Zicutake USA Comment | Search Articles

#History (Education) #Satellite report #Arkansas #Tech #Poker #Language and Life #Critics Cinema #Scientific #Hollywood #Future #Conspiracy #Curiosity #Washington



German youngster behind massive data leak of German politicians data

Posted: 08 Jan 2019 02:26 PM PST

A 20-year-old hacker was arrested for the recent massive data leak that impacted hundreds of German politicians. According to the authorities, the man had already confessed.

The German authorities have identified a 20-year-old hacker that stole and leaked personal data belonging to hundreds of German politicians. According to the authorities, the youngster, who lives with his parents and is still studying, had already confessed to having acted because he was annoyed.

“The accused said he published the data because he had been annoyed by certain statements made by those affected,” explained Georg Ungefuk, a spokesman for the Frankfurt prosecution service’s internet crime office ZIT.

The man was arrested after police raided his home in the state of Hesse,
the agents seized computers and hard drives.

The young hacker immediately decided to cooperate with the authorities and admitted to having acted alone.

He was charged with spying and illegally publishing personal data.

According to Bloomberg News, the exposed data includes email addresses, mobile phone numbers, invoices, copies of identity documents and personal chat transcripts.

The data were leaked online via the Twitter account "G0d" (@_0rbit) that has been suspended. "The Twitter account @_0rbit published the links daily in the style of an advent calendar, with each entry representing a "door", behind which was a link to new information." reported France24.

The leak was first reported by the German newspaper the Bild and the broadcaster RBB. According to the Bild, the theft of the data continued until the end of October but at the time it is not clear when it started.

The hackers leaked data belonging to political officials included members of the Bundestag lower house of parliament, the European Parliament, deputies from all parties, regional and local assemblies.

German politicians

The data was leaked online in December, but inexplicably the news was reported only this week.

The list of affected people also includes President Frank-Walter Steinmeier, celebrities and journalists.

The unique party in the Bundestag that was not targeted by the hacker is the opposition group of Alternative for Germany (AfD).

“We are still investigating his motives and whether they may have been criminal or politically motivated,” the head of cyber security at Germany’s Federal Police Office (BKA), Heiko Loehr, told to the reporters.

Pierluigi Paganini

(SecurityAffairs – data leak, German politicians)

The post German youngster behind massive data leak of German politicians data appeared first on Security Affairs.

Coinbase suspended Ethereum Classic (ETC) trading after a successful 51% attack

Posted: 08 Jan 2019 07:00 AM PST

The cryptocurrency exchange Coinbase suspended the trading of Ethereum Classic (ETC) after double-spend attacks worth $1.1 Million

The cryptocurrency exchange Coinbase has suspended the trading of Ethereum Classic (ETC) after double-spend attacks that consist in spending digital coins twice.
Ethereum Classic (ETC) is the original unforked Ethereum blockchain, the attacks resulted in the loss of $1.1 million worth of the digital currency.

51% attack refers to an attack on a blockchain by a group of miners that controls over 50% of the network’s mining hashrate.

“On 1/5/2019, Coinbase detected a deep chain reorganization of the Ethereum Classic blockchain that included a double spend. In order to protect customer funds, we immediately paused interactions with the ETC blockchain.” reads a blog post published by Coinbase.

“Subsequent to this event, we detected 8 additional reorganizations that included double spends, totaling 88,500 ETC (~$460,000). Update: Subsequent to this event, we detected 12 additional reorganizations that included double spends, totaling 219,500 ETC (~$1.1M).”

The attackers were able to double spend about 219,500 ETC and transfer them to wallets under their control.

On January 5, the exchange discovered a deep chain reorganization of the Ethereum Classic blockchain, then it halted send/receive interaction with the ETC blockchain in order to safeguard customer funds.

"Due to unstable network conditions on the Ethereum Classic network, we have temporarily disabled all sends and receives for ETC. Buy and sell is not impacted. All other systems are operating normally." reads an
update published by Coinbase on January 6, 2019.

The price of the Ethereum Classic (ETC) digital currency went down just after the attacks were reportes.

