Have you ever deleted a crucial file or lost crucial data? At Cyber One Solutions we have a wealth of experience in backup solutions and disaster recovery — we are the experts in this field. For more information, please get in touch today or visit our website right away. https://www.cyberonesol.com
The United States’ National Security Agency (NSA) is planning to release its internally developed reverse engineering tool for free at the upcoming RSA security conference 2019 that will be held in March in San Francisco.
The existence of the framework, dubbed GHIDRA, was first publicly revealed by WikiLeaks in CIA Vault 7 leaks, but the tool once again came to light after Senior NSA Adviser Robert Joyce announced to publicly release the tool for free in his RSA Conference session description.
Reverse engineering tool is a disassembler, for example, IDA-Pro, that help researchers identify certain portions of a program to see how they work by reading information like its processor instructions, instruction lengths, and more.
GHIDRA is a Java-based reverse engineering framework that features a graphical user interface (GUI) and has been designed to run on a variety of platforms including Windows, macOS, and Linux operating systems, and also supports a variety of processor instruction sets.
The toolkit can also be used to analyze binary files used by programs, including malware, for all major operating systems, including Windows, macOS, Linux as well as mobile platforms such as Android and iOS.
A synopsis for Joyce’s presentation notes that “the Ghidra platform includes all the features expected in high-end commercial tools, with new and expanded functionality NSA uniquely developed, and will be released for free public use at RSA.”
According to the Vault 7 documents, GHIDRA was initially developed by the NSA in the early 2000s, and a Reddit user named hash_define who claimed to have had access to GHIDRA said that the tool had been shared with several other US government agencies in past few years.
While there is no such announcement that the NSA is planning to open source GHIDRA, some believe the agency will also publish GHIDRA source code on NSA’s code repository hosted by Github where it has already released 32 projects, so that the open source community can help maintain it for free.
The agency said NASA discovered the breach on October 23 when its cyber security personnel began investigating a possible breach of two of its servers holding employee records.
After discovering the intrusion, NASA has since secured its servers and informed that the agency is working with its federal cyber security partners “to examine the servers to determine the scope of the potential data ex-filtration and identify potentially affected individuals.” However, NASA said this process “will take time.”
It should be noted that no space missions were jeopardized by the cyber incident, the agency said.
According to the agency, any NASA Civil Service employee who joined, left, or transferred within the agency from July 2006 to October 2018 may have had their personal data compromised. NASA currently employs roughly 17,300 people.
The agency said all the affected employees would be notified once identified, and offered identity theft protection services and related resources to all affected employees, past and present.
“Our entire leadership team takes the protection of personal information very seriously. Information security remains a top priority for NASA,” said Bob Gibbs, assistant administrator at NASA’s Office of the Chief Human Capital Officer.
“NASA is continuing its efforts to secure all servers, and is reviewing its processes and procedures to ensure that the latest security practices are being followed throughout the agency.”
This is not the first time when the agency’s servers have been compromised. NASA suffered a massive security breach in 2016 when a hacking group released 276GB of sensitive data including flight logs and credentials of thousands of its employees.
At that time, the hackers even attempted to crash a $222 million drone into the Pacific Ocean by gaining control over the drone by rerouting the flight path.
It is no secret how miserably Microsoft’s 3-year-old Edge web browser has failed to compete against Google Chrome despite substantial investment and continuous improvements.
According to the latest round of tech rumors, Microsoft has given up on Edge and reportedly building a new Chromium-based web browser, dubbed project code name “Anaheim” internally, that will replace Edge on Windows 10 operating system as its new default browser, a journalist at Windows Central learned.
Though there is no mention of Project Anaheim on the Microsoft website as of now (except Anaheim Convention Center at California), many speculate that the new built-in browser could appear in the 19H1 development cycle of Microsoft’s Insider Preview program.
According to the report, the new browser will be powered by Blink rendering engine used by Chromium, one that also powers Google’s Chrome browser, instead of Microsoft’s own Edge HTML engine.
Chromium is an open-source Web browser project started by Google that is popular among web browser developers and also powers Vivaldi and Opera browsers.
“It’s unknown at this time if Anaheim will use the Edge brand or a new brand, or if the user interface between Edge and Anaheim is different. One thing is for sure, however; Edge HTML is dead,” the report said.
If you are unaware, Microsoft has already been using the Chromium rendering engine for its Edge browser on Android and iOS devices.
Details on Microsoft’s new Anaheim web browser are still scarce, and we are waiting to hear more about the project from Microsoft itself, but Windows Central speculates that we could see the new browser in action as early as April of next year.
If the rumor is true, Google, who celebrated the 10th anniversary of its Chrome web browser this year will gain an unbeatable monopoly in the browser market.
Cyber One Solutions is very excited to announce that we have partnered up with @ConnectWise to deploy their Business Management Software packages @QuosalQuote, @ScreenConnect and @LabTechSoftware to run our IT and Managed Services more efficiently.
@ConnectWise transforms how Technology Teams build, manage, and grow their businesses. Their solutions increase productivity, efficiency, and profitability.
We appreciate both @ConnectWise as well as @IngramMicroInc for having us out in #TampaBayFL last week to show us their product offerings.
