The fine has been enforced by the UK’s Information Commissioner’s Office (ICO) and was calculated using a pre-GDPR formula for data breach fines. Using the UK’s old Data Protection Act to fine Facebook, rather than GDPR they can only give a maximum penalty of £500,000, which is equal to what the social media giant earns every 18 minutes.

GDPR rules dictate a maximum fine of 4% of annual global turnover, which would be $1.6 billion. Unfortunately the the GDPR regulation wasn’t in place when the Cambridge Analytica story broke, coming into force in May 2018.

The UK investigation concluded that Facebook’s APIs had been allowing developers access to users information without them providing proper consent, for a long period of time between 2007 and 2014. Once they realized this loophole existed and patched it up, they did nothing to investigate the data compromised or ensure it was deleted.

[FACEBOOK] should have known better and it should have done better… We considered these contraventions to be so serious we imposed the maximum penalty under the previous legislation. The fine would inevitably have been significantly higher under the GDPR

Information Commissioner Elizabeth Denham said in a statement

Facebook has said they are reviewing the ICO’s findings and stated they “respectfully disagree” with some of the report, but admit they should have done more to protect users data. They also added that they found no evidence that British users profile information was shared with Cambridge Analytica.

The post UK Fines Facebook over Cambridge Analytica Scandal appeared first on Hack Ware News.

The security flaw, discovered by Peter Winter-Smith from NCC Group, allows a hacker to bypass the authentication process on the servers and gain access to the system without having to enter a password.

An attacker can do this by sending the SSH server “SSH2_MSG_USERAUTH_SUCCESS” message instead of the “SSH2_MSG_USERAUTH_REQUEST” message that a server usually expects and which libssh uses as a sign that an authentication procedure needs to initiate.

The libssh system will treat this message to mean the authentication has already taken place and allow the attacker access to the server. The flaw (CVE-2018-10933) was released in January 2014 in release 0.6.0.

It’s estimated that the vulnerability currently affects at least 3000 servers, however this is based on a small search and the scale of the problem is not yet known. There were concerns that the popular version control site for developers to work collaboratively on projects, GitHub, was affected but they have released a statement denying this. Github claims the way they use libssh means they are not vulnerable to this exploit.

“We use a custom version of libssh; SSH2_MSG_USERAUTH_SUCCESS with the libssh server is not relied upon for pubkey-based auth, which is what we use the library for,”

a GitHub security official said on twitter

While we use libssh, we can confirm that https://t.co/0iKPk21RVu and GitHub Enterprise are unaffected by CVE-2018-10933 due to how we use the library.

— GitHub Security (@GitHubSecurity) October 16, 2018

The security flaw is only on the server side, meaning users who have a libssh based SSH client installed on their computer will be safe from potential attackers looking to exploit this vulnerability.

While there are currently no public exploits available for the vulnerability, they are easy to put together so these are likely to pop up online in the coming days and weeks.

The team at libssh released versions 0.8.4 and 0.7.6 yesterday to handle this bug.

The post Libssh Security Flaw leaves thousands of servers vulnerable to hijacking appeared first on Hack Ware News.

A malicious app called “Album by Google Photos” was found to be hosted on the Microsoft store. The app was pretending to be part of Google Photos, but was in fact an ad clicker that generates hidden adverts within the Windows 10 Operating System.

The ad clicker app seemed credible to users because of its name, and also the fact it claimed to be created by Google LLC, Google’s actual Microsoft store account is Google Inc, but it looks unsuspecting to users. Microsoft came under some criticism for not realising the app was actually malicious software since the user reviews did highlight that the app was fake, with plenty of 1* reviews. One review states “ My paid Anti-malware solution detected several attempts to download malware by this app. Watch out”. The App was first released on the Microsoft store in May.

What did the application do?

The “Album by Google Photos” app is a Progressive Web Application (PWA), which acts as the front end for Google Photos and includes a legitimate login screen. Hidden in the app bundle is also an ad clicker which runs in the background and generates income for the app developers.

The app connects to ad URLS, and the ads were very similar to what users would see from typical adware, including tech support scams, random chrome extensions, fake flash and java installs and general low-quality sites.

Microsoft haven’t commented how this app managed to pass the Microsoft review process before ending up on the store.  This is somewhat concerning since it could mean other malicious apps of a similar nature have flown under the radar and are still infecting user’s computers. We are waiting for Microsoft to comment on the issue.

The post Ad Clicker Disguised as a Google Photos App has been Hosted on Microsoft Store. appeared first on Hack Ware News.

The implant was found to be built into the server’s Ethernet port, giving the spies access to the company’s networks. The server was created by Supermicro, a Chinese manufacturing company who were originally reported to have supplied the spying chip servers in last week’s report.

