Hi everyone,

Great to be back here!

With the COVID19 lockdown and 40/5 WFH, I believe I can contribute to adding knowledge to this forum, hence I'm opening this thread for IT/Cybersecurity professionals and enthusiasts to collaborate.

Let's begin with the below questions:

1. What are your questions regarding Cybersecurity?

2. What's your current field of expertise?

3. Are you currently considering a career in IT/Cybersecurity and where are on in terms of achieving this?

4. What are the current limitations you are facing?

5. How have you been able to achieve your current goals?

6. What are the resources you use to learn?

7. What degrees and certifications are you considering?

These and many more we can discuss on this thread.

Come in here, let's discuss, chat, encourage and help each other grow.

PS: I will like to make this thread as conversational as possible, hence let's make it very interactive. I will try as much as possible to desist from replying to all questions and allow other group members to participate.

Thank you!


Mods, lalasticlala, Mynd44, Dominique, please feel free to close this thread if there's already an existing thread like this. I checked but couldn't find any, but could be an oversight on my part.

CC: Lalasticlala, Mynd44

These OurMine guys, don kolo no be small. I cant believe WikiLeaks, eventually become a prey.

Please see details below:

OurMine is in headlines once again—this time for defacing WikiLeaks website.
The notorious hacking group, OurMine, is known for breaching into high-profile figures and companies' social media accounts, including Facebook CEO Mark Zuckerberg, Twitter CEO Jack Dorsey, Google CEO Sundar Pichai, HBO, Game of Thrones and Sony's PlayStation Network (PSN).


According to screenshots circulating on Twitter, the official website of WikiLeaks has reportedly been defaced by the OurMine hacking group, who left a message on the site, as shown "below".
WikiLeaks is a whistleblowing website that since March, has been revealing top CIA hacking secrets under Vault 7, including the agency's ability to break into different mobile and desktop platforms, security camera live video streams, air-gap computers and many more.
There is no indication of WikiLeaks servers and website been compromised, instead it seems their website has been redirected to a hacker-controlled server using DNS poisoning attack.
In DNS poisoning attack, also known as DNS spoofing, an attacker gets control of the DNS server and changes a value of name-servers in order to divert Internet traffic to a malicious IP address.


Shortly after the defacement, the site administrators regained access to their DNS server and at the time of writing, the WikiLeaks website is back online from its official legitimate servers.
OurMine is a Saudi Arabian group of hackers which claims to be a "white hat" security firm.
The group markets itself by taking over social media accounts of high-profile targets and then encourages them to contact the hacking group to buy its IT security service in an effort to protect themselves from future cyber attacks.

Written by Wang Wei
Security Researcher and Consultant for the government, Financial Securities and Banks. Enthusiast, Malware Analyst, Penetration Tester.

Source: https://thehackernews.com/2017/08/ourmine-wikileaks.html

Image culled from Google.

COLOGNE, Germany (Reuters) - A British hacker-for-hire was given a suspended sentence by a German court on Friday after confessing to a cyber attack that knocked out the internet for around 1 million Deutsche Telekom (DTEGn.DE) customers.

The 29-year old hacker, who used the online alias "Spiderman", among other names, also faces criminal charges in Britain, where authorities have requested his extradition.

The attack caused internet outages for about 4.5 percent of Deutsche Telekom's 20 million fixed-line customers.

"One can't say exactly what the damages for Telekom are," the presiding judge, Christof Wuttke, said in handing down the sentence, noting the costs to Germany's biggest telecom services operator were sizable, but not "lasting".

The court calculated Deutsche Telekom spent around 1 million euros ($1.2 million), mainly for setting up a national hotline for customer complaints and for weekend overtime pay for security staff.

The regional court in Cologne handed the man, named only as Daniel K., a suspended sentence of one year and eight months for attempted commercial computer sabotage. The maximum sentence was up to 10 years, and prosecutors had asked for two years.

Telekom estimated damages of 2 million euros (1.8 million pounds). A spokeswoman said the company was considering a civil lawsuit. "We will await the written judgment and weigh if we should go with a civil case," spokeswoman Alexia Sailer said.

Sailer welcomed the conviction as a sign that "attacks on the cyber world are going punished."

Hacker-for-Hire
Last November, Daniel K. used a variant of the malicious Mirai botnet code to attack internet routers and turn them into remotely controlled "bots" for mounting large-scale attacks that disrupted websites and computer systems, police have said.

The botnet spread around the world, knocking out internet router equipment at up to a dozen telecom operators around the world, with Germany's Deutsche Telekom the hardest hit.


British police arrested the hacker in February at Luton airport, north of London, on a request from Germany's Federal Criminal Police Office (BKA) to charge him with selling his botnet to online criminals. He was sent to Germany for trial.

The malicious code exploited unprotected ports which allow network technicians to fix customers' routers from afar, but which can also expose the equipment to outside attack. Both the attack and the rapid recovery from it exploited this feature.

One out of every two companies in Germany has been the victim of cyber attacks over the last two years, according to a study by the country's digital trade group Bitkom published this month.


Reporting by: Anneli Palmen and Tom Sims; Writing by Eric Auchard and Maria Sheahan; Editing by Elaine Hardcastle

Source: https://www.reuters.com/article/us-deutsche-telekom-outages-idUSKBN1AD1EX

CC: Lalasticlala, Mynd44

Three Square Market (32M) Becomes First-Ever Company to Implant Micro-Chips in Employees

Biohacking could be a next big thing in this smart world.
Over two years ago, a hacker implanted a small NFC chip in his left hand right between his thumb and his pointer finger and hacked Android smartphones and bypassed almost all security measures, demonstrating the risks of Biohacking.
At the end of the same year, another hacker implanted a small NFC chip with the private key to his Bitcoin wallet under his skin, making him able to buy groceries or transfer money between bank accounts by just waving his hand.
And this is soon going to be a reality, at least in one tech company in Wisconsin.


