FBI. 

As a matter of fact, the FBI had sent these Anom devices to the black market. Operation Trojan Shield has these details and allegations revolving around it. It is an international operation led by the FBI which has resulted in more than 800 arrests. NPR says "the document includes transcripts of smugglers' conversations in which they name their prices and handling fees and describe their methods. Many of them also sent snapshots to each other, showing packages of cocaine and other drugs. They discussed strategies, from adding drugs to diplomatic pouches to filling pineapples and tuna cans with cocaine." 

Law enforcement agencies captured around 8 tonnes of cocaine, around 22 tonnes of cannabis, and several other drugs (in tonnes). Besides this, authorities have seized "55 luxury vehicles and over $48 million in various worldwide currencies and cryptocurrencies," says Interpol, a European law enforcement agency. As per the FBI, the agencies worked together to provide these criminal organization that operates all over the world more than 12,000 devices. Europol says it has been one of the largest and sophisticated crackdown operations on encryption criminal activities to date. Using Anom, FBI, and Europol around 300 Transnational Criminal Organizations (TCO). 

These include Italian organized crime group Outlaw Motorcycle gangs and other narcotics source (international), distribution systems, and transportation. "Law enforcement agencies were in a unique position to help the new Anom device find its market. In recent years, they've taken down three similar networks — Phantom Secure, EncroChat and, earlier this year, Sky Global — boosting criminals' demand for a new alternative," said NPR.

Hackers Target American Retail Businesses, FINRA Scolds Brokerage Firms

 

Besides the American corporations facing threats from overwhelming cyberattacks, American retail businesses are also struggling to fight against the rise of hackers hacking into their accounts and investments. FINRA (Financial Industry Regulatory Authority), the market's self-regulatory body, in a recent notice said that it received several complaints related to customer accounts being hacked. The incident involved attackers using stolen customer information like login credentials to hack into online customers' brokerage accounts. 

According to Market Watch "Ari Jacoby, chief executive and co-founder of cybersecurity firm Deduce, backed up this statement with data showing that account-takeover fraud increased by roughly 250% from 2019 to 2020. He told Security.org that account-takeover prevention is a $15 billion market that is “growing significantly year-over-year.“ FINRA finds two factors that might be responsible for the surge in account takeover incidents. 

First is an increase in the use of online services and brokerage apps, that allows hackers to break into user accounts using login I'd and passwords that they buy from Darkweb. It becomes very easy for hackers to find the login credentials of the customers as many users use the same password combinations for multiple accounts. The second aspect is the Covid-19 factor. "Customer account-takeovers have been a recurring issue, but reports to FINRA about such attacks have increased as more firms offer online accounts, and as more investors conduct transactions in these accounts. In part due to the proliferation of mobile devices and applications and the reduced accessibility of firm’s physical locations due to the COVID-19 pandemic," reports FINRA. 

The Security and Exchange Commission is also keeping an eye on this incident and is pressing hard on brokerage firms for not keeping a check on suspicious activities. Market Watch says "But most individual investors don’t have to wait for the SEC or FINRA to come to their rescue, because this sort of criminal activity is largely enabled by a lack of vigilance on the part of victims, including requesting that their broker send them suspicious login alerts and using two-factor authentication, according to Jacoby."

Hackers Target American Retail Businesses, FINRA Scolds Brokerage Firms

 

Besides the American corporations facing threats from overwhelming cyberattacks, American retail businesses are also struggling to fight against the rise of hackers hacking into their accounts and investments. FINRA (Financial Industry Regulatory Authority), the market's self-regulatory body, in a recent notice said that it received several complaints related to customer accounts being hacked. The incident involved attackers using stolen customer information like login credentials to hack into online customers' brokerage accounts. 

According to Market Watch "Ari Jacoby, chief executive and co-founder of cybersecurity firm Deduce, backed up this statement with data showing that account-takeover fraud increased by roughly 250% from 2019 to 2020. He told Security.org that account-takeover prevention is a $15 billion market that is “growing significantly year-over-year.“ FINRA finds two factors that might be responsible for the surge in account takeover incidents. 

First is an increase in the use of online services and brokerage apps, that allows hackers to break into user accounts using login I'd and passwords that they buy from Darkweb. It becomes very easy for hackers to find the login credentials of the customers as many users use the same password combinations for multiple accounts. The second aspect is the Covid-19 factor. "Customer account-takeovers have been a recurring issue, but reports to FINRA about such attacks have increased as more firms offer online accounts, and as more investors conduct transactions in these accounts. In part due to the proliferation of mobile devices and applications and the reduced accessibility of firm’s physical locations due to the COVID-19 pandemic," reports FINRA. 

The Security and Exchange Commission is also keeping an eye on this incident and is pressing hard on brokerage firms for not keeping a check on suspicious activities. Market Watch says "But most individual investors don’t have to wait for the SEC or FINRA to come to their rescue, because this sort of criminal activity is largely enabled by a lack of vigilance on the part of victims, including requesting that their broker send them suspicious login alerts and using two-factor authentication, according to Jacoby."