STEAL YOUR FRIEND’S ANDROID PIN AND IPHONE PASSCODE USING A SINGLE LINK

Posted on June 26, 2020

INTRODUCTION

It’s easy to steal your friend’s Phone PIN and windows password using a single link. This all can be done by just sending a link to our friend. So today we will talk about a tool called Lockphish. Using this we can steal Android PIN, iPhone Passcode and even windows password of victim.

This tool uses Ngrok server for traffic collection. The aim of Ngrok is to capture the PIN or password and send back to the hacker on private network. Similar to Ngrok, there are many other providers like LocalHost, Serveo, LocalXpose, LocalHostRun which are used by researcher of International Institute of Cyber Security for Lab purpose.

ENVIRONMENT

• OS: Kali Linux 2019.3 64 bit
• Kernel version: 5.2.0

INSTALLATION STEPS

• Use this command to clone the project.
• git clone https://github.com/thelinuxchoice/lockphish

root@kali:/home/iicybersecurity# git clone https://github.com/thelinuxchoice/lockphish
Cloning into 'lockphish'…
remote: Enumerating objects: 32, done.
remote: Counting objects: 100% (32/32), done.
remote: Compressing objects: 100% (32/32), done.
remote: Total 32 (delta 11), reused 0 (delta 0), pack-reused 0
Receiving objects: 100% (32/32), 28.39 KiB | 215.00 KiB/s, done.
Resolving deltas: 100% (11/11), done.

• Use the cd command to enter into lockphish directory.

root@kali:/home/iicybersecurity# cd lockphish/
root@kali:/home/iicybersecurity/lockphish#

• Now, use this command to launch the tool.
  • bash lockphish.sh

• When we launch the tool, we have to enter the redirect phishing link.
• Then it will download the Ngrok server automatically, start both Ngrok & PHP server and it will provide an HTTPS phishing link.
• Now, send this URL to the victim or your friend. If victim opens the URL on mobile and click on this link.

• Victim will be directed to lock screen page. Where he/she will think that his mobile got locked and he/she will be asked to enter Android PIN, iPhone Passcode and even windows password if opened in Windows machine.

• If the victim enters the password and clicks on Ok. The Ngrok server collects the PIN or password and send back to hackers’ machine.

• Here, successfully got the victim’s Phone PIN, it identify the IP address and device details of the victim.
• In the same way, we can perform for any Phone and windows machine.

CONCLUSION

Here, we saw on how to steal the victim’s PIN or Password using the single link in less time. You should always beware while opening any unknown URL on your mobile phones and computer.

IOS 14 JAILBREAK PUBLISHED JUST A FEW HOURS AFTER ITS RELEASE

Posted on June 26, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/25/ios-14-jailbreak-published-just-a-few-hours-after-its-release/

Apple has just introduced iOS 14, in addition to iPadOS 14, also announcing the release of the beta so developers can test new features and prepare their apps for when the update is released to the general public, as mentioned by mobile hacking specialists.

Just a few hours later, the developer of the checkra1n team, Dany Lisiansky, posted on Twitter a screenshot of the jailbreak checkra1n in the first beta version of iOS 14: “As in the good old days, it’s good to be back. There is still work to be done so please be patient,” the developer’s tweet mentions.

In the screenshot you can see the new interface of the iOS 14 app library, with one of the organizers labeled “Other” running as host of the checkra1n loader app and the Cydia package manager, mobile hacking course specialists mentioned.

While it’s amazing that the checkra1n team got the jailbreak so fast, it should be noted that checkra1n was created with a hardware-based bootrom exploit called checkm8, which means that the jailbreak cannot be fixed via the release of software updates, unlike conventional jailbreak methods based on exploits tfp0 (unc0ver, for example).

The developers mentioned that jailbreak does require some adjustments to operate in the beta version of iOS 14, as the company implemented multiple obfuscation mechanisms on iOS and iPadOS systems to make it difficult to run the hack. However, after starting to collaborate with developer Sam Bingner, the jailbreak creators made the release.

According to mobile hacking specialists, this jailbreak depends on certain devices with A9-A11 hardware chips supported on devices as old as the iPhone 5s and as new as the iPhone X. Unfortunately, the iPhone 5s and iPhone 6/6 Plus are not compatible with iOS 14, so only newer phones will be supported up to iPhone X.

