Tuesday, April 30, 2019
Monday, April 29, 2019
Sunday, April 28, 2019
Saturday, April 27, 2019
Friday, April 26, 2019
Thursday, April 25, 2019
Wednesday, April 24, 2019
Tuesday, April 23, 2019
Ae Wajhe Takhliqe Qainat | Owais Raza Qadri | New Naat 2019 | Ya Nabi ﷺ ...
Ae Wajhe Takhliqe Qainat | Owais Raza Qadri | New Naat 2019 | Ya Nabi ﷺ ...
Monday, April 22, 2019
Sunday, April 21, 2019
Hazrat Lal Shahbaz Qalandar (Documentary)
Syed Mohammad Usman Marwandi, popularly known as Lal Shahbaz Qalandar, was a Sufi saint and religious-poet of present-day Pakistan and Afghanistan. He is revered and respected by both Muslims and Hindus in the region since he preached religious tolerance between the faiths. Wikipedia
Saturday, April 20, 2019
Friday, April 19, 2019
Thursday, April 18, 2019
Wednesday, April 17, 2019
Tuesday, April 16, 2019
Monday, April 15, 2019
Sunday, April 14, 2019
Saturday, April 13, 2019
Friday, April 12, 2019
Monday, April 8, 2019
Sunday, April 7, 2019
Saturday, April 6, 2019
Friday, April 5, 2019
Thursday, April 4, 2019
Wednesday, April 3, 2019
Tuesday, April 2, 2019
Monday, April 1, 2019
Edward Snowden on FBI vs Apple
In a recent Tweet, Edward Snowden says that there are some crucial details in the FBI vs Apple case being obscured by the officials. Below you can find a list with Snowden’s conclusions:
1. The FBI already has all of the suspect’s communications records — who they talked to and how — as these are stored by service providers, not on the phone itself.
2. The FBI has received comprehensive backups of all the suspect’s data until just 6 weeks before the crime.
3. Copies of the suspect’s contacts with co-workers — the FBI’s claimed interest — are available in duplicate from these co-workers’ phones.
4. The phone in controversy is a government-issued work phone, subjected to consent-to-monitoring, not a secret terrorist communications device. The “operational” phones believed to be hiding incriminating information, recovered by the FBI during a search, were physically destroyed, not “shielded by Apple”.
5. Alternative means for gaining access to this device — and others — exist that do not require the manufacturer’s assistance.
Snowden’s conclusions were discussed on it’s Twitter account and some peoples concluded also that:
Cybersecurity eye law. The project, criticized the Association for Technology and Internet
ApTI believes that this second version of the document is very similar to the one rejected by the Constitutional Court a year ago. The new law on cyber security is now a public debate on the website of the Ministry of Communications and Information, a year after the previous version fail the test before the Constitutional Court.
The current project aims: creating a unitary terminology in the field of cyber security, accountability of holders of cyber infrastructure increasing capability in response to incidents of cyber and reducing their impact, providing a framework for cooperation at national level between the competent institutions in the field and the private sector and establishing cyber infrastructure of national interest.
“The state should not aim to solve the cybersecurity of the nation (and in fact nor practical in terms of the Internet), but also to control public institutions that have a minimum of procedures and the private sector only those areas that are actually critical to the whole society, “says the lawyer from ApTI.
Google is suspected of tax evasion amounting to 227 million euros in Italy
Italian treasury will submit a report accusing Google of tax evasion amounting to 227 million euros, according to sources quoted by Reuters. Official data shows that Google paid taxes last year only 2.2 million in Italy. Google has been accused of tax evasion in other European countries and the Italian authorities have “taken the eye” several large companies of technology, most recently in December when Apple agreed to pay 318 million euros against the investigation to be closed.
Italian treasury will present a report which will show that Google did evasion between 2009 and 2013, the damage was 227 million euros in unpaid taxes, judicial sources said. In several European countries the large technology companies are under surveillance because of systems that avoid paying taxes or paying as little as possible.
Official data shows that Google paid taxes of 2.2 million euros in Italy, on revenues of 54.4 million euros. Italian Communications Authority estimated that in reality, Google’s revenue was ten times higher. In December they announced that Apple has negotiated extensively with the Italian tax authorities and reached an agreement to pay 318 million euros, thus getting rid of tax evasion charges
Verizon hacked, 1.5 million customers details for sale
According to cyber security blogger Brian Krebs, more than 1.5 million Verizon Enterprise customers contact information was leaked on an underground cybercrime forum.
Not all Verizon’s customers were affected, the hack targeted only Verizon’s B2B Enterprise Solutions. Krebs says that earlyer this week, a deep-web forum advertised the sale of a database containing the contact information of 1.5 million customers of Verizon Enterprise. The database with the leaked customers data was priced at $100 000, but the hacker also offered to sell pieces of 100 000 records for $10 000 per piece.
The hackers offer the customers leaked data in multiple formats, one of them being MongoDB. It is possible that the attackers forced MongoDB to dump the Verizon’s customers data. In case that you use MongoDB as a database platform, please make sure that you’re using the latest stable version.
