By Deeba Ahmed
GoTo-owned LastPass revealed that hackers stole customers' encrypted data in a November 2022 data breach.
This is a post from HackRead.com Read the original post: GoTo’s LastPass Breach: Encrypted Customer Data Taken

The data breach of the LastPass password manager keeps haunting its parent company, GoTo, and its customers.

Software and remote collaboration firm GoTo, which owns LastPass, has confirmed that during the security breach that occurred in November 2022, hackers stole some customers’ encrypted data and LastPass password vaults.

**Detailed Analysis**

LastPass, LastPass, previously called LogMeIn, has shared new findings about the security breach that hit the company on November 30, 2022. GoTo has previously confirmed that unusual activity was noticed in its cloud storage service and development environment.

It now claims that some of its enterprise products may be impacted by the hack. This includes exposure of encrypted customer backups, which are emergency recovery data copies, for Central, Pro, join.me, Hamachi, and RemotelyAnywhere.

Moreover, GoTo stated that this was possible because an encryption key used to secure the data for some customers was stolen in the November 2022 data breach.

**How Did The Breach Occur?**

The November data breach was directly caused by another breach in August, wherein an unauthorized entity gained access to customer data stored on a third-party cloud storage service shared by GoTo and LastPass.

Using the information stolen in August, attackers accessed another LastPass database in November and captured customer data. In that breach, GoTo had become the victim of a security breach in which unknown cybercriminals targeted their shared cloud-storage service.

**Stolen Data Details**

Earlier, the company stated that stolen data included names, billing addresses, emails, IP addresses, and phone numbers and that unencrypted credit card data wasn’t accessed.

However, now it revealed that the encrypted data of customers was exposed and product-related data including account usernames, a portion of MFA (multi-factor authentication) settings, salted/hashed passwords, and some product settings and licensing data was exposed.

According to Paddy Srinivasan, GoTo’s CEO, Rescue and GoToMyPC’s encrypted databases weren’t compromised and only a small subset of their customers’ MFA settings was impacted.

Moreover, Srinivasan claims in their blog post that there’s no evidence that any other GoTo products were impacted by the theft. GoTo didn’t reveal how many customers were affected, but the company is notifying impacted customers.

**_MORE LASTPASS HACKING NEWS_**

1.  LastPass hacked; security compromised for good
2.  “Unique” Vulnerability Found in LastPass Manager
3.  Error prompted LastPass to send false breach alerts

GoTo’s LastPass Breach: Encrypted Customer Data Taken

By Waqas
The service outage began on Wednesday, January 25th, 2023, at around 8:30 AM, Greenwich Mean Time (GMT).
This is a post from HackRead.com Read the original post: Micorosft Down – Xbox, Azure, MS365 and MS Teams  Down

Is Microsoft down at your end? You are not alone; many of the Microsoft services are down in many parts of the world.

Microsoft is experiencing a service outage. Its services, including Xbox Live, Minecraft, Microsoft Teams, Outlook, Azure, LinkedIn, and Microsoft 365, are down and unavailable for users around the world.

A look at Downdetector, a platform that tracks online service disruptions, shows users have been complaining about connectivity issues. On the other hand, Microsoft has acknowledged the issue and tweeted that “We’re investigating issues impacting multiple Microsoft 365 services.”

It is yet unclear whether these services are down due to a cyberattack or a result of a technical glitch. However, in a tweet update, Microsoft claimed to have identified “a potential networking issue” that the company believes is “causing impact.”

> We’ve isolated the problem to networking configuration issues, and we're analyzing the best mitigation strategy to address these without causing additional impact. Refer to the admin center MO502273 or https://t.co/lZs9s6KLnh for more information.
> 
> — Microsoft 365 Status (@MSFT365Status) January 25, 2023

Microsoft is working to mitigate the issue

It is worth noting that Microsoft Azure has over 700 million active users, with 85% of the Fortune 500 companies using Microsoft Cloud. Linkedin, which **Microsoft bought in 2016**, has over 900 million users across the globe. Microsoft Teams, a business communication platform, is home to over 270 million active users, while Xbox has almost 100 million users.

Here are some tweets from Microsoft users reacting to the issue:

Hackread.com is keeping an eye on the issue, and this article will be updated accordingly, so stay tuned!

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Micorosft Down – Xbox, Azure, MS365 and MS Teams  Down

By Waqas
It’s a decision tree that’s all about you (and your company). That’s a bit of an oversimplification, but…
This is a post from HackRead.com Read the original post: What is Stakeholder-Specific Vulnerability Categorization?

