Tag Archive for: Rampant

Yogurt Heist Reveals a Rampant Form of Online Fraud

/in


The Journal’s story reveals that cargo hijacking fraud remains a serious problem—one that cost $500 million in 2023, quadruple the year before. Victims say load board operators need to do more to verify users’ identities, and that law enforcement and regulators also need to do more to address the thefts.

Multifactor authentication (MFA) has served as a crucial safeguard against hackers for years. In Apple’s case, it can require a user to tap or click “allow” on an iPhone or Apple Watch before their password can be changed, an important protection against fraudulent password resets. But KrebsOnSecurity reports this week that some hackers are weaponizing those MFA push alerts, bombarding users with hundreds of requests to force them to allow a password reset—or at the very least, deal with a very annoying disruption of their device. Even when a user does reject all those password reset alerts, the hackers have, in some cases, called up the user and pretended to be a support person—using identifying information from online databases to fake their legitimacy—to social engineer them into resetting their password. The solution to the problem appears to be “rate-limiting,” a standard security feature that limits the number of times someone can try a password or attempt a sensitive settings change in a certain time period. In fact, the hackers may be exploiting a bug in Apple’s rate limiting to allow their rapid-fire attempts, though the company didn’t respond to Krebs’ request for comment.

Israel has long been accused of using Palestinians as subjects of experimental surveillance and security technologies that it then exports to the world. In the case of the country’s months-long response to Hamas’ October 7 massacre—a response that has killed 31,000 Palestinian civilians and displaced millions more from their homes—that surveillance now includes using controversial and arguably unreliable facial recognition tools among the Palestinian population. The New York Times reports that Israel’s military intelligence has adopted a facial recognition tool built by a private tech firm called Corsight, and has used it in its attempts to identify members of…

Source…

Partha Chatterjee: Parthar’s home security guards mobile ED, a total of 13 places searched! Speculation is rampant

/in


#Kolkata: Shocking twist in SSC corruption case. The Enforcement Directorate (ED) raided the house of former education minister Partha Chatterjee. The central agency launched a morning search operation at Partha Chatterjee’s house in Naktala. Not only that, the ED came and took the mobile phones of all the policemen who were guarding Partha Chatterjee’s house. Central forces have also been deployed outside the house.

Kolkata police team is standing outside. The front of the house has been barricaded. Central forces have barricaded outside to avoid any untoward incident. Meanwhile, it is reported that the ED has also raided the house of Minister of State for Education Paresh Adhikari. ED also launched an investigation operation at the house of Paresh Adhikari in Mekhligonj on Friday morning. A delegation of about 5 people went to Paresh Adhikari’s house. At the same time, it is reported that the ED team has also reached the house of Chandan Mandal in Baghdad. Central forces are also with ED in Mekhliganj and Baghdad. It is reported that the ED’s search operation is going on in several places of the state on Friday.

Also Read: Suddenly ED raids Partha Chatterjee’s house, central forces surround house

According to sources, the ED is conducting searches at a total of 13 places. In the ED SSC case, the state is conducting searches at 13 places including the houses of Partha Chatterjee, Bagda Ranjan, Paresh Adhikari.

Also Read: Draupadi Murmur’s Victory Celebration, Bengal BJP District President’s Surprising Elation

According to the information obtained by the ED after interrogating the petitioners, jobs were given to low marks and failed candidates in exchange of money. A section of the Education Department and those who have taken the lead in providing these jobs at the district level have benefited financially. According to sources, Partha Chattopadhyay is being interrogated as to whether he was aware of these financial transactions as the then minister of the department and whether any of his close officials were involved in these financial transactions.

Besides, the information obtained by CBI regarding financial transactions by interrogating some of those accused…

Source…

Pro-Russia hack campaigns are running rampant in Ukraine

/in


Pro-Russia hack campaigns are running rampant in Ukraine

Getty Images

Pro-Russian threat actors are continuing their unrelenting pursuit of Ukrainian targets, with an array of campaigns that include fake Android apps, hack attacks exploiting critical vulnerabilities, and email phishing attacks that attempt to harvest login credentials, researchers from Google said.

One of the more recent campaigns came from Turla, a Russian-speaking advanced persistent threat actor that’s been active since at least 1997 and is among the most technically sophisticated in the world. According to Google, the group targeted pro-Ukrainian volunteers with Android apps that posed as launchpads for performing denial-of-service attacks against Russian websites.

Google

“All you need to do to launch the process is install the app, open it and press start,” the fake website promoting the app claimed. “The app immediately begins sending requests to the Russian websites to overwhelm their resources and cause the denial of service.”

In fact, a researcher with Google’s threat analysis group said, the app sends a single GET request to a target website. Behind the scenes, a different Google researcher told Vice that the app was designed to map out the user’s Internet infrastructure and “work out where the people that are potentially doing these sorts of attacks are.”

The apps, hosted on a domain spoofing the Ukrainian Azov Regiment, mimicked another Android app Google first saw in March that also claimed to perform DoS attacks against Russian sites. Unlike the Turla apps, stopwar.apk, as the latter app was named, sent a continuous stream of requests until the user stopped them.

Google

“Based on our analysis, we believe that the StopWar app was developed by pro-Ukrainian developers and was the inspiration for what Turla actors based their fake CyberAzov DoS app off of,” Google researcher Billy Leonard wrote.

Other hacking groups sponsored by the Kremlin have also targeted Ukrainian groups. Campaigns included the exploitation of Follina, the name given to a critical vulnerability in all supported versions of Windows that was actively targeted in the wild

Source…

Hard Numbers: Global vaccine good news, rampant ransomware, 5G growing fast, Spanish wind power

/in


58.1: As of December 17, 56.6 percent of the global population has received at least one COVID vaccine shot. We sometimes don’t realize how big of an achievement this is from just a year ago, when frontline health workers were the first to get jabs.

11: A ransomware attack occurred every 11 seconds in 2021, according to one estimate. Earlier this year, hackers carried out their most famous attack to date against Colonial Pipeline, which supplies almost half of the oil and gas consumed in the US Eastern Seaboard.

540 million: Global 5G connections are expected to reach 540 million by the end of the year, according to a new report. That’s more than double the amount in all of 2020.

23.1: Wind became Spain’s top energy source this year, overtaking nuclear for the first time. Half of the country’s energy now comes from renewable sources, which the government hopes will help bring down sky-high power prices in 2021.

Source…