Jump to content


  • Content Count

  • Joined

  • Last visited

  • Days Won


SilentRoom last won the day on October 10

SilentRoom had the most liked content!

Community Reputation

18 Good


About SilentRoom

  • Rank
    Rank #5

Recent Profile Visitors

The recent visitors block is disabled and is not being shown to other users.

  1. Security researchers have reported an increase in cyberattacks using Google services as a weapon to bypass security and steal credentials, credit cards, and other personal information. The Armorblox team analyzed five phishing campaigns, which they call the “tip of the deep iceberg”. The attacks exploit features of several Google services, including Google Forms, Google Docs, Google Site, and Firebase, Google's mobile app development platform. “Google offers all of these services to make it much easier to build applications. This actually encourages attackers to switch to Google instead of developing the site on their own ... in a sense, it also adds credibility to phishing sites hosted by Google, ”the experts said. For example, one of the phishing emails was sent allegedly on behalf of American Express employees and informed the recipients that they did not provide information when checking their card. The link in the letter redirects the user to a page where he can enter his data. The page is hosted on Google Forms, branding American Express and prompting the victim for credentials, credit card details, and even the mother's maiden name (a common security question). In another attack, criminals posed as an enterprise security team by email informing the victim that they had not received a “critical” message due to a storage quota problem. The email contains a link where they can allegedly verify their details and restart email delivery. The url redirects to a fake login page hosted on Firebase, where the victim sees their email address pre-filled above the password prompt. Mimicking the “quick fill” methods used on forms on legitimate websites is commonly used by cybercriminals to create a false sense of security for victims. The URL goes through one redirect before reaching the Firebase page, hiding the attack from any security technology that might try to track it down.
  2. In recent years, ransomware has emerged as a major cyber threat to businesses, hospitals, financial institutions, and ordinary users around the world. Ransomware attacks are one of the easiest ways for cybercriminals to make money, since many victims are willing to pay to decrypt data. The situation has become even worse with the emergence of the ransomware-as-a-service (RaaS) business model, in which attackers rent out ransomware. One of these schemes was discovered by the specialists of the Recorded Future company. According to them, on one of the underground forums, the Russian-speaking hacker DevBitox offers a new RaaS ransomware Karmen for only $ 175. Karmen is developed based on the source code of Hidden Tear and, by analogy with other ransomware, encrypts files on the victim's computer using the AES-256 algorithm and demands a ransom for information recovery. Karmen provides buyers with access to a graphical dashboard that allows them to configure their own versions of the ransomware. In addition, Karmen operators can use the dashboard to track infections and profits in real time. According to experts, working with the ransomware does not require special technical skills, even minimal knowledge is enough. The first attacks using Karmen were recorded in December last year, and its sale began in March this year. According to the researchers, 20 users have already purchased Karmen copies.
  3. Marijuana grower community website GrowDiaries has disclosed more than 3.4 million member entries due to misconfiguration. The unsecured database was discovered on the Web on October 10, 2020 by security researcher Bob Dyachenko. It contains 1,427,347 million records with GrowDiaries user email and IP addresses, as well as 2 million posts, usernames and hashed account passwords (using the outdated and insecure MD5 algorithm). On October 10, Dyachenko reported the incident to the GrowDiaries administrators, on October 12, the resource asked for additional information, and only three days later, on October 15, the data leak was eliminated. The incident did not affect the financial data of users. Leaked data can be used by attackers to carry out attacks, but this is not the biggest problem. Users in countries where the cultivation and use of marijuana is prohibited may face prosecution as well as extortion.
  4. A 33-year-old resident of Naberezhnye Chelny used brute force to hack websites of large organizations. In March 2020, the cybercriminal attacked the websites of sports and government organizations, as well as research institutes in the Rostov region, Dagestan, Novosibirsk and Chuvashia. A criminal case was initiated against a resident of Naberezhnye Chelny under Part 1 of Article 273 of the Criminal Code of the Russian Federation "Creation, use and distribution of malicious computer programs." The accused admitted his guilt and repented of his deed. The court ruled to confiscate the state's laptop from the man. He was also sentenced to restriction of freedom for a period of 1 year and 6 months.