It remains to be seen how long the jailbreak will be updated, although experts mention that this update could come when the iOS14 system is released to the general public. For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

17 FLAWS IN CISCO SMALL BUSINESS ROUTERS ALLOW CREATING PERMANENT BACKDOOR

Posted on June 26, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/25/17-flaws-in-cisco-small-business-routers-allow-creating-permanent-backdoor/

Computer forensics specialists report the discovery of multiple vulnerabilities in multiple Cisco VR Series routers. Successful exploitation of these flaws would allow the deployment of multiple malicious scenarios such as command injection and buffer overflows.

According to the report, the flaws reside in most versions of the following router models:

• Cisco RV016 Multi-WAN VPN
• Cisco RV042 Dual WAN VPN
• Cisco RV042G Dual Gigabit WAN VPN
• Cisco RV082 Dual WAN VPN
• Small Business RV320 Dual Gigabit WAN VPN
• Small Business RV325 Dual Gigabit WAN VPN

Below are brief descriptions of reported vulnerabilities, with their respective keys and scores according to the Common Vulnerability Scoring System (CVSS).

CVE-2020-3274: Incorrect input validation in the web-based management interface would allow a threat actor to execute arbitrary commands on the target system. The flaw received a score of 6.3/10.

CVE-2020-3275: Incorrect input validation on the web-based management interface would allow arbitrary commands to be injected into the target system. The flaw received a 6.3/10 score on the CVSS.

CVE-2020-3276: Incorrect input validation on the web interface of vulnerable devices would allow remote hackers to execute arbitrary commands on the system. This vulnerability received a score of 6.3/10.

CVE-2020-3277: Insufficient incorrect input validation in the web management interface would allow remote users to execute remote commands on the system by sending a specially crafted request. The flaw received a score of 6.3/10.

CVE-2020-3278: Incorrect input validation on the web interface allows remote threat actors to send requests specially designed to execute remote commands on the system. The flaw received a score of 6.3/10, the experts in computer forensics mentioned.

CVE-2020-3279: Incorrect input validation on the web interface allows remote threat actors to send requests specially designed to execute remote commands on the system. The flaw received a score of 6.3/10.

CVE-2020-3296: A boundary error in the web management interface would allow threat actors to trigger memory corruption and execute arbitrary code on the target system. The flaw received a score of 6,310 on the CVSS scale.

CVE-2020-3295: A boundary error in the system’s web management interface could allow remote hackers to execute arbitrary code on the target system. The flaw received a score of 6.3/10.

CVE-2020-3294: A boundary error in the web management interface of the affected routers would allow remote hackers to execute arbitrary code on the target system. The vulnerability received a score of 6.3/10.

CVE-2020-3293: A boundary error in the web interface allows remote users to execute arbitrary code on the target system. The flaw received a score of 6.3/10.

CVE-2020-3292: A boundary error in the web interface would allow threat actors to execute arbitrary code on vulnerable routers. This flaw also received a score of 6.3/10.

CVE-2020-3291: This flaw exists due to a boundary error in the web user interface, computer forensics experts mention. A remote hacker could send specially designed requests to execute arbitrary code on the target system. The flaw received a score of 6.3/10.

CVE-2020-3290: A boundary error in the web management interface would allow remote hackers to trigger memory corruption and execute arbitrary code. The flaw received a score of 6.3/10.

CVE-2020-3289: A boundary flaw in the web interface of the affected devices would allow remote hackers to execute arbitrary code on the target system. The flaw has a CVSS score of 6.3/10.

CVE-2020-3288: A boundary error in the web management interface allows users to send requests specially designed to execute arbitrary code on the target system.

CVE-2020-3287: This flaw would allow arbitrary code to run on the target system due to a boundary flaw in the target system’s web interface. The flaw received a score of 6.3/10.

CVE-2020-3286: A boundary error in the web management interface allows hackers to send specially designed requests to execute arbitrary code on the target system. The vulnerability received a score of 6.3/10.

While reported vulnerabilities could be exploited remotely by unauthenticated hackers, no attempts to exploit in real-world scenarios or any exploits associated with these attacks have been detected, computer forensics experts mention.

Cisco recognized the reports and began working on correcting these flaws immediately. Users of affected routers should only verify the correct installation of updates. For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

BRAZIL BANS PAYMENTS VIA WHATSAPP FOR PRIVACY AND SECURITY JUST SEVEN DAYS AFTER ITS LAUNCH

Posted on June 26, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/24/brazil-bans-payments-via-whatsapp-for-privacy-and-security-just-seven-days-after-its-launch/

According to computer forensics specialists, Brazil’s central bank has ordered the suspension of a newly implemented payment system where users of the Visa and Mastercard systems could make transfers via WhatsApp. In a statement, the banking institution mentioned that the implementation of this service without prior studies could negatively impact Brazil’s financial system.