It’s a decision tree that’s all about you (and your company). That’s a bit of an oversimplification, but the idea behind a Stakeholder-Specific Vulnerability Categorization (**SSVC**) is that you should prioritize addressing your vulnerabilities in a way that benefits you and your organization. 

Once you’ve prioritized, there are things you can do to mitigate the risk from your most critical vulnerabilities. A **WAF solution** is one option, or you might consider other types of virtual patching to reduce your risk.

**Why Categorize Vulnerabilities**

If your company is like most, it faces overwhelming numbers of vulnerabilities from many different aspects. From human error **to backdoors** in open-source code embedded in your web apps, there’s no telling when you’ll be attacked or where the attack will come from. Unless you categorize.

Categorizing enables you to differentiate between low-risk vulnerabilities and critical threats. If you want to know which threat to neutralize first, categorization can help you sort that out. **Many vulnerabilities** don’t pose a threat or perhaps pose no immediate threat.

On the other hand, some of your weaknesses are highly susceptible to exploitation, and you need to remedy that as soon as possible.

It’s best to focus your limited resources on addressing threats that are likely to create a problem. Among other things, this might mean it’s easy or practical for an attacker to exploit them, it’s financially rewarding for an attacker (and thus **devastating to your company**), or your company can be used as a vector for a supply chain attack. 

However, if you have vulnerabilities that are highly impractical to exploit, for example, this might be a lower risk to you, and so it can wait to be patched until you’ve addressed more critical issues.

**What is SSVC?**

Aside from being a way to categorize that is tailored to your company, SSVC originated as a way for government agencies and critical infrastructure organizations to assess their cybersecurity weaknesses, and it is now an effective way for private companies to do the same.

CISA’s executive assistant director Eric Goldstein **explains** that this methodology was designed to assess vulnerabilities, and it prioritizes remediation according to the status of exploitation, as well as the safety impacts and pervasiveness of the product within a singular system.

A singular system refers to the individual company (stakeholder), and the goal is to prioritize finding the vulnerabilities for that system rather than following a more general risk assessment’s recommendations. The newest guidelines focus on managing the number and complexity of vulnerabilities. 

Here’s a **summary** of how the SSVC decision tree works, but to sum up – here are 4 possible decisions for each vulnerability:

*   **Track**: Keep an eye on the vulnerability, but it doesn’t require immediate action. 
*   **Track**\*: Monitor the vulnerability. Immediate action is not required, but you should find a fix by the time the next update rolls out.
*   **Attend**: Supervisors need to pay attention to this vulnerability. They may need to seek help or information regarding the vulnerability. Depending on the severity, they may need to notify employees or consumers. This should be fixed before the next standard update.
*   **Act**: Leadership must get help and information. They should notify employees and consumers regarding the vulnerability and create a response plan. This level of vulnerability must be fixed as quickly as possible.

To decide how to label each vulnerability, consider 5 factors:

*   **Exploitation status:** Is the vulnerability currently being exploited?
*   **Technical impact:** Would malicious actors be able to acquire credentials by exploiting this vulnerability? How much access would they have to the rest of the system? 
*   **Automatability:** How easy is it for an attacker to repeatedly exploit this vulnerability? Could the exploit be automated?
*   **Mission prevalence:** Would an exploit of this vulnerability have an adverse and significant effect on your business operations? How much downtime would it cause you? How much money would you lose if consumers can’t access your products or services through your web app?
*   **Public well-being impact:** Will an exploit cause physical, mental, emotional, or environmental harm? How will the public be affected adversely if an attack occurs? Will there be a financial loss for your consumers, or will you break compliance regulations?

If these factors are significant in a **particular vulnerability**, you should prioritize that vulnerability.

CISA’s SSVC Tree

**Prioritized Risk and Vulnerability Management**

Once you’ve gone through the SSVC, you should have a pretty good idea of where to start patching. The remaining question, then, is how you should patch efficiently and effectively. If there is a major code issue, that should be updated as soon as possible. For less urgent, more difficult fixes, there are ways to help protect your system from external threats.

Virtual patching is often a good way to reduce the risk of lower-level threats or to get protection quickly while you take some time to address the code problems. A web app firewall (**WAF**) or a Web Application and API Protection (**WAAP**) protocol protect web apps from attack by securing data and filtering traffic.

You could use a cloud-based or a **SaaS solution**, depending on your company’s needs. Although this approach will not fix the vulnerabilities in your system, it can help keep attackers at bay.

