German authorities have seized today a web server that hosted BlueLeaks, a website that provided access to internal documents stolen from US police departments.

The server belonged to DDoSecrets (Distributed Denial of Secrets), an activist group that published the files last month, in mid-June.

The server seizure was announced today by investigative journalist Emma Best, one of the DDoSecrets public figureheads.

“We have received official confirmation that #DDoSecrets’ primary public download server was seized by German authorities (Department of Public Prosecution Zwickau file number AZ 210 AR 396/20),” Best wrote on Twitter today.

“The server was used ONLY to distribute data to the public. It had no contact with sources and was involved in nothing more than enlightening the public through journalistic publishing,” she added.

Following today’s action, the BlueLeaks portal is now currently down.

The website was active since June 19, when DDoSecrets published more than 269 GB of data containing more than one million files.

DDoSecrets said it received the files from the Anonymous hacker collective. The files included scanned documents, videos, emails, audio files, training materials, private law enforcement alerts, and more, and are believed to contain data from more than 200 US police departments and law enforcement fusion centers.

The BlueLeaks data is believed to have been stolen from a Houston company that provided web hosting services to US law enforcement agencies.

Four days after the BlueLeaks data was published, Twitter intervened and imposed a permanent ban the official DDoSecrets Twitter account, which the organization was using to promote the BlueLeaks portal.

Twitter said the account violated its platform policies regarding the sharing of links to private data and hacked materials. Along with the ban, Twitter also started blocking users from posting links to the BlueLeaks website.

In an interview with Wired, Best admitted that the DDoSecrets team might have missed sanitizing or removing files containing sensitive information.

US authorities said last month they were looking into the BlueLeaks security breach, but they never confirmed an official investigation, as per policy. It is currently unclear if German authorities acted at the request of their US colleagues; however, it is highly likely that they did.

The Zwickau Department of Public Prosecution did not return a request for comment sent after working hours. Best was not immediately available for comment.

Read Original Article…

A database containing access keys for thousands of patient records held by SA medical data startup LogBox was exposed to potential hackers.

A security researcher discovered a vulnerability on LogBox’s systems that allowed him to gain access to an external database with access tokens for users. According to the researcher, these tokens can be used to get access to user accounts.

LogBox says the vulnerability has since been rectified and it will inform affected users pending an internal investigation.

In reply to questions from Business Insider South Africa, the company explained that “the vulnerability was in a network firewall, rather than in the LogBox application itself.  Specifically, it was a case of an unguarded network port, through which access was obtained to a separate (external to LogBox) database of traffic logs, being used for usage-monitoring and technical support purposes.”

The vulnerability comes just after South Africa’s massive new data privacy law, the Protection of Personal Information Act of 2013 (or Popi) comes into effect.

LogBox was founded in 2010 as a way to help you fill in medical forms. Instead of having to fill in loads of forms when you visit a new doctor, your medical information is kept by LogBox, and can be viewed on the app or website.

The company boasts that your “information is secured according to the highest international standards.”

However, TechCrunch reported that a security researcher, Anurag Sen, managed to find a database containing access tokens for thousands of LogBox users. With these tokens, you could gain access to user accounts without needing to know their password, Sen told TechCrunch.

Sen reportedly informed LogBox of the vulnerability but did not hear back. The database was then apparently pulled after TechCrunch reported on the vulnerability.

LogBox is used, or has been trialed, by Lancet Laboratories, Netcare Waterfall City Hospital, and the Wits University Donald Gordon Medical Centre.

Under Popi, companies are required to inform the new Information Regulator and its users of data breaches, although companies have a one year grace period until July 2021 to comply with the Act.

The company says that it “will file a report as a precautionary measure and as matter of course, even though what transpired may not constitute a reportable event under the newly-promulgated Popi regulations.”

Read Original Article…

D-Link has released a firmware update to fix three out of six security vulnerabilities reported for the DIR-865L wireless router model for consumers. One flaw is rated critical, others are high-severity.

Attackers can use the bugs to execute arbitrary commands, steal sensitive information, upload malware, or delete data.

D-Link’s DIR-865L was released in 2012 and is no longer supported for U.S. consumers but its status on localized pages for European countries is End of Sale. This means that the product can no longer be purchased but it is still supported by the vendor.

High-severity bugs
Vulnerability researchers at Palo Alto Networks’ Unit 42 in late February found half a dozen security vulnerabilities in D-Link DIR-865L and reported them to the maker.