Users could authorize banking through a chat in the messaging app and make payments to other individuals or local companies, attaching evidence such as photos or videos. That system had barely been released last week. Since Brazil is the second most important market for WhatsApp, Facebook decided to start this project here, although it does not seem to be waiting for it to be very successful.

This is a new setback for Facebook and its commitment to enter the world of finance; last year the company announced the launch of Libra, its own cryptocurrency that would receive the boost of the social media giant, as well as having a lot of partners supporting this project. However, regulators around the world have expressed concern about the large-scale use of this virtual asset, citing forensic computer specialists.

If Visa and Mastercard fail to comply with this measure, they could face severe penalties.

In this regard, a WhatsApp representative mentioned that they would continue to work with companies and local authorities to provide this system with the relevant security measures so that its use can be approved by regulators.

The main reason could be that WhatsApp implemented this system without the prior authorization of Brazil’s central bank, which has already announced its intention to collaborate in the improvement of this platform by issuing a regulation. Those involved would also require approval from private companies.

While some people believe this decision is somewhat exaggerated, forensic computer specialists consider WhatsApp’s intervention as a banking transaction intermediary to pose a significant security and privacy risk.

Another factor that has influenced is the future launch of Pix, the payment system developed by Brazil’s central bank, for which more than 900 partners are involved. As this system enlists, WhatsApp also announced its intention to integrate in the best possible way into the central bank’s plans.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

FACEBOOK SUES COMPANIES FOR SELLING LIKES, FOLLOWERS AND COMMENTS FOR FB & IG

Posted on June 26, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/24/facebook-sues-companies-for-selling-likes-followers-and-comments-for-fb-ig/

For large tech companies, demands have become commonplace, and although most of the time it is the users who file the demands, sometimes these companies can also sue individuals or other companies. According to IT security services experts Facebook is taking legal action against some companies that produce fake likes and comments on Facebook and Instagram platforms.

Separate lawsuits have been filed in the United States and Europe, marking one of the first times a social media company has used coordinated litigation in various jurisdictions; According to the lawsuit, Facebook seeks to implement measures to strengthen a permanent ban against the use of its social media platforms by some companies that provide specific services for the artificial increase of interactions in users’ posts.

IT security services experts mention that the lawsuit filed in the United States is a case against a data collection company called Massroot8. This company obtained the data of millions of users using a botnet disguised as Android devices connected to the social media application.

It should be noted that Massroot8 acted with the consent of the users, as they thought they were actually using a service to manage multiple Facebook accounts at once.

The lawsuit was filed specifically against Mohammad Zaghar, the company’s founder, in federal court in San Francisco. Apparently, Zaghar operated sites that sold fake likes and followers before starting Massroot8.

Regarding the legal process in Europe, the lawsuit was filed against a Spanish company called MGP25 Cyberint Services, which operates a service of false likes and comments. There are fewer details available about this company, but it seems to be quite small compared to Massroot8.

IT security services specialists mention that, in recent weeks, Facebook has been filing an excessive amount of lawsuits as part of an effort to demonstrate to users that they can trust that the company will protect their personal information and enforce their own Terms and Services.

In a press release on these lawsuits Jessica Romero, Facebook’s director of platform compliance and litigation, stated, “In filing these lawsuits, we are sending a message that this type of fraudulent activity is not tolerated in our services.”

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

NO PRIVACY FOR CHINESE PEOPLE: ALL 700 MILLION CHINESE MALES IN THE WORLD HAVE TO HAND OVER THEIR DNA TO POLICE

Posted on June 19, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/19/no-privacy-for-chinese-people-all-700-million-chinese-males-in-the-world-have-to-hand-over-their-dna-to-police/

Although it is a known fact that Chinese government acts intrusively on citizens’ privacy, the announcement of a new measure has surprised the whole world. According to cloud security course experts, all 700 million Chinese men (whether children or adults) will have to deliver a DNA sample to the authorities, bringing these mass surveillance efforts to unsuspected levels.

A report from the Australian Strategic Institute, taken up by various means, reveals that Chinese police have been collecting DNA samples for nearly three years for the purpose of integrating this gigantic database.

The Asian giant’s authorities would use this database to track anyone potentially related to samples of genetic material (blood, saliva, hair) found at crime scenes or obtained through police investigation, cloud security course experts mention.

