Tag: transfer | Page 3

China’s New Draft Measures for Data Cross-border Transfer

November 5, 2021/in Internet Security

On October 29, 2021, the Cyberspace Administration of China (“CAC”) published the Security Assessment Measures of Data Cross-border Transfer (Draft for Comments) (the “New Draft Measures”) for public comments.

The New Draft Measures intends to set up clear implementation rules for the general principles of data cross-border transfer set forth in the Cyber Security Law, the Data Security Law and the Personal Information Protection Law. Although the current draft may be subject to further revisions before finalization, the following potential impacts of the New Draft Measures are worthy of attention:

Possibility to trigger assessment by the PRC government may impact the daily operations of many multinational companies.

Article 4 of the New Draft Measures specifies five scenarios under which data cross-border transfer will trigger safety assessment by the central CAC or the relevant provincial branch of CAC (as applicable):

(1) Cross-border transfer of personal information (“PI”) or important data collected or generated by the operators of critical information infrastructures;

(2) Cross-border transfer of data containing important data;

(3) Cross-border transfer of PI by a processor who has processed PI of one million or above;

(4) Cumulative cross-border transfer of PI of 100,000 or above or sensitive PI of 10,000 or above;

(5) Other scenarios as specified by CAC.

Among the abovementioned five triggers, for many multinational companies in the PRC, the third and the fourth ones are most relevant to their daily operations, where these multinationals might need to transfer PI of its users, customers, suppliers and employees to their overseas headquarters or global data processing centers. For compliance purpose, these multinationals might need to start to closely audit and monitor existing, ongoing and future transfer and storage of PI from the PRC, and assess and prepare for possible application of safety assessment by the PRC authorities.

Please note that the current formulation of the triggers under Article 4 still need further clarification. For example, (i) the definition of “important data” needs to be further specified; (ii)…

Source…

SIM Transaction Theft: How to protect your SIM card from scammers wey fit use am transfer money from your bank account

February 27, 2021/in Mobile Security

3 hours wey don pass

Di need to protect “SIM Card” don dey important afta one man expose di new strategy of how scammers take dey tiff pipo money from dia phone.

Di video of one young man wey dey trend for social media expose how im take dey transfer pipo money from dia account wit dia sim cards.

According to di man wey no mention im name but claim to be fraudster say di new transfer strategy now na “SIM transaction.”

For inside di video wey last for about 30 minutes, e explain say im dey use SIM cards wey dey receive bank alert to transfer money from pipo account.

He say di kind fraud wey im dey commit na wetin e call SIM transaction. “If I see any SIM card wey dey receive alert, I go fit withdraw from am.” He say for example if im dial 425100#, e go show di name of di bank di pesin dey use. If e show maybe Access Bank, im go dial 90100#, and e go show di pesin account balance.

Di man add join say if money no dey pesin account, if na salary account, through di SIM card, im fit collect loan, like loan pf N20,000, N15,000 or N5,000.00, depending on di amount pesin wey get di SIM fit loan.

Dis don make many pipo dey reason how dem fit protect dia SIM cards from fraudsters.

According to sabi pipo from one technology website CNET.com and one internet mobile security website, “us.norton.com”, dem explain how you fit block scammers make dem no fit hack your bank account through SIM Swap or Fraud.

How to Protect Your Bank Account Against Fraud By Securing Your Sim

If you dey do Mobile Banking from your fone, e dey necessary to put PIN on top your SIM, if not, jaguda pipo go fit clear your account anytime you lost your fone or if dem tiff am.

Di process dey very simple. For dos wey no sabi, dis simple steps go protect hacking of your bank account if dem tiff your SIM or if you do SIM SWAP/Fraud.