Whatever method you choose, virtual patching can go a long way toward keeping your data safe while you sort out your vulnerabilities. Once you’ve prioritized those vulnerabilities with SSVC, you can begin to implement fixes first for the Act category, then for Attend, then for Track\*, and finally for Track.

Organizing your resources this way will give you the best chance of fixing the most important issues while still protecting the less critical vulnerabilities.

1.  Cloud Hacking – Why API Remains the Biggest Threat?
2.  Vulnerability exposes 5G core network slicing to DoS attacks
3.  Microsoft Office Most Exploited Software in Malware Attacks

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

What is Stakeholder-Specific Vulnerability Categorization?

By Owais Sultan
What is video conferencing? It’s a mode of communication which allows you to conduct meetings with all participants…
This is a post from HackRead.com Read the original post: The benefits of video conferencing with iMind

What is video conferencing? It’s a mode of communication which allows you to conduct meetings with all participants in different places at the same time. This means that each participant can see and hear everyone else in real time, as well as share data and files.

Group secure video conferencing software is a tool widely used for personal and business needs nowadays. But not all companies are informed well enough about the helpfulness of this communication mode. That’s why we describe all the advantages of video conferencing as a mode of interaction. 

**Incorporating Video Conferencing Into Your Workflow**

Video conferences benefit from the use of modern technologies and communication platforms. Most of the companies that have adopted such technology have started to see a positive change in their collaboration and productivity. There are some common benefits, including:

*   The ability to have face-to-face meetings with customers and partners from around the world. This is especially useful for companies that work with a global audience.
*   Improved communication between employees from different locations within your company due to real-time interaction on a video call.
*   Increased productivity due to remote working possibilities and less time spent travelling from one place to another.

As a rule, video conferencing is used in business meetings, when people want to communicate with each other virtually. This allows for saving a lot of time and money, as well as increasing the efficiency of teamwork.

The main benefit of video conferencing software is its ability to provide clear communication between users in real-time. With the help of this tool, you can hold meetings with various participants from different parts of the world or even countries at once!

**Using iMind for Working Video Conferencing **

Even though you’ll need a paid plan to unlock some of iMind’s best features, the free plan includes all of its core strengths:

*   an easy-to-use interface
*   possibility of use via browser
*   simple creation and connection of rooms
*   simultaneous screen sharing – high-quality video (up to HD), high-quality sound.

The ability to share screens is useful in many situations, and you can connect up to 100 people for collaboration or a webinar.  

With iMind, you have the opportunity to use almost all the features of the service for free. There is no trial period, you can use the free version with no time limit. However, if you have a need for more possible participants or a longer duration of the conference, you should consider a Business or Enterprise plan.

**iMind or Other Services?**

The iMind platform is a contemporary, up-to-date system that provides a variety of functions for business applications. The software can be used as both an effective tool for standardization and innovation – and it’s hard to deny the benefits of this program for businesses.

1.  How To Make A Messenger App
2.  Best Legal Software For Law Firms
3.  Product Review – Stellar Repair for MS SQL
4.  Zoom adds 2FA as an extra layer of security
5.  How Technology Altered Education Landscape

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

The benefits of video conferencing with iMind

By Habiba Rashid
Although the company did not put out an official notice or announcement on its website, impacted customers were emailed with details regarding the security incident.
This is a post from HackRead.com Read the original post: Sophisticated SMS Phishing scam Dupes Zendesk Staff

Zendesk states that, as a result of the hack, threat actors had access to unstructured data from a logging platform for a month between September 25th and October 26th, 2022.

On October 25, 2022, Zendesk, a customer service solutions provider, had its security compromised resulting from a sophisticated **SMS phishing** campaign targeted at its employees.

As a result of the employees’ account credentials being compromised, the threat actor had access to unstructured data from a logging platform for a month between September 25th and October 26th, 2022.

Although the company did not put out an official notice or announcement on its website, impacted customers were emailed with details regarding the security incident.

Coinigy, a virtual wallet services provider, was among those affected and, therefore, received an email from Zendesk support on January 13, 2023. **Coinigy’s post** regarding the compromise explained that they felt the need to disclose it to their customers and made the email sent by Zendesk public.

“Zendesk determined that Service Data belonging to your coiningy.zendesk.com account may have been in the (exposed) unstructured logging platform data,” the email from Zendesk explained. “There is no evidence suggesting the threat actor accessed the Zendesk instance of your coiningy.zendesk.com account at any time.”

Although Coinigy was informed of the incident in January 2023, it appears that Zendesk notified other victims much earlier. Kraken, a Bitcoin and cryptocurrency exchange, informed its customers **about the Zendesk breach** as far back as November. 

