San Francisco International Airport SFO Websites Hacked: Airport Discloses Data Breach

San Francisco International Airport notifies users of two low-traffic websites about data breaches in March.

San Francisco International Airport (SFO) revealed this week that two websites have been hacked, revealing the login information of some users on both websites. The attack took place in March and received a consensus between SFOConnect.com and SFOConstruction.com Which is a website with few visitors

According to the message sent to the Department of Airport Information and Telecommunications Technology (ITT) "The attackers have included malicious computer codes on these websites in order to steal user credentials." "Users affected by this attack may have access outside the airport network to Windows devices or devices. That is not maintained by SFO via Internet Explorer. "

The advertisement also stated that "The user name and password of the user affected by the attacker are not used to access those personal devices." Anyone who visits the website with a web browser, Internet Explorer recommends changing the password. Of devices used to access endpoint hardware outside the management network

In addition, on Monday 23 March 2020, SFO representatives must reset all email and network passwords for SFO. "The malicious code has been removed from the compromised website."

Dedicated to SFO construction projects. SFOConstruction.com website. Is the clearing house for third bidders and airport related contracts. The second consensus website is SFOConnect.com Is an information center where airport employees can search for logos and the latest safety news related to underground transportation.

-Sumit Tiwari

#cybersecurity #ceo #ciso #euinac #attack #ethicalhacking #security #networksecurity #computersecurity #privacy #informationsecurity #intelligence #cyberattack #secure #infosec #hacking #databreach #SFO

Google bans employees from using this video chat app

After SpaceX, Elon Musk and NASA companies, space research, it was Google's Google to connect workers with zoom applications. Since the workplace, a global trend has occurred since coronavirus pandemic professionals have migrated to applications such as Zoom. Teleconferencing applications are seeing its popular charts, but it comes with a fair amount of personal concerns. BuzzFeed According to the report, Google sent an email to all employees about the ban last week. Google has told employees that everyone has Zoom installed on their device, that the program works quickly. Google sent an email to employees about the ban last week, saying that employees had been posted to their zoom device and asked that Google stop the program soon. Interestingly, Google has its own Zoom competitor, Meet, which is great in the G costume.

Google spokesman Jose Castaneda told BuzzFeed News that the company has a policy of not allowing employees "unapproved applications" to use the job. "Recently, noteworthy employees using our secure Zoom desktop client are running on computers that are legally bound to meet our standard of security application used by our employees. Zoom employees are using them to stay in touch with the ability to keep up with family and friends through a web browser or over a phone, ”Castenada told BuzzFeed News.

SpaceX research firm Musk ELX also says its employees will not use Zoom. According to a Reuters report, SpaceX sent a short employee on March 28 stating explicitly that Zoom employees should not be used. "We understand that most of us use this tool to support conferences and meetings. Please use email, text or telephone to provide other means of communication," notes. In addition, the importance of the decision is not to use the company because of the zoom, as there are "confidentiality and security issues".

reported online most of the recommended zoom has privacy and security issues. The lack of resolution to this conclusion has worsened a great deal of worry. Zoom CEO Eric S Yuan says the company is taking the right steps to meet the challenges. Companies looking to release the next 90 days will work on issues of security and privacy instead.

-Sumit Tiwari

#google #zoom #covid #coronavirus #cybersecurity #ceo #ciso #euinac #attack #ethicalhacking #security #networksecurity #computersecurity #privacy #informationsecurity #intelligence #cyberattack #secure #infosec #hacking

PayPal and Venmo Are Letting SIM Swappers Hijack Accounts

Even after researchers received a warning, some companies did not have any systems in place to help the crisis spill over.

Some major applications and websites, such as Paypal and Venmo, have an error that allows users to easily access people's data after taking the victim's phone.

Earlier this year, researchers at Princeton University found 17 major companies, including Amazon, Paypal, Venmo, Blizzard, Adobe, eBay, Snapchat and Yahoo, that allowed people to remake use their web site to use text messages sent to the connected phone. and their stories. This means that if a mobile user accesses a mobile phone using a simple, standard operating system such as SIM tracking, then he or she can use it on the websites that use these programs and websites. .

