Tag Archive for: successfully

Anonymous Hackers Successfully Hack More Russian Websites

/in


KEY POINTS

  • Anonymous took down the websites of Russia’s Customs Service and Goodstom
  • The collective last week successfully hacked a Russian UAV
  • It had also hacked a Russian law firm and obtained confidential client information

Anonymous, the decentralized hacktivist collective and movement which declared a cyberwar against Russia for its invasion of Ukraine, has launched another series of attacks on Russian websites. 

On Monday, the hacking collective announced it successfully took down the Federal Customs Service of Russia as well as goodstom.ru, a website belonging to the dental clinic Khoroshaya Stomatologiya located in Saint Petersburg. 

The latest attack comes months after Anonymous in April declared it will continue to hack and release confidential information until Russia stops the war in Ukraine.

“The hacking will continue until Russia stops their aggression,” the collective said in a tweet published in early April.

The cyber attack against Russia’s customs website and Goodstom also comes after the group successfully hacked a Russian Unmanned Aerial Vehicle (UAV) last week. The attack gave Anonymous access to the Kremlin’s tactics and plans, which were later uploaded to AnonFiles by a hacker going by the name “Spider” and made accessible to the public.

The operative, who previously took down Belarus’ Ministry of Internal Affairs website, warned Putin to “expect” more attacks from the collective for the “war crimes” that Russians have committed during the war. 

“We will expose you and the war crimes you have committed. We will share the crimes of your corrupt government,” @Youranonspider told the International Business Times in an exclusive interview. “We are in the electronic car navigation system. We are Anonymous. We are Legion. We don’t forgive. We do not forget. Expect us.”

On June 8, Anonymous announced hacking a top Russian law firm, Rustam Kurmaev and Partners (RKP), and released one terabyte of data, including information that would have remained hidden from the public under attorney-client privileges such as emails and court files. The law firm’s list of clients included Ikea, Volkswagen Group Russia, Toyota Russia, Panasonic, Abbott…

Source…

‘Hack DHS’ Program Successfully Concludes First Bug Bounty Program

/in


Today, the Department of Homeland Security (DHS) announced the results of its first bug bounty program. Through the “Hack DHS” program, vetted cybersecurity researchers and ethical hackers are invited to identify potential cybersecurity vulnerabilities in select external DHS systems. In the first phase of this program, more than 450 vetted security researchers identified 122 vulnerabilities, of which 27 were determined to be critical. DHS awarded a total of $125,600 to participants for identifying these verified vulnerabilities. DHS was the first federal agency to expand its bug bounty program to find and report log4j vulnerabilities across all public-facing information system assets, which allowed the Department to identify and close vulnerabilities not surfaced through other means.

“Organizations of every size and across every sector, including federal agencies like the Department of Homeland Security, must remain vigilant and take steps to increase their cybersecurity,” said Secretary of Homeland Security Alejandro N. Mayorkas. “Hack DHS underscores our Department’s commitment to lead by example and protect our nation’s networks and infrastructure from evolving cybersecurity threats.”

Hack DHS launched in December 2021 with the goal of developing a model that can be used by other organizations across every level of government to increase their own cybersecurity resilience. During the second phase of this three-phase program, vetted cybersecurity researchers and ethical hackers will participate in a live, in-person hacking event.  During the third and final phase, DHS will identify lessons learned, including to inform future bug bounty programs.

“The enthusiastic participation by the security researcher community during the first phase of Hack DHS enabled us to find and remediate critical vulnerabilities before they could be exploited,” said DHS Chief Information Officer Eric Hysen. “We look forward to further strengthening our relationship with the researcher community as Hack DHS progresses.”

To learn more about Hack DHS, please visit DHS.gov. Further, organizations of all sizes can visit CISA’s Shields Up webpage for resources and…

Source…

Hacker says he successfully broke into security system of BPhone

/in


By exploiting a flaw on BKAV Mobile Security, a hacker has said that he fooled the security system of BPhone to unlock the device.

Hacker says he successfully broke into security system of BPhone

A hidden hacker recently published on his Blogspot an article on how to hack BPhone. With some technical operations, the man can crack the anti-theft feature on newly launched BPhone models.

According to the hacker, the vulnerability was discovered four years ago but it still can be exploited. To prove his finding, the hacker described in detail the flaw that he discovered.

The man discovered that the security app has the function of sending requests to BKAV’s server to check the status of the device and lock the device if necessary.

According to the hacker, BPhone communicates with a server by sending SMS messages. This is why BPhones are introduced as having anti-theft function even when there is no internet connection.

Communications are conducted every time when BPhone owners turn on the phones or change SIM. A message with encrypted information such as Chip ID, IMEI, etc will be sent to one of the telephone numbers of BKAV.

BKAV’s server, after receiving information, will check if the owners of BPhones report the loss of their devices. If the loss is confirmed, a server will send an SMS message to conduct the operation to lock the devices.

The security hole of BKAV Mobile Security occurs because it doesn’t verify the name of senders. Regardless of the sender, the system will handle messages, no matter who the senders are, if the messages follow the syntax rule.

With some technical operations, the hacker found the message structure (encrypted) that the server sends to the phone.

The hacker said he found the fixed key that BKAV uses to encrypt and decrypt data.

Thanks to finding a security hole that doesn’t verify senders, and finding the fixed key, the hacker can forge SMS messages from the server to phones to unlock devices with any passcode. This is how the hacker neutralized BPhone’s anti-theft feature.

This is the second security accident related to BKAV over the last month. In December 2021, the technology firm ran into trouble when users’ information was leaked, affecting 200 users of BKAV’s products.

BKAV’s representative, who…

Source…

Essence Group successfully meets devices supply demand throughout 2021

/in


Top 10 articles of 2021 reflect a changing security marketplace

Our most popular articles in 2021 provide a good reflection of the state of the industry. Taken together, the Top 10 Articles of 2021, as measured by reader clicks, cover big subjects such as smart cities and cybersecurity. They address new innovations in video surveillance, including systems that are smarter and more connected, and a new generation of computer chips that improve capabilities at the edge.
A recurring theme in 2021 is cybersecurity’s impact on physical security, embodied by a high-profile hack of 150,000 cameras and an incident at a Florida water plant. There is also an ongoing backlash against facial recognition technology, despite promising technology trends.
Cross-agency collaboration
Our top articles also touch on subjects that have received less exposure, including use of artificial intelligence (AI) for fraud detection, and the problem of cable theft in South Africa. Here is a review of the Top 10 Articles of 2021, based on reader clicks, including links to the original content:
Smart cities have come a long way in the last few decades, but to truly make a smart city safe
Safety in Smart Cities: How Video Surveillance Keeps Security Front and Center
The main foundations that underpin smart cities are 5G, Artificial Intelligence (AI), and the Internet of Things (IoT) and the Cloud. Each is equally important, and together, these technologies enable city officials to gather and analyse more detailed insights than ever before. For public safety in particular, having IoT and cloud systems in place will be one of the biggest factors to improving the quality of life for citizens. Smart cities have come a long way in the last few decades, but to truly make a smart city safe, real-time situational awareness and cross-agency collaboration are key areas that must be developed as a priority.
Fraud detection technology
How AI is Revolutionising Fraud Detection
Fraud detection technology has advanced rapidly over the years and made it easier for security…

Source…