Kraken stated that the attackers viewed the content of support tickets, which included information such as names, email addresses, dates of birth, and phone numbers. The exchange further added that accounts and funds were not at risk. 

1.  How to Teach Your Employees About Cybersecurity
2.  4 Ways For Employees To Distinguish Phishing Attacks
3.  Twilio Breached After Employee Accounts compromise
4.  Cisco Breached After Employee’s Google Account Hack
5.  Shopify Suffered Data Breach due to “Rogue” Employees

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.

Sophisticated SMS Phishing scam Dupes Zendesk Staff

By Waqas
Crypto bug bounty programs have become essential as the number of blockchain platforms grows exponentially, making it increasingly difficult for developers to keep up with all the necessary security protocols on their own.
This is a post from HackRead.com Read the original post: 6 of the Best Crypto Bug Bounty Programs

If you’re technically minded and enjoy pulling protocols apart line by line, crypto bug bounties are a great way of proving your skills and making a living.

**Bug bounty programs** can assume many forms, but they share this much in common: they’re incentivized. That means that in exchange for testing out various crypto platforms and protocols and identifying any flaws in them, you’ll be recompensed for your efforts.

From the perspective of the projects issuing the bounties, it’s a small price to pay for having hundreds of pairs of eyes scrutinizing their platform to identify any weak links. Community members who have been the earliest supporters of a new project are typically the first to be invited to participate in a bounty program. You’ll almost certainly need developer experience to be able to get involved, however.

In return for **pen-testing smart contracts**; exploring a testnet; or trying to exploit a dApp, you could earn rewards running into the thousands of dollars. Here are six of the best crypto bounty programs that are currently open to the public.

**Boba Network**

L2 scaling solution Boba is going from win to win right now, with a flurry of projects making use of its hybrid compute solution for multi-chain dApps. On January 13, it launched a new **bounty program** with a maximum payout of a whopping $1M. Rewards are paid out on the basis of the threat severity of the vulnerability discovered.

Boba is utilizing a five-level scale to rate the seriousness of any bugs identified including those affecting the protocol itself as well as the smart contracts and apps built using Boba. With a minimum reward of $50,000, there are ample incentives for experienced devs to run a fine tooth comb over Boba and see what they can uncover.

**Astar Network**

Astar provides the infrastructure for building dApps with EVM and WASM smart contracts. It offers developers true interoperability with cross-consensus messaging (XCM) and a cross-virtual machine (XVM). There are a lot of moving parts with Astar and thus it’s essential that its tech stack is vulnerability-free.

Like Boba, Astar is running its **bug bounty program** on Immunefi, the maximum payout is capped at a generous $1M. This is a job for experienced bug-seekers only, as a Proof of Concept will be required to qualify for the highest possible payout. It’s particularly interested in identifying vulns involving a direct loss of user funds, double spending, or the minting of tokens.

**Balancer**

Balancer’s multi-chain liquidity protocol is extensively battle-tested and has been copied more times than almost any other DeFi codebase. That doesn’t mean its team is taking anything for granted when it comes to threat identification though. Its Immunefi **bounty program** pays out between $50,000 and $1M depending on the severity of any vulnerabilities identified.

For medium-level threats, no Proof of Concept is required, but the maximum payout for these is capped at 25 ETH. Higher-level threats require a PoC but come with a greater reward attached. **High-severity smart contract vulnerabilities** are capped at 10% of economic damage.

**Ankr**

**Ankr** provides the decentralized infrastructure for web3 including RPCs, liquid staking, and tools for GameFi developers looking to bring web2 games to web3. Its **bounty program** has a maximum payout of $500,000 and all submissions require a PoC detailing the vulnerability.

There’s a minimum reward of $10,000 for critical smart contract vulnerabilities and there’s no shortage of them to analyze. Due to the wide-ranging **scope of Ankr’s work**, it has an array of protocols and smart contracts, including staking contracts, to secure.

**Rootstock**

Rootstock, better known as RSK, is the smart contract network anchored by Bitcoin. Its EVM-compatible smart contract platform leverages the security of the Bitcoin network while allowing assets to be moved from Ethereum with the RSK-ETH token bridge.

IOVLabs, the lead developer of RSK, has its own **bug bounty program**. It invites security experts, software developers, and hackers to put the RSK blockchain to the test and submit any vulnerabilities they may find. Anonymous submissions are accepted, but in such cases, IOVLabs will donate any bounty payout to charity.