Thermo Fisher, an American company, has been collaborating with the Chinese regime, selling kits for the collection of DNA samples. In this regard, a representative of the company said that these DNA kits “are a global standard for the collection of forensic evidence”, so they discard their production for another purpose. However, Thermo Fisher recognizes the importance of considering how its customers use their products.

Regardless of the arguments put forward by the government, cloud security course experts consider this policy to only represent an effort to increase control over China’s inhabitants, improving the country’s existing sophisticated surveillance controls, including the use of facial recognition technology and artificial intelligence.

In late 2019, an anonymous source revealed that a group of Chinese scientists were working on a project to rebuild human faces from DNA samples seized into legal processes. The informant said China’s government is very close to enabling facial recognition systems capable of analyzing its more than 3 billion inhabitants.

This is not only a privacy and data security issue, but is a human rights matter. Maya Wang, an analyst at Human Rights Watch, believes that “the ability of the authorities to discover even the most unlikely blood ties is a serious threat to any citizen, not forgetting that China has been pointed out on multiple occasions by the treatment of minority ethnic groups, such as Muslims, who are perceived as a threat to the Communist Party.”

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

LAZARUS HACKING GROUP IS PLANNING A MASSIVE CYBER ATTACK FOR JUNE 21; 5 MILLION PEOPLE WORLDWIDE EXPOSED

Posted on June 19, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/19/lazarus-hacking-group-is-planning-a-massive-cyber-attack-for-june-21-5-million-people-worldwide-exposed/

The coronavirus pandemic has created new problems of all kinds, and cybersecurity is no exception. Specialists from a cyber security course have detailed the detection of a massive phishing campaign that could reach up to 5 million individuals and companies, spanning six countries on most continents.

The emails used by the operators of these campaigns contain information allegedly sent by local authorities and in connection with COVID-19 disease. Emails include attachments that redirect users to malicious websites designed to extract their personal and financial data. These emails have been sent to users in Japan, Singapore, South Korea, India, the United Kingdom and the United States.

A few months ago, cyber security course experts from CYFIRMA assured that Lazarus, the well-known cybercriminal group funded by the North Korean government, was preparing a global phishing campaign, so researchers believe it is these hackers who are behind this attack. In addition, some details have been found that indicate similarities between the various emails related to this campaign, even though they have been sent to users in different countries. The main feature is that all selected countries have issued considerable economic stimulus to counteract the economic consequences of the pandemic:

• Singapore: This small nation’s government announced stimulus for nearly $100 billion local dollars to curb job loss
• Japan had emergency funds of approximately 234 trillion yen
• The Korean government has earmarked nearly $200 billion for emergency containment, supporting the country’s critical industry
• India announced a $300 billion credit program for small, medium and large enterprises
• The UK implemented multiple support programs to prevent job losses
• U.S. to invest an undetermined figure to prevent job loss

Users who receive these emails are highly likely to require financial support, so this is an ideal means of attack. The main objective of the operators of this campaign appears to be economic fraud, although experts from the cyber security course believe that they could also engage in the theft of information for sale on dark web.

According to information collected by CYFIRMA, hackers planned a massive attack in the six chosen countries for two consecutive days. Lazarus created seven different mail templates in order to tailor the campaign to each attacked country, even taking the real names of some local government agencies.

Hackers have used several legitimate-looking email addresses, such as the ones shown below:

• covid19notice@usda.gov
• ccff-applications@bankofengland.co.uk
• covid-support@mom.gov.sg
• covid-support@mof.go.jp
• ncov2019@gov.in
• fppr@korea.kr

Regarding the message sent to potential victims, this also differs by country:

• UNITED States: Hackers mention to users that their account has been selected by the authorities to receive a thousand-dollar financial support.
• UK: Attackers try to extract confidential information by email allegedly sent by the Bank of England offering financial stimulus.
• Japan: An email allegedly sent by the Japanese Ministry of Finance offers an additional 80,000 yen payment for all citizens and residents who complete a form.
• India: Cybercriminals offer supposed free testing for COVID-19 detection in residents of multiple cities in exchange for completing some online forms.
• Singapore: By usurping the identity of the Ministry of Human Resources, hackers deceive users by offering a payment of 750 Singapore dollars to employees of private companies and public organizations.
• South Korea: Hackers use emails allegedly sent by the local government to redirect users to malicious sites so they can extract their confidential information.

Below are some examples of email templates developed by hackers. Users are advised to ignore any similar email, as it is most likely to be a scam; As in any phishing campaign, the best way to protect yourself is to identify any potentially malicious email before opening it, in addition to not sharing personal information through this medium.

