Aug 26 2021

Samsung can remotely disable their TVs worldwide using TV Block

Category: cyber security,Cyber Spy,Cyber ThreatsDISC @ 1:39 pm
Samsung can remotely disable their TVs worldwide using TV Block

Samsung says that it can disable any of its Samsung TV sets remotely using TV Block, a feature built into all television products sold worldwide.

This was revealed by the South Korean multinational in a press release issued earlier this month in response to the July South African riots that led to large-scale looting, which also impacted Samsung warehouses and stores.

“TV Block is a remote, security solution that detects if Samsung TV units have been unduly activated, and ensures that the television sets can only be used by the rightful owners with a valid proof of purchase,” Samsung said.

“The aim of the technology is to mitigate against the creation of secondary markets linked to the sale of illegal goods, both in South Africa and beyond its borders. This technology is already pre-loaded on all Samsung TV products.”

As Samsung explains, the goal behind remotely disabling stolen TV sets is to limit looting and “third party purchases,” and ensuring that the TVs can only be used by “rightful owners with a valid proof of purchase.”

https://twitter.com/SamsungSA/status/1423674642443784198

How TV Block works

Tags: Samsung can remotely disable, Smart TV, Smart TV Security, TV Block

Aug 02 2021

Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

Category: Cyber Spy,SpywareDISC @ 10:27 am
Image: Alya Alhwait, Alaa Al-Siddiq, Ghada Oueiss, Loujain Al-Hathloul

Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

‘I will not be silenced’: Women targeted in hack-and-leak attacks speak out about spyware

Ghada Oueiss, a Lebanese broadcast journalist at Al-Jazeera, was eating dinner at home with her husband last June when she received a message from a colleague telling her to check Twitter. Oueiss opened up the account and was horrified: A private photo taken when she was wearing a bikini in a jacuzzi was being circulated by a network of accounts, accompanied by false claims that the photos were taken at her boss’s house.

Over the next few days she was barraged with thousands of tweets and direct messages attacking her credibility as a journalist, describing her as a prostitute or telling her she was ugly and old. Many of the messages came from accounts that appeared to support Saudi Crown Prince Mohammed bin Salman Al Saud, known as MBS, including some verified accounts belonging to government officials.

“I immediately knew that my phone had been hacked,” said Oueiss, who believes she was targeted in an effort to silence her critical reporting on the Saudi regime. “Those photos were not published anywhere. They were only on my phone.”

“I am used to being harassed online. But this was different,” she added. “It was as if someone had entered my home, my bedroom, my bathroom. I felt so unsafe and traumatized.”

Source: Female journalists and activists say they had their private photos shared on social media by governments seeking to intimidate and silence them.

You Are Being Targeted – How to Keep Yourself Safe in a Connected World! (Survival and Security Series Book 1) by [Harvey Toogood]

Privacy

Tags: journalists targeted, Pegasus spyware, private photos shared on social media by governments, Spyware

Jul 20 2021

NSO Group Hacked

Category: Cyber Espionage,Cyber Spy,Cybercrime,Cyberweapons,Hacking,Malware,Smart PhoneDISC @ 1:36 pm
NSO Group Hacked

There’s a lot to read out there. Amnesty International has a report. Citizen Lab conducted an independent analysis. The Guardian has extensive coverageMore coverage.

Worldwide probe finds tech by Israel's NSO Group targeted media, politicians | The Times of Israel

Most interesting is a list of over 50,000 phone numbers that were being spied on by NSO Group’s software. Why does NSO Group have that list? The obvious answer is that NSO Group provides spyware-as-a-service, and centralizes operations somehow. Nicholas Weaver postulates that “part of the reason that NSO keeps a master list of targeting…is they hand it off to Israeli intelligence.

This isn’t the first time NSO Group has been in the news. Citizen Lab has been researching and reporting on its actions since 2016. It’s been linked to the Saudi murder of Jamal Khashoggi. It is extensively used by Mexico to spy on — among others — supporters of that country’s soda tax.

 here’s a tool that you can use to test if your iPhone or Android is infected with Pegasus. (Note: it’s not easy to use.)

7 Steps to Removing Spyware

7 Steps to Removing Spyware by Nick Laughter

Spyware and Adware

Spyware and Adware

Tags: Amnesty International, mobile spyware, NSO Group Hacked, rouge anti-spyware, Spyware, Spyware and Adware

Mar 22 2021

FCC Boots Chinese Telecom Companies, Citing Security

Category: Cyber Attack,Cyber Communication,Cyber Espionage,cyber security,Cyber Spy,Cyber surveillance,Cyber Threats,Cyber War,CybercrimeDISC @ 11:01 am
FCC Boots Chinese Telecom Companies, Citing Security

he Federal Communications Commission’s (FCC) Public Safety and Homeland Security Bureau on March 12 identified five Chinese companies they said posed a threat to U.S. national security. These companies are: Huawei Technologies Co., ZTE Corp., Hytera Communications Corp., Hangzhou Hikvision Digital Technology Co. and Dahua Technology Co.

