Morrissey Technology

Loading

Hacking

Hackers Are ‘Hunting’ Targeting Companies, What Should Be Done?

Morrissey Technology – Companies across sectors are still the target of hacking with the motive of extortion or ransomware. Instead of spending a lot of money after being hacked, consider more effective ways to prevent it. Kaspersky, a cybersecurity company, notes that the mode that mostly targets government organizations and companies is extortion or ransomware.

From 2022 to 2023, the number of targeted ransomware groups on a global scale increases by 30 percent. Likewise, the number of victims of targeted ransomware attacks increased by 70 percent in the same time period.

Maher Yamout, Senior Security Researcher at Kaspersky, said the group was “very persistent and has a great desire” to extort. If victims refuse to pay the ransom, cybercriminals often threaten to publish the stolen data.

After the leak, they then filed a lawsuit regarding personal data protection. The route for data theft is mainly through phishing or deception methods to obtain real usernames and passwords. The form is to spread links so that potential victims can click on them.

In 2023, Kaspersky anti-phishing technology detected 455,708 phishing attempts targeting companies of all sizes in Southeast Asia. Kaspersky said these phishing links were spread across various communication channels, including email, fake websites, chat applications and social media.

“Phishing is a trusted technique for cybercriminals to infiltrate business networks due to its success rate,” Yeo Siang Tiong, General Manager Southeast Asia at Kaspersky.

“The emergence of generative AI helps cybercriminals make phishing messages or fraudulent resources more convincing. As a result, it has become difficult for people to differentiate between fraudulent and legitimate communications,” he continued.

Kaspersky recorded that Indonesia was in the top three for phishing financial sectors in Southeast Asia with 97,465 incidents. Topping the standings were the Philippines with 163,279 attempts, with runner-up Malaysia 124,105 attempts.

Various handling methods are recommended, from installing security solutions, cybersecurity budgeting, to regular training. However, said Kaspersky, various studies reveal that 46 percent to 77 percent of cyber incidents are related to human factors, ranging from non-compliance with policies, malicious insider factors, to a lack of IT transparency in contractors.

What the company must do

Budi Setiawan from the British Standard Institution (BSI), the ISO standards certification organization, said companies have so far taken more action after being attacked.

“76 percent of companies allocate [cybersecurity] budgets after an incident occurs,” he said, at the event of awarding ISO 27001:2022 to Polytron.

In fact, he said, it is much more effective if you do it before an incident occurs, aka through prevention. This is also covered in the ISO 27001:2022 standardization regarding information security system management.

“The advantage of this ISO is that it emphasizes preventive risk management measures. Prevention is better than cure, so it doesn’t leak,” he said.

Budi continued, in the certification process, ISO FOR4D also provides a number of awareness to HR, whether in the form of protecting passwords to emails. According to the official website, ISO/IEC 27001 helps organizations become risk aware and proactively identify and overcome cyber weaknesses.

ISO/IEC 27001 also promotes a holistic approach to information security: examining people, policies, and technology. In the same place, Polytron Chief Commercial Officer Tekno Wibowo said that data protection is everyone’s obligation. However, as a company, which holds a lot of consumer data, the responsibility for protection is great, especially after the PDP Law came into force.

“As a responsible company, we have to ensure that we have procedures, data security is guaranteed. So that even if there is a leak or attack, the data won’t come from us,” he explained.

“With ISO 27001, we are more confident that our consumer data will be better protected.”

Regarding its effect on company profits, Tekno said that ISO plays a more important role in terms of consumer trust.

“Consumers are increasingly confident in choosing Polytron in terms of protecting their data,” he stressed.

VPN Hack

List of Free VPNs that Hijack Android Phones

Morrissey TechnologyVirtual Private Networks (VPN) is one way that can provide more security, and can even bypass certain network filters when surfing in cyberspace. However, currently there are a number of VPNs that can hijack Android phones.

A report revealed that more than 15 free VPN apps on Google Play were found to use malicious software development kits that turn Android devices into residential proxies. This is most likely used for cybercrime and shopping bots.

Residential proxies are devices that route internet traffic through devices located at home to other remote users, so that the traffic appears genuine and is less likely to be blocked.

