Daily Archives: December 3, 2019

#cybersecurity | hacker | Church’s Chicken hit by cyber thieves

Source: National Cyber Security – Produced By Gregory Evans

Church’s Chicken suffered a cyberattack
that penetrated the payment processing system at some of the chain’s corporate
locations compromising payment card information.

The company operates 941 locations
across the United States, but in a statement
noted only 165
of those, all owned and operated by the corporation, were impacted. Payment
card numbers, names and expiration dates were exposed.

Church’s does not know
exactly when the breach occurred or when the individual locations were exposed
other than noting it was some time in 2019.

“We believe the incident may
involve the payment processing system that services our company-owned
restaurants.  We are working hard to
determine specific locations and dates for each restaurant that may have been
involved in the attack.  Church’s will
provide updates to guests once we have completed our investigation and know
more about any payment cards that may have been impacted,” Church’s said.

The restaurants impacted are
located in Alabama, Arkansas, Florida, Georgia, Illinois, Louisiana, Missouri,
Mississippi, South Carolina, Tennessee and Texas were involved.

No franchise locations were
hit and those customers who used a delivery app such as Uber Eats or Door Dash
were not compromised.

Original Source link

The post #cybersecurity | hacker | Church’s Chicken hit by cyber thieves appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#school | #ransomware | Ryuk Ransomware Is Making Victims Left and Right

Source: National Cyber Security – Produced By Gregory Evans

While doing some open-source intelligence (OSINT), a security researcher discovered that a provider of end-to-end solutions for emergency care facilities in the U.S. fell victim to Ryuk ransomware.

The company hit by the malware is T-System based in Dallas, Texas, and it is currently working to recover from the attack. At the moment of writing, company systems are offline.

The attack occurred at the end of November, a month that has seen multiple incidents related to this particular strain of file-encrypting malware, most of them being in Spain.

Urgent care solutions provider falls to Ryuk

Security researcher Germán Fernández from CronUp was doing OSINT for Ryuk indicators and found that many of the platforms managed by T-System were down, suggesting that the recovery from the incident is in full swing.

By the looks of it, the ransomware infection spread to public segments such as DMZ, extranet, and helpdesk, Fernández told BleepingComputer.

A screenshot of the company site index caught by the researcher shows that files were added the .RYK extension specific to Ryuk as well as the ransom note in HTML.

As expected from this ransomware, the note offers the minimum information the victim needs to contact the attacker to learn how much they have to pay for the decryption key.

It also includes the phrase “balance of shadow universe,” which indicates that the Ryuk sample used in the attack is a recent one, discovered by MalwareHunterTeam in June.

The contact email address provided in the note for getting payment instructions is “[email protected]” T-System has not announced the attack.

According to information on its website, the company provides services “for more than 1,900 emergency care facilities and counting,” and boasts that “more than 40 percent of the nation’s hospitals rely on T-System.”

This is not the only U.S. entity hit by Ryuk in November. At the beginning of the month, the malware encrypted data from the Lincoln School District, an attack that was reported at the time.

Ryuk hits Spanish companies

According to some reports, Ryuk is responsible for the attack against Cadena SER (Sociedad Española de Radiodifusión), Spain’s largest radio station, at the beginning of November. Evidence of this is lacking in public reports, though.

Using OSINT, Fernández found another Ryuk incident that happened around the same period. The target was TECNOL, a manufacturer of products for waterproofing, insulating, cleaning, biotechnology, and more.

The researcher found that Ryuk encrypted data from the company on November 1, the date when the ransom note was also dropped.

ASD Audit, a provider of software for financial auditing and analysis, is another Ryuk victim Fernández discovered during his research.

Finding Ryuk-encrypted data from this company was possible by querying public search engines, as shown in the image below.

The date of the ransom note from the ASD Audit incident was from early September. It had the same marks of the recently discovered Ryuk sample and the email addresses provided were “[email protected]” and “[email protected],” accompanied by the same mysterious phrase.

A Ryuk ransom note was created on the same date on the systems of Imperdeco, another Spanish company based in Menorca and offering solutions for construction, protection, and decoration of buildings.

