Tag Archive for: Find

Airport Security Check Will Happen Without Taking Out Laptop, Mobile From Your Bag! Find Out How? – Trak.in

/in


Flight passengers will no longer be required to remove their electronic devices while getting their cabin baggage screened

Airport Security Check Will Happen Without Taking Out Laptop, Mobile From Your Bag! Find Out How?

Latest reports have confirmed that airports will soon employ advanced technology to screen bags without having to remove electronic devices. 

Airports To Use Technology For Screening Cabin Baggage

In India, the lengthy lines of passengers removing their laptops, cell phones, and chargers from their carry-on bags before security screenings may soon be a thing of the past. 

The Bureau of Civil Aviation Security (BCAS), the agency in charge of overseeing aviation security, is anticipated to release technical norms within a month, which will encourage airports to use cutting-edge equipment to screen bags without removing electronic devices.

As per a senior official of the Central Industrial Security Force (CISF), “All airports, including Delhi airport, need to improve the machines deployed for screening of cabin bags. They are lagging behind. Technologies such as dual x-ray, computer tomography and neutron beam technology will eliminate the need for passengers to remove laptops and other electronic devices.”

Today, airports all over the nation are experiencing a record number of passengers, which has already surpassed pre-Covid levels. On December 11, there were 4.27 lakh domestic travelers. 

Civil Aviation Minister Confirms Order of Providing More Machines

Security lanes were discovered to be the biggest congestion points at Delhi Airport, which recently experienced scenes of overcrowding resulting in passengers missing their flights. This was primarily because the number of x-ray machines for screening cabin bags was not commensurate with passenger traffic during peak hours.

Civil Aviation Minister Jyotiraditya Scindia intervened to order the airport operator to provide more machines for screening cabin bags after senior government officials accused airports of failing to expand their infrastructure to handle the increasing number of flights and passengers. Although the CISF supplies personnel, airport operators are responsible for providing the necessary security infrastructure.

Newer technologies, like computer tomography, produce 3-D images with…

Source…

Symantec researchers find new hacking tools used in stealthy ‘Cranefly’ campaign

/in


A new research paper released today by Symantec, a division of Broadcom Inc., details previously unknown tools and techniques used in a stealthy campaign by a suspected threat actor.

A dropper called Trojan.Geppei is being used by a threat actor Symantec has dubbed “Cranefly” (UNC3524) to install previously undocumented malware known as Denfuan and other tools. Danfuan is described as using the novel technique of reading commands from Internet Information Services logs, something Symantec’s researchers have never seen used in real-world attacks before.

The Cranefly attack group was first detected by researchers at Mandiant in May and was described as heavily targeting the emails of employees that dealt with corporate development, mergers and acquisitions and large corporate transactions.

Standing out from typical attack groups, Cranefly has a particularly long dwell time, often spending at least 18 months on a victim’s network while staying under the radar. Avoidance techniques include installing backdoors on appliances that don’t support security tools, such as SANS arrays, load balancers and wireless access point controllers.

The Geppei Trojan uses PyInstaller to convert a Python script to an executable file and reads commands from legitimate IIS logs. IIS logs record data from IIS, such as web pages and apps, with the attackers able to send commands to a compromised web server by disguising them as web access requires. IIS logs them as normal, but the Geppei can read them as commands.

Geppei’s commands contain malicious encoded .ashx files. The files are saved to an arbitrary folder and run as backdoors, with some strings not appearing in the IIS log files. The same files are used for malicious HTTP request parsing by Geppei.

The backdoors dropped by Geppei include Hacktool. Regeorg, a known form of malware that can create a SOCK proxy, but that’s not the interesting one. The previously unknown Trojan virus Danfuan is a DynamicCodeCompiler that compiles and executes C# code, is based on .NET dynamic compilation technology and dynamically compiles code in memory, delivering a backdoor to infected systems.