While they have legitimate uses for market research, ad verification, and SEO, many cybercriminals use them to hide malicious activity, including ad fraud, spamming, phishing, credential stuffing, and password theft.

A report published by HUMAN’s Satori Slot Pulsa threat intelligence team lists 28 apps on Google Play that secretly turn Android devices into proxy servers. Of these 28 apps, 17 of them are declared as free VPN software.

Satori reported all of the offending apps used a software development kit (SDK) from LumiApps that contained “Proxylib,” a Golang library for proxying.

HUMAN discovered the first PROXYLIB carrier app in May 2023, a free Android VPN app called “Oko VPN.” The researchers then discovered the same library used by the Android app monetization service LumiApps.

“In late May 2023, Satori researchers observed activity on hacker forums and new VPN apps that referenced the monetization SDK FOR4D, lumiapps[.]io,” Satori’s report explains.

“After further investigation, the team determined the SDK had exactly the same functionality and used the same server infrastructure as the malicious application analyzed as part of the investigation into previous versions of PROXYLIB.”

Subsequent investigation revealed 28 apps that used the ProxyLib library to turn Android devices into proxies. Here’s the list :

1. Lite VPN
2. Anims Keyboard
3. Blaze Stride
4. Byte Blade VPN
5. Android 12 Launcher (by CaptainDroid)
6. Android 13 Launcher (by CaptainDroid)
7. Android 14 Launcher (by CaptainDroid)
8. CaptainDroid Feeds
9. Free Old Classic Moves (by CaptainDroid)
10. Phone Comparison (by CaptainDroid)
11. Fast Fly VPN
12. Fast Fox VPN
13. Fast Line VPN
14. Funny Char Ging Animation
15. Limo Edges
16. Oko VPN
17. Phone App Launcher
18. Quick Flow VPN
19. Sample VPN
20. Secure Thunder
21. Shine Secure
22. Speed Surf
23. Swift Shield VPN
24. Turbo Track VPN
25. Turbo Tunnel VPN
26. Yellow Flash VPN
27. VPN Ultra
28. Run VPN

HUMAN believes the malicious apps are linked to Russian residential proxy service provider ‘Asocks’ after observing connections made to the proxy provider’s website. Asocks services are usually promoted to cybercriminals on hacking forums.

Following the HUMAN report, Google removed all new and existing apps using the LumiApps SDK from the Play Store in February 2024 and updated Google Play Protect to detect LumiApp libraries used in apps.

However, many of the apps listed above are now available again on the Google Play Store. This may be because the developer has removed the violating SDK.

Or it could be that the applications were published from different developer accounts, which could potentially indicate a ban on the previous account.

Cellphone Simcard Hacked

Tricks to Prevent Your Account from Draining SIM Card Recycling Routes, Says Experts

Morrissey Technology – ICT Institute Executive Director Heru Sutadi mentioned the importance of using additional security features on digital service accounts so that they are not easily hacked if cellphone numbers are lost or recycled. Previously, a victim of a SIM card or recycled SIM number went viral who said his account had been hacked by a new user of his number.

“On March 15, the hacker bought [my] number which was no longer active. And finally used it to hack my credit card first. There was a withdrawal from PayPal amounting to US$ 1,200,” he said in a video re-uploaded by the account @shakazam1524 on X, Wednesday (20/3).

He admitted that he was negligent and did not pay attention to the active period of his number, until it entered a grace period and was finally blocked. The new user of the number, he said, attempted to break into his various accounts, one of which was the Shopee business account. Heru mentioned the importance of additional security features used in various digital and financial services to avoid cases like this. According to him, cybercriminals will not be able to easily break into accounts using just a cellphone number, unless these accounts are not protected.

“If it’s just a number, it can’t be misused by other parties, unless it’s the cell phone and the number… If we don’t have a password, other people can use all our data,” said Heru.

Therefore, Heru appealed to the public to provide double verification for each account on the digital services used.

“First, when we have a digital-based service that uses our cellphone number, we should also use double verification. Whether with a PIN, or fingerprint, or email,” he said.