Ethereum Classic (ETC)

Bitfly, a fellow cryptocurrency trading platform, confirmed the attack and stated that it is still ongoing.

It is curious to note that Ethereum Classic was not able to defect the attack first and rejected the initial report from Coinbase.

The incident was confirmed later and confirmed that the investigation is still ongoing.

Stay tuned …

Pierluigi Paganini

(SecurityAffairs – virtual currency, hacking)

The post Coinbase suspended Ethereum Classic (ETC) trading after a successful 51% attack appeared first on Security Affairs.

Zerodium offers $2 Million for remote iOS jailbreaks, and much more

Posted: 08 Jan 2019 03:38 AM PST

The zero-day broker Zerodium offers $2 million for remote iOS jailbreaks and $1 million for chat app exploits.

Zerodium announced it is going to pay up to $2 million for remote iOS jailbreaks that don’t need any user interaction, Previous offers of the company for this kind of exploits was $1.5 million.

Zerodium payouts exploits

The company also doubled the payouts for remote code execution flaws in WhatsApp, iMessage or SMS/MMS applications, payouts passed from $500,000 up to $1 million.

Payouts for remote code execution vulnerabilities affecting WhatsApp, iMessage or SMS/MMS applications have now doubled to $1 million.

Other payouts offered by Zerodium for Chrome on Android and Safari on iOS exploits go for $500,000. The exploits for both web browsers include remote code execution, privilege escalation, and a sandbox escape.

The broker offers up to $100,000 for local PIN or TouchID bypass methods for both Android and iOS devices, the offer is increased of $85,000 respect previous one.

Zerodium increased of $100,000 the amount for remote code execution flaws in Outlook, Microsoft Exchange Server, PHP, and OpenSSL.

Rewards for a Windows RCE exploits via SMB or RDP packets without any user interaction is doubled, reaching $1 million.

Payouts for Chrome, Apache and Microsoft IIS exploits are doubled too and now are $500,000.

Pierluigi Paganini

(SecurityAffairs – zero-day, exploits)

The post Zerodium offers $2 Million for remote iOS jailbreaks, and much more appeared first on Security Affairs.

Nine 2019 Cybersecurity Predictions

Posted: 08 Jan 2019 01:10 AM PST

Wondering about the state of global cybersecurity in 2019? Wonder no more with these nine cybersecurity predictions for where the new year will take us — and what it means for our digital properties, online lives and livelihoods.

1. Everybody Will Have to Choose Their Partners and Equipment More Carefully

The Internet of Things is a remarkable benchmark in human technological advancement. It’s in its infancy, though — and it shows.

A few years ago, big box chain Target demonstrated the potential folly of using vendors and connected technologies that hadn’t been fully vetted yet. In 2014, the personal records of some 40 million Target shoppers, including names and credit card numbers, were stolen by hackers. Their way in was through the company’s internet-connected HVAC system.

2. Attacks Will Become More Common in the Supply Chain

Small and large businesses alike rely on the dependable flow of finished and unfinished goods throughout the world. When it comes to electronic products, many vendors, partners, and assembly and handling companies help see finished devices into the hands of their end users.

In other words, there are many spots along the journeys of these products that practically invite tampering — including a particularly insidious kind of cyberattack.

Although the claims have been vociferously denied by the companies involved, including Apple and Amazon, as well as by the U.S. Department of Homeland Security, merely the rumor of secretly placed foreign microchips in Super Micro motherboards was enough to send technology companies into a tailspin.

They ramped up efforts to seal potential holes in their security practices and ensure counterfeit or sabotaged parts don’t end up opening a backdoor into their companies’ products.

3. Digital Security Will Become a Company Budget Line Item

The whole of the internet sits on a perilous foundation. Without uniform net neutrality and civility rules across or within nations, and with abundant ways for cybercriminals to access personal and company data, it was only a matter of time before companies added digital and internet security to their budgets as a permanent line item.

