By Waqas
The group claims they launched this attack to demand the release of political prisoners arrested during the countrywide protests. 
This is a post from HackRead.com Read the original post: Black Reward Hackers Steal Trove of Emails from Iran’s Atomic Energy Agency

A group of anti-Iranian government hackers have allegedly targeted **Iran** Atomic Energy Organization’s subsidiary’s network and managed to access its email server.

The hacking group identified as Black Reward has claimed responsibility for the attack on the Iranian nuclear agency’s subsidiary, the Atomic Energy Production and Development Company located in Bushehr.

The group claims they launched this attack to demand the release of political prisoners arrested during the countrywide protests.

On the other hand, the agency has acknowledged that its email server was targeted by hackers and blamed a foreign country for this attack but didn’t name the country.

“These illegal efforts out of desperation are aimed at attracting public attention,” the agency stated.

Furthermore, the agency downplayed the severity of the incident, claiming that the stolen data included emails containing “normal and daily exchanges” and technical content.

However, hackers claim to have obtained 50GB of internal emails, construction plans, and contact details of the Iranian government’s Russian-backed nuclear power plant. The group also leaked some of the data on their Telegram channel. Yet, it is unclear whether the stolen data contained confidential data.

Screenshots leaked by hackers on their Telegram group

Additionally, Black Reward gave a 24-hour deadline to the government on their Twitter handle on Friday for exposing documents on the country’s nuclear program if all “political prisoners, prisoners of conscience and people arrested in the recent protests.” aren’t released.

“Unlike Westerners, we do not flirt with criminal mullahs,” Black Reward wrote.

On Saturday, the group released some data on social media, which included a brief clip from a nuclear site in Iran and documents containing payslips, agreements, and maps.

**Background Information**

According to the agency’s statement on Sunday, as **reported** by Reuters, in this “foreign-backed attack,” the attackers’ agenda seems to be an attempt to escalate tension amidst Mahsa Amini’s death and subsequent protests that have gripped Iran for weeks.

For your information, the Iranian government is dealing with public demonstrations after the suspicious death of a 22-year-old female, Mahsa Amini. The country’s moral police detained her for allegedly violating Iran’s dress code for women.

After her death, Iran has seen an unprecedented increase in large-scale cyber attacks on its critical government infrastructure. For instance, **Anonymous hackers have launched OpIran** in support of protestors, while hackers from different backgrounds are **using Telegram and dark web platforms** to teach Iranians how to evade government censorship, how to use VPN, and even carry out cyberattacks against the country’s sensitive targets.

1.  **Iran’s Top Tier Airline Mahan Air Hit by Cyberattack**
2.  **Iran’s Largest Steel Producer Hit By Crippling Cyberattack**
3.  **The US Charges 3 Iranian Hackers Over Ransomware Attacks**
4.  **Smartphones of Iran’s protest detainees targeted with spyware**
5.  **Iran State-Run TV’s Live Transmission Hacked by Edalate Ali Hackers**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Black Reward Hackers Steal Trove of Emails from Iran’s Atomic Energy Agency

By Waqas
Fact: Medical devices are often designed with convenience and functionality in mind, rather than security. 
This is a post from HackRead.com Read the original post: Why IoT Security in Healthcare is Crucial

When it comes to health care, the stakes are high. That’s why IoT security for healthcare is crucial. IoT devices are becoming increasingly prevalent in healthcare. From wearable devices to medical implants, these devices have the potential to revolutionize patient care. However, they also introduce new security risks.

Medical devices are often designed with convenience and functionality in mind, rather than security. This can make them easy targets for attackers. If an attacker gains access to a device, they could potentially exploit it to steal sensitive data or disrupt critical operations.

The Internet of Things (IoT) has also become a powerful tool for individuals and businesses to leverage. By connecting devices to a network, they can be utilized to generate vast volumes of crucial information that aid in business models and effective process management.

In healthcare institutions, IoT devices are just like regular networked devices. It is crucial that these devices are kept safe as part of cyber security practices in the industry. Healthcare institutions have some powerful options available to them to secure their attack surface in this modern age, though. 

Sepio, for example, has developed a solution for healthcare IoT security. Their solution monitors IoT hardware devices, in real-time to give healthcare facilities full asset visibility.

**Healthcare industry Uses of IoT Technology**

Advancements in healthcare IoT devices are being made at a rapid pace with healthcare institutions taking full advantage of the improvements they bring. 