Go to SETTINGS for your phone.
Go to SECURITY & LOCATION under SETTINGS
Go to SIM CARD LOCK.
Click on LOCK SIM CARD.
Enter Your mobile network default SIM CARD PIN. (For MTN users na “00000”. AIRTEL users na “1111”. 9mobile users na “0000” and for GLO users na “0000”).
Afta you enta di MOBILE NETWORK DEFAULT PIN, under am you go see ” CHANGE SIM PIN”, click on it to…

Source…

Exploitation of Accellion File Transfer Appliance

February 24, 2021/in Alerts

This joint advisory is the result of a collaborative effort by the cybersecurity authorities of Australia,[1] New Zealand,[2] Singapore,[3] the United Kingdom,[4] and the United States.[5][6] These authorities are aware of cyber actors exploiting vulnerabilities in Accellion File Transfer Appliance (FTA).[7] This activity has impacted organizations globally, including those in Australia, New Zealand, Singapore, the United Kingdom, and the United States.

Worldwide, actors have exploited the vulnerabilities to attack multiple federal and state, local, tribal, and territorial (SLTT) government organizations as well as private industry organizations including those in the medical, legal, telecommunications, finance, and energy sectors. According to Accellion, this activity involves attackers leveraging four vulnerabilities to target FTA customers.[8] In one incident, an attack on an SLTT organization potentially included the breach of confidential organizational data. In some instances observed, the attacker has subsequently extorted money from victim organizations to prevent public release of information exfiltrated from the Accellion appliance.

This Joint Cybersecurity Advisory provides indicators of compromise (IOCs) and recommended mitigations for this malicious activity. For a downloadable copy of IOCs, see: AA21-055A.stix and MAR-10325064-1.v1.stix.

Click here for a PDF version of this report.

Accellion FTA is a file transfer application that is used to share files. In mid-December 2020, Accellion was made aware of a zero-day vulnerability in Accellion FTA and released a patch on December 23, 2020. Since then, Accellion has identified cyber actors targeting FTA customers by leveraging the following additional vulnerabilities.

CVE-2021-27101 – Structured Query Language (SQL) injection via a crafted HOST header (affects FTA 9_12_370 and earlier)
CVE-2021-27102 – Operating system command execution via a local web service call (affects FTA versions 9_12_411 and earlier)
CVE-2021-27103 – Server-side request forgery via a crafted POST request (affects FTA 9_12_411 and earlier)
CVE-2021-27104 – Operating system command execution via a crafted POST request (affects FTA 9_12_370 and earlier)

One of the exploited vulnerabilities (CVE-2021-27101) is an SQL injection vulnerability that allows an unauthenticated user to run remote commands on targeted devices. Actors have exploited this vulnerability to deploy a webshell on compromised systems. The webshell is located on the target system in the file /home/httpd/html/about.html or /home/seos/courier/about.html. The webshell allows the attacker to send commands to targeted devices, exfiltrate data, and clean up logs. The clean-up functionality of the webshell helps evade detection and analysis during post incident response. The Apache /var/opt/cache/rewrite.log file may also contain the following evidence of compromise:

[.'))union(select(c_value)from(t_global)where(t_global.c_param)=('w1'))] (1) pass through /courier/document_root.html
[.'))union(select(reverse(c_value))from(t_global)where(t_global.c_param)=('w1'))] (1) pass through /courier/document_root.html
['))union(select(loc_id)from(net1.servers)where(proximity)=(0))] (1) pass through /courier/document_root.html

These entries are followed shortly by a pass-through request to sftp_account_edit.php. The entries are the SQL injection attempt indicating an attempt at exploitation of the HTTP header parameter HTTP_HOST.

Apache access logging shows successful file listings and file exfiltration:

“GET /courier/about.html?aid=1000 HTTP/1.1” 200 {Response size}
“GET /courier/about.htmldwn={Encrypted Path}&fn={encrypted file name} HTTP/1.1” 200 {Response size}

When the clean-up function is run, it modifies archived Apache access logs /var/opt/apache/c1s1-access_log.*.gz and replaces the file contents with the following string:

Binary file (standard input) matches

In two incidents, the Cybersecurity and Infrastructure Security Agency (CISA) observed a large amount of data transferred over port 443 from federal agency IP addresses to 194.88.104[.]24. In one incident, the Cyber Security Agency of Singapore observed multiple TCP sessions with IP address 45.135.229[.]179.