"When considering the analogy, I never expected it to be too much, and I didn't expect a problem to occur on these large sites," Kevin Lee, senior researcher, told an interview with Motherboard. A week ago, two months after they first asked companies to report this maliciously in their endorsement, Princeton researchers re-examined if the company had solved the problem. Some, including Adobe, Blizzard, Ebay, Microsoft, and Snapchat, have closed the hole.

PayPal and Venmo, since they are applications that allow users to exchange cash and are associated with bank or credit card information, are probably the most popular examples. This week, the motherboard has confirmed that passwords can be corrected to Paypal and Venmo using a text message.

Venmo is owned by Paypal and none of their members has responded to many requests for comment on this story.

In fact, there is a security policy because companies balance security with the need for users to redesign their password when they forget it. Providing users with the ability to redirect information to digital content is, in general, an excellent solution. But the increase in SIM card transactions that the motherboard has been reporting for years has made this sensitive protocol even more dangerous.

If you do not want companies to update and improve their policies, there is a simple solution that you can use today to reduce the risk for your accounts. you have captured your number by disconnecting your phone number from these accounts using a VoIP number, such as Google Voice, Skype or otherwise. Google Voice numbers, since they don't actually connect to a real SIM card, are much harder to jump.

-Sumit Tiwari

#cybersecurity #ceo #ciso #euinac #attack #ethicalhacking #security #networksecurity #computersecurity #amazon #paypal #adobe #venamo #blizarred

Just visiting the site can capture the camera of your iPhone or MacBook.

If you use an Apple iPhone or MacBook, we will provide you with some disturbing news.

It turns out that using the Safari browser to access websites (not only malicious websites, but also legitimate websites that do not suspect that malicious ads can be downloaded) may allow remote attackers to secretly access the camera, microphone, or device location, and in some cases save passwords .

Apple recently paid a reward of $ 75,000 to ethical hacker Ryan Pickren. He actually proved the hacking behavior and helped the company fix seven new vulnerabilities, and then no attacker could use them.

The fix was released in a series of updates to Safari, covering version 13.0.5 (released on January 28, 2020) and Safari 13.1 (released on March 24, 2020).

"If the malicious website wanted camera access, all it had to do was masquerade as a trusted video-conferencing website such as Skype or Zoom," Pickren said.

When chained together, three of the reported Safari flaws could have allowed malicious sites to impersonate any legit site a victim trusts and access camera or microphone by abusing the permissions that were otherwise explicitly granted by the victim to the trusted domain only.

A vulnerability exploit chain that misuses Safari permissions for sites

The Safari browser provides access to specific permissions for each website, such as the camera, microphone, location, etc. Skype says this allows different websites to access the camera without having to ask for user permission every time the application starts.

But on iOS, there are exceptions to this rule. Although third-party applications must obtain the explicit consent of the user to access the camera, Safari can access the camera or album without permission.

In particular, using a chain to combine multiple flaws in how browsers analyze URL patterns and process security settings for each website can lead to incorrect access. This method only applies to the site that is currently open.

Pikren said: "The most important conclusion is that URL schemes are completely ignored." "This is problematic because some schemes do not contain any significant hostnames, such as file:, javascript: or data:"

In other words, Safari cannot verify that the website complies with policies of the same origin, thus giving access to other websites that should not be given permission. As a result, "https://example.com" websites and their malicious copies of "fake: //example.com" may terminate with the same permissions.

Therefore, using lazy host resolution in Safari, you can use the "file" URI (for example, file: //path/to/file/index.html) to trick the browser into changing the JavaScript domain name as follows.

Picron said: "Safari thinks we're on skype.com and can download some kind of bad JavaScript. When you open a local HTML file, everything about the camera, microphone and general screen is compromised. "

Research has shown that even simple text passwords can be stolen this way, because Safari uses the same method to detect websites that require automatic password entry.