**Dexalot**

Built on Avalanche, Dexalot is a decentralized exchange that mimics the look and feel of a centralized exchange, complete with a central limit order book. Users can trade crypto securely and efficiently, with no slippage or custody risk. On January 13, Dexalot launched its **bug bounty** with a reward of up to $100,000 per critical bug identified.

Developed in partnership with HackenProof, the program will award anywhere from $1,000 for a low-level vuln all the way up to $100,000 for a critical bug. Eligible vulnerabilities will include those pertaining to stealing or loss of funds; unauthorized transactions; and transaction manipulation.

If you’re technically minded and enjoy pulling protocols apart line by line, bug bounties are a great way of proving your skills. Stumble across a particularly juicy vulnerability and you could even walk away with a handsome reward. Fire up your Github and start downloading those repos.

1.  Sony Announces PlayStation Bug Bounty Program
2.  Hack the Pentagon 3.0 Bug Bounty Program Is Back
3.  Alert: Rug Pull scam through fraudulent crypto tokens
4.  Google Bug Bounty Program for Open-Source Software
5.  Multichain hacker returns $1m, keeps $150k as bug bounty

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

6 of the Best Crypto Bug Bounty Programs

By Deeba Ahmed
PC players of GTA Online are warned of a new remote attack in which hackers can modify their character, delete stats, and ban or delete the account.
This is a post from HackRead.com Read the original post: Hackers remotely interrupting GTA Online PC Gameplay

According to GTA community member and web developer Speyedr, a temporary fix is available through a custom firewall, but it is better to play in a locked session.

Rockstar Games’ **Grand Theft Auto, GTA Online** on PC players should be cautious of playing the game because a new Remote Code Execution/RCE exploit has emerged, allowing hackers to gain complete control of their accounts.

This exploit allows the attackers to modify your character, edit/delete stats, and ban or delete the account.

The unofficial Rockstar news account Tez2 shared the news on Twitter after learning from one of his followers that PC players’ accounts were being hacked and even banned from the online game.

Reportedly, the hacking spree started in December 2022. Tez2 re-posted their original firewall tweet and recommended that players use the program they developed.

Since GTA Online is a multiplayer game, most of its systems are server-based. When customer account details are stored on the server side, the player information cannot be modified from PCs.

But, exploits can bypass this mechanism and manipulate the data sent to the server from a player’s client. Although a few fixes are there, there’s no method available to help you avoid becoming a target of this exploit. Anyone who logs into the game can be hacked. 

> #GTAOnline Warning Update:  
> The exploit is partial remote code execution.
> 
> Paid mod menus are racing as speak to abuse this to the further extent.
> 
> This could transform into something much worse to extend beyond a game and affect your PC. https://t.co/eDtVrOGXQn
> 
> — Tez2 (@TezFunz2) January 20, 2023

According to GTA community member and web developer Speyedr, a **temporary fix is available** through a custom firewall, but it is better to play in a locked session. Speyedr also stated that this added protection might not guarantee comprehensive security. Therefore, users should remove its portions from GitHub. And players of GTA Online on PC must also avoid logging into the game.

GTA Online frequently becomes a target of cybercrimes for being one of the world’s most famous online games. The latest incident, however, is unprecedented as it is threatening players’ accounts and their computers. As per Tez2, this ‘extreme exploit’ impacted users will be ‘indefinitely’ stuck in the clouds if they attempt to log on after the hacking is complete.

> This is how it looks like if your account gets "corrupted" due to the recent RCE exploit on PC. Basically you'll get stuck in the clouds indefinitely when trying to enter online.
> 
> AVOID GTAO ON PC RIGHT NOW#GTAOnline pic.twitter.com/1SqGmz38Jw
> 
> — floorball (@Fluuffball) January 21, 2023

“New extreme exploits have appeared allowing cheaters to remotely add/remove/modify your stats and permanently corrupt your account, aka ban/delete. Avoid playing without a firewall rule or playing at all!” Tez2 tweeted.

Players have expressed disbelief and displeasure over the news. On Reddit, where the game’s communities have over 1.4 million members, users propose to boycott the game until Rockstar Games resolves hacking and modding for good.

Rockstar is aware of the issue and is logging impacted accounts. However, the company didn’t issue a response or take an aggressive approach to deal with the exploit.