**Handheld Smart Devices**

These devices are typically utilized to give caregivers immediate access to accurate patient history and up-to-date diagnostic and personal information. This is possibly one of the healthcare industry’s most useful and widely utilized IoT devices.

Some institutions even pair these handheld devices with other technologies like smart pens. Apart from the ability to be used for writing, these pens can record pen strokes and transmit information to servers in real-time.

**Monitoring Tools**

A large part of any healthcare institution’s data collection comes from monitoring patient vitals in real-time. For this purpose, monitors can be utilized that are capable of remotely connecting to nurses’ or caregivers’ stations or even their own mobile devices. It provides greatly increased versatility since a patient can now be mobile throughout the ward or even the entire hospital. 

**Remotely Operated Medical Pumps**

These kinds of pumps make up the majority of IoT devices in use. From general-use infusion pumps to insulin pumps for diabetic patients, medical pumps ensure that patients receive closely regulated quantities of fluids such as blood, medicine, and insulin.

However, the bad news is that according to a recent study, 75% of tested smart Infusion Pumps were found vulnerable to remote attacks.

Medical IoT pumps allow caregivers to monitor patients recovering from home, providing quality of life to those who otherwise would have been confined to hospitals. Typically, these devices need to conform to security standards prescribed by the NIST.

These are just some of the many devices in use by the healthcare industry today.

**How has IoT Transformed the Healthcare Industry? **

From the list above it should be clear that not only have IoT devices in healthcare improved the mobility of patients, but it has also had a significant impact on the available medical staff.

IoT devices have improved the care given by healthcare institutions too. By providing timely and accurate diagnostic information to caregivers, medical decisions can be made in time to save lives, improving the quality of care for so many people.

**Healthcare IoT an Unmistakable Target**

Looking back at the devices we covered, we should also mention that these devices are amongst the most attacked by threat actors. Gaining access to personally identifiable patient information along with a good chance of seizing financial information too, can be a massive payload to threat actors.

Ransomware attacks are one of the most common cyber security attacks aimed at Medical IoT devices. Healthcare institutions would typically need to cooperate since the lives of their patients can be endangered by these threat actors. 

In some cases, IoT devices may even be used to launch attacks on other systems. For example, the WannaCry ransomware attack on England’s NHS exploited a flaw in Windows XP that had been previously identified by the NSA. The attack impacted hospitals around the world, causing appointment cancellations and disrupting patient care.

Although the trend is changing, most healthcare institutions don’t necessarily care whether devices are HIPAA compliant, or whether they are sufficiently encrypted. Threat actors easily target these healthcare IoT devices. 

**Why is IoT Security so Crucial in the Healthcare Industry?**

An inadequate cyber security system could mean the difference between life and death for a patient if it is not in place. By neglecting the remediation of vulnerabilities in healthcare IoT devices vast volumes of personal patient information could leak during a breach. Having devastating effects on both patients and the institutions they trusted with their information and care.

**Conclusion**

The unfortunate truth is that the healthcare industry will remain a high-level target for threat actors and that healthcare institutions need to ensure that they do everything in their power to keep IoT devices safe from breaches. Making IoT security crucial to this industry.

1.  Importance Of Medical Alert Devices In 2021
2.  Shared clinical workstation security and access
3.  Intel chip flaw left cars, medical and IoT devices vulnerable
4.  White hat hacker infects smart coffee machine with ransomware
5.  Access:7 Supply Chain Flaws Impact ATMs, Medical, IoT devices

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Why IoT Security in Healthcare is Crucial

By Owais Sultan
Proxy servers aren’t foolproof solutions for hiding your identity and facilitating anonymous connections. As human-made tools, they’re prone…
This is a post from HackRead.com Read the original post: Tools for Testing Your Proxy Servers

Proxy servers aren’t foolproof solutions for hiding your identity and facilitating anonymous connections. As human-made tools, they’re prone to fail, especially when connected to unstable internet or poorly configured.

Once you lose the link to your proxy server, your device will connect directly to websites with your ISP-generated IP address. That leaves every detail of your connection open, risking IP blocks and malware infection.

**How to Test Your Proxy Connections**

Testing proxy server connections is mandatory when scraping data and surfing the web anonymously. IP leaks during these serious activities have drastic consequences. The frenzied way bots work, whether they be for buying sneakers or gathering market intelligence, can raise suspicion, leading to the closure of one’s accounts.