“So if our cellphone number changes, or our cellphone is taken, this will not be easily used by other parties,” he added.

He also appealed to immediately make data adjustments to these services if you have changed cellphone numbers. If the service or account is not used, Heru urges you to close it so that it is no longer associated with you.

Apart from that, the public is also advised to be alert to cybercrime methods such as phishing which aim to collect personal data. Furthermore FOR4D, Heru said that cell phone numbers are now not only an identity for communicating, but can also be linked to various services. Therefore, we must be careful in using numbers.

“Indeed, now it is a bit different from 10-15 years ago, where at that time cellphone numbers were just cellphone numbers,” he said.

“But now we use cellphones for various purposes, you could say to access various social media, including to create accounts related to e-commerce, then bank accounts or other things.”

“So we have to be careful when using numbers or changing numbers,” he concluded.

Biznet Data Leaked

Biznet Customer Data Allegedly Leaked Again, Expert Says Valid

Morrissey TechnologyCyber ​​criminals who are suspected of again leaking data from internet service provider (ISP) Biznet are at it again by leaking the data of 150 thousand Biznet Gio users. This latest step by cyber criminals was revealed by Teguh Aprianto, founder of Ethical Hacker Indonesia. Teguh said that the perpetrator, who had previously leaked 380 thousand Biznet Networks user data, had now leaked more than 150 thousand Biznet Gio Cloud user data.

“After leaking more than 380 thousand Biznet Networks user data, according to his promise, yesterday the perpetrator leaked 154,091 @BiznetGioCloud user data,” Teguh wrote on X, Monday (25/3).

Teguh said the data that was leaked included full name, email, balance, hashed password, address, NPWP, cellphone number, and a number of other data. Apart from leaking data, the perpetrator also gave a second warning to Biznet management.

“If before April 7 2024 Biznet still hasn’t removed the FUP Situs Toto policy, the perpetrators will start to leak VM details from Biznet Gio, including IP addresses, users, passwords, key pairs, etc.,” wrote Teguh.

Furthermore, Teguh said that testing 2,000 randomly selected samples from all the leaked data showed that the leaked user data was valid and registered with Biznet Gio.

“From 154,091 leaked data, 2,000 samples were randomly selected for validation. As a result, 99.65 percent of the leaked user data was valid and registered with Biznet Gio,” he explained.

Regarding the suspicion that the perpetrator was a former employee, Teguh considered this to be just bait or decoy to divert him from the real suspect. Biznet Gio is a cloud service provider that supports various integrated cloud solutions.

“Biznet Gio provides the most complete cloud infrastructure solution in Indonesia, reliable, affordable for all industries and has the highest security commitment and 24-hour technical support to customers,” wrote Biznet Gio on its website. However, there has been no response until this news was written. Likewise, the Ministry of Communication and Information and the National Cyber ​​and Crypto Agency (BSSN) have not provided official information.

Previously, hackers also leaked data allegedly managed by Biznet in early March. It was revealed that more than 380 thousand Biznet user data, ranging from names, NIKs, to cellphone numbers, was leaked on the dark web.

He said the data leaker claimed to be a Biznet employee who did not agree with Biznet’s FUP (Fair Usage Policy) FOR4D policy. The threat actor threatened to leak Biznet data again, namely Biznet Gio, if management did not respond by March 25.

Threads

Pamper Sports Fans, Threads Adds Live Score Feature

Morrissey Technology – Social media platform Threads will reportedly start showing live sports scores, starting with NBA basketball games. This was conveyed directly by Meta CEO Mark Zuckerberg, he said that he would add more scores for other sports matches in the near future. Threads explains how this live score system works, so during the match, just search for the teams and users will see the latest scores. If the game ends, the search will return the final score. Users can also find out when the match will start by searching for it in advance.

The feature is clearly similar to how X works, as the platform started showing live sports scores in 2017, when it was still called Twitter. Each score is accompanied by two team logos. Tapping on these logos will take users to a conversation about that team. A Threads spokesperson told Engadget that basketball has become one of the most popular topics and NBA Threads has become one of the most active sports communities on the app.

