In total, more than 400 attacks were recorded using the Conti ransomware.
Cyber and Infrastructure Security Agency (CISA) published Conti ransomware newsletter. The document for the cybersecurity community provided detailed information about the group and its partners.
In total, more than 400 Conti ransomware attacks have been recorded targeting American organizations and international businesses, according to CISA and the FBI. CISA provided technical information on how the ransomware group operates and what steps organizations can take to prevent potential attacks.
While Conti uses an ransomware-as-a-service business model, the group operates in a slightly different way from other criminals, experts noted. According to CISA, the group does not pay partners a part of the ransom proceeds, but pays wages.
According to the director of cybersecurity of the NSA, Rob Joyce (Rob Joyce), Conti’s operators are targeting critical infrastructure. The number of attacks using Conti is increasing. Joyce urged organizations to use multifactor authentication, segment their networks, scan them for vulnerabilities, and keep abreast of all fixes.
Conti members use a variety of methods and tools to infiltrate systems, including targeted phishing campaigns, remote monitoring and control software, and remote desktop software.
The targeted phishing campaigns used emails containing malicious attachments or links. Malicious Microsoft Word attachments often contain embedded scripts to download or install other malware such as TrickBot and IcedID and / or Cobalt Strike.
Sometimes the group and its partners use tools that are already on the victim’s network, or they run Windows Sysinternals and Mimikatz to steal plaintext credentials. In this way, hackers elevate privileges on the system and perform other tasks after exploitation and moving around the network.
New feature from Google allows minors to remove their photos from search
This function was first introduced in August this year, but it has become widely available only now.
Google has launched a new security feature that allows individuals under the age of eighteen to submit requests to remove their photos from search results. For the first time, the company announced its plans to implement this function in August this year, but it has become widely available only now.
Anyone can start the process of deleting photos on this page support. To do this, you need to provide the URLs of the images that you want to remove from the search results, the search words for which the search engine gives these photos, the name and age of the minor, as well as the name of the person acting on his behalf, and the status (by whom, for example, parent, guardian, etc.).
As with other erasure requests, it is difficult to say what criteria Google will follow when making a decision. According to the company, images of all minors will be removed “except in cases of public interest or informational value.” It is difficult to say what this will mean in practice.
Based on Google’s wording, only requests from individuals who are currently under eighteen years of age will be accepted. It turns out that if a person is, say, thirty years old, then he will not be able to request the removal of photographs in which he is fifteen.
Google also notes that removing photos from search results does not mean removing them from the internet. The company advises users requesting deletion of snapshots to contact the webmaster first. However, if the appeal does not lead to anything, then removing images from Google search results will certainly be an important step.
Information security expert hacked Wi-Fi networks in Tel Aviv to find out their reliability
The specialist managed to hack 73% of the 5 thousand studied wireless networks.
CyberArk employee Ido Hoorvitch conducted an interesting experiment to find out how strong passwords are for Wi-Fi networks in his hometown of Tel Aviv.
Using equipment to intercept Wi-Fi packets, Horwich collected a sample of 5,000 hashes of wireless networks and exploited a vulnerability to obtain PMKIDs (Pairwise Master Key Identifiers). To do this, he used a $ 50 NIC with monitoring and packet injection support and the WireShark tool.
PMKID is a hash generated using a password, access point MAC address, client MAC address, and wireless network name (SSID).
Horwich first tried to find out how many users had set their cell phone numbers as their wireless password (a common practice in Israel). To crack such a password, you just need to calculate all the combinations of numbers for Israeli phone numbers. Using a standard laptop, the researcher cracked 2,200 passwords; on average, breaking one password took 9 minutes.
Horwich then used the standard dictionary attack method. Using the Rockyou.txt dictionary, the expert managed to crack another 1,359 passwords (almost all of them used lowercase characters)
In total, Horwich was able to guess passwords to access 3,663 out of 5,000 (73%) of the studied wireless networks in Tel Aviv. The technical details of the study can be found here …
The FBI raids the American office of PAX Technology
The searches are related to the suspicion of the possible use of PAX equipment in cyberattacks.
Officials from the US Federal Bureau of Investigation raided the Florida office of PAX Technology, a Chinese PoS terminal manufacturer. How reported journalist Brian Krebs, the searches are related to reports of the possible use of PAX systems in cyber attacks against organizations in the United States and Europe.
PAX Technology is one of the world’s largest payment terminal manufacturers and a leading provider of trading solutions and services. The company is headquartered in Shenzhen, China.
According to information American radio station WOKV, the FBI and the Department of Homeland Security raided the PAX Technology warehouse in Jacksonville. Investigators said the searches were carried out on the basis of a court order as part of a federal investigation by the Department of Homeland Security with the participation of the Customs and Border Protection Directorate and the Naval Criminal Investigation Service. The FBI did not comment on the situation.
According to Krebs, citing trusted sources, the FBI launched an investigation into PAX after a major US payment service provider drew attention to strange network packets emanating from the company’s payment terminals. As it turned out, PAX terminals were used as a malware dropper and control infrastructure for organizing attacks and gathering information.
PAX Technology did not respond to Brian Krebs’s inquiry about the situation.
Two major financial providers in the US and UK have already begun to remove PAX terminals from the payment infrastructure, sources said.
“My sources say there is technical evidence for the use of terminals in cyberattacks. The packet sizes do not match the billing information they are supposed to send and do not correlate with the telemetry these devices are supposed to display in the event of a software update. PAX now claims the investigation is racially and politically motivated, ”the source said.
Krebs’ interlocutor did not provide details about the unusual network activity that led to the FBI investigation.
Xiaomi 12 with Snapdragon 898 will be released in December, but even before that the company will present a powerful smartphone with Snapdragon 870
There is no exact data regarding the date of the announcement of the flagship smartphone Xiaomi 12, but more and...
Xiaomi’s 4K TV sales grow 53 times, with over 7 million smart TVs sold in India alone
Eshwar Nilakantan, Head of SmartTV Category at Xiaomi India, made an official announcement about another important milestone that the Chinese...
12 GB of RAM and 512 GB of flash memory for the budget Redmi Note 11? Strange characteristics of the upcoming novelty appeared on the web
Smartphone Redmi Note 11, which should be presented tomorrow, lit up in the TENAA database. There are no images, but...
LG Display released Q3 2021 report
LG Display released its report for the quarter ended September 30. The South Korean flat panel manufacturer reported revenues of...
Security6 days ago
Taiwanese tech giant Gigabyte fell victim to ransomware twice in three months
Phones1 day ago
iPhone SE Plus will get an unexpectedly tiny display, and the iPhone SE 3 will be carried over to 2024: information from a trusted insider
Gaming5 days ago
“One of the most realistic mobile games.” New PUBG, Waiting for Tens of Millions of People, Launches November 11
News6 days ago
Introduced Xiaomi Mi Smart Camera 2 PTZ surveillance camera with f / 1.4 aperture and 2.5K resolution