When harvesting data from the internet, the leaking of IPs will cause the blocking of your scraping bots. Additionally, hackers can access your financial and private data when your connections are open. Use proxy testers to maintain stable proxy connections and keep your online activities secure and confidential. Here are some of the popular ones.

**IP Checkers**

IP checkers are robust tools for checking the connectivity and performance of your proxy servers. These tools provide an easy way to manage digital network connections through IP address filtration, allocation, and management. IP trackers operate differently, but their most basic function is providing a database of all connected IPs. They scan and provide accurate details of configured and active IPs.

Top-tier IP checkers include Advanced IP Scanner, Angry IP Scanner, and BlueCat. These IP checkers reveal your HTTP headers and location. Accurate details of your proxy connection location and IPs protect against connecting to insecure websites or getting blocked by streaming services or geo-censored websites.

**FOGLDN Proxy Tester**

FOGLDN Proxy Tester is the best tool for checking the speed of your rotating proxy connections. The tester generates real-time, direct ping times to all websites you’re connected to. It auto-generates connection speeds, giving accurate details of the time taken to authenticate and confirm a connection. For that reason, you can use FOGLDN to monitor your proxy server latency.

FOGLDN Proxy Tester is user-friendly and affordable. However, it doesn’t give clear reasons when tests fail. In addition, the tool won’t convey anonymity level, proxy location, and usage type.

**Hidemy.name**

Hidemy.name is the most sophisticated and efficient free proxy checker. The tool gives comprehensive details of proxies, including anonymity level, proxy type, connection speed, and precise location. It automatically detects proxies collected from different websites, often filtered per protocol type, including SOCKS5, HTTP, and HTTPS.

Hidemy.name offers robust AES 256-bit encryption and strong leak protection. It can tell exactly how secure and anonymous a proxy connection is while enabling you to know the probability of a proxy server connection leaking. It categorizes connections according to anonymity levels.

**IP Databases**

Other crucial tools to use with your proxy servers are IP databases. These IP revealing tools contain a dataset of IP addresses, enabling you to tell an IP’s location. Rotating proxies generate a collection of alternative IP addresses. If an IP gets blocked by certain websites, you won’t know unless you try to access the website to no avail. The best thing about IP databases is that they provide comprehensive details of all proxies, including the ones blocked from accessing certain websites.

Let’s say you use YourPrivateProxy as your proxy provider. You can check the proxies against IP databases to ensure they’re viable. This way, you can always be sure that your connection is secure.

IP databases also give signals of blocklisted IP addresses, protecting you from connecting to such IPs and risking getting blocked. IP databases provide varied kinds of data, including the location and type of IP address, the domain name, and the usage type.

1.  Proxy or VPN for Netflix – Which is Best?
2.  Can You Secure Your Smartphone with a Proxy?
3.  What is VPN and what does data logging by a VPN means?
4.  911 (911.re) Proxy Service Shuts Down After Security Breach
5.  Mirai Variant Turns IoT Devices into Proxy Servers for Cryptomining

**Conclusion**

Proxies aren’t inherently designed to function error-free, delivering 100% uptime, outstanding speeds, and high anonymity levels. High-quality and well-configured paid rotating proxies will provide near-perfect connections, but even that is not 100% guaranteed. Despite accurate configurations and full-time maintenance, you must expect proxy servers to fail in some instances.

Cut the risks of dealing with leaked IP addresses and insecure connections by using proxy testers to maximize the work of proxy servers. Remember to identify and use subscription-based proxies confirmed to match the highest standards of anonymity, security, uptime, and speed.

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Tools for Testing Your Proxy Servers

By Deeba Ahmed
This hybrid method can provide improved predictions from one week before the fire using finer scales (4kmx4km resolution). 
This is a post from HackRead.com Read the original post: AI-based Model to Predict Extreme Wildfire Danger

Researchers at Gwangju Institute of Science and Technology have developed an AI-based, hybrid system to predict wildfire danger. This brand-new, innovative forecast system combines deep learning algorithms with the currently available forecast models for accurately detecting wildfire conditions and enhanced coverage of existing models.

**Wildfire Danger- A Rising Threat to Survival**

No doubt, raging wildfires across the world are causing substantial economic damage. Also concerning is the ever-increasing number of fatalities caused by wildfires. If there’s a system that can predict this catastrophic event, it can substantially decrease damage since the available forecast systems aren’t as accurate or effective. Due to the limitations of these systems, it becomes impossible to predict an upcoming wildfire.  

**Details of the New AI-based Model**

According to researchers, an Artificial intelligence (AI)\-based model can help predict wildfires better than conventional methods because of the involvement of deep learning, which improves prediction accuracy.