In addition, you can avoid precautions when downloading automatically, first opening a trusted site as a pop-up window and then using it to download malicious files.

Similarly, you can use blob: URI (for example, blob: //skype.com) to run arbitrary JavaScript code and use it to access the victim's webcam directly without permission.

-Sumit Tiwari

#cybersecurity #attack #euinac #ceo #ciso #coronavirus #apple #ios #safari #macbook #iphone #pandemic #firefox #hacking #ethicalhacking #thehackerstalk

SBI cautions against fake UPI ID for collecting coronavirus funds

India's largest creditor bank, the State Bank (SBI), has warned people against identifying a fake Unified Payment Interface (UPI), which is being traded under the pretext of the Prime Minister's Citizens Assistance and Emergency Relief Fund (PM-CARES). “Beware of fake UPIs that travel under the guise of the Prime Minister for Assistance to Citizens and Emergencies, known as the Prime Minister of Care. Make sure your donation to the global epidemic is in the right hand. ” ,SBI tweeted-

"Beware of the fake UPI IDs that are making the rounds in the guise of Prime Minister’s Citizen Assistance & Relief in Emergency Situations a.k.a. PM Cares. Make sure your monetary donation to fight against the global pandemic is going into the right hands. @PMOIndia #PMCaresFund"

                                    

The government has warned donors against bogus UPI identifiers that track people on various social media. “Beware of false UPIs distributed under the pretext of the PM CARES Foundation. #PIBFactcheck: The correct UPI for #PMCaresFunds is pmcares @ sbi ", - Verification of GDP data from Twitter. On Saturday, Prime Minister Narendra Modi announced the creation of an emergency aid and relief fund, where people can contribute and help the government fight the coronavirus.

-Sumit Tiwari

#cybersecurity #attack #euinac #ceo #ciso #coronavirus #sbi #pmcarefund #firefox #hacking #ethicalhacking 

Do not update your Windows 10 PC if you are working from home - this could break the internet

Microsoft appears to have a history of unreliable and unreliable updates for Windows 10, at least for the past year and a little longer. Broken programs, performance problems, battery problems, whatever. However, this time, given that the world is following the work from home routine due to Coronavirus crashes in many countries, the March 2020 update for Windows 10 makes one really want to tear off their hair. It's not a slight bug, it might just cut off internet access on your Windows 10 laptop or PC.

Can you disable Windows updates on your Windows 10 PC right now? No, after all, it is a live platform and constant update. So what exactly is the problem? Remove it, Microsoft: "Devices that use a manual or self-configured proxy, especially with a virtual private network (VPN), may display little or no internet connection status in the NCSI on the notification area. This can happen when You are online or not connected to the VPN or after changing the status between the two. Devices experiencing this problem may also have trouble accessing the Internet using applications using WinHTTP or WinInet. Below are examples of applications that can be affected on devices in this case, but Not limited to Microsoft Teams, Microsoft Office, Office365, Outlook, Internet Explorer 11 and Web Some editions of Microsoft Edge. "This is consistent with the information provided in the version released by Microsoft, to obtain the latest update package for Windows 10.

In simpler terms, this means that you have a really critical error that can slow down apps ’access to the internet or completely prevent these apps from accessing the internet. Yes, when you are in the decisive work of home stage in our lives. If you are running Windows 10 version 1909; Windows 10 version 1903; Windows 10 version 1809; Windows 10 Enterprise LTSC 2019; Windows 10 version 1803 or Windows 10 version 1709 may encounter this problem.

Microsoft says: "We're working on the issue and aim to release the Microsoft Catalog Out of Range Update to resolve this issue in early April." Meanwhile, your suggestion is to restart your Windows 10 PC and wait for the issue to be resolved. You can read more here.

It might have made more sense to track Google’s progress and delay Windows 10 platform updates right now. Google previously announced that it will not release updates to the Chrome web browser or ChromeOS platform at this time, because it does not want any functionality to unintentionally interrupt or interrupt usage when millions depend on their software while working from home. Just because we've received updates on Windows every month for millions of years, it doesn't mean that this time around there wasn't some flexibility given the global scenario.