The most important thing that Krebs mentioned is that the buyers also were offered the option to purchase information about security vulnerabilities in Verizon’s Web site.
I’m curious what was the vulnerability that the hackers used to obtain Verizon’s customers data. If I was in the hacker’s place, I would have announced Verizon about it’s vulnerability/vulnerabilities. In that way, the hackers could have earned more money. But of course, this option is not available anymore, now that the data was leaked. This is just a personal observation.
Verizon moved fast and released a statement saying that:
“Verizon recently discovered and remediated a security vulnerability on our enterprise client portal”and“Our investigation to date found an attacker obtained basic contact information on a number of our enterprise customers. No customer proprietary network information (CPNI) or other data was accessed or accessible.”
Verizon is used by almost all Fortune 500 companies. The company is widely known for its cybersecurity services, and releases an annual report on avoiding cyberthreats.
According to CNBC,
Verizon told CNBC that impacted Verizon Enterprise customers are being notified, and no data about consumer customers was involved.
Panama Papers hacked through PHP CMS WordPress
The Panama Papers data breach, known as The Mossack Fonseca (MF) is one of the largest breach in history and includes 4.8 million emails. Tha Panama law company was hacked via a WordPress module called Revolution Slider. This plugin is used on more than 2 million websites. Because it’s so popular, there are lots of hacks that targer Revolution Slider.
What is Panama Papers?
The Panama Papers scandal has brought down the Prime Minister of Iceland and surrounded Russian President Putin and British Prime Minister David Cameron with controversy, among other famous public figures.
The data breach consists of 2.6 terabytes and 11.5 million documents. The #PanamaPapers database contain details about more than 200 000 offshore entities from all over the world. Tha breach consists of email accounts, passports copies, invoices, banking documents and of course, thousands of offshore registration acts.
This documents offer details about secret business of 128 politicians from all over the world. More than 11 million of documents demonstrates how a global industry, built from law firms and huge banks, sell secrets to politicians, fraudsters and drug traffickers, but also to billionaires and some celebrities.
How does this Cyber Attack did happened?
The Mossack Fonseca website is running WordPress and is currently running a version of Revolution Slider that is vulnerable to attack and will grant a remote attacker a shell on the web server. After we inspected the home page source code, we realized that the current MF website uses an older version of Revolution Slider, they were using: 2.1.7. All versions of the Revolution Slider (Revslider) up to 3.0.95 are vulnerable to hacking attacks. For more details, see the image below:
Also, according to their DNS results, the web server and the mail server were hosted on the same machine. More important is that they were hosting private and confidential information on their WordPress database. They weren’t using a Firewall, and there are lots of security companies nowadays.
So, a wordpress website using old version of plugins is a massive security risk. But I guess that Mossack Fonseca website administrators weren’t thinking that something like this could happen.
Conclusion
What everybody should learn from this data breach is that:
– you should always update your CMS (it’s not important what CMS you use, WordPress, Drupal or Joomla, it’s important to be up to date)
– if you host confidential data on your website, you must use a SSL certificate and you must be firewall and ddos protected (there are services like Cloudflare and Sucuri)
– check your website from time to time against new or changed files (it doesn’t matter what programming language is used, if someone changed your index or header/footer files, there are 99.9% chances to be hacked)
– check your database from time to time (there’s a database table used for storing user accounts, for example admins, if your website was hacked, there are chances to find new admin accounts)
– never trust inputs (validate all input fields)
– if you host confidential data on your website, you must use a SSL certificate and you must be firewall and ddos protected (there are services like Cloudflare and Sucuri)
– check your website from time to time against new or changed files (it doesn’t matter what programming language is used, if someone changed your index or header/footer files, there are 99.9% chances to be hacked)
– check your database from time to time (there’s a database table used for storing user accounts, for example admins, if your website was hacked, there are chances to find new admin accounts)
– never trust inputs (validate all input fields)
The largest lottery prize in the last 18 months has been attacked by hackers
The jackpot of 12 million was not a single moment in danger, said the spokesman.
Website National Lottery tickets from Ireland and the machines were offline for 2 hours due to a DDoS attack. Customers who want to try their luck at the jackpot of 12 million, the largest prize in the last 18 months in Ireland could not do it!
Website National Lottery tickets from Ireland and the machines were offline for 2 hours due to a DDoS attack. Customers who want to try their luck at the jackpot of 12 million, the largest prize in the last 18 months in Ireland could not do it!
The operator of Premier Lotteries Ireland (PLI) announced today that the incident is under investigation. Such an attack means that an automated program was used to overload the website with requests. The attack started at 11.21 and lasted 2 hours, website rebounding to 13.25.
“They say you can not buy tickets from machines, which is very interesting, it was not just the website – will be very interesting to find out what happened,” said John Graham-Cumming from the company protection against DDoS attacks, CloudFlare.
“We can confirm that at no time the National Lottery game system or data to those who played were not in danger,” said spokesman Lottery.
Subscribe to:
Posts (Atom)