Late last month Facebook announced its massive security breach that allowed an unknown group of hackers to steal secret access tokens for millions of accounts by taking advantage of a flaw in the ‘View As’ feature.
At the time of the initial disclosure, Facebook estimated that the number of users affected by the breach could have been around 50 million, though a new update published today by the social media giant downgraded this number to 30 million.
Out of those 30 million accounts, hackers successfully accessed personal information from 29 million Facebook users, though the company assured that the miscreants apparently didn’t manage to access any third-party app data.
Facebook vice president of product management Guy Rosen published a new blog post Friday morning to share further details on the massive security breach, informing that the hackers stole data from those affected accounts, as follows:
Besides this, Rosen also added that the attackers had no information to data from “Messenger, Messenger Kids, Instagram, WhatsApp, Oculus, Workplace, Pages, payments, third-party apps, or advertising or developer accounts.”
Moreover, hackers also were not able to access any private message content, with one notable exception—If a user is a Facebook page administrator who had received or exchanged messages from someone on Facebook, the content of those messages was exposed to the attackers.
Facebook said users can check whether they were affected by the breach by visiting the social network’s Help Center.
Facebook also added that the company will directly inform those 30 million users affected to explain what information the attackers might have accessed, along with steps they can take to help protect themselves from any suspicious emails, text messages, or calls.
So far the identity of the hackers remains unclear, but Rosen said Facebook is working with the FBI, the US Federal Trade Commission, Irish Data Protection Commission, and other authorities to investigate who might be behind the breach or if they were targeting anyone in particular.
Bristol Airport has blamed a ransomware attack for causing a blackout of flight information screens for two days over the weekend.
The airport said that the attack started Friday morning, taking out several computers over the airport network, including its in-house display screens which provide details about the arrival and departure information of flights.
The attack forced the airport officials to take down its systems and use whiteboards and paper posters to announce check-in and arrival information for flights going through the airport and luggage pickup points for all Friday, Saturday, and the subsequent night.
“We are currently experiencing technical problems with our flight information screens,” a post on the Bristol Airport’s official Twitter feed read on Friday.”Flights are unaffected and details of check-in desks, boarding gates, and arrival/departure times will be made over the public address system. Additional staff are on hand to assist passengers.”
The airport also urged passengers to arrive early and “allow extra time for check-in and boarding processes,” though this two days technical meltdown caused delays in baggage handling, with customers needed to wait longer than one hour for their bags.
However, no flight delays were reportedly caused due to the cyber attack.
An airport spokesman said that the information screens went offline due to a so-called “ransomware” attack, though he confirmed that no “ransom” had been paid to get the airport systems working again.
Affected systems and flight information screens were finally restored on Sunday, officials said.
“We are grateful to passengers for their patience while we have been working to resolve issues with flight information this weekend. Digital screens are now live in arrivals and departures. Work will continue to restore complete site-wide coverage as soon as possible,” the airport tweeted on Sunday.
At the moment, it is not clear how the ransomware got into the airport systems. Bristol is carrying out an investigation to find out what happened.
The notorious hacking group behind the Ticketmaster and British Airways data breaches has now victimized popular computer hardware and consumer electronics retailer Newegg.
Magecart hacking group managed to infiltrate the Newegg website and steal the credit card details of all customers who entered their payment card information between August 14 and September 18, 2018, according to a joint analysis from Volexity and RiskIQ.
Active since at least 2015, the Magecart hacking group registered a domain called neweggstats(dot)com on August 13, similar to Newegg’s legitimate domain newegg.com, and acquired an SSL certificate issued for the domain by Comodo for their website.
A day later, the group inserted the skimmer code into the Newegg website at the payment processing page, so that it would not come into play until or unless the payment page was hit.
So, when customers add a product in their shopping cart, enter their delivery information during the first step of the check-out, and validate their address, the website takes them to the payment processing page to enter their credit card information.
As soon as the customer hit submit button after entering their credit card information, the skimmer code immediately sends a copy that data to the attacker’s domain, i.e., neweggstats(dot)com without interrupting the checkout process.
Newegg Hack May Affect Millions of Customers
The attack affected both desktop and mobile customers, though it is still unclear how many customers were actually hit by this credit card breach.
However, considering that more than 50 million shoppers visit Newegg every month and that the malicious code was there for over one month, it could be assumed that this Magecart newest card skimming campaign has possibly stolen the payment information on millions of Newegg customers, even if only a fraction of those visitors make purchases.
Earlier this month, the Magecart hacking group breached the British Airways website and its mobile application and managed to walk away with a bounty of sensitive payment card data from 380,000 victims.
“The skimmer code [used in the Newegg breach] is recognizable from the British Airways incident, with the same basecode,” RiskIQ researchers said.
“All the attackers changed is the name of the form it needs to serialize to obtain payment information and the server to send it to, this time themed with Newegg instead of British Airways.”
In the Newegg case, the hackers used smaller skimmer code of “a tidy 15 lines of script,” since it only had to serialize one form.
If you are one of those Newegg customers who entered their credit card details on the website during the attack period, you should immediately contact your bank, block your payment card, and request for a replacement.
However, the way Magecart is scooping up payment card data from popular services with relatively little efforts suggests that Newegg probably will not be its last target.