Moreover, AI-based mode can determine where and when the fire will happen. This can also help in resource allocation and improving fire prevention. Applying a deep learning algorithm can enhance wildfire danger predictability in the Western US.

> “This study is a big step forward as it demonstrates the potential of such an effort for enhancing fire danger prediction without the need for extra computing power.”
> 
> Dr. Rackhun Son – Lead author

The research results from a joint effort between US and South Korean researchers. This hybrid method can provide improved predictions from one week before the fire using finer scales (4kmx4km resolution). This can significantly improve fire management and suppression.

**What Makes it Different from other AI-based Methods?**

AI methods involving the use of data can infer things considerably well, but it is still difficult to determine how it achieved the inference. Researchers combined AI’s deep learning algorithm with computer models that worked on physical principles. This combination helped them diagnose extreme levels of fire danger.

Hence, benefitting from the AI-based model’s computational edge. These predictions are made after considering geographic features and strong winds. Such as in the Western US, where high canyons and mountains are widespread, this method can help make accurate predictions, which coarser models can find difficult. This model can eliminate the reliance on regional downscaling, which is more expensive, computationally exhausting, and time-consuming.

High-resolution deep learning-assisted wildfire prediction

**An Ongoing Research….**

Co-author of the research, Prof. Kyo-Sun Lim from Kyungpook National University, Korea, stated that the newly developed AI-based model could make accurate high-resolution fire forecasts in much less time and is relatively more cost-effective than traditional systems. He further noted that in this study, they tested AI for fire danger prediction in the Western US but plan to apply it to weather extremities in other parts of the world.

1.  How to use AI in cybersecurity?
2.  Fields of application of artificial intelligence
3.  Website uses AI to create utterly realistic human faces
4.  Microsoft patent reveals chatbot to talk to dead people
5.  This AI Can Generate Unique and Free Bored Ape NFTs

AI-based Model to Predict Extreme Wildfire Danger

By Owais Sultan
Most developers are wondering which framework should I choose. We are talking about the three most popular, namely…
This is a post from HackRead.com Read the original post: Should You Choose Angular, React, or Vue?

Most developers are wondering which framework should I choose. We are talking about the three most popular, namely Angular, React, and Vue. We will try to understand this by making a small comparison.

**Angular**

Google is responsible for developing and maintaining Angular along with an international development team.

**React**

In this case, the international group that develops and maintains React is Facebook (Meta).

**Vue**

In the case of Vue, things are somewhat different, since it does not have an international company for development and maintenance, but a team of employees around the world, chief among which is Evan Yu as its creator.

**Framework Philosophy**

Now consider the different philosophies for each framework.

**Angular**

The core philosophy of Angular is to give everything a developer needs, as Angular is a framework with many features already built in, such as form validation, HTTP request submission, routing, state handling, and more.

Because of this, many refer to Angular as a platform rather than a framework due to the large number of features built into it. And not only because of the features or capabilities that can be used at the development level but also because of its ecosystem in which its core (which is managed by Google’s development and maintenance team) has additional tools such as command line, interfaces for managing and creating projects, easily add support for progressive web pages (PWA), etc.

In the functions section of the official website, you can explore the built-in functions in more detail, as well as get the documentation guidelines, which have an extensive catalog of Angular functions.

All this shows us that it’s very unlikely to run into a problem when Angular itself doesn’t have a built-in function to solve it.

**React**

Unlike Angular, React is the opposite, it focuses on being as minimalist as possible with an emphasis on UI design, so it’s considered more of a library than a framework itself. React calls itself a library. While it also has detailed documentation on how to use its functions, React has far fewer built-in functions than Angular.

So when developing a project, you end up using a lot of 3rd party packages or other resources, be it for routing, handling state, sending HTTP requests, etc.

This can lead to different points of view. Many people think about how minimalistic React is, while others think that the framework already has everything at hand to start working. Regardless, the React community is large, so if you run into problems, there’s likely to be a package or other resources available to help solve them.

**Vue**

We can say that Vue is in between Angular and React as it is a framework that offers some built-in features, but not as many as Angular. It mainly focuses on built-in features that are essential for writing code, such as routing and state handling, which are supported by the Vue team, but other features, such as form validation, are not built-in and depend on a third-party package. So it will be more than React but less than Angular in regards to inline functions.

Vue focuses on code, and despite having a good command line interface, it doesn’t have as many tools as Angular, although it’s slightly better than React.