The researchers assess that the flaws may also affect newer models because they share a common code base. They found the following issues, with severity scores from the National Vulnerability Database (NVD):

CVE-2020-13782: Improper Neutralization of Special Elements Used in a Command (Command Injection) – critical-severity score 9.8, not fixed
CVE-2020-13786: Cross-Site Request Forgery (CSRF) – high-severity score 8.8, fixed
CVE-2020-13785: Inadequate Encryption Strength – high-severity score 7.5, fixed
CVE-2020-13784: Predictable seed in pseudo-random number generator – high-severity score 7.5 not fixed
CVE-2020-13783: Cleartext storage of sensitive information – high-severity score 7.5, fixed
CVE-2020-13787: Cleartext transmission of sensitive information – high-severity score 7.5, not fixed
It is worth noting that the command injection vulnerability received a critical severity score from NVD, while Unit 42 researchers note in their report that exploiting it requires authentication; while this can be achieved via the CSRF (cross-site request forgery) flaw, it would fit a lower severity rating.

Gregory Basior, one of the Unit 42 researchers that found and reported the vulnerabilities, says that combining some of these vulnerabilities could allow malicious actors to sniff network traffic and steal session cookies.

“With this information, they can access the administrative portal for file sharing, giving them the ability to upload arbitrary malicious files, download sensitive files, or delete essential files. They can also use the cookie to run arbitrary commands to conduct a denial of service attack” – Gregory Basior

Partial fixes
D-Link reacted by releasing a beta firmware release that fixes only three of the flaws, which would enable an attacker outside the local network to cause damage: CSRF, weak encryption, and storing sensitive info in plain text.

BleepingComputer has reached out to D-Link asking for clarification on the partial fixes delivered in the router but has not received an answer at publishing time.

The company highlights that the product reached end-of-life for U.S. consumers in early 2016 and recommend them to replace it with a newer model that is still supported. Check the list of legacy D-Link products.

“For US consumers, D-Link recommends this product be retired, and any further use may be a risk to devices connected to it and end-users connected to it” – D-Link

Despite having an important role in connecting home devices, routers are rarely replaced when their support period expires. For many users, they are a “set it and forget it” type of hardware, that is replaced only when it becomes technologically obsolete or no longer functions properly.

Installing security router updates is not a priority for the regular end-user, especially in lack of an alert system for new firmware versions or an update procedure that would be easy to handle.

Read Original Article…

The IT industry in South Africa and the rest of the world is in disarray at the moment due to COIVD-19, but it’s worth looking to the future to see what the rest of 2020 and beyond looks like this industry, especially when it comes to the Protection of Personal Information (POPI) Act.

Weighing in on this issue is Terence Govender, the director of the IT Advisory division which has recently been created at Mazars.

“POPI is likely to come into effect in this year, which will expose businesses to significant regulatory pressure and possible fines in the event of cyber breaches. In addition to this, the national lockdown has forced many companies to put temporary measures in place to allow their employees remote access to their servers while working from home. Businesses need to start implementing more permanent solutions to sure-up the security of their systems, while still allowing a substantial part of their workforce to work from home. The corporate network has now extended to the home,” says Govender.

This dual threat of cyber security and regulation is nothing new as we’ve seen a steady uptick of this problems as companies find new ways for their employees to work while remaining safe. For that Govender makes a bold prediction – estimating that 60% of businesses will continue to allow employees to work from home when (and hopefully not if) the lockdown ends.

Kaspersky recently pointed out that 73 of surveyed workers are still waiting for cybersecurity guidance from their employers, making this kind of shift in the workforce all the more important, especially as POPI will hold these businesses accountable for mishandling of user data regardless.

Govender and the IT Advisory division at Mazars have made these further predictions for trends in the IT industry going forward. In it we can see a mix of general movements the industry would be making regardless, as well as those forced by the pandemic.

“Cloud adoption is increasing, with businesses realising the cost benefit and agility this brings
Data is increasingly becoming the new real estate or information assets – this means a greater need to protect it
Cyber security and cyber resilience are becoming key risks on corporate risk registers
The corporate office is extending into the home space, and must be protected accordingly
Digital engagement channels are increasing
Legal and regulatory requirements are increasing
The realisation that large offices are no longer required to conduct business.”

Read Original Article…

The team behind Joomla, the third most widely used open-source content management system (CMS) after WordPress, has disclosed a security breach that occurred last week.

Reportedly, a company employee mistakenly left unencrypted data backup while using its Resource Directory portal exposing around 2,700 records of customers who have signed up for the portal.

The backup was left onto the Amazon Web Services (AWS) S3 Bucket, a third-party data storage platform. Currently, the team is investigating whether the database was accessed by anyone or not.