It’s not a surprise that 2019 is estimated to see more than $124 billion spent on cybersecurity — 8.7 percent growth over the previous year. So many companies require nearly constant access to the internet to remain operational and solvent. A big part of this spending will go toward security talent acquisition, which will also see the addition of many more masters-level courses in IT architecture and cybersecurity.

4. Small Companies Will Have More Widespread Access to Enterprise-Level Security

For several years, conventional wisdom said small businesses were either easy pickings, cybersecurity-wise, or off cybercriminals’ radars, since larger corporations represented more lucrative targets. We’ve been half right. In 2016, more than 60 percent of attacks targeted small businesses. Small businesses might be easy pickings, but they’re definitely not off anybody’s radar.

2019 will probably see a kind of democratization of cybersecurity. It’s likely that the cost of hiring outside security consulting and applying enterprise-level security to a company will fall far enough that corporations and small businesses alike will end up using many of the same security tools in 2019 and beyond.

5. DDoS Attacks Will Become More Common

In the third quarter of 2018, DDoS attacks increased in frequency by 71 percent over the previous quarter. This bodes ill for 2019.

Whether undertaken by a foreign actor or a group of domestic hacktivists, it’s likely that Dyn and other companies that oversee our internet infrastructure will continue to see attempts to cripple the internet.

When Amazon Web Services goes down, so do many of the web’s most popular websites. When Dyn was attacked in 2016, it took down not just Amazon, but also Twitter, Netflix, CNN and a host of other digital properties that millions rely on daily. This is a precariously balanced and questionably concentrated amount of power.

6. Biometrics Will Roll Out to Many More Devices

Although some forms of biometric technology can be fallible under the right circumstances, they’re a generally more robust form of security than many others, including passwords.

2019 will continue to see the proliferation of fingerprint scanners, iris scanners and authentication cameras built into personal and commercial workstations, tablets, notebooks and smartphones.

Thanks to this convenience, 2019 and beyond will see us inch toward a major benchmark in mobile contactless payments made via smartphone: 2023 could see as much as $1.67 trillion change hands in this way.

7. The IoT Will Expand and Create New Avenues of Attack

Hackers tend to look for the path of least resistance when it comes to getting access to sensitive records and data. According to Kaspersky Lab, more than 120,000 individual pieces of malware were deployed against IoT devices in just the first half of 2018.

This is three times the number of similar attacks in the entire previous year. The best advice is to purchase IoT devices that have been on the market long enough to see multiple hardware and software iterations. The same goes for vendors: look for established IT and SaaS companies with real-world security credibility.

8. Cyberattacks Become the New Cold War

The U.S. received a sort of digital comeuppance in 2016. After decades of interfering with other countries’ elections, the 2016 presidential election famously featured the online manipulation of voter sentiments, at both extremes of American politics, by foreign actors — and potentially by some domestic ones, too.

American hegemony has long been taken for granted, but we’ve been caught flat-footed by novel types of digital attacks. This cyber warfare will likely become the heir apparent to overt warfare — and the next likely step in cold wars between major powers.

Many power stations in the U.S. appear vulnerable to attacks from foreign actors, and recent world history — like the 2015 events in Ukraine — reveal just how easy it is to demoralize a population by switching off their power a few days before a national holiday.

9. Cryptocurrency Will Either Come of Age or Crumble

2019 is widely expected to be the year the Securities and Exchange Commission gets serious about regulating cryptocurrency companies. Some voices within the crypto community expect the SEC to keep approving initial coin offerings (ICOs) as well as crypto exchanges so long as the parties involved can demonstrate some minimum level of security-mindedness.

Some will see the regulation of cryptocurrencies as an assault on what makes this type of currency unique and timely. Others will welcome partnership with governing bodies in keeping the major players honest.

One way or another, cybersecurity will remain a top-of-mind concern for each of us, well into 2019 and beyond.

About the author

Kayla Matthews is a technology and cybersecurity writer, and the owner of ProductivityBytes.com. To learn more about Kayla and her re

Pierluigi Paganini

(Security Affairs – 2019 Cybersecurity predictions, cyberattacks)

The post Nine 2019 Cybersecurity Predictions appeared first on Security Affairs.