Tag Archive for: hacking

Post-Graff Hacking, Ransomware Group Says It Won’t Leak Dictator Data – JCK

/in


The hacking of Graff Diamonds’ client list by notorious Russian ransomware crew Conti spurred worldwide headlines—given that Graff’s client list includes many prominent celebrities.

The group last week reportedly posted 69,000 confidential documents featuring details about Graff customers on the so-called dark web—which featured personal info about famed Graff clients such as former President Donald Trump, Oprah Winfrey, and soccer star David Beckham.

The Jewelers’ Security Alliance gave tips on how to avoid cybercrime here, here, and here.

A Graff spokesperson tells JCK: “We are working with law enforcement while keeping affected clients informed of developments. At Graff, our clients are our priority. We take the protection of their privacy and data extremely seriously and continually revisit our security enhancement measures.”

But this week, in a strange development, certain celebrated Graff clients have been given a pass, perhaps because they are too ruthless for even cyber crooks to mess with.

“Conti guarantees that any information pertaining to members of Saudi Arabia, [United Arab Emirates], and Qatar families will be deleted without any exposure and review,” said an apparent statement from the group. “Our Team apologizes to His Royal Highness Prince Mohammed bin Salman and any other members of the Royal Families whose names were mentioned in the publication for any inconvenience.”

Mohammed bin Salman Al Saud is the Saudi Arabian prince that has been accused of ordering the murder of Washington Post reporter Jamal Khashoggi, a U.S. resident and critic of the Saudi regime. Bin Salman has denied involvement.

Security experts suggested that the group acted out of fear.

Philip Ingram, a former colonel in British military intelligence, told the Daily Mail: “This apology to the Saudis suggests there were some potentially serious repercussions about to be visited on the Conti gang. We may never know if and where any bodies turn up.”

But while Middle Eastern elites are apparently off-limits, the group did pledge to publish the financial declarations made by the “neoliberal plutocracy” of the United States, the European Union, and the United…

Source…

Microsoft warns about China-based hacking group that’s up to no good (again)

/in


Microsoft logoSource: Daniel Rubino / Windows Central

The China-based group of hackers associated with the SolarWinds Serv-U exploits from mid 2021, referred to as “DEV-0322” by Microsoft, is back in the limelight thanks to its efforts to compromise systems utilizing ZOHO ManageEngine ADSelfService Plus software.

DEV-0322’s latest activities appear to have a wide net of targets, including those in “the Defense Industrial Base, higher education, consulting services, and information technology sectors,” according to Microsoft. The tech giant first spotted the China-based hackers’ new operation on September 22, 2021, meaning the dangers have been around for a while now. You can read an in-depth breakdown of the activity Microsoft detected and a host of other technical information over at the company’s blog post wherein it gives an overview of the threat actor’s work as well as what you, the potentially affected individual, can do to suss out whether you’ve been compromised.

VPN Deals: Lifetime license for $16, monthly plans at $1 & more

DEV-0322 is one of many, many groups Microsoft is keeping an eye on. In the company’s 2021 Digital Defense Report, it gave details on malicious operations originating from all over the planet, including North Korea, Iran, South Korea, Turkey, and Vietnam. China was also on the list, as was Russia, with the latter nation managing to claim Microsoft’s troublemaker-of-the-year award thanks to its 2020 and 2021 SolarWinds activities, among other attacks.

China worked hard to stay on Microsoft’s radar as well, however, gaining recognition in the aforementioned report for its cyberattack efforts, including one that may have been used to harvest data for secret AI projects.

We may earn a commission for purchases using our links. Learn more.

Source…

Learn White Hat Hacking For Less with This Pre-Black Friday Sale

/in


Partner content by StackCommerce

We all think of hackers as mischievous troublemakers who wear hoodies and chug mountain dew, but despite what television shows you, these computer geniuses can work for good guys too. White hat hacking is one of the most well-known and lucrative sectors of the cybersecurity industry, and anyone who knows their way around it can set themselves up for a high-earning career. If this interests you, then you need to start with some education.

Check out The Ultimate 2021 White Hacker Certification Bundle, which is on sale for just $33.99 (reg. $1,345) with code SAVE15NOV during our Pre-Black Friday Sale. Once you’ve taken the 10 courses and near 1,000 lessons available in the bundle, you will have what it takes to defend any system from digital attacks. Immerse yourself in content on cybersecurity, ethical hacking, and more with leadership from top instructors Joe Parys and Nathan House.

House is a leading cyber security expert with nearly a quarter-century of experience and a 4.5/5 star instructor rating. His course The Complete Cyber Security Course, Vol. 1 Hackers Exposed has earned 25,373 positive ratings from nearly 150,000 students enrolled. It will show you how to stop hackers, prevent tracking, and counter government surveillance. There are 4 volumes of this course.

This bundle also features important certification preparation like the CompTIA CySA+ Cybersecurity Analyst (CS0-001) Prep Course, which helps students ace the high-stakes security analyst certification exams and become trusted professionals in the field. This class teaches students everything they need to know when responding to cybersecurity threats and attacks, and it will leave you ready to pass the pivotal CompTIA exam.

Check out The Ultimate 2021 White Hacker Certification Bundle, which is on sale for just $33.99 (reg. $1,345) with code SAVE15NOV during our Pre-Black Friday Sale.

Source…

CSA looking into Singapore cybersecurity firm blacklisted by US for trafficking hacking tools

/in


COSEINC describes itself on its website as a “privately funded company dedicated to providing highly specialised information security services to our clients”. It was founded in 2004 and is based at the Citilink Warehouse Complex on 102F Pasir Panjang Road.

According to its website, the company’s services include research, consulting and education, in areas such as computer security, malware analysis and penetration testing. Accounting and Corporate Regulatory Authority records show that it is a live company.

COSEINC’s chief executive officer is Mr Thomas Lim, according to his LinkedIn page. His most recent post, about a month ago, said he could help anyone looking to hire “trained and certified” cybersecurity professionals.

Reuters reported on Nov 4 that Mr Lim is known for organising a security conference, named SyScan, which was sold to Chinese technology firm Qihoo 360, a sanctioned entity.

An email published by WikiLeaks in 2015 suggested that Mr Lim had also previously offered to sell hacking tools to Italian spyware vendor HackingTeam, the report said.

COSEINC did not respond to CNA’s request for comments. The telephone number listed on the company’s website could not be reached.

THREE OTHER COMPANIES BLACKLISTED

COSEINC was one of four companies added to the trade blacklist by the US last week, with the other three being Russia’s Positive Technologies as well as Israel’s Candiru and NSO Group.

NSO Group and Candiru were added to the list based on evidence that they “developed and supplied spyware to foreign governments that used these tools to maliciously target government officials, journalists, business people, activists, academics and embassy workers”, said the US Department of Commerce on Nov 3.

NSO Group is the developer of Pegasus, a type of malware that infects iPhones and Android devices to enable operators of the tool to extract messages, photos and emails, record calls and secretly activate microphones.

Investigations have shown that some governments have used Pegasus to target rights activists, journalists and politicians around the world, with possible targets in Singapore. NSO Group has denied these reports.

Source…