Bloomberg has come under intense scrutiny following the report’s publishing due to lack of clarity around their sources. Because they haven’t revealed the sources, and because many of the 30 companies, including Apple and Amazon have come forward to deny the allegations, some people are calling into question the legitimacy of the report. However, despite Apple’s initial denial, they later came forward to say they did find an inserted chip on one of their servers, used for testing in their labs. This server was provided by Supermicro.

The Department of Homeland Security put forward a statement on Saturday to say

we have no reason to doubt the statements from the companies named in the story

by companies they are referring to Apple and Amazon, who have both denied the Bloomberg report allegations. The UK’s primary cyber security agency GCHQ have stood by Homeland security’s statement. Apple’s vice president of information security, George Stathakopoulos has said he will make himself available for questioning this week.

The report also fails to name the major telecommunications company in question, adding to this frustration around lack of transparency over the claims.

The post Major US telecom hacked by tampered Chinese Ethernet port appeared first on Hack Ware News.

Google first discovered the bug in March 2018 and released a patch and a statement to say that there was no evidence of misuse or evidence of the vulnerability being exploited. However, Google felt that the effort involved in protecting user data on the social network outweighs the benefit of keeping the functionality running, when it hasn’t proven to be a very popular social network. They are set to close the consumer functionality of Google+ over a 10-month period.

After performing a code review of the Google+ APIs, they discovered a bug that could leak the personal information of Google+ account users. The bug allows a user to use installed apps to utilize the API and see personal information of that user’s friends. This personal information includes name, email address, occupation, gender and age.

Although Google has said they have seen no evidence the bug was exploited, it’s not possible for them to know if it has, or the extent, since they only keep two weeks of API logs for the Google+ service.

A report done by the Wall Street Journal stated that the bug existed between 2015 to March 2018 when it was patched. Google decided not to disclose the bug even though they weren’t sure it wasn’t exploited. The Wall Street Journal reported they have seen a memo by Google’s legal team advising not to disclose the data breach in case it attracts negative attention from government agencies around data protection.

A Google spokesperson has said they didn’t disclose the breach because it didn’t reach the necessary threshold to warrant informing users.

The post Google+ Shutting down after info from 500k Accounts is leaked appeared first on Hack Ware News.

Davis, who also went by the alias Libertas, was an administrator and forum moderator for the dark web site. Silk Road was an online black market for the sale of illegal drugs. The site was hosted on the dark web, where users were able to browse the site anonymously and securely without being monitored.

Development for the site was started in 2010 and by February 2011 the site was live. Silk Road was shut down in October 2013 after an FBI investigation which resulted in the site’s founder being Identified. Silk Road was founded by Ross Ulbricht who went by the pseudonym “Dread Pirate Roberts”. Ulbricht was sentenced to life in prison without the possibility of parole.

Davis has a role in helping the site run smoothly and provided customer support to users. It was found that he received a weekly salary for his work maintaining the site. Gary Davis was indicted by the US in 2013, and later arrested in Ireland in 2014. Davis attempted to fight extradition to the US on the grounds that going to prison in the US would endanger his mental health and life, which would violate his rights.

The fight against extradition was ultimately unsuccessful after Ireland’s supreme court rejected his arguments, he was extradited in July 2014. Davis plead guilty in court to one count of conspiring to distribute massive quantities of narcotics, which has a maximum sentence of 20 years in prison. He will be sentenced by Judge Furman on 17 January 2019.

The post Silk Road Admin could face 20 years in prison after pleading guilty appeared first on Hack Ware News.

The GRU is the Main Directorate of the General Staff of the Armed Forces of the Russian Federation and is Russia’s largest foreign intelligence agency. It was found that the 7 officers were part of a retaliation and delegitimizing campaign against anti-doping organizations who exposed the Russian state sponsored athlete doping program.

Russia has a long history of doping in sport, including the Olympics, they have had 51 medals stripped for doping violations, the most of any country.

The officers are alleged to have hacked into the accounts of anti-doping officials from several agencies in order to steal information and launch an attack to discredit them. There was also evidence of campaigns to tarnish the reputation of other athletes by suggesting they were also doping.

Once the information was stolen, it was distributed on social media under the “Fancy Bears’ Hack Team” alias. Twitter was one of the main social media platforms used. The 7 would contact reporters to leak information to in order to generate media attention.

The United Kingdom National Cyber Security Centre (NCSC) has identified other hacking groups associated with the GRU.  The other hacking groups are; APT 28, Fancy Bear, Sofacy, Pawnstorm, Sednit, CyberCaliphate, Voodoo Bear, Cyber Berkut, BlackEnergy Actors, STRONTIUM, Tsar Team and Sandworm.