Researchers say this campaign will be launched over this weekend, specifically between June 20 and 21 (although it is not ruled out that it can be extended over the next few days).

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

CISCO’S IP PHONE SERIES 7800 AND 8800 AND DATA CENTER NETWORK MANAGER HAVE SECURITY VULNERABILITIES

Posted on June 19, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/18/ciscos-ip-phone-series-7800-and-8800-and-data-center-network-manager-have-security-vulnerabilities/

Cloud computing security specialists reported the finding of multiple vulnerabilities in some Cisco products, such as IP Phone and Data Center Network Manager. Successful exploitation of these flaws would allow the deployment of malicious scenarios such as cross-site scripting attacks, theft of sensitive information, among others.

Below are brief overviews of reported errors, in addition to their respective tracking keys and scores according to the Common Vulnerability Scoring System (CVSS).

• CVE-2020-3354: Insufficient disinfection of user-provided data in the Data Center Network Manager web management interface would allow hackers to deploy cross-site scripting (XSS) attacks. A remote authenticated attacker can inject and execute arbitrary HTML and script code into the user’s browser in the context of a vulnerable website. The fault received a score of 5.6/10.
• CVE-2020-3355: This vulnerability also exists due to insufficient disinfection of user input in the Data Center Network Manager web interface and would allow the deployment of XSS attacks. Its successful execution will allow the theft of information and even the modification of the target system. This flaw received a score of 5.6/10.
• CVE-2020-3356: Inadequate debugging of user-provided data through the Data Center Network Manager web management interface would allow arbitrary code to run in the context of a vulnerable website through XSS attacks. This flaw received a CVSS score of 6.3/10, according to cloud computing security specialists.
• CVE-2020-3360: Inadequate access controls on the Cisco IP Phone web-based management interface would allow remote hackers to access sensitive information on the target system. An attacker can send specially crafted requests, evade security restrictions, and gain unauthorized access to data such as call logs, usernames, and more. The flaw is found on Series 7800 and 8800 devices, and received a score of 4.6/10.

While these vulnerabilities can be exploited by unauthenticated remote hackers, the presence of a malware variant has not yet been detected to exploit any of these flaws. Cloud computing security experts point out that attempts to exploit in real-world scenarios have also not been detected.

Cisco began working on the corresponding updates as soon as the report was sent. Security patches are ready, so users of exposed deployments should only verify their correct installation.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

HOW DOES THE “SUGAR DADDY” INSTAGRAM SCAM WORKS?

Posted on June 19, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/18/how-does-the-sugar-daddy-instagram-scam-works/

While there may always have been relationships between mature men and young women, it was the popularization of the term “sugar daddy” that contributed to it becoming an everyday theme. This is not only controversial over moral and legal issues, as it can also become a relevant information security issue, experts from a hacking course claim.

A new Instagram scam was recently detected in which fraudsters pose as mature adults to gain the trust of young users on the social network (mainly young girls) for malicious purposes.

It all starts when the target user receives a seemingly harmless Direct Message (DM) on Instagram. If the message, supposedly coming from a mature man, is accepted, the scammers can begin to interact with the victims until they gain their trust, the experts of a hacking course mention. Throughout the conversations, scammers hint to the victim that they are rich or even millionaires, which could be appealing to anyone.

Discreetly, the scammer begins to obtain information from victims, especially about their financial status. When victims talk about their debts, the scammers offer to pay their credit cards, requesting the victim’s bank details and then making a transfer through a fraudulent account.

This is where everything gets weird, as scammers ask victims to buy them gift cards on various platforms (Google Play Store, iTunes, among others). Victims, who believe their debts have been repaid, access scammers’ requests and send them the gift cards.

After draining the gift cards, the scammers disappear without a trace. To make matters worse, banks don’t take too long to detect that debts were paid using a fraudulent account, so the transactions get canceled. In the end, the victims are left with their original debt and without the money invested in the gift cards sent to the scammers, mention the experts of the hacking course.

The sugar daddy gimmick is just a variant of a very popular scam; in less elaborate examples, scammers simply choose random users and ask them for their bank details to offer alleged bank transactions in exchange for phone top-ups, gift cards or even other transactions for smaller amounts.