The declaration, according to the FCC, is in accordance with the requirements of the Secure and Trusted Communications Networks Act of 2019, which requires the FCC to “publish and maintain a list of communications equipment and services that pose an unacceptable risk to national security or the security and safety of U.S. persons.”

In June 2020, the FCC designated both ZTE and Huawei as national security threats. “… [B]ased on the overwhelming weight of evidence, the Bureau has designated Huawei and ZTE as national security risks to America’s communications networks—and to our 5G future,” said then-FCC chairman Ajit Pai. Pai continued, “Both companies have close ties to the Chinese Communist Party and China’s military apparatus, and both companies are broadly subject to Chinese law obligating them to cooperate with the country’s intelligence services.  The Bureau also took into account the findings and actions of congress, the executive branch, the intelligence community, our allies, and communications service providers in other countries. We cannot and will not allow the Chinese Communist Party to exploit network vulnerabilities and compromise our critical communications infrastructure. Today’s action will also protect the FCC’s Universal Service Fund—money that comes from fees paid by American consumers and businesses on their phone bills—from being used to underwrite these suppliers, which threaten our national security.”

ZTE’s petition for reconsideration in November 2020 was immediately rejected. Huawai also petitioned for reconsideration, and their appeal was rejected in December 2020, after a few weeks of deliberation.

FCC Boots Chinese Telecom Companies, Citing Security

Tags: Chinese Telecom

Mar 17 2021

Chinese cyberspies go after telco providers, 5G secrets

Category: Cyber Espionage,Cyber SpyDISC @ 6:55 am

A Chinese cyber-espionage group has shifted operations from targeting Vatican officials and Catholic organizations to telecom providers across Asia, Europe, and the US.

The group, known in the cybersecurity community as Mustang Panda or RedDelta, has been targeting employees of telecom companies since last fall, as a gateway inside organizations, with the end goal of stealing 5G-related information.

Chinese group targeted telco employees with job offers

According to a technical report published today by security firm McAfee and titled “Operation Diànxùn” [PDF], the Mustang Panda group primarily relied on luring telco employees to a malicious site masquerading as Huawei’s careers page.

The phishing site would ask users to install a Flash software update hosted on a malicious site, and this file would later download and install a .NET backdoor, which would communicate with the attacker’s remote infrastructure via a Cobalt Strike beacon.

McAfee said the point of these attacks was to gain a foothold on a telcos’ internal networks.

“We believe that this espionage campaign is aimed at stealing sensitive or secret information in relation to 5G technology,” the company said today.

Attacks were observed against telcos in Southeast Asia, Europe, and the US; however, McAfee said it observed the group also showing “strong interest in German, Vietnamese, and India telecommunication companies.”

Source: Chinese cyberspies go after telco providers, 5G secrets

Tags: 5G secrets, Chinese cyberspies

Feb 26 2021

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Category: Botnet,Cyber Attack,Cyber Espionage,Cyber Spy,Cyber surveillance,Cyber Threats,Cyber War,CybercrimeDISC @ 10:54 am
Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Microsoft announced the release of open-source CodeQL queries that it experts used during its investigation into the SolarWinds supply-chain attack

In early 2021, the US agencies FBI, CISA, ODNI, and the NSA released a joint statement that blames Russia for the SolarWinds supply chain attack.

The four agencies were part of the task force Cyber Unified Coordination Group (UCG) that was tasked for coordinating the investigation and remediation of the SolarWinds hack that had a significant impact on federal government networks.

The UCG said the attack was orchestrated by an Advanced Persistent Threat (APT) actor, likely Russian in origin.

According to the security experts, Russia-linked threat actors hacked into the SolarWinds in 2019 used the Sundrop malware to insert the Sunburst backdoor into the supply chain of the SolarWinds Orion monitoring product.

Microsoft, which was hit by the attack, published continuous updates on its investigation, and now released the source code of CodeQL queries, which were used by its experts to identify indicators of compromise (IoCs) associated with Solorigate.