To sum up, Angular has a lot of built-in features, React is minimalistic in this respect, and Vue is somewhere in between. But all these frameworks and libraries are focused on building user interfaces from reusable components and that doesn’t change whether you work with one or the other as they focus on making application development more powerful and easier for developers, so they adopt the concept of building user interfaces from components.

1.  Best Data Science Tools
2.  Magento 1 vs Magento 2
3.  React Prereleases-Preparing for the Future
4.  Why is learning Python important in Data Science?
5.  Incorporating machine learning in data mapping for improved results

Owais takes care of Hackread's social media from the very first day. At the same time He is pursuing for chartered accountancy and doing part time freelance writing.

Should You Choose Angular, React, or Vue?

By Owais Sultan
Credit card scams are on the rise, and according to research, the US and Canadian citizens are more…
This is a post from HackRead.com Read the original post: Credit Card Scams and How to Avoid Them

Credit card scams are on the rise, and according to research, the US and Canadian citizens are more likely to be a victim of this crime than those of any other country in the world, with billions lost annually to crooks and fraudsters.

Both individuals and businesses can be at risk of credit card scams, which are now recognized as the most common form of identity fraud – there were half a million cases in the US last year alone. Fortunately, you can take several simple steps to avoid getting caught up in a con – here’s what you need to know.

**Only Buy From Trusted Websites**

One of the most common ways that scammers get hold of victims’ credit card details is via cloned or fake websites. These sites may appear totally legit and could even masquerade as a well-known brand’s website but have, in fact, been set up by crooks purely to harvest unsuspecting visitors’ card details.

Avoid this by only buying from trusted sites. To do this, start by looking at the website’s address bar to ensure it’s that of the business you think it is. Scammers deploy tricks such as replacing the odd letter with a special character (such as a $ for an S) so that, at first glance, the website address seems legit.

Also, ensure that the address starts with ‘HTTPS’ rather than just ‘HTTP’ – this indicates that it’s secure and mechanisms are in place to protect your payment and personal details.

**Use Secure Payment Processing Systems**

How you process customers’ card transactions is crucial for businesses to avoid clients’ details falling into the wrong hands.

Ensure your merchant service provider offers the highest levels of security possible – some are specifically designed for what is considered ‘high-risk’ industries. It’s also vital to ensure that any physical copies of receipts your business holds are kept securely. This means keeping them locked away, ideally in a safe, where they can’t be easily accessed.

**Check Your Statements Regularly**

A low-tech but extremely effective way to guard against credit card scams is to check your card statements regularly: ideally, once or twice a fortnight.

Many scammers, having gotten hold of your card details, will siphon off very small amounts of money initially, so you’re unlikely to notice. After a while, they may use your card details to make an expensive purchase, potentially clearing out your available funds.

Go through your statements with a fine tooth comb, looking for anything unusual or a payment to a business or individual you don’t recognize. If you spot something suspicious, get in touch with your bank or card issuers immediately to let them know what’s happened.

**Protecting Your Card**

Scammers don’t just operate in the digital world: it’s important to take steps to ensure the safety of your physical card.

Crooks now have access to devices that can potentially harvest your card details even when it’s safely tucked away in your wallet or a pocket – the scammers simply need to be physically close to you – which can be surreptitiously done while waiting in line to pay, for example, or walking around a busy store.

Now cardholders on the market will block out attempts to read these details – an easy, cost-effective way to guard against fraudsters. Alternatively, although unconfirmed, some suggest wrapping a card in aluminum foil will also have the same protective effect.

**Keep Your Devices Secure**

Another way scammers can access your credit card is via the devices you use. To prevent being hacked, ensure you not only deploy high-quality virus and malware protection but also update it regularly.

Avoid, too, using public Wifi connections, especially to make purchases. These connections are relatively easy for hackers and snoopers to access, allowing them to get hold of your card and personal details.

Consider using a VPN (a virtual private network) to connect to the internet, which provides a much more secure way to be online and makes even connecting via public Wifi safe.

A VPN works by protecting your device’s IP address and encrypting all internet traffic – even in the unlikely event that a hacker gains access to your data, they won’t be able to interpret it.

**Stay Safe from Phishing Attacks**

Phishing attacks are on the rise and are a common way that con artists commit credit card fraud. Typically, an email is sent to an unsuspecting recipient, often appearing to be from a legit business or brand or possibly from the recipient’s bank. However, when the victim clicks on the link and enters the requested details, they’re actually giving their information to a scammer.