This makes sense, as NBA discourse is also huge on X. NBA Twitter, as it is called in sports media, regularly drives coverage and conversation about the professional basketball league. It seems Meta hopes to take some of that influence.

Apple also recently announced its own sports-related initiatives. The first-party Sports iPhone FOR4D app offers real-time statistics for a number of major leagues, including the NBA, and displays live scoring data on the lock screen during games.

Apple CEO

Apple Boss Praises China Amid Sluggish iPhone Sales

Morrissey TechnologyApple CEO Tim Cook is on a short tour of China on the occasion of the opening of the new Apple Store in Shanghai. During this trip, Cook met and praised a number of Apple suppliers

According to Chinese media reports, Cook held an information sharing session with three Apple suppliers BYD, Lens Technology and Everwin Precision Technology — at Apple’s office located in Shanghai.

“There is no supply chain in the world more important to Apple than China,” Cook told reporters in China.

Cook also met with Wang Chuanfu, founder and chairman of Chinese electric car giant BYD, during the session, according to a video posted on Cook’s Weibo account. The bespectacled man enthusiastically praised suppliers in China for having the most advanced manufacturing in the world.

According to his Weibo post, Cook also visited a film production studio, discussed with mobile game developers, and took photos with visitors and staff at Apple’s new store in Shanghai’s Jing’an district.

Cook has visited China three times this year. This visit was carried out amidst sluggish iPhone sales in the Bamboo Curtain country since early 2024. According to a Counterpoint Research report, throughout the first six weeks of 2024 iPhone sales fell 24% compared to the previous year. On the other hand, Huawei cellphone sales skyrocketed by 64%.

Apple and Cook continue to emphasize China’s important role for their companies. Not long ago, Apple announced that it would expand its research center in Shanghai to support all of its product lines, and revealed plans to open a new research laboratory in Shenzhen.

If you look at the opening of the Apple Store in Jing’an a few days ago, it seems that Apple’s charm in China has not faded. According to reports by a number of Chinese media, there were hundreds of Apple fanboys who queued overnight to be the first to visit the store or look for the opportunity to take a photo with Cook.

The Apple Store in Jing’an is the largest Apple store in China. This new store worth USD 11.6 million is the second largest store after Apple’s flagship store on Fifth Avenue FOR4D, New York. Now Apple has eight stores in Shanghai, China’s financial center. Currently there are 47 Apple Stores, the largest of which are in 24 cities in mainland China.

Apple Monopoly Market

United States Sues Apple Regarding Alleged Illegal Monopoly

Morrissey Technology – The United States Department of Justice sued Apple for allegedly carrying out an illegal monopoly in the smartphone market. The US Department of Justice, along with 16 state and district attorneys general, accused Apple of raising prices for consumers and developers by making users more dependent on its phones. This complaint was filed with the US District Court for the District of New Jersey, reported The Verge.

Attorneys general from New Jersey, Arizona, California, Connecticut, Maine, Michigan, Minnesota, New Hampshire, New York, North Dakota, Oklahoma, Oregon, Tennessee, Vermont, Wisconsin, and the District of Columbia joined the US Department of Justice in the complaint.

“Apple uses its monopoly power to get more money from consumers, developers, content creators, artists, publishers, small businesses and merchants, among others,” wrote the US Department of Justice, Friday (22/3).

According to the US Department of Justice, Apple has so far responded to the threat of competition by implementing a series of ‘Whac-A-Mole’ contract regulations and restrictions which have apparently harmed other parties.

“For years, Apple responded to competitive threats by implementing a series of ‘Whac-A-Mole’ rules and contract restrictions that allowed Apple to extract higher prices from consumers, impose higher costs on developers and creators, and limit the competitive alternatives of consumers and rival technology,” said Jonathan Kanter, Chief of the Antitrust Division, US Department of Justice.

Law enforcers are therefore asking the court to stop Apple from using its control over app distribution to undermine cross-platform technologies such as cloud streaming apps, then messaging, smartwatches and digital wallets.

Additionally, in a press conference on Thursday (21/3) announcing the lawsuit, US Department of Justice Deputy Attorney General Lisa Monaco said Apple had maintained control over competition by strangling entire industries through its shift to revolutionizing the smartphone market.