“In this blog, we’ll share our journey in reviewing our codebases, highlighting one specific technique: the use of CodeQL queries to analyze our source code at scale and rule out the presence of the code-level indicators of compromise (IoCs) and coding patterns associated with Solorigate.” reads the blog post published by Microsoft. “We are open sourcing the CodeQL queries that we used in this investigation so that other organizations may perform a similar analysis. Note that the queries we cover in this blog simply serve to home in on source code that shares similarities with the source in the Solorigate implant, either in the syntactic elements (names, literals, etc.) or in functionality.”

Microsoft releases open-source CodeQL queries to assess Solorigate compromise

Tags: CodeQL, Solorigate compromise

Feb 15 2021

Chinese Supply-Chain Attack on Computer Systems

Category: Cyber Attack,Cyber Espionage,Cyber SpyDISC @ 11:41 am
Chinese Supply-Chain Attack on Computer Systems

Bloomberg News has a major story about the Chinese hacking computer motherboards made by Supermicro, Levono, and others. It’s been going on since at least 2008. The US government has known about it for almost as long, and has tried to keep the attack secret:

China’s exploitation of products made by Supermicro, as the U.S. company is known, has been under federal scrutiny for much of the past decade, according to 14 former law enforcement and intelligence officials familiar with the matter. That included an FBI counterintelligence investigation that began around 2012, when agents started monitoring the communications of a small group of Supermicro workers, using warrants obtained under the Foreign Intelligence Surveillance Act, or FISA, according to five of the officials.

There’s lots of detail in the article, and I recommend that you read it through.

Tags: Chinese espionage, Supply-Chain Attack

Dec 13 2020

Suspected Russian hackers spied on U.S. Treasury emails

Category: Cyber Espionage,Cyber Spy,Cyber surveillance,Digital cold war,Hacking,Information WarfareDISC @ 4:27 pm

Hackers believed to be working for Russia have been monitoring internal email traffic at the U.S. Treasury Department and an agency that decides internet and telecommunications policy, according to people familiar with the matter.

Three of the people familiar with the investigation said Russia is currently believed to be behind the attack.

Two of the people said that the breaches are connected to a broad campaign that also involved the recently disclosed hack on FireEye, a major U.S. cybersecurity company with government and commercial contracts.

“The United States government is aware of these reports and we are taking all necessary steps to identify and remedy any possible issues related to this situation,” said National Security Council spokesman John Ullyot.

The hack is so serious it led to a National Security Council meeting at the White House on Saturday, said one of the people familiar with the matter.

Source: Suspected Russian hackers spied on U.S. Treasury emails – sources


    Active Exploitation of SolarWinds Software

    Emergency directive: Global governments issue alert after FireEye hack is linked to SolarWinds supply chain attack

    SolarWinds Security Advisory

    Massive suspected Russian hack is 21st century warfare

    The government has known about the vulnerabilities that allowed the SolarWinds attack since the birth of the internet—and chose not to fix them.

    WATCH: Trump refuses to acknowledge that Russia meddled in US elections



RUSSIAN GOVERNMENT HACKING GROUP ‘APT29’ BEHIND CYBER HACK ON US GOVERNMENT
httpv://www.youtube.com/watch?v=FM66FgFk6Ls



U.S. Agencies Hit in Brazen Cyber-Attack by Suspected Russian Hackers
httpv://www.youtube.com/watch?v=vlVGnu7i0tY



#Sandworm: A New Era of #Cyberwar and the Hunt for the #Kremlin’s Most #Dangerous #Hackers Paperback




Tags: APT29, cyber hacking, FireEye, Greenburg, Russian cyber attack, Russian espionage, Russian hackers, Sandworm, U.S. Treasury

Jun 22 2020

Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies

Category: Cyber Spy,Cyber WarDISC @ 1:50 pm

Aerospace and military companies in the crosshairs of CyberSpies | CyberWar

ESET research uncovers attacks against several high-profile aerospace and military companies in Europe and the Middle East, with several hints suggesting a possible link to the Lazarus group.

Source: Operation In(ter)ception: Aerospace and military companies in the crosshairs of cyberspies | WeLiveSecurity

This blogpost above will shed light on how the attacks unfolded. The full research can be found in this white paper, Operation In(ter)ception: Targeted attacks against European aerospace and military companies.



Confessions of a cyber spy hunter | Eric Winsborrow | TEDxVancouver
httpv://www.youtube.com/watch?v=YiUN35Ikdfw



Spyeye : Script To Generate Win32 .exe File To Take Screenshots

Download a Security Risk Assessment steps paper!

Download a vCISO template

Subscribe to DISC InfoSec blog by Email

Take an awareness quiz to test your basic cybersecurity knowledge




« Previous Page