Always be on guard for phishing emails: never click on a link unless you are absolutely sure the message is from who it says it is. Poor spelling, grammar, or layout is a major red flag of a phishing scam, as is an incorrect ‘from’ address. To check the latter, simply hover the mouse over the sender’s name, and see if this matches the company that the message purports to be from.

**Staying Safe from Scams**

Around 10% of the adult population in the US falls victim to credit card scams every year – avoid being part of this statistic by taking the relevant steps outlined above to stay safe and secure from fraudsters.

1.  Hackers now use web skimmers to steal credit card data
2.  22 people indicted on malware, credit card fraud charges
3.  5 Signs your WordPress Site is Hacked (And How to Fix It)
4.  Authorities disrupt stolen credit card trading scam on dark web
5.  Protection Against Online Scams: How to Keep Your Credit Safe

Credit Card Scams and How to Avoid Them

By Deeba Ahmed
According to Group-IB's report, OldGremlin Ransomware Gang poses as reputed firms to infiltrate networks via phishing emails.
This is a post from HackRead.com Read the original post: OldGremlin Ransomware Gang Known for Targeting Russia Launches Linux Malware

OldGremlin is a notorious ransomware group known for targeting Russian organizations and has launched a wide-scale multi-million campaign. Their targets are **Russian entities**, and the group demands large ransoms in return. The gang’s victims include organizations in insurance, logistics, retail, software development, real estate, and banking.

According to a report from Group-IB, OldGremlin ransomware gang is a Russian-speaking ransomware gang that has been fairly active since 2020 and around sixteen malicious campaigns have been attributed to this gang during the past two and a half years. All of these targeted Russian organizations.

Also known as TinyScouts; OldGremlin is among the few financially motivated cybercrime groups (other groups include **Crylock**, **Dharma**, and **Thanos**), focusing primarily on Russian entities.

So far, OldGremlin ransomware gang has conducted ten phishing email campaigns, all launched in 2020, a successful ransomware attack in 2021, and five attacks in 2022. Their ransom demands have been comparatively higher. In some cases, the group even asked for $16.9 million and netted around $30 million in illegal revenues.

Group-IB

In its debut year, 2020, the gang carried out dozens of campaigns targeting micro-finance firms, a tractor manufacturer, a metals and mining firm, and business media holding firm consecutively.

> “The demanded ransom is therefore often proportional to the company’s size and revenue and is obviously higher than the budget necessary for ensuring a suitable level of information security.”
> 
> Group-IB

**Campaign Details**

According to Group-IB’s **press release**, OldGremlin has developed a new malware for Linux systems. The group poses as reputed firms such as media group RBC, Russian Union of Industrialists, 1C-Bitrix, or legal assistance provider Consultant Plus to infiltrate networks **via phishing emails**.

The group manages to achieve initial success via a phishing email and deploys tools like **Cobalt Strike** for lateral movement. It establishes persistence through the creation of scheduled tasks and obtaining escalated privileges.

It also exploits a flaw in Cisco AnyConnect (**CVE-2020-3153** and **CVE-2020-3433**) and gains remote access to the targeted infrastructure using tools like TeamViewer. Once this is done, the group stays inside the victim’s network for around 49 days and then launches the ransomware.

Victims can contain the threat using an effective malware detection solution during this time. Group-IB noted that the most recent phishing wave assigned to OldGremlin ransomware occurred on 23 August 2022 in which phishing emails embedded links to a ZIP archive payload hosted on Dropbox for activating the killchain.

Resultantly, the archive files launch a rogue LNK file (TinyLink) for downloading a backdoor (TinyFluff). Moreover, the group uses other implants besides TinyFluff, including TinyPosh, TinyShell, TinyNode, before deleting data backups. Then it launched the .NET-based TinyCrypt ransomware.

Although the group is focused on Russian organizations, Group-IB noted that it might expand its geographical boundaries after some time.

1.  **New DDoS Malware ‘Chaos’ Hits Linux and Windows Devices**
2.  **Windows, Linux and macOS Users Targeted by Chinese APT Group**
3.  **DDoS App Meant to Hit Russia Infected Phones of Ukrainian Activists**
4.  **President Putin’s Economic Forum Speech Delayed due to DDoS Attack**
5.  **Feds Dismantle Russian Rsocks Botnet Powered by Millions of IoT Devices**

OldGremlin Ransomware Gang Known for Targeting Russia Launches Linux Malware

By Waqas
The Chainscanner is available for free on the Ankr website, allowing users to search for transaction data, addresses, smart contracts, and much more.
This is a post from HackRead.com Read the original post: Ankr Launches Chainscanner Blockchain Explorer Tool

The San Francisco, California-based leading Web3 infrastructure-providing firm Ankr has **announced** the launch of Chainscanner, a blockchain explorer tool. The tool is designed to help users find and analyze data on the Ethereum blockchain.