On November 27, Prosegur private security company offering manned guarding, logistics, and alarms services, shut down its systems to prevent Ryuk from spreading to internal and external hosts.

Six days after acknowledging the attack and the malware used by the cybercriminals, some sources say that the company was still dealing with the after-effects of the incidents.

Some customers complained that they were not able to connect the alarm because the app was down; they also had trouble checking if the alarm was armed or not. They were cut from the service for at least four days.

In some cases, the security systems sent off the images from protected properties with huge delays, sometimes taking hours to do it. Under normal circumstances, this would happen immediately.

Customers fear that burglary attempts would increase when word comes out that Prosegur alarms are failing.

Indeed, customer service confirmed that on the day of the Ryuk attack there was no robbery reported, but this changed the next day.

Source link

The post #school | #ransomware | Ryuk Ransomware Is Making Victims Left and Right appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#cybersecurity | hacker | Cloud Infrastructure IAM Lessons from the Capital One Breach

Source: National Cyber Security – Produced By Gregory Evans

infrastructure is the foundation of more companies than ever. As with any
foundation, any crack can lead to significant damage to the infrastructure. One
potential crack is a trusted identity with unnecessary and excessive

A “trusted
identity” is invariably associated with people — employees, contractors or
other insiders. But identity in the cloud is no longer just about humans. The
proliferation of modern infrastructure driven by accelerated levels of
automation and innovation have led to an exponential rise in machine
identities, such as service accounts, bots, API keys, servers and applications,
and cloud resources. 

In the case
of Capital One, the identity that ultimately played a key role in the breach
was a machine identity in the form of an EC2 instance. Because the EC2 instance
had an over-provisioned identity and access management (IAM) role attached to
it (and many do), once the credentials were compromised, so were all the
privileges assigned to it.

That’s why
it’s so important to implement least privilege policies for all identities, but
especially for machine identities. Human identities can adapt their behaviors
to changing scenarios, but machine identities are not designed to do so and any
deviation in their behavior could indicate  
privileged credential misuse.

Hard Lessons from Capital One

As laid out
in an FBI indictment, the Capital One hacker accessed an EC2 instance (the
identity) via a misconfigured firewall and gained the ability to assume a role
on the machine. That role had the privileges to enumerate and download over 100
million customer records. Without those privileges, the damage would have had a
marginal impact.

How did the
EC2 instance become over-provisioned? Why did the assumed role have so many
high-risk privileges? It is pretty clear that Capital One’s authorization model
failed. The reason for this is twofold:

1.        The Fear of Under-Provisioning

Roles are
created with a broad set of assumed privileges based on a job description or
function within an organization. The problem is that it is almost impossible to
know or predict what privileges an identity actually needs, so most enterprises
err on the side of over-provisioning because they are afraid of negatively
impacting productivity. The problem is compounded as organizations change but
seldom update roles properly. The temptation is always to add a little more
into an existing role, rather than redesign the role completely. That is how we
end up with grossly over-provisioned machine and human identities.

2.     One to Many

When one
role is assigned to many identities (e.g. multiple EC2 instances), it almost
always implies over-provisioning. This happens because most identities will
only need a few privileges to perform their day-to-job. However, every time a
new identity is assigned that role, new privileges are added as well to
accommodate its function. The problem is that roles are seldom monitored and
reviewed and therefore privileges are rarely deleted. Without continuous
oversight, over time, a role will become massively over-provisioned.

The delta
between the privileges that identities need to successfully perform their day-to-day
jobs and the privileges they are granted is what we refer to as an avoidable

This is not
just a Capital One problem. Companies around the world are vulnerable to the
same threats, but we’ll use this example to illustrate how companies are
exposing their cloud infrastructure to excessive risk from insider threats.

So what can we learn from Capital One and similar incidents?

1.        Every machine identity in your
environment needs to be carefully examined to assess its potential risk to your
organization. How many high-risk privileges are assigned to the identity? What
privileges have they used over the last 90 days? What resources are they
accessing? Has the identity performed an unusual action on a new resource?