Marketing solution provider Three Square Market (32M) has announced that it had partnered with Swedish biohacking firm BioHax International for offering implanted microchips to all their employees on 1st August, according to the company's website.
Although the programme is optional, the company wants at least more than 50 of its employees to undergo the Biohacking procedure.
Like previous bio hacks, the chips will be implanted underneath the skin between the thumb and forefinger, and will also use near-field communications (NFC) — the same technology that makes contactless credit cards and mobile payments possible — along with radio-frequency identification (RFID).

According to the company, the implanted chips would allow its employees to log into their office computers, pay for food and drink from office vending machines, open doors and use the copy machine, among other purposes.
The company CEO has also confirmed that 'there's no GPS tracking at all.'
"We foresee the use of RFID technology to drive everything from making purchases in our office break room market, opening doors, use of copy machines, logging into our office computers, unlocking phones, sharing business cards, storing medical/health information, and used as payment at other RFID terminals," 32M chief executive Todd Westby said.
"Eventually, this technology will become standardised allowing you to use this as your passport, public transit, all purchasing opportunities, etc."
Interested employees will be chipped at the 32M inaugural "chip party" on 1st August at the company's headquarters in River Falls, Wisconsin.


Three Square Market is considered as a leader in micro market technology, which designs mini-convenience stores using a self-checkout kiosk (vending machines), often found in large companies.
The company has more than 2,000 kiosks in nearly 20 different countries, and it operates over 6,000 kiosks in TurnKey Corrections, the firm's corrections industry business.
While the Biometric information and technology are experiencing an increase in popularity, it also raises widespread concerns around the safety and privacy of people adopting it.
Hackers could misuse the technology used to provide easiness to the public against the public itself, and one should not forget that with the advance in technology, the techniques used by cyber criminals also improves.

By: Mohit Kumar
Entrepreneur, Hacker, Speaker, Founder and CEO — The Hacker News and The Hackers Conference.

Source: http://thehackernews.com/2017/07/biohacking-microchip-implant.html


CC: Lalasticlala, Mynd44

Lalasticlala, Mynd44 come and notify people about these Spyware applications

Security researchers at Google have discovered a new family of deceptive Android spyware that can steal a whole lot of information on users, including text messages, emails, voice calls, photos, location data, and other files, and spy on them.
Dubbed Lipizzan, the Android spyware appears to be developed by Equus Technologies, an Israeli startup that Google referred to as a 'cyber arms' seller in a blog post published Wednesday.
With the help of Google Play Protect, the Android security team has found Lipizzan spyware on at least 20 apps in Play Store, which infected fewer than 100 Android smartphones in total.


Google has quickly blocked and removed all of those Lipizzan apps and the developers from its Android ecosystem, and Google Play Protect has notified all affected victims.
For those unaware, Google Play Protect is part of the Google Play Store app and uses machine learning and app usage analysis to weed out the dangerous and malicious apps.

Lipizzan: Sophisticated Multi-Stage Spyware
According to the Google, Lipizzan is a sophisticated multi-stage spyware tool that gains full access to a target Android device in two steps.
In the first stage, attackers distribute Lipizzan by typically impersonating it as an innocuous-looking legitimate app such as "Backup" or "Cleaner" through various Android app stores, including the official Play store.
Once installed, Lipizzan automatically downloads the second stage, which is a "license verification" to survey the infected device to ensure the device is unable to detect the second stage.
After completing the verification, the second stage malware would root the infected device with known Android exploits. Once rooted, the spyware starts exfiltrating device data and sending it back to a remote Command and Control server controlled by the attackers.

Lipizzan Also Gathers Data from Other Popular Apps
The spyware has the ability to monitor and steal victim's email, SMS messages, screenshots, photos, voice calls, contacts, application-specific data, location and device information.
Lipizzan can also gather data from specific apps, undermining their encryption, which includes WhatsApp, Snapchat, Viber, Telegram, Facebook Messenger, LinkedIn, Gmail, Skype, Hangouts, and KakaoTalk.


There's very few information about Equus Technologies (which is believed to have been behind Lipizzan) available on the Internet. The description of the company's LinkedIn account reads:
"Equus Technologies is a privately held company specialising in the development of tailor made innovative solutions for law enforcement, intelligence agencies, and national security organisations."

Earlier this year, Google found and blocked a dangerous Android spyware, called Chrysaor, allegedly developed by NSO Group, which was being used in targeted attacks against activists and journalists in Israel, Georgia, Turkey, Mexico, the UAE and other countries.

NSO Group Technologies is the same Israeli surveillance firm that built the Pegasus iOS spyware initially detected in targeted attacks against human rights activists in the United Arab Emirates (UAE) last year.


How to Protect your Android device from Hackers?
Android users are strongly recommended to follow these simple steps in order to protect themselves:

Ensure that you have already opted into Google Play Protect.
Download and install apps only from the official Play Store.
Enable 'verify apps' feature from settings.
Protect their devices with pin or password lock.
Keep "unknown sources" disabled while not using it.
Keep your device always up-to-date with the latest security patches.

By Swati Khandelwal
Technical Writer, Security Blogger and IT Analyst. She is a Technology Enthusiast with a keen eye on the Cyberspace and other tech related developments.
Source: http://thehackernews.com/2017/07/lipizzan-android-spyware.html

cc: Seun, Lalasticlala, Mynd44


Please note that, I (DrCybersecurity) dont own a blog, but I am only here to share cybersecurity news, via various cyber e-news outlet.