1010.TEAM πŸ‡ΊπŸ‡¦

CYBERSECURITY / DEFENSE / INTELLIGENCE

  • U.S. to Impose Visa Restrictions on 13 Individuals Involved in Commercial Spyware Operations

    Β·

    To combat the misuse of commercial spyware, the United States Department of State has announced visa restrictions on 13 individuals linked to developing and selling these invasive technologies.

    This decision underscores a broader initiative by the U.S. government to address the proliferation of spyware that threatens personal privacy, national security, and human rights.

    Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

    Crackdown on Spyware Misuse

    Matthew Miller, the Department Spokesperson, revealed the new measures in a press statement dated April 22, 2024.

    These individuals and their immediate family members have been identified as critical players in the spyware industry, benefiting from or facilitating the misuse of technology that has targeted a wide range of individuals, including journalists, academics, human rights defenders, and U.S. government personnel.

    The misuse of commercial spyware has been a growing concern globally, with numerous reports highlighting how such tools have been used to infringe on personal freedoms and conduct espionage.

    The visa restrictions have been imposed under Section 212(a)(3)(C) of the Immigration and Nationality Act, following a policy approved by Secretary of State Antony Blinken in February 2024.

    This legal framework provides the U.S. with the authority to deny entry to individuals whose activities potentially threaten the country’s foreign policy interests.

    Broader U.S. Government Initiatives

    The announcement is part of a comprehensive U.S. strategy to curb the dangers posed by commercial spyware.

    This strategy includes visa restrictions, stringent export controls, sanctions, and the promotion of accountability measures.

    The U.S. government has also limited its use of commercial spyware, which poses risks to national security and human rights.

    The U.S. move to impose visa restrictions sends a strong message internationally about the seriousness with which it views the misuse of spyware.

    It also sets a precedent for other nations to implement similar measures to protect individuals from digital threats and uphold human rights standards.

    As the global landscape of technology and surveillance continues to evolve, the U.S. Department of State’s actions represent a critical step toward establishing a safer and more accountable digital environment.

    The focus now turns to how other countries will respond to this initiative and whether an international consensus can be reached to effectively regulate the use of commercial spyware.

    Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot

    The post U.S. to Impose Visa Restrictions on 13 Individuals Involved in Commercial Spyware Operations appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    /

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Unmasking the True Cost of Cyberattacks: Beyond Ransom and Recovery

    Β·

    Cybersecurity breaches can be devastating for both individuals and businesses alike. While many people tend to focus on understanding how and why they were targeted by such breaches, there’s a larger, more pressing question: What is the true financial impact of a cyberattack? According to research by Cybersecurity Ventures, the global cost of cybercrime is projected to reach

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Police Chiefs Call for Solutions to Access Encrypted Data in Serious Crime Cases

    Β·

    European Police Chiefs said that the complementary partnership between law enforcement agencies and the technology industry is at risk due to end-to-end encryption (E2EE). They called on the industry and governments to take urgent action to ensure public safety across social media platforms. “Privacy measures currently being rolled out, such as end-to-end encryption, will stop tech companies

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • German Authorities Issue Arrest Warrants for Three Suspected Chinese Spies

    Β·

    German authorities said they have issued arrest warrants against three citizens on suspicion of spying for China. The full names of the defendants were not disclosed by the Office of the Federal Prosecutor (aka Generalbundesanwalt), but it includes Herwig F., Ina F., and Thomas R. “The suspects are strongly suspected of working for a Chinese secret service since an unspecified

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Volkswagen Group’s Systems Hacked: 19,000+ Documents Stolen

    Β·

    The Volkswagen Group has fallen victim to a sophisticated hacking incident, with over 19,000 sensitive documents stolen.

    Investigations point towards a possible involvement of Chinese hackers, raising concerns over international cyber espionage and the security of global automotive giants.

    The Volkswagen Group reported a massive security breach in its IT systems late last week.

    According to sources, the attackers managed to exfiltrate over 19,000 documents containing sensitive information related to the company’s operations, plans, and, potentially, details on electric mobility technologies, as reported by ZDFheute.

    The breach was first detected by the company’s internal security team, who noticed unusual activity in their network.

    Forensic experts suggest that the sophistication of the attack indicates a well-organized group with significant resources.

    Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

    Impact on Volkswagen

    The repercussions of this breach for Volkswagen are manifold.

