THE TIMES OF HACKER

  • Home
  • Contact Us

The world has seen many ups and down, but The people of the world has not even in their dream would have taught that most of the google applications like Gmail, Google Meet, Google Contact, Blogger, Google Play and many other . 

https://www.google.com/appsstatus#hl=en&v=status 

  1. Google Calander Server Down
  2. Blogger Website Server Down
  3. Google Play Down
  4. Google Photos Down
  5. Google Meet Down
  6. Gmail Down
  7. Google Contact Down

Google server was showing Server Error 500. In many of its services like Gmail, Google Calendar ,Google Drive, Google Docs, Google Sheets, Google Slides, Google Sites, Google Groups,Hangouts, Google Chat, Google Meet, Google Vault, Google Forms, Google Cloud, Search, Google Keep, Google Tasks, and  Google Voice. 



Google Calendar Down


Blogger Website Down


Google Play Down


Google Photos Down


Google Meet Down


Gmail Down


Google Contact Down 



Check Point experts have arranged a Global Threat Index report for April this year. They note that few coronavirus-related spam crusades (COVID-19) are circulating another, changed variant of the Agent Tesla Trojan. Altogether, he assaulted around 3% of associations around the world. 

Agent Tesla is an advanced RAT, that is, a remote access trojan known to information security experts since 2014. The malicious program is written in .Net and is able to track and collect input from the victim’s keyboard, from the clipboard, take screenshots and retrieve credentials related to various programs installed on the victim’s computer (including Google Chrome, Mozilla Firefox and Microsoft Outlook). Malware can disable antivirus solutions and processes that try to analyse it and interfere with its operation. 


Specialists state that the new form of Agent Tesla has been adjusted to take Wi-Fi passwords. Additionally, the trojan can extricate email certifications from an Outlook customer. 

In April 2020, Agent Tesla was often seen in several malicious campaigns related to COVID-19. Such spam mailings try to interest the victim in allegedly important pandemic information, so that they download malicious files. 

One of these campaigns was purportedly sent by the World Health Organisation with the following topics: URGENT INFORMATION LETTER: FIRST HUMAN COVID19 VACCINETEST / RESULT UPDATE –– “URGENT NOTIFICATION: FIRST TEST OF VACCINE FROM COVID-19 FOR RESEARCH AND RESEARCH.” This once again emphasises that hackers use the latest developments in the world and the fear of the population to increase the effectiveness of their attacks. 

“The spam campaigns with Agent Tesla that we watched throughout April show how well cybercriminals fit into the information agenda and how quietly they trick unsuspecting victims,” says Vasily Diaghilev, head of Check Point Software Technologies in Russia and the CIS. - In Russia, Emotet, RigEK, XMRig were in the top three — criminals are focused on organising phishing attacks to steal users' personal and corporate data. Therefore, it is very important for any organisation to regularly train its employees, regularly informing them of the latest tools and methods of criminals. Now this is especially true, since most of the companies transferred their employees to the remote mode. ” 

This month, Dridex broker influenced 4% of associations around the world, while XMRig and Agent Tesla influenced 4% and 3%, individually. Subsequently, the TOP-3 of the most dynamic malware in April 2020 is as per the following: 

Dridex is a banking Trojan that infects Windows. It is distributed through spam mailings and exploit kits that use web-based agents to intercept personal data, as well as information about users' bank cards. 

XMRig is open source software, first discovered in May 2017. Used for mining cryptocurrency Monero; 

Agent Tesla - Advanced Remote Access Trojan (RAT). AgentTesla has been infecting computers since 2014, acting as a keylogger and password stealer. 

The list of the most active malware in Russia, as usual, differs from the world, it includes: 

Emotet  is an advanced self-propagating modular trojan. It was once an ordinary banker, but recently it has been used to spread malware and campaigns. New functionality allows you to send phishing emails containing malicious attachments or links. 

RigEK  –– a set of exploits, contains exploits for Internet Explorer, Flash, Java and Silverlight. The infection begins by redirecting the victim to a landing page containing a Java script that then looks for vulnerabilities and tries to exploit the problem. 

XMRig  is open source software, first discovered in May 2017. Used for mining cryptocurrency Monero.


With the spread of COVID-19, associations around the globe moved representatives to a remote method of activity, which legitimately influenced the cybersecurity of associations and prompted an adjustment in the danger scene. Kaspersky Lab analysts caution of an expansion in the quantity of savage power assaults on RDP.

Alongside the expanded volume of corporate traffic, the utilization of outsider administrations for information trade, crafted by workers on home PCs (in conceivably uncertain Wi-Fi systems), one more of the "cerebral pains" for IS representatives was the expanded number of individuals utilizing remote access instruments.