**MORE GTA NEWS**

1.  2500+ GTA V PC Accounts Rumored to be hacked
2.  Beware of the “Grand Theft Auto V” malware mods
3.  Hackers Using GTA 5 PC Mod to Install Crypto Miner
4.  Uber Hacker Hits Rockstar Games, Leaks GTA 6 Data
5.  Authorities seize property of GTA V’s cheat developers
6.  GTA Fan Forum Hacked; Thousands of Accounts Stolen

Hackers remotely interrupting GTA Online PC Gameplay

By Deeba Ahmed
Roaming Mantis malware was last seen in April 2018 targeting iOS and Android devices with cryptocurrency mining malware but this time, it has new DNS changer capabilities.
This is a post from HackRead.com Read the original post: Roaming Mantis Malware Returns with DNS Changer Capability

Currently, the primary target of the new Roaming Mantis malware is users in South Korea, but Kaspersky cybersecurity researchers suspect its scope will be expanded soon.

According to a report from Kaspersky Labs, the infamous Roaming Mantis attack campaign, aka Shaoye has resurfaced with a brand-new scheme. As **previously reported by Hackread.com**, Roaming Mantis operators use DNS changer functionality to abuse compromised public WiFi routers.

The objective is to infect a large number of Android smartphones with Wroba.o mobile malware (also called Agent.eq, Moqhao, XLoader). The prominent target of this campaign is users in South Korea. However, Kaspersky cybersecurity researchers suspect its scope to be expanded soon.

**Threat Analysis**

Researchers explained that the Roaming Mantis attackers are delivering a revamped version of their patent mobile malware Wroba for **infiltrating WiFi routers** and hijacking Domain Name System/DNS.

This malicious new attack is designed to specifically target South Korean WiFi routers manufactured by one of the leading network equipment vendors in South Korea.

The campaign recently introduced a DNS changer functionality in its mobile malware. DNS changer is a malicious attack technique that forces a device connected to an infected WiFi router to be directed to an attacker-controlled server instead of a genuine DNS server.

The victim is asked to download malware that **steals credentials or hijacks the device** on this malicious landing page. Around 508 malicious APK downloads were observed by Kaspersky in December 2022.

**How does the Attack Works?**

The new DNS changer functionality first detects the router’s IP address to check its model and compromises the targeted devices by overwriting the DNS settings. Some compromised devices leverage WiFi routers to take users to a fake landing page through DNS hijacking to redirect targets to bogus sites.

Regardless of which method is used, the invasion allows the attackers to deploy mobile malware that carries out a range of malicious activities. Kaspersky researcher Suguru Ishimaru **stated** that this new functionality could manage all device communications via the infected router, like redirecting to malicious hosts and disabling security product updates.

Infection flow of the Roaming Mantis malware with DNS hijacking (Credit: Kaspersky)

**About Roaming Mantis**

For your information, Roaming Mantis is a financially motivated, long-running cybercrime campaign in which attackers target Android smartphones and infect them with malware to steal banking credentials and sensitive data. The campaign was first observed in **April 2018** by Kaspersky when it used DNS hijacking to infect Android smartphones and hijack data.

It used malicious APK (Android package) files to gain control of infected Android devices and steal data. However, a phishing option is available for **iOS devices and PCs equipped with cryptocurrency mining features**. From Asian targets, the cyber crooks running this campaign expanded their range to France and Germany in 2022.

**How to stay Protected?**

You can protect your internet connection from the infection by referring to your router’s user manual to verify whether your DNS settings have been tampered with or contact your ISP. Update your default login/password for the router’s admin web interface and regularly update its firmware from the official source. Check browser and web addresses before visiting to make sure they are legitimate, and before entering data, check the address.

1.  Facebook removes accounts for iOS, Android malware
2.  Shazam Flaw exposed Android and iOS users’ location
3.  Android sends more data to Google than iOS to Apple
4.  Spyware Vendor Offer Android and iOS Device Exploits
5.  How to identify malware on your phone with these signs

Roaming Mantis Malware Returns with DNS Changer Capability

By Waqas
While countries like Japan, China, the United States, and the United Kingdom have acknowledged the importance of medical device regulation, worldwide recognition is still a long way to go.
This is a post from HackRead.com Read the original post: Advancing Medical Technology Requires More Medical Device Regulation

Medical device regulation is an important part of the healthcare industry as it also helps protect patients by ensuring that any device used for diagnosis, treatment or prevention of a medical condition meets certain standards of safety and quality.

There’s no doubt that **medical technology has advanced**, and it is set to develop even further in the future. This technological evolution comes with a toll, though. Cyber threats increase exponentially as medical devices and systems become digital and connected.

**Cyber attacks on the healthcare industry** have consistently increased year after year. One of the worst upticks in attacks was In 2022, which saw an 86 percent rise in the number of weekly attacks compared to 2021.

In response to the worsening cybersecurity situation, governments have been trying to intervene. There have been serious efforts to try to close as many loopholes as government regulation allows.