Chainscanner is available for free on the Ankr website. The tool allows users to search for transaction data, addresses, and smart contracts. It also provides a visual representation of data from the **Ethereum blockchain**.

The new development came just days after **Ankr announced** becoming the first RPC provider to the Aptos Blockchain.

Chainscanner’s interface

Ankr vows that Chainscanner is more user-friendly and accurate than other alternatives. What makes Chainscanner different is its focus on simplicity and usability. The interface is designed to be intuitive and easy to use, while the underlying algorithms are designed to be more accurate and efficient.

In addition, Chainscanner offers a number of unique features that other tools lack. For example, it includes a built-in wallet explorer that allows users to track their transactions and balances in real time. It also offers an advanced search function that makes it easy to find specific transactions and addresses.

Ankr also offers AppChains-as-a-Service, a new way to develop and deploy decentralized applications. It is a turnkey solution that allows developers to focus on building their applications on customized subchains including BNB Chain (BSC), Avalanche (AVAX), and Polygon (MATIC), while Ankr manages the infrastructure and scaling.

With Chainscanner, developers and users will have access to transparent and independent results and data about validators, active users, token info, token holders, and more.

Similarly, they can also stake their tokens to support a personal selection of AppChains and participate in governance for AppChains. Users will find it easier as it pertains to getting involved with governance, staking, or development with Chainscanner.

> “Chainscanner is an essential new building block for AppChains that greatly improves user experience with tools made to let users instantly search for data, stake tokens, vote on governance proposals, get development resources, apply to become a validator, and learn everything about different chains.”
> 
> Kev Silk, Product Manager for Ankr AppChains

In conclusion, Chainscanner will make it easy for users and new investors to explore the complicated **blockchain ecosystem** in a user-friendly manner.

1.  **DeFiChain Announces Adding Four New dTokens**
2.  **What is Blockchain Gaming and its Play-to-Earn Model?**
3.  **Ankr Becomes First RPC Provider to the Aptos Blockchain**
4.  **DeFiChain gives DeFi a major boost with decentralized assets**
5.  **Cake DeFi Added Ethereum Staking Service to Allow Unstaking**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Ankr Launches Chainscanner Blockchain Explorer Tool

By Deeba Ahmed
According to researchers, the data included 335,000 emails, 548,000 users, and 133,000 projects.
This is a post from HackRead.com Read the original post: Microsoft Exposed 2.4 TB of Business Customer Data in BlueBleed Breach

The IT security researchers at SOCRadar have identified a treasure trove of data belonging to the technology giant Microsoft that was exposed online – Thanks to a database misconfiguration – The researchers have dubbed the incident “BlueBleed.”

Microsoft has already acknowledged the exposure of customer data and email content in the incident. The company also confirmed that the data exposure happened inadvertently as the company failed to configure a server, which exposed sensitive customer data.

Per Microsoft, a misconfigured endpoint exploit leaked the data. Microsoft asserted that the data was mostly related to business transactions between Microsoft and its “prospective customers.”

> “The issue was caused by an unintentional misconfiguration on an endpoint that is not in use across the Microsoft ecosystem and was not the result of a security vulnerability.”
> 
> Microsoft

**Incident Details**

The incident was **reported** to Microsoft by threat intelligence firm SOCRadar. The company regards the incident as one of the most “significant B2B leaks.” SOCRadar informed Microsoft about this leak in September 2022.

Further probe revealed that leaked files were dated from 2017 to August 2022. SOCRadar revealed identifying several misconfigured cloud storage buckets dubbed BlueBleed. This includes six large buckets storing information about 150,000 firms across 123 countries.

The buckets included a **misconfigured Azure Blob Storage database**, which contained info on over 65,000 entities in 111 countries. But Microsoft stated that the number is pretty exaggerated and fairly low.

**Exposed Data**

In total, 2.4 TB of files collected are part of this leak. It is alleged that the data includes 335,000 emails, 548,000 users, and 133,000 projects. The exposed data reportedly contains names, email content, email IDs, company name, and phone numbers.

