Turkish Hackers Threaten To Break Into Armenian State Agency Websites

Turkish Hackers Threaten To Break Into Armenian State Agency Websites

The Turkish hacker group had attacked FC Spartak Moscow’s official website.

The Turkish hacker group named Ayyıldız (Moonstar), which had attacked FC Spartak Moscow’s official website—after Yerkramas newspaper of the Russian Armenians had ran an article entitled “Spartak fans will wave Armenia’s and Artsakh’s [Nagorno-Karabakh Republic] flags in Istanbul”—had threatened to break into Armenian state agency websites, too.

The group had stated that it was decided to attack the websites of Armenia’s General Staff of the Armed Forces and the country’s other state agencies, if Spartak fans carry out provocations in the match to be played in Istanbul between Fenerbahce S.K. of Istanbul and FC Spartak Moscow, Yenisafak daily of Turkey reports.  

The UEFA Champions League qualifications second-leg match between the two clubs was played Wednesday under very tight security and no serious incidents were recorded.

As NEWS.am Sport informed earlier, Turkish hackers broke into FC Spartak Moscow’s official website, on the evening of August 22, and the website is down ever since. The hackers attacked the website on Monday, too. 

The portrait of Mustafa Kemal Ataturk—founder of the Rep. of Turkey—appeared on the website’s homepage on August 22, and with the following inscription: “Immediately apologize to the Turkish nation! FIFA [International Federation of Association Football] did not heed this fact, but we will not leave this crime unpunished.”

To note, during the UEFA Champions League qualifications first-leg match played on August 21 in Moscow, and between FC Spartak Moscow and Fenerbahce S.K. of Istanbul, Turkey—which ended by a score of 2-1 in favor of the host club—the Spartak fans in the stands had burned posters with the portrait of Ataturk.

Also, it became apparent that the Russian fans had attacked the Turkish football fans in the Russian capital, even before the match. Close to twenty Spartak fans had attacked twelve Fenerbahce fans in a downtown Moscow bar.

News.am

Oracle Fixes Java Zero-Day Flaw, Users Advised to Download Patch

Oracle Fixes Java Zero-Day Flaw, Users Advised to Download Patch

Although few people expected it (many hoped), Oracle has released an out-of-band patch to address the zero-day flaw that affects Java Runtime Environment (JRE) 7. Since attacks that rely on this vulnerability have already been spotted, the company advises users to immediately apply the patch.

The patch addresses a number of three different, but related, bugs that don’t affect standalone desktop applications or servers. However, they affect Java running on desktop web browsers.

 “Due to the high severity of these vulnerabilities, Oracle recommends that customers apply this Security Alert as soon as possible,” said Eric Maurice, director of software security assurance at Oracle.

“Furthermore, note that the technical details of these vulnerabilities are widely available on the Internet and Oracle has received external reports that these vulnerabilities are being actively exploited in the wild.”

Yesterday we reported that users from the Netherlands were targeted with VAT rate increase emails that led to this particular exploit. Similar campaigns are most likely already active and new ones will probably emerge in the upcoming days.

It’s likely that this vulnerability will be exploited for quite some time because, as we’ve seen on numerous occasions, many users fail to apply patches in time.

Hopefully, at least companies will rush to apply the patch to ensure that cybercriminals are not able to disrupt their business workflow.

The fact that this JRE vulnerability caused so much havoc once again highlights a very important thing. Dangerous security holes are discovered all the time in Java, and although many users don’t actually utilize it, they keep it installed on their computers.

We advise you to take a good look at the applications you’re using and the websites you’re surfing. In case they don’t require Java (most of them don’t), be sure to uninstall it.

The latest (patched) version of Java Runtime Environment is available for download here.

Android Malware Owners Fined by UK Regulatory Body

Android Malware Owners Fined by UK Regulatory Body




PhonepayPlus, the organization that regulates all premium rate phone services in the UK, has ordered a Russian company – Connect Ltd – to pay a fine and refund users after researchers highlighted the fact that an application it owned was attempting to trick Android users into signing up to expensive mobile services.

Developers create malicious applications that sign up users to shady mobile services and send SMS to premium rate numbers. When security firms find the malware, they place it on a blacklist and warn users about it, thus preventing the crooks from stealing more money. Then it starts all over again with the release of a new malware.


 However, this may not always be the case and there may be some good news for those who have fallen victim to such crimes, Graham Cluley of Sophos reports.

Back in February, we learned of an application that tricked Facebook users into installing a malicious application on their Android phones. Once it found itself on a phone, the malware sent out an SMS message and subscribed the unwitting individual to a premium service.

After confirming that the application in question presented a suspicious behavior and after determining that the victims might have paid as much as £250,000 ($395,950 or €314,000) for the shady services, PhonepayPlus decided to fine the company.

