Cyber security news and services

Almost 1 in 3 pilots in Pakistan have fake licenses, aviation minister says


Addressing Pakistan’s National Assembly, Ghulam Sarwar Khan said 262 pilots in the country ‘did not take the exam themselves’ and had paid someone else to sit it on their behalf. Pakistan has 860 active pilots serving its domestic airlines — including the country’s Pakistan International Airlines (PIA) flagship — as well as a number of foreign carriers, Khan said. PIA has grounded all its pilots who hold fake licenses, effective immediately.…
Read more ⟶

Amazon says it mitigated the largest DDoS attack ever recorded


Amazon Web Services recently had to defend against a DDoS attack with a peak traffic volume of 2.3 Tbps, the largest ever recorded, ZDNet reports. Detailing the attack in its Q1 2020 threat report, Amazon said that the attack occurred back in February, and was mitigated by AWS Shield, a service designed to protect customers of Amazon’s on-demand cloud computing platform from DDoS attacks, as well as from bad bots and application vulnerabilities.…
Read more ⟶

Privacy-Focused OS Wants to Know How Facebook and the FBI Hacked it


The developers of a privacy-focused operating system championed by Edward Snowden are scrambling to find out the details of a hack that the FBI used—and Facebook paid for—to unmask a child predator. Last week, Motherboard revealed that Facebook had paid six figures to a cybersecurity firm to develop a hacking tool that the company then handed to the FBI in 2017. At the time, Facebook and law enforcement had spent years tracking a California man, who went by the name of Brian Kil online.…
Read more ⟶

Facebook Helped the FBI Hack a Child Predator


Facebook paid a cybersecurity firm six figures to develop a zero-day in Tails to identify a man who extorted and threatened girls. For years, a California man systematically harassed and terrorized young girls using chat apps, email, and Facebook. He extorted them for their nude pictures and videos, and threatened to kill and rape them. He also sent graphic and specific threats to carry out mass shootings and bombings at the girls’ schools if they didn’t send him sexually explicit photos and videos.…
Read more ⟶

Why the NHS Covid-19 contact tracing app failed


Matt Hancock has had another app catastrophe. England’s planned contact tracing app, which has been trialled on the Isle of Wight and downloaded by tens of thousands of people, has been ditched in favour of a system developed by Google and Apple. The reversal, first reported by the BBC and later confirmed by the government, follows months of delays for the home-brewed app and difficulties surrounding its implementation. It also makes England the latest in a string of countries to ditch a centralised system in favour of a decentralised one supported by two Silicon Valley giants.…
Read more ⟶

BlueLeaks: Data from 200 US police departments & fusion centers published online


An activist group has published on Friday 296 GB of data they claim have been stolen from US law enforcement agencies and fusion centers. The data has been made available online on a searchable portal. According to the BlueLeaks portal, the leaked data contains more than one million files, such as scanned documents, videos, emails, audio files, and more. DDoSecrets claims the leaked files contain more than ten years-worth of files belonging to more than 200 police departments and law enforcement fusion centers from across the US.…
Read more ⟶

Honda pauses production and closes offices following ransomware attack


Honda’s global operations have been hit with a ransomware attack and the Japanese automaker is still working to get everything back online. The company said Tuesday that it had to temporarily shut down some production facilities, and its customer and financial services operations are closed. At this time Honda Customer Service and Honda Financial Services are experiencing technical difficulties and are unavailable. We are working to resolve the issue as quickly as possible.…
Read more ⟶

Honda’s global operations hit by production impacting cyber-attack


Honda has said it is dealing with a cyber-attack that is impacting its operations around the world. It added that the problem was affecting its ability to access its computer servers, use email and otherwise make use of its internal systems. The firm – which makes motorcycles, cars, generators and lawn mowers, among other products – said one of its internal servers was attacked externally. It added that ‘the virus had spread’ throughout its network, but did not provide further details.…
Read more ⟶

eBay-like auction site created for stolen data


The operators of the REvil ransomware have launched a new auction site used to sell victim’s stolen data to the highest bidder. REvil, otherwise known asSodinokibi, is a ransomware operation that breaches corporate networks using exposed remote desktop services,spam,exploits, andhacked Managed Service Providers. Once established on a network, they quietly spread laterally through the company while stealing unencrypted data from workstations and exposed servers. Source: itsecurityguru.org…
Read more ⟶

Wallpaper image crashing Android phones


A picture may be worth a thousand words, but apparently one image is worth potentially thousands of headaches for Android users recently. The noted tech information leaker Ice Universe this weekend posted a warning about an image that if set as wallpaper will soft-brick Samsung and Google Pixel phones. Soft-bricking triggers Android devices to continuously loop an action or freeze the unit. This generally requires a factory reset. The fault does not appear to have been maliciously created.…
Read more ⟶