Joomla is a commonly used CMS for building and managing self-hosted websites and boasts of an utterly vast userbase. It is believed that the security breach may have affected a small portion of its userbase, primarily those who signed up on its Resources Directory (RD).

The RD is a portal designed to let Jooma professionals market their skills and expertise in website building, managing, and marketing.

According to the information shared by Joomla, the backup file was unencrypted and personal details like full name, IP address, business email, and physical address, company URL, business type and phone number, encrypted/hashed password, and newsletter subscription preferences might have been exposed.

See: db8151dd breach- Contact management firm leaks 22 million emails

Full list of the exposed data:

Full name
IP address
Company URL
Business address
Nature of business
Business email address
Business phone number
Encrypted password (hashed)
Newsletter subscription preferences
However, Jooma claims that this is a low-level security breach because a majority of this information was already accessible publicly, except for IP addresses and hashed passwords.

The company also carried out a full security audit of the Resources Directory portal, which highlighted many Super User accounts owned by users outside the Open Source Matters.

See: GoDaddy suffers data breach after hackers access SSH accounts

Joomla recommends that those who signed up for Joomla Resources Directory must change their password for the portal as well as for other websites if the same password was used to access other services.

Even if we don’t have any evidence about data access, we highly recommend people who have an account on the Joomla Resources Directory and use the same password (or combination of email address and password) on other services to immediately change their password for security reasons, the company said.

Read Original Article…

Life Healthcare has been hit by a “criminal attack” on its IT systems.
It is not yet sure to what extent “sensitive data” has been compromised.
The hospital group’s systems have been disrupted, causing administrative delays.

Life Healthcare, which has 66 hospitals in South Africa, has been hit by a “criminal attack” on its IT systems.

“We are deeply disappointed and saddened that criminals would attack our facilities during such a time, when we are all working tirelessly and collectively to fight the Covid-19 pandemic,” acting group CEO Pieter can der Westhuizen said in a statement on Tuesday morning.

Life is not yet sure to what extent “sensitive data” has been compromised.

The company took its systems offline to contain the attack, but says that patient care has not been impacted. However, because hospitals and administrative offices have switched over to backup manual processing systems this caused administrative delays. Email servers have also been affected.

“We regret that the disruption caused by this incident may cause our patients some frustration, in what is already a trying time,” Van Der Westhuizen said.

External cyber security experts and forensic teams have been brought on board, and the authorities have been alerted.

There have been a number of recent high-profile cyber-attacks on South African companies.

In 2018, hackers seized data from the insurance company Liberty Holdings, demanding money for the return of the information.

Last year, a ransomware attack paralysed Johannesburg agency City Power’s systems, while the City of Johannesburg itself was hit by a group who called themselves the Shadow Kill Hackers demanding a ransom payment in bitcoin. Shortly thereafter, hackers launched distributed denial of service (DDoS) attacks on the local banks, flooding them with fake traffic. The criminals also demanded a ransom.

South Africa had the third-highest number of cybercrime victims of any country in 2019, a new report by consultancy Accenture shows.

Read Original Article…

Earlier this week Facebook revealed a rather interesting ecommerce offering that is aimed at small-to-medium businesses in particular – Facebook Shops.

For those unfamiliar with the platform, it allows any Facebook or Instagram business profile to be turned into a virtual storefront and essentially operate as a fully fledged online shop.

With ecommerce being hotly debated this month locally, as well as many businesses suffering as a result of the COVID-19 pandemic and lockdown, it could prove a worthwhile option for SMEs to look into moving forward.

At the time Facebook Shops was said to be rolling out globally in a phased approach, starting in the United States on 19th May, with no word on when South African businesses could try it out.

That changed today though, as Facebook provided us with feedback on the Shops platform’s local status.

To that end, the company plans to test out Facebook Shops with a select number of businesses next month.

“Shops are available globally, but it is in its early days and will be rolled out in phases and will be more widely available in the coming months. We expect to start testing with businesses in SA in June,” a spokesperson told Hypertext.

Unfortunately there is no further detail as to when in June, and what businesses will be used in the testing. Given that Facebook has shown how the platform would work for smaller businesses which specialise in selling physical products directly to customers, it seems like those will likely be the ones which fit the bill for the test phase next month.

Given the lockdown regulations currently in place (alert level 4), we also asked Facebook what kinds of measures must be adhered to. Unsurprisingly, the firm said local businesses planning to use Facebook Shops will need to be fully compliant with regulations.

“Facebook Shops should be used in adherence with all local regulations,” the spokesperson added.

As such it looks like businesses will need to ensure they can properly handle and sanitise any of the goods they plan to sell via the platform, given the fact that lockdown is here for the next few months at least.