It’s also not
enough to assess once and move on. It must be continuous. If at any time there
is evidence that the machine identity is over-provisioned or is displaying
unusual behavior, take immediate action to prune or right size those
privileges. Continuously implementing and enforcing the principle of least
privilege across your cloud environment is the best way to keep it safe.

2.        When designing roles, don’t make
assumptions on what the identity might need to perform their day-to-day job.
Look for actual data to support your decisions such as identity activity
attributes. If an identity has not used a privilege for 90 days, there is a
good chance it doesn’t need it. In the Capital One case, two of the commands
that led to the exfiltration of data had never been used by the machine
identity (the EC2 instance). A data-driven approach gives security IT teams an
infinitely better picture of how to set up and maintain least privilege

3.        When creating a new role for an existing
identity, provision the set of privileges based on past usage. If it is a new
identity, start with just enough privileges of a similar identity or start with
a minimal set of privileges and gradually adjust. Review and right-size the
privileges continuously.

For example,
with this approach, the EC2 instance would not have had unfettered access to
the S3 buckets, preventing the hacker from downloading so many files at once.
Even if she had the ability to download a few files, the magnitude of the
incident would have been significantly smaller. To contain privilege creep with
roles, we need to either break down roles with a minimal common set of
privileges or create a unique role for each identity based on past usage.

these best practices will help improve your cloud security risk posture and
significantly limit the blast radius of an attempted breach such as what
Capital One experienced. Prevention is paramount, especially with cloud
infrastructure and it all starts with properly managing identity activity.

Original Source link

The post #cybersecurity | hacker | Cloud Infrastructure IAM Lessons from the Capital One Breach appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

#hacking | Accel’s new India fund, Slowing growth of AePS & more, Technology News, ETtech

Source: National Cyber Security – Produced By Gregory Evans

Accel’s new India fund

What’s the news?

Accel India, backer of leading technology startups such as Flipkart, Freshworks and Swiggy, has raised about $550 million for its sixth India fund, taking its assets under management to $1.5 billion. This makes Accel VI among the largest corpuses for an India-focused venture capital fund, which last raised $450 million three years ago.

Where will the money go?

Accel said it would continue to scout for early-stage deals across consumer internet, enterprise, financial services, healthcare, and Software as a Services (SaaS) startups.

The firm’s previous fund saw 80% of its investments in the range of $2 million or less. Of its 120 active portfolio companies, the venture fund has 44 firms valued at more than $100 million. Read more.

ETtech Top 5: Accel's new India fund, Slowing growth of AePS & more
Aditya Ghosh joins Oyo board

What’s the news?

Aditya Ghosh, the India and South Asia head of hospitality chain Oyo Hotels & Homes, has stepped down from his role, and will join its board of directors, a little over a year after the 44-year-old joined the SoftBank-backed company.

Ghosh will be succeeded by Rohit Kapoor, who was heading Oyo’s new real estate business, the Gurugram-based company announced in a prepared statement. Kapoor’s new role will be effective from January.

What’s next?

Ghosh said he will now focus on governance, profitability, communications, consumer experience and security and safety at the seven-year-old company, which has emerged as one of the most richly valued startups from India.

Ghosh is the second new director appointed in less than a month, after Oyo announced that it had inducted Betsy Atkins, chief executive of investment firm Baja Corporation, as an independent director last month. The development comes at a time when Oyo has stated its intention to go publicly trade on the bourses, but is yet to share a date on when that might take place. Read more.

ETtech Top 5: Accel's new India fund, Slowing growth of AePS & more
Slowing growth of AePS

What’s the news?

The rate of growth in transactions through Aadhaar-enabled payment system (AePS) in the April-October period of the current financial year has dropped by more than two-thirds from the year-ago period, data from National Payments Corporation of India (NPCI) shows.

According to NPCI, which runs the platform, biometric-based transactions grew by 10% to 208 million transactions in October 2019 from 189 million in April. Further, the transactions dropped in November to 196 million

Why is this happening?

The transaction count on AePS has not grown aggressively, given many large public sector banks have introduced limits on the number of transactions their customers can do on other terminals, a senior banker told ET.