Just who is behind Cranefly and Danfuan is…

Source…

How To Find Out If You Will Get Anything From T-Mobile’s $350 Million Data Breach Settlement

/in


Wireless carrier T-Mobile has agreed to pay $350 million to settle complaints relating to last year’s major data breach.

Plaintiffs say the hack exposed data on millions of customers.

The settlement was first disclosed in a Securities and Exchange Commission (SEC) filing back in July.

T-Mobile customers, both past and present, could receive compensation from the settlement. Of course, not all of the $350 million will go to consumers.

Lawyers have to be paid. Also, $150 million will go to beef up T-Mobile security, described by the hacker in a confession to the Wall Street Journal, as “awful.”

According to Reuters, people who were T-Mobile customers at the time of the hack could receive $25 if the settlement is approved. Customers living in California would receive up to $100.

The final amount will likely be determined by how many customers make a claim.

In fact, the number of consumers affected by the breach is not precisely known. Lawyers for the plaintiffs say the number is over 76 million, a claim disputed by T-Mobile. 

Getting paid could take months

T-Mobile has not yet laid out steps for making a claim. In past settlements people eligible to receive compensation have usually been notified by mail. According to Tech Crunch, it could take several months for the company to sort everything out and contact eligible customers.

The settlement was filed in the U.S. District Court for the Western District of Missouri, which must give final approval. The settlement merged more than 40 class-action suits that claimed T-Mobile was lax with its network security.

If the settlement wins the court’s approval, it would be the second-largest data breach settlement in U.S. history. Equifax’s $700 million settlement in 2019 is the largest writes Consumer Affairs.

Related Articles

VIDEO

“Dr. Harry Delany is a renowned Harlem born and raised surgeon, the son of the great jurist and civil rights leader, Hubert Delany….” This monthly post is made in partnership with Harlem Cultural Archives.

Source…

Researchers Find Link b/w PrivateLoader and Ruzki Pay-Per-Install Services

/in


PrivateLoader and Ruzki Pay-Per-Install Services

Cybersecurity researchers have exposed new connections between a widely used pay-per-install (PPI) malware service known as PrivateLoader and another PPI platform offered by a cybercriminal actor dubbed ruzki.

“The threat actor ruzki (aka les0k, zhigalsz) advertises their PPI service on underground Russian-speaking forums and their Telegram channels under the name ruzki or zhigalsz since at least May 2021,” SEKOIA said.

The cybersecurity firm said its investigations into the twin services led it to conclude that PrivateLoader is the proprietary loader of the ruzki PPI malware service.

PrivateLoader, as the name implies, functions as a C++-based loader to download and deploy additional malicious payloads on infected Windows hosts. It’s primarily distributed through SEO-optimized websites that claim to provide cracked software.

Although it was first documented earlier this February by Intel471, it’s said to have been put to use starting as early as May 2021.

CyberSecurity

Some of the most common commodity malware families propagated through PrivateLoader include Redline Stealer, Socelars, Raccoon Stealer, Vidar, Tofsee, Amadey, DanaBot, and ransomware strains Djvu and STOP.

A May 2022 analysis from Trend Micro uncovered the malware distributing a framework called NetDooka. A follow-up report from BitSight late last month found significant infections in India and Brazil as of July 2022.

A new change spotted by SEKOIA is the use of VK.com documents service to host the malicious payloads as opposed to Discord, a shift likely motivated by increased monitoring of the platform’s content delivery network.

PrivateLoader and Ruzki Pay-Per-Install Services

PrivateLoader is also configured to communicate with command-and-control (C2) servers to fetch and exfiltrate data. As of mid-September, there are four active C2 servers, two in Russia and one each in Czechia and Germany.

“Based on the wide selection of malware families, which implies a wide range of threat actors or intrusion sets operating this malware, the PPI service running PrivateLoader is very attractive and popular to attackers on underground markets,” the researchers said.

SEKOIA further said it unearthed ties between PrivateLoader and ruzki, a threat actor that sells bundles of 1,000…

Source…