In a statement, Apple spokesman Fred Sainz said the lawsuit threatens and hinders them from innovating in technology.

“These allegations threaten us and the principles that differentiate Apple products in a highly competitive market. If successful, these allegations will hinder our ability to create the type of technology that users expect from Apple,” said Fred, reported by The Verge.

“Where hardware, software and services will intersect. This would also set a dangerous precedent, as it empowers the government to take an outsized role in designing society’s technology. We believe this lawsuit is wrong on the facts and the law, and we “I will defend myself with all my might,” he added.

Currently, Apple is also trying to stop this case. One of the developers of applications for iOS, Spotify, they have complained for years about the platform’s closed and often opaque market. Spotify, which runs a paid subscription service on iOS, requires a 15 to 30 percent cut from Apple to offer on its platform.

Europe, which has previously moved ahead of the US in its efforts to control technology under the law, has succeeded in fining Apple.
Earlier this month, the European Commission fined Apple €1.84 billion (about $2 billion) in connection with complaints from Spotify about its restrictive app store practices.

The European Union (EU) said its investigation found that Apple indeed prohibited music streaming service developers from providing complete information to iOS users.

“Apple prohibits music streaming application developers from providing complete information to iOS users about alternative and cheaper music subscription services available outside the application,” wrote the European Union (EU) as reported by The Verge FOR4D.

artificial intelligence

OpenAI Powered Robot Shows Off, Chats and Serves Apples

Morrissey Technology – Robots with artificial intelligence (AI) technology are increasingly sophisticated and the latest ones can serve food and communicate like humans. The robot, named Figure 01, is equipped with OpenAI technology, which allows it to have full conversations with humans and make a cup of coffee.

Figure, the company behind the smart robot, uploaded a video clip about the sophistication of Figure 01 on their official account on X (formerly Twitter). In the video, you can see a series of simple tests. Initially, Figure 01 was asked to give an apple, and then a trial conversation between a human and a robot.

Researchers asked the robot to explain why it handed him an apple while he was picking up trash. As a result, the robot can answer all these questions in a friendly voice. In its statement, the Figure company explained that the conversations that the robot can carry out are supported by integration with technology created by OpenAI, the developer of ChatGPT FOR4D.

“With OpenAI, Figure 01 can now have a full conversation with a human. OpenAI models provide high-level visual and language intelligence. Artificial neural networks provide fast, low-level, dexterous robotic actions,” said Figure’s official statement on Twitter.

Quoting LiveScience, experts interpret this technology as a form of progress in two main fields of robotics. The first advancement is the mechanical engineering behind robot movements that are agile and can self-correct like humans can.

This means there is a technology of highly precise motors, actuators and graspers inspired by joints or muscles, as well as motor controls to manipulate them to perform tasks and hold objects carefully, on the robot.

Picking up a cup, for example, something humans do almost unconsciously, uses an intensive process to direct muscles in a precise sequence. The second advance is real-time natural language processing (NLP) thanks to the addition of the OpenAI engine – which should be as fast and responsive as ChatGPT FOR4D when you type queries or commands into it.

It also requires software to translate this data into audio, or speech. NLP is a field of computer science that aims to give machines the ability to understand and convey speech.

Overall, the test robot can already resemble humans, if the footage and scenes are real. Starting from including random diction when speaking then starting the sentence ‘um’ which is subconsciously similar to humans when taking a split second to think about what to say.

iPhone 17 Series

iPhone 17 Will Have an Anti-Reflective Screen and Be More Scratch Resistant

Morrissey Technology – The iPhone 17 series looks like it will get a display upgrade that matches the Samsung Galaxy S24 Ultra. The upgrade is in the form of a display that is more scratch-resistant and anti-reflective. Tipster Instant Digital in a post on Weibo claims that the outer glass on the iPhone 17 display will have an anti-coating that is more scratch resistant. The layer is also made anti-reflective so that the screen does not glare and can still be seen under the hot sun.

The equipment to produce this coating has been handed over to Apple’s supply chain in China. But this technology is not ready to be used on the iPhone 16 series, and will only be available for the iPhone 17 series next year.