This isn't the only bug with the latest Windows 10 updates, by the way. The "Reset This Computer" feature is known to be disabled, some versions of Avast and AVG antivirus will stop working, and TLS connections may fail or expire upon connection or try to resume.

If you are one of those unlucky spirits whose Windows 10 computer asks to restart to install some updates they might have downloaded recently, our advice is: Don't do it. Leave your computer idle or on, just don't turn it off or restart it, at least until Microsoft releases the patch to fix this problem.

-Sumit Tiwari

#cybersecurity #attack #euinac #ceo #ciso #microsoftedge #microsoft #firefox #hacking #ethicalhacking #update #window10

Coronavirus Scam Alert: Watch Out For These Risky COVID-19 Websites And Emails

The nation-sponsored cybercriminals and spies were ready to face the coronavirus panic. Research released Thursday shows that scammers and spies quickly registered a large number of potentially harmful websites and sent masses of fraudulent emails while trying to earn money from the pandemic.

A report by cybersecurity company Recorded Future found a significant increase in registrations of websites linked to the COVID-19 virus, some of which claims to be used to steal information from recipients or infect it with malware.

Lindsay Kaye, Recorded Future's chief operating officer, specifically identified the following areas as potentially dangerous:The nation-sponsored cybercriminals and spies were ready to face the coronavirus panic. Research released Thursday shows that scammers and spies quickly registered a large number of potentially harmful websites and sent masses of fraudulent emails while trying to earn money from the pandemic.

A report by cybersecurity company Recorded Future found a significant increase in registrations of websites linked to the COVID-19 virus, some of which claims to be used to steal information from recipients or infect it with malware.

Lindsay Kaye, Recorded Future's chief operating officer, specifically identified the following areas as potentially dangerous:

coronavirusstatus[.]space

coronavirus-map[.]com

blogcoronacl.canalcero[.]digital

coronavirus[.]zone

coronavirus-realtime[.]com

coronavirus[.]app

bgvfr.coronavirusaware[.]xyz

coronavirusaware[.]xyz

Forbes also had Bernardo Quintero, founder of the Google-owned malware repository and anti-virus testing service VirusTotal, take a look at the domains reported by Recorded Future.  He said the following websites also showed signs of malicious behavior, as they’re being detected by anti-virus software:

Tracking The Trackers: Coronavirus Surveillance Around The World

Apple Issues New Blow To Google With This Striking Browser Privacy Move

‘Elite Hackers’ Thought Behind Cyber Attack On World Health Organization

corona-virus[.]healthcare

survivecoronavirus[.]org

vaccine-coronavirus[.]com

coronavirus[.]cc

bestcoronavirusprotect[.]tk

coronavirusupdate[.]tk

-Sumit Tiwari

#cybersecurity #attack #euinac #ceo #ciso #microsoftedge #microsoft #firefox #hacking #ethicalhacking #coronavirus

Researchers find security flaws in some of the major password managers

University of York researchers released their findings regarding key password manager vulnerabilities. In detail about their results in their research paper, the researchers noted that they had tested five different commercial password managers in their study. They rated these password managers against previously reported bugs. Where they also found new vulnerabilities. In short, the two researchers Michael Carr (Piksel, York Science Park) and Siamak F. Shahandasht (University of York) analyzed the top 5 password managers (out of 19) based on their popularity and functionality. These include Dashlane, LastPass, 1Password, Keeper and RoboForm. They then double-checked by testing these 5 against six known significant vulnerabilities first, then ran functionality tests to reveal more flaws. Known vulnerabilities include the two-factor authentication seed vulnerability, the item inspection vulnerability, the registry detection flaw, the URL mismatch, the subdomain ignorance, and the HTTPS Autofill vulnerability. Here's what they found (the black dot represents the presence of a vulnerability).

-Sumit Tiwari

#cybersecurity #attack #euinac #ceo #ciso #microsoftedge #microsoft #firefox #hacking #ethicalhacking #password #secrurity