In case the company doesn’t comply and pay the £50,000 ($79,000 or €63,000) fine and refund all the victims (whether they filed a complaint or not), the agency has the ability to “bring a breach of sanction case” in which a court could impose even tougher penalties.

Besides the considerable fine, in the next couple of years, Connect Ltd will also have to ask PhonepayPlus for permission to offer premium rate services to UK citizens.

Unknown Virus Disrupts World’s Second Largest Liquefied Natural Gas Company

Another mysterious virus hits the Middle East. This time, the victim is RasGas – a Qatar-based company that’s considered to be the second largest liquefied natural gas (LNG) producer in the world, after Qatargas.

According to Arabian Oil and Gas, the virus disrupted the company’s offices, forcing them to shut down their systems, including the public-facing website rasgas.com.

 The organization’s representatives state that cargo deliveries and operations in Ras Laffan Industrial City haven’t been impacted by the incident.

This is the second time this month when such a firm becomes the target of hackers. Earlier in August, multiple hacktivist groups took credit for disrupting the operations of Saudi Aramco, the world’s largest oil company.

At the time, experts found that the attack – which affected some 30,000 computers – might have involved a piece of malware known as Shamoon. The malware covers its tracks by overwriting the stolen files and by completely wiping the infected device’s master boot record.

Saudi Aramco admitted that its systems have been infected with a virus, but a statement released a few days ago reveals the fact that the organization has addressed the problem.

“We addressed the threat immediately, and our precautionary procedures, which have been in place to counter such threats, and our multiple protective systems, have helped to mitigate these deplorable cyber threats from spiraling,” stated Khalid A. Al-Falih, president of Saudi Aramco.

On the other hand, one of the hacker crews which took credit for the attack, claims to have hit the company once again on August 25. On this occasion they leaked the details of core, backup and middle routers.

Similar to Saudi Aramco, RasGas is expected to publish a statement after its systems will be back online. For now, rasgas.com is still unavailable to visitors.

Scientists Warn of Brain Hacking Via BCI Gadgets

If you're already skeptical about brain-computer interface (BCI) technology you'll probably be laugh twice as hard at the notion that hackers could potentially hack brainwave-scanning products like NeuroSky's Necomimi Brainwave Cat Ears or Mattel's MindFlex Duel game to steal your very thoughts.

And you'd be right to be so dubious—up to a point. Yes, true mind-reading is still the stuff of science fiction. But BCI really does work in its limited capacity. And now an international team of researchers says it's shown that captured electro-encephalography (EEG) signals from common consumer BCI devices can be mined to significantly increase the odds of guessing a user's private information.

In a recently published study, researchers from Oxford University, UC Berkeley, and the University of Geneva report having better success at gleaning BCI device users' bank card information, PIN numbers, area of living, and other private info than by simply guessing randomly.

It's not mind-reading, but the scientists say they've shown "that the entropy of the private information is decreased on the average by approximately 15 to 40 percent compared to random guessing attacks."

That's obviously not an insignificant edge and one that might worry owners of popular BCI devices used for gaming, entertainment, relaxation, or wiggling prosthetic cat ears. Particularly since the researchers say nobody's really even thought to try to secure the EEG signals propagated by such gadgets.

How could a BCI device user have his or her brain hacked? The team posits that "by manipulating the visual stimuli presented on screen [to a BCI device user] and by analyzing the corresponding responses in the EEG signal" a malicious individual could significantly increase the odds of figuring out the user's private information.

Kitting out subjects with an Emotiv EPOC device, the team flashed them on screen images of things like maps, an ATM machine, and a bank card to try to flush out brainwave activity that might offer hints to a person's PIN number, geolocation, and where they bank. Some experiments utilized passive methods while others involved directly asking a subject what month they were born, for example.

After crunching the EEG numbers they got back through their algorithms, the researchers report that experiments designed to mine PIN numbers resulted in first guesses being correct 20 percent of the time, a 30 percent success rate for tests designed to determine a subject's location, and a very impressive 60 percent success rate for identifying users' month of birth.

Local UK Police Site Hacked, Personal Details Dumped Online

Local UK Police Site Hacked, Personal Details Dumped Online

Part of a Hertfordshire Police web site has been hacked, with the attacker uploading his stupid treasure trove of IP addresses and phone numbers of officers online.

Hertfordshire Police says the stolen data was hosted externally on a database associated with some sort of Neighbourhood Watch scheme, so the hacker wasn’t exactly setting his sights particularly high. The police site has been taken offline while staff investigate what was accessed and what actually turned up online as a result.

The hacker added the banner “OpFreeAssange” to the data he published along with quotes from the famous Ecuadorian immigrant, so it looks like this is some sort of weird revenge attack against authorities for pestering poor Julian — although the person responsible also said he wasn’t part of the notorious Anonymous collective