  5. The KuCoin cryptocurrency exchange, hacked in September this year, was able to restore access to 84% of stolen crypto assets worth about $ 236 million at current rates. The progress in recovering stolen cryptoassets was reported by the CEO of the KuCoin exchange Johnny Lyu. He wrote on his Twitter: “Already 84% of stolen cryptoassets have been recovered through on-chain tracking, contract renewals and notarial foreclosures. At the request of law enforcement agencies, we will publish all the details after the closure of the case. KuCoin resumed servicing 176 cryptoassets, and operations with the rest will resume until November 22.
  6. The Russian state corporation Roscosmos is asking the government for 1.5 trillion rubles for the creation of the Sphere satellite system. The Russian development should be a response to the American Starlink satellite system from Elon Musk, as well as the British-Indian OneWeb, which will provide Internet distribution throughout the world. Russian President Vladimir Putin spoke about plans to create Sphere back in 2018. According to Putin, the launch of Sphere should be a "breakthrough" that will lead to an "absolute revolution in the field of communications." Alexander Ivanov, chairman of the board of the Military-Industrial Commission of the Russian Federation, notes that the amount of funding for the Sphere project was not officially announced earlier. At the moment, it is known that the request for funding for the development of the program amounted to one and a half trillion. Basically, the project will be financed from budget funds, private investments will amount to 350 billion rubles. The Sphere satellite system will include 542 spacecraft. The deployment of the factions is expected between 2024 and 2028. According to Roskosmos calculations, about 150 rockets are needed to launch all satellites alone. Their production will cost more than 300 billion rubles.
  7. The world's second largest laptop maker, Taiwanese company Compal, which produced laptops for Apple, Acer, Lenovo, Dell, Toshiba, HP and Fujitsu, fell victim to ransomware. Based on the screenshot of the ransom note, cybercriminal group DoppelPaymer may be behind the attack. According to Taiwanese media reports, the incident was discovered on Sunday morning, November 8, and affected about 30% of all Compal computers. Upon arriving at work, company employees found a notification from the IT department asking them to check the status of their workstations and back up important files on systems not affected by the cyber attack. Compal's IT department has been reinstalling encrypted systems since Sunday. Despite local media reports, the company's deputy managing director, Shinsen Lu, confirmed the breach to the news organization United News Network, but denied that ransomware caused its systems to malfunction. “[Compal] has not been blackmailed by hackers as rumored to be,” said Lu Shinsen. According to the deputy director, the incident only affected the company's internal office networks, but not the laptop production lines.
  8. While Bitcoin is gearing up to support Taproot privacy technology and Schnorr signatures, developers at Blockstream have introduced a new version of MuSig2 multiple signatures. In a blog post from the company, developers Jonas Nick and Tim Ruffing have proposed a new multi-signature transaction scheme. It should reduce the technical complexity of multi-signature transactions while preserving the privacy of the participants in the transaction. The proposed multiple signature scheme takes the best from the previous methods. The old version, called Checkmultisig, requires less interaction between participants, but provides a lower level of security and anonymity. Modern MuSig1 offers a better level of anonymity, but requires more interactions to confirm a transaction. MuSig2 will provide the same level of anonymity and security as MuSig1, but will reduce the number of participant interactions to two. MuSig2 can also improve the privacy of the second level Lightning Network solution and the so-called threshold signatures, which are often used by exchanges and custodial services.
  9. Bitcoin rose to $ 14,600, peaking since January 2018, amid rising stock markets and the yet-to-be-announced US presidential election. Over the past month, the price of bitcoin has grown by 38% and today has reached $ 14,600, showing an increase of more than 6% over the past day. Yesterday, it plunged from $ 14,000 to $ 13,520 during trading on Asian bourses after Donald Trump's victory in Florida and other key states potentially diminished the chances of a larger fiscal stimulus package promised by Democratic candidate Joe Biden. However, the rate quickly recovered and the cryptocurrency resumed its growth. "We don't yet know what the post-election fiscal stimulus will be, but investors still believe the Fed will restart the printing press, which will play into the hands of bitcoin, whose supply is limited," said GSR trader John Kramer. ).
  10. Most often, hackers attacked decentralized applications running on the EOS blockchain platform, said Atlas VPN experts. There were 117 such cases, the amount of damage was $ 28.2 million. The Ethereum ecosystem recorded 33 attacks on dapps, which brought cybercriminals $ 364 million. Cryptocurrency exchanges were subjected to 87 successful attacks - the damage from them reached $ 4.8 billion. The TRON ecosystem has also seen multiple attacks on decentralized applications. In total, cybercriminals carried out 21 successful attacks on TRON applications, obtaining $ 1.22 million (about $ 58.3 thousand per hack) Services for the storage of digital assets faced 36 attacks, and the total losses amounted to $ 7.19 billion. Over eight years, hackers earned $ 45.8 million from 28 blockchain hacks. Researchers estimate that between January and June 2019, the blockchain industry experienced 94 successful hacker attacks. In the first half of 2020, this figure dropped to 31.