Either way, it is an intriguing platform, and could offer struggling businesses another digital option to stay afloat.

We’ll have to wait to see if the test phase in June yields such a result.

Read Original Article…

Linux on the desktop has had more than its fair share of troubles. Sure, the Linux desktop has long been a favorite of top-flight developers, system administrators, and loyal fans. But, when it comes to the mass audience, Linux has only about 1% of users. One major company, however, still believes in the Linux desktop: Microsoft.

At Microsoft Build, its virtual developers’ conference, Microsoft CEO Satya Nadella announced that Windows Subsystem for Linux (WSL) 2.0 would soon support Linux GUIs and applications. Specifically, this will enable programmers to develop native and cross-platform programs with tools like GNOME Builder, KDevelop, and Emacs. Besides supporting Linux GUI programs, you’ll be able to run Linux and Windows GUI applications simultaneously on the same desktop screen.

This has been coming for some time. Four years ago, Microsoft introduced WSL, which brought the Linux Bash shell to Windows 10. With Bash and WSL, you can run most Linux shell tools and popular Linux programming languages.

As time went on, Linux became ever more a first-class citizen on the Windows desktop. Multiple Linux distros, starting with Ubuntu, were followed by Red Hat Fedora and SUSE Linux Enterprise Desktop (SLED). Then, Microsoft replaced its WSL translation layer, which converted Linux kernel calls into Windows calls, with WSL 2. This update came with Microsoft’s own Linux kernel running on a thin version of the Hyper-V hypervisor.

Now, Microsoft is taking one more major step forward by making the full Linux desktop experience available to Windows 10 users. It had been possible to run Linux GUI applications even with WSL’s first generation, but it wasn’t easy. You had to run an X Server on Windows 10 and then connect it to the Linux application. Now, Microsoft promises that running Linux GUI applications on WSL will be as easy as running them on native Linux.

BUILD 2020
Microsoft builds a supercomputer for training massive AI models
More developer tools coming for ‘Project Cortex’ knowledge-management service
Build brings announcements for cloud data, analytics services
Fluid Framework is open sourced
Meet Microsoft Cloud for Healthcare
Chromium-based Edge to get sidebar search
Azure Stack Hub adds management, machine learning updates
Unifying Win32, UWP Windows apps with ‘Project Reunion’
Everything announced and then some
That said, WSL 2 is meant primarily for programmers. For example, the other new major feature announced at Build was Nvidia CUDA and DirectML support for GPU accelerated applications and development tools, such as Kubeflow on microk8s, Canonical’s easy-to-run Kubernetes cluster program.

You can, of course, also try to run Steam-powered games on WSL as well. After all, developers just want to have fun.

WSL 2 will be generally available in Windows 10 version 2004, a major Windows 10 update that will be released shortly. GPU support for developer tools will be available in Windows Insiders Fast Ring builds in a few months. Linux GUI application support will come later this year.

This 2004 version of WSL 2 is based on the 4.19.81 long-term support Linux kernel. You’ll find, based on my tests with advanced releases, that WSL 2 boots very quickly. It can do this because its thin Hyper-V hypervisor preloads a great deal of Linux into RAM. Microsoft wants WSL 2 to look and feel like an integrated Windows application, rather than an add-on.

WSL 2 is much faster than its immediate ancestor. As Craig Loewen, Windows Developer Platform Program Manager, wrote, “WSL 2 delivers full system call compatibility with a real Linux kernel and is 3-6x faster compared to earlier versions of WSL.” I’ve seen that kind of speed from my Windows 10 box running WSL 2 in the Fast Ring.

On Windows 10, Linux files are kept on a 256GB virtual disk. This uses the Linux native ext4 file system. WSL 2 uses the 9p file system protocol for file Windows and Linux transactions.

With Windows 10 version 2004, it’s easier than ever to install WSL on any version of Windows with the wsl.exe command even when the WSL optional component hasn’t been installed. Later, wsl.exe will make it simple to install a specific Linux distribution and version, such as Ubuntu 20.04 or Arch Linux 2020.05.01.

WSL 2.0, in Windows 10 version 2004, already works well. With the forthcoming new additions, it will work better than ever.

2020, the year of the Linux desktop? Maybe not. 2020, the year of the Linux desktop on Windows? Yes.

Read Original Article…

While much of the world is focussed on the COVID-19 pandemic, the US Senate recently voted to expand its surveillance powers. As part of a reauthorization of the Patriot Act, law enforcement agencies such as the FBI and CIA can continue to look through the browsing history of American citizens without the need for a warrant.