One of the most famous application-level conventions that permits access to a workstation or server running Windows is Microsoft's exclusive convention, RDP. During isolate, countless PCs and servers showed up on the system that can be associated remotely, and right now, specialists are watching an expansion in the movement of aggressors who need to exploit the present situation and assault corporate assets, access to which (here and there in a rush) was open for leaving on the "udalenka" representatives.

As indicated by the organization, from the earliest starting point of March 2020 the quantity of beast power assaults on RDP has bounced up and this image is indistinguishable for nearly the entire world:

Assaults of this sort are endeavors to choose a username and secret key for RDP by methodicallly figuring out every single imaginable choice until the right one is found. It very well may be utilized to look through the two blends of characters, and word reference search of famous or bargained passwords. An effectively executed assault permits an aggressor to increase remote access to the host PC that she is focusing on.

Investigators state that aggressors don't act point-wise, yet "take a shot at territories." Apparently, after the universal change of organizations to telecommute, hackers arrived at the obvious end result that the quantity of inadequately designed RDP servers will increment, and in relation to this, the quantity of assaults will increment.

However, regardless of whether you utilize different methods for remote access rather than RDP, this doesn't mean at all that you can unwind. Analysts review that toward the finish of a year ago, Kaspersky Lab found 37 vulnerabilities in different customers running the VNC convention.

Specialists sum up that organizations ought to intently screen the projects utilized and auspicious update them on every single corporate gadget. Presently this isn't the least demanding assignment for some, in light of the fact that because of the hurried exchange of representatives to remote work, many needed to permit representatives to work or associate with organization assets from their home PCs, which frequently don't fulfill corporate cybersecurity guidelines by any stretch of the imagination.

One of the most advanced supercomputers in the UK, ARCHER, facilitated at the University of Edinburgh, was attacked by obscure attacker recently , as its administrator provided details regarding the project's official site. ARCHER is positioned 339th on the rundown of the 500 most remarkable supercomputers on the planet.


It is accounted for that hacker attacked the ARCHER login nodes, and along these lines, client passwords and SSH keys could be undermined, and now clients are firmly encouraged to change passwords and SSH keys on all frameworks where these qualifications were utilized.

Researchs concerning the episode are now in progress by National Cybersecurity Center (NCSC) experts at the UK Government Communications Center and Cray/HPE. ARCHER overseers compose that other elite scholastic frameworks in Europe have likewise been assaulted, yet don't determine which ones.

Writers from The Register note that ARCHER is frequently utilized by authorities in the field of computational science, including the individuals who are currently displaying the further spread of coronavirus. Along these lines, the distribution accepts that a supercomputer could be the objective of government hackers who needed to take the aftereffects of research by British specialists or just damage them. The truth of the matter is that now ARCHER won't come back to full work at any rate until May 15, 2020.

Review that, as per an ongoing distribution in the New York Times , the US specialists plan to openly arraign China and Iran for attempting to break into research organizations attempting to build up an antibody for SARS-CoV-2 aka COVID-19.

Teacher Alan Woodward of the University of Surrey imparted to The Register the accompanying hypothesis:

“Seeing Cray under attack is very unusual, so I believe that the computing infrastructure around it has been attacked. Obviously, most users do not sit at a terminal connected directly to the supercomputer, so when remote access means fail, supercomputers become just an expensive piece of metal and silicon.
 
It seems that someone managed in an unknown way to get a reliable shell on the access node. Assuming this happened, setting it all up again will be a real headache. ”


Delegates of the University of Edinburgh revealed that they are likewise researching what occurred with ARCHER, utilizing the Parallel Computing Center (EPCC). As per them, some users records could be utilized to increase unauthorised access to the administration. Luckily, just few records were affected by the hack, and there is no reason to accept that the episode affected any research, just as customer or individual information.

The Bleeping Computer publication says that ransomware operators have begun to use a new tactic that allows them to get more money from victims. Now, the creators of malware demand two ransoms from the affected companies: one for decrypting the data, and the other for deleting the information that the hackers stole during the attack. In the event of non-payment, attackers threaten to publish this data in the public domain. 

Journalists recall that at the end of 2019, the creators of the extortionate malware began to act according to a new scheme. It all started with Maze ransomware operators, who began to publish files that they stole from the attacked companies if the victims opened to pay. Hackers set up a special site for such “sinks,” and soon other groups followed, including Sodinokibi, DopplePaymer, Clop, Sekhmet, Nephilim, Mespinoza, and Netwalker. 

