Security researchers have published earlier today proof-of-concept (PoC) code for exploiting a recently-patched vulnerability in the Windows operating system, a vulnerability that has been reported to Microsoft by the US National Security Agency (NSA). The bug, which some have started calling CurveBall, impacts CryptoAPI (Crypt32.dll), the component that handles cryptographic operations in the Windows OS. According to a high-level technical analysis of the bug from cyber-security researcher Tal Be’ery, “the root cause of this vulnerability is a flawed implementation of the Elliptic Curve Cryptography (ECC) within Microsoft’s code.”
Canadian online pharmacy PlanetDrugsDirect is emailing customers, notifying them of a data security incident that might have impacted some of their sensitive personal and financial information. PlanetDrugsDirect (also known as Planet Drugs Direct) is an active Canadian International Pharmacy Association (CIPA) member, and association of licensed, retail pharmacies that sell medication to Canadian and U.S. citizens, and more PlanetDrugsDirect describes itself as an “online prescription referral service which provides our customers with direct access to affordable prescription and non-prescription medications” with roughly 400,000 customers.
Greece’s four main banks have proceeded with the cancelation and immediate replacement of some 15,000 credit or debit cards that were used in transactions with a Greek online tourist services website after reports of credit card fraud, Greek daily Kathimerini revealed this week. The four banks – Alpha Bank, National Bank of Greece, Piraeus Bank, and Eurobank – said that they had taken the precautionary measures despite the fact that the website data breach affected a small number of users.
India welcomed Jeff Bezos this week with an antitrust probe. On top of that, thousands of small merchants who typically compete with one another are beginning to gather across the country to hold a protest against the alleged predatory practices by the e-commerce giant. But Amazon founder and chief executive’s love for one of the company’s most important overseas markets remains untainted. At a conference in New Delhi on Wednesday, Bezos and Amit Agarwal, the head of Amazon India, announced that the American giant is pumping $1 billion into India operations to help small and medium-sized businesses in the country come online. This is in addition to about $5.5 billion the company has previously invested in the country.
An Israeli judge has rejected an attempt by the spyware firm NSO Group to dismiss a case brought against it by a prominent Saudi activist who alleged that the company’s cyberweapons were used to hack his phone. The decision could add pressure on the company, which faces multiple accusations that it sold surveillance technology, named Pegasus, to authoritarian regimes and other governments that have allegedly used it to target political activists and journalists.
Pretending to be the Permanent Mission of Norway, the Emotet operators performed a targeted phishing attack against email addresses associated with users at the United Nations. Yesterday, the Emotet trojan roared back to life after a 3-week vacation with strong spam campaigns that targeted countries throughout the world. While Emotet’s normal spam campaigns pretended to be fake accounting reports, delivery notices, and invoices, the malware operators had something special in mind for the United Nations.
Less than a day after Microsoft disclosed one of the most critical Windows vulnerabilities ever, a security researcher has demonstrated how attackers can exploit it to cryptographically impersonate any website or server on the Internet. Researcher Saleem Rashid on Wednesday tweeted images of the video “Never Gonna Give You Up,” by 1980s heart-throb Rick Astley, playing on Github.com and NSA.gov. The digital sleight of hand is known as Rickrolling and is often used as a humorous and benign way to demonstrate serious security flaws. In this case, Rashid’s exploit causes both the Edge and Chrome browsers to spoof the HTTPS verified websites of Github and the National Security Agency. Brave and other Chrome derivatives, as well as Internet Explorer, are also likely to fall to the same trick. (There’s no indication Firefox is affected.)
United Nations sanctions experts are warning people not to attend a cryptocurrency conference in North Korea in February, flagging it as a likely sanctions violation, according to a confidential report due to be submitted to the U.N. Security Council later this month. The warning comes after the independent U.N. experts told the council in August that North Korea generated an estimated $2 billion for its weapons of mass destruction programs using “widespread and increasingly sophisticated” cyberattacks to steal from banks and cryptocurrency exchanges.
The infamous blue screen of death (BSOD) on computers belonging to a company in the medical tech sector was the tell for a malware infection that spread across more than half the network. The malware was hiding its modules in WAV audio files and spread to vulnerable Windows 7 machines on the network via EternalBlue, the exploit for SMBv1 used in the devastating WannaCry and NotPetya cyber attacks from 2017. Security researchers providing incident response services found that more than 800 computers had been compromised starting October 14, 2019. The discovery was possible by investigating systems that experienced a BSOD crash since that date.
Search engine giant Google has removed popular Hong Kong pro-democracy mapping app WhatsGap from its app store. WhatsGap is an app used to identify retailers that are in support of Hong Kong’s democracy. Google told ZDNet the removal of WhatsGap was sparked by “sensitive content” that was being published on the app. “We have a long-standing policy prohibiting apps that lack reasonable sensitivity towards or capitalise on serious ongoing conflicts or tragedies,” a Google spokesperson told ZDNet.
Even if you’re a hardcore #DeleteFacebook-er, you’re probably guilty of using your worn out Facebook account to log into the occasional app—just for the convenience factor alone. Now, the company’s offering a bit more insight into how these tools function. In a company blog post announcing the “Login Notifications” rollout, software engineer Puxuan Qi explained that users will now receive notifications to remind them that third parties have a glimpse into their information and that controls are available to restrict how much of your personal data they can collect.
Wikipedia is available in Turkey again after a nearly three-year ban. The Turkish government agency in charge of internet technologies lifted the ban after the nation’s top court ruled last month that the restriction violated free speech. A detailed explanation of the court’s ruling was published in the Official Gazette on Wednesday, prompting regulators to restore access to the website. “As access to Wikipedia is still actively being restored across Turkey, some users in Turkey may experience restored access sooner or later than others,’’ the website said in a statement.