India’s Nuclear Power plants hacked !

After denying reports of a system malware infection Tuesday, the Nuclear Power Corporation of India Limited (NPCIL) admitted yesterday that it had indeed been hacked.

“Identification of malware in NPCIL system is correct,” read a Wednesday statement. “The matter was conveyed by CERT-In [India’s national computer emergency response team] when it was noticed by them on September 4, 2019.”

Big Hack

The hack represents yet another example of broad infosec vulnerabilities in critical power systems. Hacker groups have previously infiltrated power grids in Europe and North America in the past. In 2017, hackers targeted nuclear facilities in the U.S. as well.

“The investigation revealed that the infected PC belonged to a user who was connected in the internet connected network for administrative purposes,” the statement read. It also claimed the hack was “isolated from the critical internal network,” and that plant systems were not affected.

North Korean Malware

The malware identified as a version of “Dtrack,” which is backdoor trojan software reportadly developed by the Lazarus Group, North Korea’s state-owned hacking unit. It was first discovered by the Kaspersky Global Research and Analysis Team in September and can be used to upload and download files to target systems.

And there may other targets as well. Threat analyst Pukhraj Singh, who reported the breach to India’s National Cyber Security Coordinator, called the malware attack a “casus belli” — an act of war — in an interview with Ars Technica thanks to a still unknown “second target, which I can’t disclose as of now.”

READ MORE: Indian nuclear power plant’s network was hacked, officials confirm [Ars Technica]

How Safe Is Online Banking on a Mobile Phone?

So, how safe is mobile banking? It all depends on how cautious and well-informed you are.

Hackers exploit weak passwords and vulnerabilities of public Wi-Fi to infect devices with malware. However, most mobile banking attacks happen through social engineering – when users are manipulated to give up their usernames and passwords to hackers, scammers and other cybercriminals.

Social engineering techniques range from phone calls, malware links, phishing websites to more advanced (and less frequent) attacks like phony banking apps. It’s much easier to fall for a scam than you think, and the best defense against them is knowledge. Here are some tips for safe mobile banking:

1. Don’t lose your phone

The biggest security threat of your mobile phone is also its greatest asset – its size. Phones are small, handy, beautiful, and easy to lose.

Losing a phone is as heartbreaking as losing a part of yourself, but it gets even worse. If someone who found or stole your phone uses it to access your bank account, you could lose much more.

A strong password (made of a random string of lowercase and uppercase letters, numbers, and symbols, at least six characters long) is the most secure way to lock your phone.

If you are afraid to forget the password, use a PIN key (something more difficult and unique than 1111) or a pattern lock with biometric identification, which can be:

• Facial recognition – convenient but not secure, since it can sometimes be bypassed with a photograph.
• Iris scanning – the pattern of your iris is unique and can’t be replicated with a simple photo.
• Fingerprints – low false-acceptance rates, perfect if you don’t often wear gloves.

Iris scanning or fingerprint identification with a strong PIN will grant you easy and secure access to your phone.

Never leave your phone unattended. Install an anti-theft and recovery app that can locate your phone, lock it remotely, or even wipe your data if it gets stolen.

As a final layer of security, always log out from your banking app after you finish your operations.

2. Use the official banking app, not the browser

The second biggest security threat concerns the banking app. If you aren’t careful, you could download a fake banking app created by scammers to break into your account.

Make sure your bank created or approves of the app you are downloading. Get it from their website. Moreover, do not use mobile browsers to log in to your bank account – they are less secure than bank-sanctioned apps.

Finaly, before downloading any app to your phone, you should research the developer, read the reviews, check the app rating on Google Play or App Store. Poorly designed or malicious third-party apps could use your username and password to access your bank account and empty or monitor it.

3. Don’t just follow any link you see

You pick up your phone, open up the email app, and notice that your bank sent you an announcement about a new service. The letter ends, “You can save up to a thousand dollars per year! For more details, follow this link.” You click it, go to the landing page, log in, but some error occurs, and you are disconnected from the website.

You just gave your username and password to a scammer.

The email you got was not from your bank, but from scammers pretending to be your bank. You would have noticed it had you checked the sender details more carefully. The landing page was actually a clone made to look like your bank’s website. When you entered your password, you handed your data straight to cybercriminals.

Always check the URL and domain of any link you are about to click on, especially if it claims to be from your bank. If it looks suspicious – avoid it. The same applies to SMS messages or messages and links on social media.

Never send your username or password via email, social media or text message. If you did – change the password immediately.