Organizations are encouraged to investigate the IOCs outlined in this advisory and in AR21-055A. If an Accellion FTA appears compromised, organizations can get an indication of the exfiltrated files by obtaining a list of file-last-accessed events for the target files of the symlinks located in the /home/seos/apps/1000/ folder over the period of malicious activity. This information is only indicative and may not be a comprehensive identifier of all exfiltrated files.

Organizations with Accellion FTA should:

Temporarily isolate or block internet access to and from systems hosting the software.
Assess the system for evidence of malicious activity including the IOCs, and obtain a snapshot or forensic disk image of the system for subsequent investigation.
If malicious activity is identified, obtain a snapshot or forensic disk image of the system for subsequent investigation, then:
- Consider conducting an audit of Accellion FTA user accounts for any unauthorized changes, and consider resetting user passwords.
- Reset any security tokens on the system, including the “W1” encryption token, which may have been exposed through SQL injection.
Update Accellion FTA to version FTA_9_12_432 or later.
Evaluate potential solutions for migration to a supported file-sharing platform after completing appropriate testing.
- Accellion has announced that FTA will reach end-of-life (EOL) on April 30, 2021.[9] Replacing software and firmware/hardware before it reaches EOL significantly reduces risks and costs.

Additional general best practices include:

Deploying automated software update tools to ensure that third-party software on all systems is running the most recent security updates provided by the software vendor.
Only using up-to-date and trusted third-party components for the software developed by the organization.
Adding additional security controls to prevent the access from unauthenticated sources.

Resources

FireEye Blog – Cyber Criminals Exploit Accellion FTA for Data Theft and Extortion
Center for Internet Security (CIS) Critical Security Controls for Effective Cyber Defense, known as “CIS Controls”
Australia, Canada, New Zealand, the United Kingdom, and the United States Joint Advisory on Technical Approaches to Uncovering and Remediating Malicious Activity
CISA and MS-ISAC’s Ransomware Guide

Source…

Man Utd’s January transfer plans in chaos after scouting network hacked in cyber attack on computer database

November 29, 2020/in Computer Security

MANCHESTER UNITED’S January transfer plans are in chaos after their scouting network was hacked amid the club’s ongoing cyber attack scandal.

The Mirror reports the Red Devils fear confidential material regarding player targets and active scouting missions may have been compromised.

Ole Gunnar Solskjaer's January transfer plans are up in the air after the club were hacked — Ole Gunnar Solskjaer’s January transfer plans are up in the air after the club were hackedCredit: News Group Newspapers Ltd

United confirmed last week that the club was hit by a ‘sophisticated operation by organised criminals’.

The assault on their computer systems reportedly left staff still locked out of club email accounts a week after the event.

United have brought in a team of technical experts to contain the damage but could face a £15million fine if they pay a ransom to hackers.

United are owned by the American Glazer family and as the club are listed on the New York Stock Exchange they are subject to US law.

If they paid a fee they would be breaking legislation and could be sanctioned by the US Treasury.

Hackers are understood to be holding United to ransom for millions of pounds with the possibility they will leak sensitive information or block access to it.

The identity of the attackers and the amount being demanded are currently unclear but paying a lump sum would not guarantee information isn’t leaked.

United revealed their internal investigation to assess the extent of the security breach is still ongoing but the club are also at risk of being slapped with a fine in the UK if data security laws are found to have been breached.

The Red Devils have been knocked back by the unexpected disruption with the January transfer window just weeks away.

United operate an extensive global scouting operation with a sophisticated network and advanced planning is well underway ahead of the next two windows.

As is common with all top clubs, United use a bespoke online scouting system based on analysis, data and video footage.

The report states that the system is being looked at as part of the forensic investigation.

Files are kept on transfer targets and the confidential material inside as well as United stars’ sensitive private information may have been targeted.

United say they are not aware of any…

Source…

Tag Archive for: transfer

Possibility to trigger assessment by the PRC government may impact the daily operations of many multinational companies.

How to Protect Your Bank Account Against Fraud By Securing Your Sim

Resources