These scams are very common and unfortunately there is no way to prevent criminals from enabling social media accounts for malicious purposes, so only some security tips remain for users to consider:

• Ignore DNIs from unknown users, without profile photos or without recent posts
• If an unknown user tries to contact you and asks them to interact in other ways, reject the invitation
• Enable protection of your Instagram account in the Settings menu
• Most importantly, never share your bank details with strangers

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

COGNIZANT WITH 300K EMPLOYEES CONFIRMS THE LEAKING OF NAME, SSN, CREDIT CARDS, & PASSPORT DATA

Posted on June 19, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/18/cognizant-with-300k-employees-confirms-the-leaking-of-name-ssn-credit-cards-passport-data/

A couple of months ago, IT service giant Cognizant revealed that it was the victim of a severe ransomware incident. Now, experts from a cyber security course mention that the company also suffered a significant unencrypted data breach as a result of the encryption malware attack.

Cognizant is one of the world’s leading cybersecurity firms with nearly 300,000 employees, generating nearly $15 billion USD in revenue.

In mid-April, Cognizant began notifying its customers about the Maze infection, a dangerous variant of ransomware. For security, the company recommended users disconnect from the service and implement some additional measures.

According to the experts of the cyber security course, the email received by the company’s customers also included some compromise indicators, such as IP addresses linked to Maze operators, as well as hashes for the kepstl32.dll, memes.tmp and maze.dll files. This data was collected in previous Maze attacks.

The incidents were reported to the California Attorney General’s Office. In the reports, Cognizant claims that the operators of the attack were active on the compromised network between April 9 and 11, during which time they would have extracted a limited amount of data from the company’s systems.

Cyber security course specialists point out that Maze operators are characterized by the theft of sensitive information before they begin encrypting the data of the attacked companies. Subsequently, attackers publish this information on hacking forums as a way to pressure victims and force the ransom payment.

The company warns that multiple confidential details (such as SSN, tax ID, financial details and even passports) of users were compromised during the incident: “We have determined that the personal information involved in this incident included your name and one or more of: your Social Security number and/or some other tax identification number, financial account information, driver’s license information, and even passport information.”

As part of its incident response process, the company is offering affected users one year of e-fraud protection and one-year identity theft services, plus the incident continues to be investigated. Regarding the employees of the company who may have been affected, Cognizant will issue new internal guidelines shortly.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.

CISCO WEBEX MEETINGS FLAWS ALLOWED REMOTE CAMERA CONTROL AND SPYING ON WINDOWS AND MACOS SYSTEMS

Posted on June 19, 2020

ORIGINAL CONTENT: https://www.securitynewspaper.com/2020/06/18/cisco-webex-meetings-flaws-allowed-remote-camera-control-and-spying-on-windows-and-macos-systems/

Cisco security team has released updates to fix two critical flaws in the Webex desktop application for Windows and macOS systems. According to the report of cloud security course specialists, exploiting these flaws would allow hackers to run code and malware on exposed computers.

It should be remembered that Webex is a videoconferencing platform with multiple useful functions during this period of confinement due to the pandemic, so the use of this kind of tools has increased over the last few months.

Vulnerabilities, tracked as CVE-2020-3263 and CVE-2020-3342, reside in all versions of Cisco Webex for desktops prior to v39.5.12. One of the flaws is an arbitrary software execution issue that affects the Windows client, and is caused by incorrect input validation of URLs sent to affected versions of Cisco for Windows.

Cloud security course specialists mention that “CVE-2020-3263 would allow unauthenticated hackers to run programs on systems that use vulnerable versions of Webex; users could be tricked into clicking on a malicious URL for subsequent attacks.”

On the other hand, the remote code execution vulnerability found on the macOS client is due to incorrect certificate validation in the update files for affected Webex versions. “CVE-2020-3342 could allow unauthenticated threat actors to execute remote arbitrary code with user privileges who logged on to Apple computers running unfixed versions of Cisco Webex for Mac,” the researchers mention.

Hackers can exploit this flaw by tricking Webex users into redirecting them to sites loaded with malicious content, completely compromising the vulnerable system.

Alternative solutions to mitigate the risk of exploitation are not known for now, so cloud security course experts strongly recommend Webex users upgrade their deployments. The flaws were released by the Cisco Product Security Incident Response Team (PSIRT), which ensures that no attempts to exploit these failures have been detected in real-world scenarios.

The Cisco video conferencing platform has received multiple updates recently; most of the time these are flaws that would allow remote code to run on vulnerable versions of Webex, although there are very few occasions when the company has detected active exploitation of some flaw.

For further reports on vulnerabilities, exploits, malware variants and computer security risks, it is recommended to enter the website of the International Institute of Cyber Security (IICS), as well as the official platforms of technology companies.