4. Don’t use mobile banking on public Wi-Fi

Anyone on a public Wi-Fi network is in danger of a security breach. Most of these networks lack basic security measures and have poor router configurations and weak passwords. Mobile banking or any other activity that exposes your sensitive data should never be done on public Wi-Fi.

If a hacker is monitoring the public Wi-Fi or hotspot you are using, they could intercept the data being transferred to and from your phone and use it to access your banking account.

If you are scrolling in a library or a coffee shop and you need to access your bank account, use your cellular network instead. It’s not perfect, but it’s better than public Wi-Fi. Better yet, turn on a VPN and use public Wi-Fi without the risk of compromising your personal data. A VPN encrypts your web traffic, making it extraordinarily difficult to intercept and decipher.

Is Mobile Banking Safe on Android?

Since the Android platform allows its users more flexibility, it also leaves more security holes than iOS systems. Minimize your risks by downloading apps only from Google Play and update them in a timely manner.

Go to your Android settings and make sure that you have turned on Google Play Protect, which scans your apps for suspicious behavior. You can also use the Find My Device setting, which lets you find, ring, lock, or even wipe your device from afar.

Go through the apps you’ve downloaded and installed on your phone and delete the ones you do not need or use – each represents an unnecessary potential vulnerability. Old apps may also be poorly supported or have security holes or malware. A clean and tidy Android system is likely to be a secure one.

Is Mobile Banking Safe on iPhone?

Banking apps on iOS tend to be secure thanks to the rigorous standards of the App Store. The most vulnerable iOS systems are those that have been jailbroken.

Jailbreaking means cracking the standard settings of an iOS system so that you can modify your phone in ways that Apple does not allow. With a jailbroken phone, you can install apps not authorized by Apple, and you can also remove the security protocols that Apple has built into the device. Jailbreaking also voids the warranty, so you won’t get support from Apple when you might need it most.

If you are just a regular iOS user, you should never jailbreak your iPhone. Only use apps from the App Store, which are usually safe. Malware may bypass Apple’s defenses once in a while so you should always be careful, but they certainly catch many potential threats.

Final Thoughts

Is it safe to use mobile banking apps? Yes. Download the official banking app, update it constantly, use a VPN with a public Wi-Fi, and keep your phone close by!

However, that doesn’t make you completely safe from scams, malware attacks, and hacking. Your common sense is the last line of defense. A victim of mobile banking breaches will usually be someone who does not take their security seriously.

Soon, you could upload your thoughts to a computer !

New Firm Working On Merging Brains And Computers

Tesla Inc founder and chief executive Elon Musk has laun ched a company called Neuralink Corp through which computers could merge with human brains, the Wall Street Journal reported, citing people familiar with the matter. Neuralink is pursuing what Musk calls the “neural lace“ technology , implanting tiny brain electrodes that may one day upload and download thoughts, the Journal reported. Musk has not made an official announcement, but Neuralink was registered in California as a “medical research“ firm, and he plans on funding the company mostly by himself, a person briefed on the plans said. It is unclear what sorts of products Neuralink might create, but people who have had discussions with the company describe a strategy similar to space launch company SpaceX and Tesla, the Journal report said. The technique could be used to improve memory or give humans added artificial intelligence.According to the Journal, leading academics in the field have been signed up to work at the company which is being funded privately by Musk, whose name is also tied to ambitious projects in space and electric cars. Specialists in the field envision a time when humans may be able to upload and download thoughts. In a tweet, Musk confirmed the existence of the company and said more details about the firm would be made public next week.

As well as heading electric car maker Tesla, Musk is involved with running space exploration company Space X, a project to reinvent transport called Hyperloop and, most recently , a firm investigating the feasibility of boring tunnels underneath Los Angeles -and a new project to power Australia. Tweeting about Neuralink, Musk conceded it would be “difficult to dedicate the time, but existential risk is too high not to“.

The hurdles involved in developing these devices are immense.Neuroscience researchers say we have very limited understanding about how the neurons in the human brain communicate, and our methods for collecting data on those neurons is rudimentary . Then there's the idea of people volunteering to have electronics placed inside their heads.

What is Ransomware and how to protect your computer against the ransomware attack

Massive Ransomeware attack...More than 75 countries affected...Please do not open any email which has attachments with *"tasksche.exe"* file. Expecting more havoc in this week ....Share this to everyone within your network please.....

Friday’s ransomware outbreak, which used recently revealed weaknesses in Microsoft’s Windows operating system to spread further and faster than any before, has prompted the Redmond-based developer to break its own rules on software maintenance in an effort to keep users safe.