    The stolen documents contain critical information that could affect Volkswagen’s competitive edge in the electric vehicle market.

    There is also a significant risk of financial loss, both through potential disruptions in operations and through the impact on investor confidence.

    The company has issued a statement assuring stakeholders that immediate measures are being taken to contain any further damage and that they are working closely with law enforcement agencies.

    In response to the incident, Volkswagen has announced a comprehensive overhaul of its cybersecurity protocols.

    The company plans to implement advanced real-time monitoring systems, increase its cybersecurity workforce, and enhance employee training on data security.

    Volkswagen also collaborates with cybersecurity firms to analyze the breach and prevent future incidents.

    This event has highlighted the need for robust cybersecurity measures in the automotive industry, which is increasingly reliant on digital technologies.

    China’s Involvement

    The investigation into the hack has revealed digital footprints leading to China, suggesting that the breach could be part of a larger pattern of cyber espionage targeting Western technology and industrial sectors.

    While the hackers’ identity has not been officially confirmed, the attack pattern aligns with methods commonly used by Chinese hacking groups.

    This incident adds to the growing tensions between China and the West over cybersecurity and intellectual property theft.

    The breach of Volkswagen’s systems is a stark reminder of the vulnerabilities in global corporations’ digital infrastructures.

    As companies continue to expand their digital footprint, the importance of safeguarding critical information cannot be overstated.

    The incident affects Volkswagen’s immediate operational capabilities and has broader implications for international business security protocols and geopolitical relations.

    Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot

    The post Volkswagen Group’s Systems Hacked: 19,000+ Documents Stolen appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    / / /

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code

    Β·

    Security researchers have identified a critical vulnerability in Apache HugeGraph, an open-source graph database tool.

    This flaw, if exploited, could allow attackers to execute arbitrary code remotely, posing a significant threat to systems using this software.

    The vulnerability has been assigned a Common Vulnerabilities and Exposures (CVE) identifier, highlighting its severity and the need for immediate attention by users of Apache HugeGraph.

    The specific details of the CVEs are given below.

    Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

    CVE-2024-27348: Apache HugeGraph-Server: Command execution in gremlin

    This vulnerability, classified as a Remote Command Execution (RCE), poses a serious risk as it allows unauthorized remote execution of commands.

    The issue is prevalent in environments running Java 8 and Java 11, making various installations vulnerable to potential attacks.

    Recommended Actions:

    • Upgrade to Version 1.3.0: Users are urged to upgrade their Apache HugeGraph-Server installations to version 1.3.0.
    • This version addresses the RCE vulnerability and is optimized for Java 11, which offers improved performance and security features.
    • Enable Authentication System: Strengthening security configurations by enabling the authentication system is crucial.
    • This system helps verify and authenticate user access, providing an additional layer of security.
    • Implement Whitelist-IP/Port Function: To enhance the security of RESTful-API execution further, enabling the Whitelist-IP/port function is recommended.
    • This function restricts API access to only those IP addresses and ports that are explicitly allowed, significantly reducing the risk of malicious access.

    CVE-2024-27349: Apache HugeGraph-Server: Bypass whitelist in Auth mode

    This critical flaw affects all versions from the initial release 1.0.0 up to, but not including, the more secure 1.3.0 version.

    The vulnerability allows attackers to bypass authentication mechanisms by spoofing legitimate user credentials, potentially leading to unauthorized access and control over the HugeGraph-Server.

    Urgent Security Measures:

    • Immediate Upgrade Required: Users must promptly upgrade to Apache HugeGraph-Server version 1.3.0.
    • This version contains necessary fixes that address the authentication bypass vulnerability, closing the door on this particular method of system compromise.
    • Activate Whitelist-IP/Port: Enabling the Whitelist-IP/port function is strongly advised as an additional security precaution.
    • This security feature limits RESTful-API execution to trusted IP addresses and ports, providing a robust defense against unauthorized access.

    CVE-2024-27347: Apache HugeGraph-Hubble: SSRF in Hubble connection page

    This moderate severity issue allows attackers to send crafted requests from the server, potentially leading to unauthorized actions and information disclosure from internal systems that are otherwise inaccessible from the external network.