  11. The Moscow Department of Transport will purchase 50 devices for recognizing faces of participants in public events. The total amount of the tender is 38.4 million rubles. In the documents, the department called the devices "specialized mobile biometric systems", which are needed "to improve the efficiency of city services in the event of emergency situations." The cost of one such complex can range from 577 thousand rubles to 710 thousand rubles. Also, the documents indicate three devices from three different manufacturers - BEWARD TRS-FR-200, MSK-FC-01 (Face Capture) and VT-1000Face. According to the manufacturers, the complexes are more than two meters high racks. High-resolution cameras are fixed on their tops, which make it possible to “detect up to 100%” of persons entering the field of view. DTZ also plans to purchase 50 smartphones and fitness bracelets as part of the order to send them notifications about incidents and remotely configure complexes. As examples of devices, gadgets protected from moisture and shock are indicated, costing from 15.9 to 18.5 thousand rubles. The range of prices for smartphones is from 1.8 to 2.2 thousand rubles.
  12. American cryptocurrency bank Avanti received a banking license from the Wyoming regulator. The Wyoming regulator has approved Avanti's plans to provide custodian services for cryptocurrency assets, as well as to issue Avit stablecoin pegged to the US dollar. An application for a banking license was filed back in July this year. It is the second US cryptocurrency company to receive a banking license. The first was Kraken Financial. “At the moment, only the Wyoming regulator has a program for banking supervision and regulation of digital assets, and it is not yet fully developed. Therefore, only financial institutions registered as special purpose depository institutions in Wyoming can settle transactions between digital assets and the US dollar. And Avanti has become one of those organizations, ”said Avanti founder and CEO Caitlin Long.
  13. “At the moment, we believe that this system works, and it works quite clearly,” said Alexei Nemeryuk, head of the Moscow Department of Trade and Services. According to him, to date, about one and a half thousand institutions in the city have received codes, including those for which they are not mandatory. He recalled that the system of registration of visitors can eventually be extended to other establishments, if the experiment with nightclubs and bars is successful. Also announced the first results of the system. So, about 1.7 thousand visitors received messages that they could contact with coronavirus infected in the nightlife of the capital. They are recommended to take the test, Nemeryuk said. The registration system for entering nightlife facilities was launched in Moscow on October 19 from 12:00. Visitors and employees must register phone numbers using QR codes or SMS at any time of the day, not just at night. For refusal to use such a system, nightclubs can be fined up to 500 thousand rubles.
  14. The multinational energy company Enel Group has been attacked by ransomware operators for the second time this year. In early June, Enel Group's internal network was attacked by the ransomware Snake (also known as EKANS), but the hacking attempt was detected before the malware could spread across the company's network. This time, Netwalker operators have successfully carried out the attack and demanded a ransom in the amount of $ 14 million for the decryption key and threaten to publish several terabytes of stolen data in case of failure. A source told BleepingComputer on October 19 that the ransom note included a link to a URL showing the data stolen from the attack. From the names of the employees in the folders, it was determined that the attack was directed specifically at the Enel Group. A few days later, Netwalker operators confirmed that the victim was Enel Group. The cybercriminal group added Enel Group to its data breach site and posted screenshots of the company's stolen files. According to the criminals, they stole about 5 terabytes of data from the energy company and are ready to disclose part of it within a week. They also said they would “analyze each file for interesting things” and publish it on their website for leaks.
  15. According to the latest report, the MESS system launched by ETC Labs to protect Ethereum Classic from 51% attacks may not be as effective and secure as other alternative solutions. This summer, the ETC blockchain fell victim to three 51% attacks in a month. In mid-October, ETC Labs implemented MESS (Modified Exponential Estimation of Subjectivity) to reduce the likelihood of future attacks by 51%. However, according to a report by IOHK and ETC Cooperative, "The MESS solution will not provide the required level of security and there is no guarantee that further attacks will not be successful." In addition, MESS does not provide “high confidence to stakeholders that confirmation time will be reduced to the desired level”. MESS is designed to make reorganizing a large number of blocks 31 times more expensive, theoretically offsetting a 51% attack profitability. As ETC Labs previously stated, if MESS, activated on October 10 after successful testing, had been implemented in the summer, 51% attacks on the Ethereum Classic blockchain would have cost the attackers $ 20 million.
  • Create New...