The ransomware, also known as “WanaCrypt0r”, “WeCry”, “WanaCrypt” or “WeCrypt0r”, used a vulnerability in a Windows Server component to spread within corporate networks. The weakness was first revealed to the world as part of a massive dump of software vulnerabilities discovered by the NSA and then stolen by a group of hackers calling themselves “Shadow Brokers”.

Microsoft fixed the flaw shortly before the stolen data was published, leading many to conclude it had been surreptitiously tipped-off by the security agency about the existence of the flaw.

If your computer’s running on Microsoft Windows, you need to take these steps—right away.

Here’s why: in case you haven’t heard, hackers exploited a vulnerability in older Microsoft Windows servers to execute a large-scale global cyberattack on Friday using ransomware — a malicious software that holds your computer hostage for ransom — and a hacking tool stolen from the U.S. National Security Agency (NSA). The massive attack left victims locked out of their PCs with a promise of restored access if $300 was paid in digital currency Bitcoin—and a threat of destroyed files if the ransom is not met.

If your computer’s running on Microsoft Windows, you need to take these steps—right away.

Here’s why: in case you haven’t heard, hackers exploited a vulnerability in older Microsoft Windows servers to execute a large-scale global cyberattack on Friday using ransomware — a malicious software that holds your computer hostage for ransom — and a hacking tool stolen from the U.S. National Security Agency (NSA). The massive attack left victims locked out of their PCs with a promise of restored access if $300 was paid in digital currency Bitcoin—and a threat of destroyed files if the ransom is not met.

Ransomware does not typically work this quickly. But thanks to a stolen NSA cyber-weapon called EternalBlue, which was made public last month by a hacking group known as the “Shadow Brokers,” the malware spread rapidly by exploiting a security flaw in Microsoft Windows servers.

What users need to do

Simply put: make sure your Microsoft Windows server is up to date. Microsoft issued a patch in mid-March to fix the hole in Windows 7 and other supported versions of Windows: Vista, Server 2008, Server 2008 R2, 8.1, Server 2012, RT 8.1, 10, Server 2012 R2, and Server 2016. But those who did not apply the software update were—and still are—left exposed to the hack.

In light of the attack, Microsoft rolled out patches to protect older versions of Windows that “no longer receive mainstream support” from the company like Windows XP, Windows 8, and Windows Server 2003. Those running on Windows 10 are fine, as their software is not vulnerable to this particular cyberattack. Devices that are potentially susceptible are Windows 7 and Windows Server 2008, and earlier operating systems.

Microsoft recommends users upgrade to Windows 10 and install the security update MS17-010. With the 1.243.297.0 update, Windows Defender Antivirus detects the malware as Ransom:Win32/WannaCrypt. The company also recommends Device Guard for businesses and Office 365 Advanced Threat Protection for blocking emails carrying malware.

What happens if you don’t take protective measures?

Even if you don’t actively download the file from a phishing email, your device could be at risk—the ransomware also spreads through file-sharing systems on networks. Microsoft explains that the worm-like functionalities of the ransomware infects “unpatched Windows machines in the local network” and “executes massive scanning on Internet IP addresses to find and infect other vulnerable computers.”

Infected devices will find the desktop background image replaced with a message, calling for the user to follow instructions until they reach the ransom screen. Here, there are two timers—one showing the amount of time left until files will be deleted and a second displaying time until the ransom will increase from $300.

At this point, people have two choices: pay up and hope their device is restored, or part ways with the contents of their computer. The U.S. government recommends not paying ransoms, as shelling out money does not certify the data will be recovered and succumbing to cybercriminals may encourage future attacks. But that’s easier said than done, when it’s your own files that have been hijacked.

How common is ransomware?

More common than you’d think. NPR reports that 40 percent of spam emails last year contained ransomware attachments. And the ransomware-related extortion industry is growing. In 2015, ransomware victims reported $24 million in total annual costs (e.g. ransom, tech support, security software), Reuters reported last year. In just the first three months of 2016, the reported expenses were already at $209 million.

General, good-sense advice: remotely back up your files on a regular basis. This way you’ll never have to give in to a ransomware request if and when your device is compromised. And, of course, always stay up-to-date with your computer’s software.

Have you checked out the patches released by Microsoft in March? Here’s the link, if it helps:

https://technet.microsoft.com/…/lib…/security/ms17-010.aspx…

( Courtesy: Susmitha B)