Romanian Skimmer Gang in Mexico Stole $1.2 Billion


An exhaustive inquiry published today by a consortium of investigative journalists says a three-part series KrebsOnSecurity published in 2015 on a Romanian ATM skimming gang operating in Mexico’s top tourist destinations disrupted their highly profitable business, which raked in an estimated $1.2 billion and enjoyed the protection of top Mexican authorities. The multimedia investigation by the Organized Crime and Corruption Reporting Project (OCCRP) and several international journalism partners detailed the activities of the so-called Riviera Maya crime gang, allegedly a mafia-like group of Romanians who until very recently ran their own ATM company in Mexico called “Intacash” and installed sophisticated electronic card skimming devices inside at least 100 cash machines throughout Mexico.…
Read more ⟶

Google Faces Privacy Lawsuit Over Tracking Users in Incognito Mode


Google faces a $5 billion class-action lawsuit over claims that it has been collecting people’s browsing information without their knowledge even when using the incognito browsing mode that’s meant to keep their online activities private. The lawsuit, filed in the federal court in San Jose, California, alleges that Google compiles user data through Google Analytics, Google Ad Manager and other applications and website plug-ins, including smartphone apps, regardless of whether users click on Google-supported ads, according to a report in Reuters.…
Read more ⟶

U.S. Nuclear Contractor Hit with Maze Ransomware, Data Leaked


A U.S. military contractor involved in the maintenance of the country’s Minuteman III nuclear arsenal has been hit by the Maze ransomware, according to reports – with the hackers making off with reams of sensitive information. The company, Westech International, has a range of contracts with the military for everything from ongoing evaluation for the ballistic missile defense system in Colorado, to a role as a sub-contractor for Northrup Grumman. In the latter capacity it provides engineering support, repair and maintenance for ground subsystems components involved in the Minuteman III intercontinental ballistic missile (ICBM) program.…
Read more ⟶

Critical flaw could have allowed attackers to control traffic lights


The flaw, tracked as CVE-2020-12493, is an “improper access control” issue that could allow hackers to grant root access to the device without access control via network. The flaw could be exploited by low-skilled attackers, it was rated with a CVSS score of 10 and affects all OS versions starting with G4 SWARCO of CPU LS4000. ProtectEM researchers reported the vulnerability to the vendor in July 2019, which released a patch in April.…
Read more ⟶

Google’s indexing of WhatsApp numbers raises privacy concerns


Earlier this year, Bleeping Computer reported how invite links to private groups of messaging apps like WhatsApp and Telegram were visible on Google, letting anyone join the groups. This week, security researcher Athul Jayaram highlighted an issue with WhatsApp’s “wa.me” domain “leaking” contact phone numbers on Google. As stated by Jayaram and confirmed by BleepingComputer, there is no “robots.txt” file on “wa.me” or “api.whatsapp.com” domains that instructs search engines not to crawl phone numbers on the website.…
Read more ⟶

The $100,000 bug in Sign in with Apple


In the month of April, I found a zero-day in Sign in with Apple that affected third-party applications which were using it and didn’t implement their own additional security measures. This bug could have resulted in a full account takeover of user accounts on that third party application irrespective of a victim having a valid Apple ID or not. For this vulnerability, I was paid $100,000 by Apple under their Apple Security Bounty program.…
Read more ⟶

$350 USB Stick That Claims to Block 5G Is Actually a $6 Generic Thumb Drive


Security firm Pen Test Partners ordered the 5GBioShield, and found that it’s just a cheap unbranded USB stick likely made in Shenzhen, China. PCMag editors select and review products independently. We may earn affiliate commissions from buying links, which help support our testing. Learn more. No, 5G won’t give you coronavirus. But that isn’t stopping scammers from trying to exploit misguided fears about the technology. Case in point: A UK vendor has been selling a $350 USB stick that promises it can protect you from 5G radiation.…
Read more ⟶

eBay port scans visitors’ computers for remote access programs


When visiting the eBay.com site, a script will run that performs a localport scan of your computer todetect remote support and remote management applications. Many of these ports are related to remote access/remote support tools such as the Windows Remote Desktop, VNC, TeamViewer, Ammy Admin, and more. After learning about this, BleepingComputer conducted a test and can confirm that eBay.com is indeed performing a local port scan of 14 different ports when visiting the site.…
Read more ⟶

Police in China, Dubai, and Italy are using these surveillance helmets to scan people for COVID-19 fever as they walk past and it may be our future normal


Temperature-scanning $7,000 helmets can catch people running a fever. But experts are skeptical about how helpful temperature scanning will really be. Chinese police, health staff, and transport workers have been using smart helmets to monitor people for high temperatures in the fight against COVID-19. The helmets are made by Chinese firm KC Wearable and use thermal imaging to take people’s temperatures at a distance of around two meters. The helmets are now popping up across the world, and the company told BI they are being rolled out to police in Italy and Dubai, with other Western governments showing interest.…
Read more ⟶

Malicious tweets targeting epilepsy charity trigger seizures


At least two people had seizures after viewing malicious tweets featuring flashing gifs that deliberately targeted the Epilepsy Society. Thames Valley police said it was investigating the tweets as a hate incident, after at least 200 seemingly coordinated messages were sent to the charity and its supporters in recent days. A number of other people including children were traumatised by the tweets, the charity said, stressing that the images could trigger seizures in which teeth and bones are broken and might even be fatal.…
Read more ⟶