Tag Archive for: issued

Warning issued to Sky customers amid hacking concerns

/in


Sky customers have been warned that a recent security breach may have led to six million customers being spied on.

The worrying flaw in Sky’s routers was discovered by researcher Raf Fini from Pen Test Partners, reports The Mirror.

The findings revealed six million devices could have been susceptible to hacking.

Read more UK headlines here

It could be a common problem as people do not update the security on their router.

In May, the consumer watchdog Which? warned that a common flaw in people’s routers was a lack of security updates.

So was anyone affected and how can you check if the problem affected you?

What was the Sky breach?

Findings from Pen Test Partners have said that people affected were easily exploited.

People were drawn in easily by a phishing email, designed to link someone to a website with malicious software on it.

From there, everything could be easily accessed, including passwords for banking sites.

There is no evidence so far that people’s routers were actually exploited, but people are being encouraged to check.

Who was affected by the Sky hack?

A Sky spokesperson said in a brief statement after the report: “We take the safety and security of our customers very seriously.

“After being alerted to the risk, we began work on finding a remedy for the problem, and we can confirm that a fix has been delivered to all Sky manufactured products.”

The issue is reported to have taken up to 18 months to fix and around six million people were at risk.

“While the coronavirus pandemic put many internet service providers under pressure, as people moved to working from home, taking well over a year to fix an easily exploited security flaw simply isn’t acceptable,” Pen Test Partner’s Ken Munro told the BBC.

If you are one of the 1% of Sky’s customers who does not have a router made by Sky, you can have it replaced free of charge.

The models that were affected are as follows:

  • Sky Hub 3 (ER110)
  • Sky Hub 3.5 (ER115)
  • Booster 3 (EE120)
  • Sky Hub (SR101)
  • Sky Hub 4 (SR203)
  • Booster 4 (SE210)

    • Sign up to the StokeonTrentLive newsletter for all the latest news by clicking here.

    How do I check if my router was hacked?

    The vulnerability exploited by hackers that was found in the routers…

    Source…

    Cyemptive Technologies Announces Their Recently Issued Patent That, For the First Time in History, Provides the Key to Successfully Defend Against Ransomware, Malware and Steganography

    /in


    SNOHOMISH, Wash., September 22, 2021–(BUSINESS WIRE)–Cyemptive Technologies, Inc., a provider of pre-emptive cybersecurity products and technology and winner of the Department of Homeland Security’s national competition for most innovative border security-related solution in the market, today announced their recently issued patent that, for the first time in history, provides a patent-validated solution to prevent ransomware, malware and steganography assaults.

    According to industry research, companies are succumbing to increasingly sophisticated ransomware and malware attacks at a cost of more than $7.5 billion in 2019. Even prior to the COVID pandemic, ransomware attacks have been growing by more than 20% year over year.

    “Current processes such as big data analytics, machine learning, artificial intelligence, deep learning, checksum technology, known signatures, API monitoring, and human intervention are obviously not working against ever-evolving, zero day ransomware variations,” said Bryan Seely, Cyemptive’s Senior Security Architect and well-known cybersecurity author and expert.

    “This patent confirms the uniqueness of our solution and is a complete game-changer,” said Rob Pike, founder and CEO of Cyemptive Technologies. “This is a totally different methodology that actually identifies the fundamental structural design elements underlying any type of existing or new-variant ransomware attack and then pre-empts the attack from proceeding. We do not need or depend on AI, deep learning, signatures or other existing approaches that focus on post-intrusion analysis,” said Pike. “We detect the root characteristics of any type of ransomware attack and then pre-empt it.”

    “Cyemptive has now patented the ransomware answer that Cyemptive currently deploys in our Enterprise Scanner (CES),” said Seely. “The next step is incorporating this technology at the kernel level, at which time ransomware will be solved.”