**Growing medical device regulation**

One of the more recent examples of the acknowledgement of **the need for medical device regulation** is the appropriations bill passed by the United States Congress just before the end of 2022. It includes provisions that compel companies that make internet-connected medical devices to ensure the security of their products. The bill provides the health and human services authority the power to issue requirements and regulations relevant to the cybersecurity of connected medical devices.

Other countries also have similar regulations or proposals to secure connected medical devices. The European Union has its Cyber Resilience Act, which mandates cybersecurity requirements for IoT products including medical devices.

Japan’s Ministry of Health, Labor and Welfare (MHLW) updated its regulations for medical devices in early 2022 to emphasize cybersecurity. Meanwhile, China’s Center for Medical Device Evaluation (CMDE) has new “guiding principles” for medical software used in 18 product categories.

The United Kingdom is also working on a new bill called the **Product Security and Telecommunications Infrastructure Bill**, which aims to ascertain the cybersecurity of various web-enabled devices including those used in healthcare.

More governments are expected to pass new legislations and regulations or updates to their existing ones to reflect the new challenges in cybersecurity. Relying on the initiatives of private organizations appears to be no longer an option.

There have been various initiatives including government-and-private collaborations to address emerging cyber threats, but they do not seem enough to keep up with the many ways threat actors exploit vulnerabilities as attack surfaces expand with the increased digitization and connectivity across many aspects of the medical and **healthcare industry**.

**Justifications for increased regulation**

One of the reasons why medical device regulation was inserted in the 2022 appropriations bill of the United States is the surge of vulnerabilities in medical devices. In December last year, the FBI raised the alarm over **hundreds of vulnerabilities** discovered in widely used medical devices, which create opportunities for cyber attacks.

“Cyber threat actors exploiting medical device vulnerabilities adversely impact healthcare facilities’ operational functions, patient safety, data confidentiality, and data integrity,” the FBI alert notes. Specifically, the federal agency cited the security infirmities in intracardiac defibrillators, pacemakers, insulin pumps, mobile cardiac telemetry, and pain relief pumps.

Government intervention is necessary because most of the cybersecurity problems in medical devices are not within the capacity and expertise of users to fix. Most devices are deployed and used for several decades without users expected to regularly examine their configurations and firmware.

Many devices are shipped to medical facilities with standard configurations for out-of-the-box deployment. They are then used by hospitals for twenty to thirty years. This creates generous opportunities for threat actors to meticulously look for vulnerabilities or wait for software update glitches that may create windows for intrusion.

Resolving this risk is best addressed by the device manufacturers themselves. As such, it makes more sense to mandate manufacturers to implement security measures to protect these long-term-use devices.

On the other hand, there’s the issue of legacy devices becoming a serious cybersecurity threat. One study estimates that nearly **three-quarters of medical devices** worldwide still use legacy operating systems. This is a major risk, especially for devices that can directly affect people’s health and lives. Again, this is something best addressed by the manufacturers, and regulation is the only way to compel device makers to be accountable.

Additionally, increased regulation is warranted because public-private cybersecurity partnerships tend to be insufficient. Stanford Cyber Policy Center advisor Jim Dempsey cites the infamous Colonial Pipeline incident in 2021 as proof that governments **could do more to bolster cybersecurity** amid the inadequacy of private-public cybersecurity cooperation.

Moreover, regulation ensures that the medical devices available on the market are safe. Instead of relying on economic factors to force manufacturers to become more competitive by offering better and more secure products, governments can intervene and ensure that only safe and secure products are made available. Manufacturers can compete in other areas such as the features and longevity of the devices they are offering.

**Drawbacks of increased regulation**

There are sensible criticisms against increased regulation in the name of cybersecurity. One of which is the possibility that it makes organizations less flexible, limiting their ability to respond to specific attacks and innovate to become better at handling cyber threats.

Also, compliance costs can be onerous, which may lead to some organizations focusing on merely complying with regulations instead of actually strengthening their security posture.

Some also assail the lack of expertise and incompetence of legislators or policymakers who push for regulations. The requirements imposed may not actually solve the actual problems, especially with all the corporate lobbying involved. The medical device regulation bit in the 2022 US appropriations bill, for example, was reportedly adulterated or reduced to a less potent form because of lobbying.

The bill passed by the House has a broader definition which may have any of these three attributes: the presence of software or firmware, the ability to connect to the internet, and vulnerability to cybersecurity threats. The version that passed in the Senate, however, limits the definition to the inclusion of all three attributes, not just one of them. This essentially reduces the number of devices covered by the legislation.