Large public sector banks such as State Bank of India and Bank of Baroda had limited the number of transactions their customers can do on other bank micro ATMs, ET reported on October 3.

Among other reasons, bankers said some agents were splitting single transactions into multiple small ones to earn more commission, which is why such limits were imposed. Read more.

ETtech Top 5: Accel's new India fund, Slowing growth of AePS & more
Google may get relief in phishing probe

What’s the news?

India is not likely to act against Google after the search giant said last week that nearly 12,000 users may have been targeted in state-backed cyber attacks globally, which included around 500 users in the country, according to a top government official. The government is nevertheless planning to issue a notice to Google asking why it had not informed the authorities about the attack.

Why the relief?

Google may not be treated the same way as WhatsApp as the attack was not due to any vulnerability on its platform that hackers could exploit, unlike the Facebook-owned instant messaging app, where a flaw was used to inject malware, affecting 121 users in India, including activists, lawyers and journalists.

In the case of Google, cyber hacking techniques such as phishing were employed, with users being responsible if they fell prey to the phishing attempt, the government official said. Read more.

ETtech Top 5: Accel's new India fund, Slowing growth of AePS & more
TikTok & politics

What’s the news?

Political agencies, campaigners and strategists are weighing how to ramp up their presence and content on TikTok for the future elections as the Chinese video-sharing app gains popularity in India.

What are they doing?

Although Bytedance-owned TikTok has stated that it would not allow political ads on the platform because there’s a mismatch with the experience, digital agencies and marketers said there are ways of promoting the desired political content on the app. TikTok currently has 200 million users in India. Read more.

Source link

The post #hacking | Accel’s new India fund, Slowing growth of AePS & more, Technology News, ETtech appeared first on National Cyber Security.

View full post on National Cyber Security

hacker proof, #hackerproof

Website/IP 18000k.com may be hackable , #hackerproof

Personal Notes: No Personal Notes
Industry: Blog – Entertainment
Vulnerabilities: 112
Scan Date/Time: Tue, 03 Dec 2019 01:00:48
Purchase: Click here to
Purchase the Report for $25



Follow us on Social Media to receive a 50% to 100% discount code we post every week.

If This Is Not Your Website:

  • You should cautious before giving this website any personal information.
  • Make sure you do not use the same password on this website (or any website) that you may use for your email address, bank account, social media accounts or any other accounts you may have.
  • Before entering any personal information like credit cards, social security number or even your personal address, make sure you see https in the URL. It should have a lock next to the https://TheWebsite.com.

AIHP Disclaimer:

There are 5 stages to computer hacking, Reconnaissance, Scanning, Gaining Access, Maintaining Access and Covering Tracks. AmIHackerProof.com handles the first 2 stages, Reconnaissance and Scanning. When you see a computer hacker in the movies or on television, they never show you the reconnaissance or the scanning portion. 80% of computer hacking is research. AmIHackerproof.com also scans your website like a hacker to find vulnerabilities that might exploit the website.

The following information is based on our vulnerability test, which may differ from other vulnerability scanners. Please note, websites are not hosted on the same server as the email server or the home/office network. What this scan does show, is the level of experience of the individuals hired by the company to protect their website. A persons level of education in website design or computer science, does not suggest they are computer hackers. Most computer hackers do not have college degrees.

Some people believe that because they do not have any personal, financial or client information at their website, they are not vulnerable to being hacked. Here are some reasons that disprove this idea:

  • A hacker can redirect your website to your competitors website.
  • A hacker can change or delete your SEO information. SEO is how search engines like Google and Bing rank your website. This can make a difference in your website being number 1 in a search or number 1million.
  • If you collect email addresses at your website, so you can send out news letters, press releases or information about product or services, a hacker can add 2 lines of code that will forward all email addresses to another site.
  • A hacker can add malicious code to your website so that anyone who clicks on any link at your site could get marleware, spyware or even a virus downloaded to their computer.
  • If a website allows visitors to register, a hacker could download your entire user database including their names, emails addresses as well as the users passwords.
  • You can have your website defaced. A hacker can deface it by posting your competitions products or services on your home page.
  • A hacker could change your phone number or address on your websites so that your customers cannot call or find your business.