    Recommended Remedial Actions:

    • Upgrade to Version 1.3.0: Users of Apache HugeGraph-Hubble must upgrade their systems to version 1.3.0 as soon as possible.
    • This updated version includes patches that effectively resolve the SSRF vulnerability, enhancing the server’s security against such exploitation techniques.

    The discovery of this critical vulnerability in Apache HugeGraph underscores the importance of maintaining up-to-date software and implementing robust security measures. 

    Organizations using HugeGraph should act swiftly to apply the provided updates and secure their systems against potential threats. 

    Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot

    The post Critical Apache HugeGraph Flaw Let Attackers Execute Remote Code appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    / /

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Hacker Offers Upto $300 To Mobile Networks Staff For Illegal SIM Swaps

    Β·

    A SIM Swap Scam or SIM Cloning Scam exploits a vulnerability in a two-factor authentication (2FA) system that relies on SMS messages for verification codes, where attackers aim to gain control of the victim’s mobile phone number by convincing the victim’s mobile carrier to transfer the number to a new SIM card under the attacker’s control.

    The attacker typically initiates the scam by acquiring the victim’s personal information, including their phone number, which can be obtained through various means, such as data breaches, social engineering attacks (e.g., phishing emails or smishing attacks), or by purchasing the information on the dark web.

    Breakdown Of The Technical Aspects Of A SIM Swap Scam:

    Once the attacker has the victim’s phone number and potentially other personal details (e.g., Social Security Number, date of birth), they contact the victim’s mobile carrier while impersonating the victim.Β 

    Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

    To appear legitimate, attackers may use social engineering tactics to convince carrier representatives that they have lost their phone or SIM card and request a replacement. 

    Weaknesses in the carrier’s verification process, such as relying solely on security questions with predictable answers or a lack of multi-factor authentication for customer service representatives, can increase the scam’s success rate.

    As reported by Reddit, if the social engineering is successful, the attacker convinces the carrier to issue a new SIM card and activate it on their device, effectively porting the victim’s phone number to the attacker’s controlled SIM card.

    With the phone number under their control, the attacker can intercept any SMS messages sent to the victim’s number, including 2FA codes for various online accounts (e.g., bank accounts and social media accounts).

    Attackers can bypass 2FA security measures and potentially take over the victim’s accounts by gaining access to these codes.

    Once attackers have access to the victim’s accounts, they can wreak havoc by stealing money by transferring funds from bank accounts, making unauthorized purchases using linked credit cards, or even committing identity theft by using the victim’s personal information for fraud.

    Mitigate The Risk Of SIM Swap Scams:

    Carriers can stop relying solely on knowledge-based authentication (e.g., security questions) and implement multi-factor authentication for customer service interactions.

    This involves sending a one-time verification code to a trusted email address or registered device before processing any SIM swap requests.

    Biometric verification using fingerprints or facial recognition can be a more robust way to confirm a customer’s identity during SIM swap requests.

    Carriers can educate their customer service representatives on the tactics used in SIM Swap Scams and train them to be more vigilant in identifying and preventing such attempts.

    Looking to Safeguard Your Company from Advanced Cyber Threats? DeployΒ TrustNetΒ to Your Radar ASAP.

    The post Hacker Offers Upto $300 To Mobile Networks Staff For Illegal SIM Swaps appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    / / / / /

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Critical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks

    Β·

    A significant vulnerability in the Perforce Akana Community Manager Developer Portal has been found, allowing attackers to conduct server-side request forgery (SSRF) attacks.

    Community Manager is an advanced solution designed to assist businesses in creating an API portal that will draw in, manage, and assist developers who create applications using their APIs.

    Organizations frequently use this software to create and maintain developer portals for their APIs. 

    Typically, an SSRF attack involves the attacker forcing the server to connect to internal services only found in the infrastructure of the company. 

    Free Webinar | Mastering WAAP/WAF ROI Analysis | Book Your Spot

    In different circumstances, they might be able to force the server to establish a connection with any random external systems.

    Sensitive information, such as authorization credentials, can leak as a result.

    SSRF in Akana Community Manager Developer Portal

    This critical severity vulnerability tracked as CVE-2024-2796, has a CVSS base score of 9.3. The vulnerability was disclosed by Jakob Antonsson.

    The Akana Community Manager Developer Portal, versions 2022.1.3 and earlier, has a server-side request forgery (SSRF) vulnerability. 

    When an SSRF attack is successful, the hacker can control the target web server to carry out harmful operations or disclose private data. 