Although it was arguably created with good intentions, some believe this is just the beginning of governments around the world using the coronavirus pandemic to usher in new surveillance measures. Some have even suggested that the Patriot Act enables those in power to spy on their political opponents without consequence.

An increasing number of techies are browsing the web through a VPN to prevent their ISP from tracking their online habits for these very reasons. But in this case, the FBI could request logs from your VPN provider, too. The smartphones and smart speakers armed with microphones, cameras, and tracking abilities can suddenly feel quite sinister. Are we paranoid? Or are there dark forces at work that don’t necessarily have our best interests at heart?

Do you take the red pill or the blue pill?
In these uncertain times, movies such as 1984 and 12 Monkeys are beginning to feel like documentaries. As a result, many are beginning to question the illusion of their freedom. In the 1999 film, The Matrix, the character Morpheus offers the protagonist Neo the choice between taking a blue pill that will restore his experience of reality or a red pill that will reveal its true nature. Here in 2020, Elon Musk urged his 34 million followers to take the red pill.

Those that obliged quickly learned that there are now more CCTV cameras in London than in Beijing. The US government can spy on their browsing history and internet habits without a warrant while remaining quarantined in their home. Further research reveals any opinions that dare to drift from the official narrative are labelled as fake news or disinformation and removed immediately and even as a method of censoring dissent.

As 24-hour rolling news channels attempt to control the narrative and spread fear, are governments really using the moments to increase surveillance powers? Many protesters believe that authorities are taking it a step further by using social distancing to curtail free speech. The further down the rabbit hole you dare to go, the world feels more confusing.

British filmmaker Adam Curtis highlighted in 2014 that this confusion is not an accident and actually a part of a new system of political control called nonlinear warfare. But the vast amounts of data on every member of the global community is now changing the political landscape again.

Is data the new nuclear power?
If you look back and join up the dots, it was Clive Humby, the mastermind behind the Tesco Clubcard, that first declared that data was the new oil in 2006. But it was TED speaker, James Bridle, who argued it was actually a new nuclear power that could do harm. Silicon Valley has already infamously used personal data to take advantage in nefarious ways, and now governments appear intent on doing the same.

Edward Snowden once said that “Arguing that you don’t care about the right to privacy because you have nothing to hide is no different than saying you don’t care about free speech because you have nothing to say.” He went on to add, “When you say, ‘I have nothing to hide,’ you’re saying, ‘I don’t care about this right.’”

Cloudflare recently reported that internet usage surged by 40 percent in Seattle during the pandemic’s peak period. From the comfort of their homes, users continued to endlessly scroll down newsfeeds and distracted themselves with escapist entertainment. But we all need more than mindless repetition, three-word slogans, and agreeing 100% with the narrative and policies of our governments.

The technology that was developed to unite us, must never divide us.
The problem is that some are using the global pandemic as an opportunity to make a power grab. Personal data and browsing habits that are run through algorithms, as well as databases can be used to build a profile of who we are and predict our future actions. As a result, global citizens increasingly become more cautious with how they act online in case it is misconstrued or used against them.

A quick look on a Facebook newsfeed will reveal that many of your friends cannot be bothered to research anything important, but they will take a 15-minute quiz to find out what kind of vegetable they are. In a digital world where every form of communication, transaction, and movement can be monitored, we can no longer afford to sleepwalk our way through life.

It is often said that technology works best when it brings people together, but it currently feels like we are losing our way. Binary thinking is resulting in polarization and driving a wedge between communities rather than uniting them. Authorities asking users to film non-compliant citizens and turn people against each other during a crisis is beginning to feel a little too reminiscent of an Orwellian nightmare for comfort.

A new hope
Future generations will be affected by what we do next. But there is hope. When Mayor Bill de Blasio urged New Yorkers to use the technology on their smartphones to snitch on social distance rule-breakers, communities united in flooding the service with dick pics and memes. The scale of the response forced the city to shut down the service temporarily.

Is there evidence that mass surveillance programs enable governments to protect citizens and save lives? Or do they run the risk of being used as a tool to discredit anyone that authorities deem to be a threat? These are all debates that we should all be having. Contrary to popular belief, the future doesn’t belong to those that mindlessly obey every instruction. Being armed with a curious mind and the need to ask questions should be a good thing.

It’s very easy to feel comfortable consuming content from an echo chamber that spoon-feeds your opinions back to you. But this world is a stark contrast to Apple’s Think Differently campaign in 1997 that celebrated the crazy ones, the misfits, the rebels, the troublemakers, and the round pegs in the square holes that wanted to change the world for the better.

So, will you choose to take the red pill or the blue pill?

Read Original Article…