Now they are joined by the authors of the ransomware Ako, but they went even further than their "colleagues." The grouping forces some companies to pay a ransom twice: for decrypting files and for deleting stolen data. As an example, one of the victims’s data was published on Aco’s website: the company paid $ 350,000 to decrypt the information, but hackers still published its files on their website because they did not receive a “second ransom” for deleting the stolen files.

One of the Ako operators answered Bleeping Computer's questions and confirmed that double extortion is used only for some victims: it all depends on the size of the company and the type of data stolen. As a rule, the size of the second buyback ranges from 100,000 to 2,000,000 US dollars, that is, it usually exceeds the cost of decrypting the data. 

Attackers argue that some companies generally prefer to pay for deleting data, but not for decrypting it. For example, unnamed medical organizations from the USA went this way, from which confidential patient data, social security numbers and so on were stolen. Journalists failed to confirm or deny these statements by criminals.
Specialists from the Israeli Ben-Gurion University have repeatedly demonstrated original and interesting concepts of attacks. In their research, researchers mainly concentrate on particularly complex cases, that is, they develop vectors of attacks for situations in which it is simply impossible to steal information or track a user. In particular, if the computer is physically isolated about any networks and potentially dangerous peripherals.

This time, experts presented the technique of PowerHammer attacks and suggested using conventional power cables to extract data.


The principle of PowerHammer is as follows. The target computer needs to be infected with the malware of the same name, which specifically regulates the "busy" level of the processor, choosing those cores that are currently not occupied by user operations. As a result, the victim's PC consumes more, then less electricity. Such "jumps" experts suggest to regard as the simplest zeros and ones, with the help of which any information from the target computer can be transmitted outside (like Morse code). To read the data transferred in this way, specialists suggest using conductive radiation (so-called "induced noise") and measuring the power fluctuations.

To notice such fluctuations in the power of the target PC, the attacker will have to use a hardware "monitor." And the attacker will not have to create the equipment himself, for example, it is enough to purchase a detachable current transformer, available in free sale. During the tests, experts from the Ben-Gurion University used the device SparkFun  ECS1030-L72 . Data collected by such a sensor can, for example, be transmitted to a nearby computer via Wi-Fi.

Experts say that the PowerHammer attack can be implemented in two ways, which will differ in the speed of data transfer. So, the criminal can monitor the power network between the isolated PC and its socket. Then the data transfer rate is about 1000 bps.

It is also possible to connect at the phase level, that is, to install the sensors in the   
electrical switchboard on the desired floor or in the proper building. Of course, such a method is more invisible, but the transmission speed of information is unlikely to exceed 10 bps due to the numerous "jamming". The second method, according to researchers, nevertheless, is suitable for stealing passwords, tokens, encryption keys and other data of small volume.

As usual, the most controversial moment in the attack of PowerHammer is the infection of the target computer with malware (as we recall, it is isolated from external networks and dangerous peripherals). Experts believe that this can be done with the help of social engineering, intervention in the supply chain of equipment or with the support of an insider. Similar methods have already been demonstrated in practice by hacker groups Turla and RedOctober.
Older Posts Home

Follow by Email

  • Trojan njRAT Has Learned To Encrypt User Files And Steal Cryptocurrency
    Specialists at Zscaler have found another adaptation of the trojan njRAT , which is equipped for encoding client documents and taking cryp...
  • After #OpIsrael Hacktivists Target USA Under #OpUSA On 7th May [Update | With Target List]
    Namaste! Good Morning, After #OpIsrael , the hacktivists group made a new target . This time there target is USA . and after completing ...
  • Drupalgeddon2: Vulnerability, Warned by Drupal Authors
    A week ago, engineers of CMS Drupal declared an early arrival of patches for some "greatly basic" defenselessness, approached ov...
  • Improved Agent Tesla Spread Through Spam in April
    Check Point experts have arranged a Global Threat Index report for April this year. They note that few coronavirus-related spam crusades (C...
  • Liberty Reserve Owner Arthur Budovsky Belanchuk Arrested
    Namaste! Good Morning, Arthur Budovsky Belanchuk, 39, on Friday was arrested in Spain as part of a money laundering investigation perf...
  • List of All Bug Bounty Programs
    Namaste! Good Morning, In present time, "H4ck3rs" word brings a lot of negative taught and the general public have now started ...

Contact form

Name

Email *

Message *

Powered by Blogger.

THE TIMES OF HACKER

About Us


The Times of Hacker is the InfoSec News Portal

Find By CATEGORIES

  • Hacker News (84)

Search News

Designed By OddThemes | Distributed By Blogger Templates