Furthermore, there are doubts raised on the ability of governments to properly secure private and sensitive data that may be gathered in the course of regulation compliance. Governments around the world have documented histories of incompetence in handling private data and getting pummeled by aggressive cyber attacks that lead to system downtimes.

**The necessity of regulation**

If medical technology is advancing, isn’t it enough that cybersecurity technology is also advancing to keep up with the new threats? Security firms regularly come up with new solutions to address emerging threats.

Why is there a need for regulation if this is the case? The answer is simply that **there are vulnerabilities** that cannot be adequately resolved by device users alone, especially for those involved in the field of healthcare. They have limited resources and are more likely to spend these resources on their core services instead of boosting their IT and cybersecurity teams.

Advancing Medical Technology Requires More Medical Device Regulation

By Habiba Rashid
The Ohio-based airline, CommuteAir, responsible for the incident confirmed the legitimacy of the data to the media.
This is a post from HackRead.com Read the original post: The U.S. ‘No Fly List’ Found On the Open Internet

The No Fly List and other sensitive files were discovered by Maia Arson Crimew, a Swiss security researcher and hacker, while searching for Jenkins servers on Shodan.

A Swiss hacker by the name of Maia Arson Crimew discovered an unsecured server run by the Ohio-based airline, CommuteAir, a United Express carrier. The hacker claims they found the server while searching for Jenkins servers on **Shodan**, a specialized search engine used by cybersecurity researchers to locate exposed servers and misconfigured databases on the Internet.

After a while of skimming through the files, Crimew claimed to have found a file labelled “NoFly.csv,” which turned out to be a legitimate U.S. no-fly, **terrorist** watch list from 2019.

The 80-MB exposed file, first reported on by the Daily Dot, is a smaller subset of the U.S. government’s Terrorist Screening Database, maintained and used by the DOJ, FBI, and Terrorist Screening Center (TSC).

With over 1.5 million entries, the file contains the first names, last names, and dates of birth of people with suspected or known ties to terrorist organizations.

This should not come as a surprise, since the US (along with China) **topped the 2021 list of countries** that exposed the most misconfigured databases online.

The leak of the No Fly List should not be a jaw-dropper, as **in August 2021**, the US government’s secret terrorist watchlist with two million records was exposed online. However, the watchlist was exposed on a misconfigured server hosted on a Bahrain IP address instead of a US one.

As for the latest breach, CommuteAir confirmed the legitimacy of the data, stating that it was a version of the federal no-fly list from approximately four years ago. CommuteAir **told** the Daily Dot that the unsecured server had been used for testing purposes and was taken offline before the Daily Dot published their article.

They have also reported the data exposure to the Cybersecurity and Infrastructure Security Agency (**CISA**).CommuteAir further confirms that the server did not expose any customer information, based on an initial investigation. However, the same cannot be said for the safety of the employees’ data.

On the other hand, the hacker, Crimew claims in their **report** to have found extensive personally identifiable information (PII) about 900 of the crewmates including their full names, addresses, phone numbers, passport numbers, pilot’s license numbers and much more. User credentials to more than 40 **Amazon S3 buckets** and servers run by CommuteAir were also exposed, said crime.

Screenshot from the exposed data (Credit: Maia Arson Crimew)

The list contained notable figures such as the Russian arms dealer Victor Bout who was recently freed in exchange for the WNBA star Brittney Griner. Since the list contained over 16 potential aliases for him, many other entries in the list are likely aliases of the same person and the number of individuals is far less than 1.5 million. 

Certain names on the list also belong to suspected members of the IRA, the Irish paramilitary organization. The list contained someone as young as 8 years old, based on their birth date, according to crime. 

The majority of the names, however, appeared to be of Arabic or Middle Eastern descent, along with Hispanic and Anglican-sounding names. The entire dataset is available on the official website of DDoSecrets, upon request.

Screenshot from the DDoSecrets website

Although it is rare for this list to be leaked and is considered highly secretive, it is not labelled as a classified document due to the number of agencies and individuals that access it. 

In a statement to the Daily Dot, TSA stated that it was “aware of a potential cybersecurity incident with CommuteAir, and we are investigating in coordination with our federal partners.”

1.  UN: Terrorists can access WMDs via Dark Web
2.  Dow Jones’ screening watchlist data exposed online
3.  US disrupts 3 crypto campaigns run by terror groups
4.  Muslim Hackers Hack ISIS site; expose subscribers’ list
5.  Server leaked US military’s social media spying campaign

I’m a student and cybersecurity writer. On a random Sunday, I am likely to be figuring out life and reading Kafka.