    This approach can cause significant damage to an organization, including sensitive data exposure, cross-site port attacks (XSPA), denial of service (DoS), and remote code execution.

    Affected Software Versions

    It has been confirmed that the following Perforce Akana Community Manager Developer Portal versions are impacted:

    • 2022.1.1 
    • 2022.1.2 
    • 2022.1.3

    Patches Released

    • 2022.1.1 (CVE-2024-2796 Patch) 
    • 2022.1.2 (CVE-2024-2796 Patch) 
    • 2022.1.3 (CVE-2024-2796 Patch)

    It is highly recommended that organizations utilizing the Akana Community Manager Developer Portal update to one of the patched versions right away.

    Looking to Safeguard Your Company from Advanced Cyber Threats? Deploy TrustNet to Your Radar ASAP

    The post Critical Flaw with Popular API Portal Let Attackers Launch SSRF Attacks appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    / /

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • Europol calls for Tech Giants to Get Lawful Access To end-to-end Encryption

    Β·

    The ongoing tension between privacy rights and public safety, Europol, along with European Police Chiefs, has issued a call for tech giants to provide lawful access to encrypted communications.

    This development comes as major social media platforms, including those owned by Meta, begin to implement end-to-end encryption. This technology prevents anyone except the communicating users from accessing the messages.

    The Challenge of End-to-End Encryption

    End-to-end encryption ensures that digital conversations are private and secure from any third-party interception, including by the platforms themselves.

    Is Your Network Under Attack? - Read CISO’s Guide to Avoiding the Next Breach - Download Free Guide

    However, this level of privacy raises significant concerns for law enforcement agencies:

    • Prevention of Crime: Encrypted platforms can become safe havens for illegal activities, including child exploitation, human trafficking, and terrorism.
    • Investigation and Prosecution: The inability to access message content can hinder the investigation and prosecution of crimes.
    • Evidence Gathering: Critical evidence necessary for legal processes may become inaccessible, potentially allowing criminals to evade justice.

    Europol’s Call to Action

    During an informal meeting of the Europol hosted by the UK’s National Crime Agency on April 18, a joint declaration was made, emphasizing the urgent need for a balanced approach to encryption that considers both privacy rights and public safety.

    The meeting, which saw participation from police chiefs of all EU Member States and Schengen Associated Countries, highlighted several key points:

    • Public Safety: The primary concern is the potential increase in platforms used for harmful activities without the possibility of oversight or intervention.
    • Legal Access: This is the call for creating means through which law enforcement can legally access data, under strict conditions and oversight, to prevent or investigate serious crimes.
    • Cooperation with Tech Giants: There is a strong emphasis on collaboration between governments, law enforcement agencies, and technology companies to find solutions that balance privacy with security.

    The Role of Europol and International Cooperation

    Given its role in facilitating cross-border law enforcement cooperation within the EU and beyond, Europol’s involvement in this initiative is crucial.

    The agency’s Executive Director, Catherine De Bolle, recently met with Graeme Biggar, Director of the UK National Crime Agency, to discuss ongoing cooperation post-Brexit.

    These strategic exchanges are vital for maintaining and enhancing security across Europe.

    This call for lawful access to encrypted communications will likely spark a heated debate about balancing individual privacy rights and collective security needs.

    Tech companies, privacy advocates, and governments must engage in a nuanced dialogue to address these complex issues effectively.

    As this situation develops, the global community will be watching closely to see how privacy and security can coexist in the digital age and what compromises, if any, are necessary to protect citizens while respecting their rights to private communication.

    Free Webinar: Mastering Web Application and API Protection/WAF ROI Analysis -  Book Your Spot

    The post Europol calls for Tech Giants to Get Lawful Access To end-to-end Encryption appeared first on GBHackers on Security | #1 Globally Trusted Cyber Security News Platform.

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    /

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

  • U.S. Imposes Visa Restrictions on 13 Linked to Commercial Spyware Misuse

    Β·

    The U.S. Department of State on Monday said it’s taking steps to impose visa restrictions on 13 individuals who are allegedly involved in the development and sale of commercial spyware or who are immediately family members of those involved in such businesses. “These individuals have facilitated or derived financial benefit from the misuse of this technology, which

    Go to source

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ

    ΒΆΒΆΒΆΒΆΒΆ