    “Not only that,” said Jim DuBois, Cyemptive Chief Strategy Officer and former Chief Information Security Officer for Microsoft, “we provide financially-backed SLAs to support our pledge to preemptively detect and remediate problems, particularly when combining our…

    Source…

    Urgent iPhone update issued after spyware discovered that gives hackers access

    /in


    Apple on Monday advised all users to update their devices after researchers warned that the Israeli spyware company NSO Group had developed a way to take control over nearly any Apple computer, watch or iPhone.

    “It’s absolutely terrifying,” said John Scott-Railton, a senior researcher at The Citizen Lab, which recently discovered the software exploit and notified Apple about it. The group published a report about it Monday.

    The malicious software takes control of an Apple device by first sending a message through iMessage, the company’s default messaging app, and then hacking through a flaw in how Apple processes images. It is what’s known in the cybersecurity industry as a “zero-click” exploit — a particularly dangerous and pernicious flaw that doesn’t require a victim clicking a link or downloading a file to take over.

    People whose devices have been exploited are extremely unlikely to realize they’ve been hacked, Scott-Railton said.

    “The user sees crickets while their iPhone is silently exploited,” he said. “Someone sends you a GIF that isn’t, and then you’re in trouble. That’s it. You don’t see a thing.”

    As is often the case with NSO Group hacking, the newly discovered exploit is both technologically remarkable but likely only used on people specifically targeted by governments who use the company’s software.

    NSO Group creates surveillance and hacking software that it leases to governments to spy on individuals’ computers and smartphones. For years, it has insisted that its primary product, Pegasus, is a vital tool to stop terrorists and other criminals, and that it merely leases its technology to legitimate governments in accordance with their own laws. It has also insisted it can’t be used to target Americans’ phones, and that it revokes usage from countries that misuse its products.

    But Citizen Lab, a cybersecurity research center at the University of Toronto, has repeatedly found instances of Pegasus software used against journalists in Mexico who investigated cartels and Saudi Arabian dissidents, including associates of the slain Washington Post columnist Jamal Khashoggi.

    In an emailed statement, an NSO spokesperson said…

    Source…

    ‘High’ Security Warning issued for WhatsApp by India’s cyber agency; threats detailed

    /in


    India’s cyber-security agency CERT-In on Saturday expressed concern over the detection of certain vulnerabilities in social-media networking app- WhatsApp for both Android and iOS which could lead to a possible breach of sensitive information.

    Issuing a ‘high severity rating’ advisory, the Indian Computer Emergency Response Team cautioned users sharing that a vulnerability had been detected in software that has “WhatsApp and WhatsApp Business for Android prior to v2.21.4.18 and WhatsApp and WhatsApp Business for iOS prior to v2.21.32.”

    “Multiple vulnerabilities have been reported in WhatsApp applications which could allow a remote attacker to execute arbitrary code or access sensitive information on a targeted system,” the advisory said. “Successful exploitation of these vulnerabilities could allow the attacker to execute arbitrary code or access sensitive information on a targeted system,” it added.

    According to CERT-In, the vulnerabilities were a result of an alleged “cache configuration issue and missing bounds check within the audio decoding pipeline” in the WhatsApp applications. The agency has urged all users to immediately update the latest version of WhatsApp from the Google Play Store or iOS App Store to counter the vulnerability threat.

    CCI levels charges against WhatsApp

    The advisory comes days after the Competition Commission of India (CCI) told the Delhi high court that WhatsApp’s new privacy policy could lead to excessive data collection and “stalking” of consumers for targeted advertising to bring in more users. “The Commission is of prima facie opinion that the ‘take-it-or-leave-it nature of privacy policy and terms of service of WhatsApp and the information sharing stipulations mentioned therein merit a detailed investigation in view of the market position and market power enjoyed by WhatsApp,” it said. The CCI has since January 2021 been looking into the details of the privacy policy. 

    The Facebook-owned messaging app has been embroiled in controversy over the past year with regards to the proposed policy and the changes that it planned to introduce. 

    (With Agency Inputs)

    Source…