APT have hit the headlines before after they were found to compromise LoJack, a legitmate piece of software, in order to infiltrate organizations and install malware. Sednit also hit the headlines after it was found that they were responsible for creating the first UEFI Rootkit seen in the wild.

The post US charges 7 Russian GRU Officers with International Hacking appeared first on Hack Ware News.

The servers are designed in the US by an American company called Super Micro, and do not include the chip in their designs. It is thought the chip must have been added in China, during the manufacturing process for the servers. The chip is an example of a “hardware hack” where hardware is modified to perform functions that wasn’t originally intended in the design. It is suspected the purpose of the chip is to spy on American companies and their users.

The lengthy publication by Bloomberg reports that Apple and Amazon were among those companies affected, but both companies refute the claim. An Apple spokesperson told Bloomberg that they had no history of finding malicious chips or hardware manipulations in any of its servers. Apple no longer used Super Micro servers after ending their contract with them in 2016.

Amazon also disputes the claims about their servers containing malicious chips and says they have not worked with the FBI to investigate malicious hardware within the company. Super Micro join Apple and Amazon in denying the claims about its servers.

In response to the allegations, China’s Ministry of Foreign Affairs released a statement saying “China is a resolute defender of cybersecurity. It advocates for the international community to work together on tackling cybersecurity threats through dialogue on the basis of mutual respect, equality and mutual benefit. Supply chain safety in cyberspace is an issue of common concern, and China is also a victim. China, Russia, and other member states of the Shanghai Cooperation Organization proposed an “International code of conduct for information security” to the United Nations as early as 2011. It included a pledge to ensure the supply chain security of information and communications technology products and services, in order to prevent other states from using their advantages in resources and technologies to undermine the interest of other countries. We hope parties make less gratuitous accusations and suspicions but conduct more constructive talk and collaboration so that we can work together in building a peaceful, safe, open, cooperative and orderly cyberspace.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Chinese Spying Chips Found Hidden on US companies’ servers appeared first on Hack Ware News.

However, there is a new phishing attack that stores their phishing form on Azure Blob Storage, so that it is secured by a Microsoft SSL certificate, giving an air of legitimacy to its victims. The phishing attack is an Office 365 based attack.

Azure Blob storage is a service that allows for storing large amounts of unstructured object data, such as text or binary data. This data can then be accessed anywhere in the world using HTTP or HTTPS. When the user connects via HTTP or HTTPS, a SSL certificate will be displayed, making it difficult for even competent users to tell it’s a phishing attack.

Cloud security provider Nekskope recently discovered this method being used. The attackers have been sending victims emails with a PDF attachment that pretend to be from a law firm in Denver. The attachments are innocently named “Scanned document. Please review” and contains a button to download the PDF. When the target clicks on the button they are brought to a HTML page masquerading as an Office 365 login form. The URL may trigger some savvy users to be suspicious, but the SSL may be enough to convinced them that this is a secured and legitimate Microsoft site.

Once Clicked on the “Download PDF”button, you are presented with message that the document is trying to connect to Azure blob storage

In order to protect yourself from this type of attack Netskope advises that companies would properly educate their users to recognise non-standard URL addresses. If users could easily recognise the legitimate address and be suspicious of any change in the web address then they would be less likely to fall victim to this type of phishing scam.

[stackCommerce layout=”2″ count=”5″ sort=”best_sellers”][/stackCommerce]

The post Azure Blob Storage phishing attack impersonates Microsoft appeared first on Hack Ware News.

Sales engagement company Apollo have announced that hackers have stolen over 200 million data records. They reported the breach was on its contact database. Apollo have informed their customers of the breach via email. The breach was noticed “weeks after system upgrades in July”.

The database in question contains publicly available data including names, employer details, job titles, social media account names, phone numbers and email addresses. Tim Zheng, Apollo Chief Executive claims he informed customers in line with their values around transparency, however he has declined to answer questions on the topic.

We have confirmed that the majority of exposed information came from our publicly gathered prospect database, which could include name, email address, company names, and other business contact information. Some client-imported data was also accessed without authorization.

Although this a large scale and serious data breach, Apollo have assured customers that financial, social security and other sensitive data has not been stolen and remains unaffected. Investigations have been underway since the breach was noticed. As of now there is little information about the investigation or its findings.

With the kind of information stolen by the attackers it poses a long terms security threat where they can send personalised phishing emails. However, this attack poses a less immediate security threat than if account names and passwords were stolen, which they were not in this case.

There are also concerns that Apollo may face action from European authorities under the GDPR ruling that came into law in May this year. The GDPR regulation is aimed at protecting customers data and imposing steep fines on companies who mishandled personal data, Apollo would fall into this category.

The post 200 Million Contact Records Stolen in Apollo Data Breach appeared first on Hack Ware News.