In addition, in a **blog post**, Microsoft revealed that exposed data includes attached files on business dealing between Microsoft and a customer or Microsoft or an authorized partner. The leak also includes PoE (proof-of-execution) and SoW (statement of work) documents, product orders/offers, project details, user info, and private data.

Leaked email data (SOCRadar)

Microsoft quickly addressed and fixed the issue and notified affected customers about the incident. However, this is not the first time when Microsoft exposed such sensitive data online. **In September 2020**, the Microsoft Bing server exposed user search queries and location data.

The disturbing part of the incident was the fact that the Microsoft Bing server logged some horrific search terms, including searchers for murder and child abuse content.

1.  **A critical bug in Microsoft left 400M accounts exposed**
2.  **250m Microsoft customer support records leaked in plain text**
3.  **LAPSUS$ Leak Trove of Data, Claim to Breach Microsoft and Okta**
4.  **Microsoft investigating Windows XP, Server 2003 source code leak**
5.  **38 million records exposed in Microsoft Power apps misconfiguration**

Microsoft Exposed 2.4 TB of Business Customer Data in BlueBleed Breach

By Waqas
The malware has been identified as I3mon, which can perform all kinds of spying operations.
This is a post from HackRead.com Read the original post: Smartphones of Iran’s protest detainees targeted with spyware

In recent months, there has been a growing number of protests in Iran after **Mahsa Amini’s death**. And while these protests have been met with a heavy crackdown by the government, it seems that they may have also been targeted by spying malware.

According to Voice of America (VoA), spyware has been detected on the Android cellphones of some individuals recently detained for protesting against the government. 

It is worth noting that on September 16th, 2022, a 22-year-old Iranian woman named **Mahsa Amini died in Tehran, Iran**, under Police custody. Amini was arrested for failure to follow government-mandated forms of the Hijab.

The malware, identified as **I3mon**, can perform all kinds of spying operations. It comes with an installation file (com.etechd.l3mon.apk).

VoA obtained a copy of the spyware. In its report, the agency noted that the malware was previously distributed on different forums and titles such as **Telegram with Free Internet**.

On the other hand, cybersecurity firms like **Kaspersky** and Dr. Web have already categorized the malware as a trojan of the Android malware family. Dr. Web **dubbed** the malware as “Android.SmsSpy.88.origin” back in August 2015.

**How Infection Occurs?**

I3mon is very common spyware among cybercriminals. They frequently deploy it to steal ID and credit card details and obtain sensitive data such as passwords. It is generally distributed via infected links, emails, or third-party platforms.

The malware may also be distributed under the guise of legitimate apps or **hidden in apps available on Google Play Store**. But it may also be manually installed on the device. It can be installed on computers and virtual servers to target cloud users.

Furthermore, the spyware is designed in JavaScript and is cloud-based. Moreover, the spyware uses a nodeJS environment and is licensed as open-source software.

VoA’s Persian language **report** claims that the malware on the devices of Iranian protestors was activated on a German server, and the data from the victim’s cellphone was transmitted outside of Iran.

**Spyware Capabilities**

If the phone is infected, it can allow attackers to access the phonebook, call logs, internet connection, microphone conversations, and SMS sent/received by the victim. In addition, it can record audio, send out location data, sub-access lists, installed apps lists, monitor typed words live, and access notification lists and mobile Wi-Fi connection details.

Spyware disguised as a fake Adobe Flash app for Android asking for administrative privileges and stealing PayPal and banking credentials (Dr.Web)

Security experts suggest users adopt preventive measures and install authentic antivirus software. If they haven’t installed **the antivirus**, it becomes essential to keep checks on battery overcharging and app accessibility features because the malware could be hidden behind an app and may cause the battery to drain quickly.

If you suspect a malware infection, run a factory reset or get the device checked by an expert.

In conclusion, this discovery raises severe concerns about the government’s use of surveillance against its own citizens. It also highlights the need for better protection for protesters and dissidents in Iran and elsewhere.

1.  **Irani and Chinese State Hackers Exploiting Log4j Vulnerability**
2.  **Iran State-Run TV’s Live Transmission Hacked by Edalate Ali Hackers**
3.  **Iranian Hackers Spread RatMilad Android Spyware Disguised as VPN**
4.  **Hackers turn to Signal, Telegram, Dark Web to assist Iranian protestors**
5.  **Iran’s COBALT MIRAGE Threat Group Behind Ransomware Attacks in US**

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

Source

HackRead