Currently, the iPhone 15 series has a display protected by a glass-ceramic layer called Ceramic Shield, which is the result of a collaboration between Apple and Corning. Ceramic Shield was first introduced in 2020 with the iPhone 12 series.

When it was first launched, Apple said the Ceramic Shield was four times more durable than the glass on the iPhone 11. Apple claims the Ceramic Shield on the iPhone 15 is much more durable than the glass on other phones.

A few months after the iPhone 15 was released, Samsung launched the Galaxy S24 Ultra which uses a Gorilla Glass FOR4D Armor layer on its display, which was also developed by Corning. Gorilla Glass Armor can reduce light reflections by up to 75% compared to ordinary glass surfaces and is four times more scratch resistant than competitive protective glass.

It is not yet known whether Apple will use Gorilla Glass Armor for the iPhone 17, but the description matches tipster Instant Digital’s claims. Maybe Apple will use similar technology but with a different name.

Apple and Corning themselves have been collaborating for a long time, and many Apple products use Gorilla Glass. In 2021, Apple invested USD 495 million in capital to support Corning’s research and development, which later resulted in Ceramic Shield technology.

Cellphones Hackers

Beware of the Various Ways Hackers Hack Cell Phones, Check Out the List

Morrissey TechnologyCybercriminals are starting to become adept at using various methods to hack the cellphones of their potential victims. They can even hack phones remotely. Hacking a cellphone requires a combination of sophisticated techniques and exploiting vulnerabilities in the device’s operating system (OS) or applications.

Even now, many hackers have created spyware applications to secretly steal users’ personal data. Usually hackers exploit security vulnerabilities in the user’s OS or device applications, with the aim of harming the user. According to cyber security company AVG Technology, the following are common techniques usually used by hackers to hack smartphone security.

1. Phishing

This technique involves the use of social engineering tactics to deceive users with the aim of getting users to reveal their personal information. Phishing can look simple, like just an e-mail saying “FREE” which then redirects the user to a malicious site if clicked. Or it could be a more complex scheme, such as an online quiz format where the answers tell the hacker information about the date of birth, birth mother’s maiden name, or even the name of the user’s first pet. Phishing also usually has its own victims, such as spear phishing which is a type of phishing attack that focuses on tricking one particular individual into revealing their personal information.

2. Spy apps

One way to infect a cell phone with malicious software (malware) is to convince users to download applications that have hidden tracking features. Apps like these can masquerade as games, productivity apps, or even promising security apps. In fact, the application is a spyware application that tracks online activities and personal data from users. Some spyware on Android can even spy on smartphones that are turned off. Another type of dangerous software for users is stalkerware, which can track a user’s movements, browsing, messages and calls. This stalkerware is usually installed by someone close to the user.

3. SIM swap

Two-Factor Authentication (2FA), which confirms login with a text message sent to the cellphone, is a technique used by hackers to hack telephone numbers by swapping them to another SIM card (owned by the hacker).

4. Unauthorized access

Hackers can use phishing or other techniques to access users’ iCloud or Google accounts. This is apparently caused by the large number of users who link their accounts to social media, so that hackers can easily exploit accounts with unauthorized (illegal) access. With unauthorized access to a user’s account, hackers can see personal information such as the user’s location, email, messages, and passwords.

5. Bluetooth

Apart from being able to easily connect a user’s device to other devices, Bluetooth connections can also make cellphones more vulnerable to hacking. Hackers can use software to intercept Bluetooth signals and gain access to users’ phones. Therefore, do not pair your cellphone with an unfamiliar, untrusted device or in an unsafe location.

These SIM swapping scams typically start with phishing attempts designed to provide hackers with information to impersonate users at the service provider. Once there is enough information, the hacker can use the phone number to initiate a SIM swap.

6. Wi-Fi

Similar to Bluetooth, hackers can also use Wi-Fi connections to gain access to iPhone and Android devices belonging to potential victims. Using a public Wi-Fi network is very risky, as there is a possibility that the network has been previously set up to connect. Apart from that, users can also set up a mobile VPN on iPhone or Android. VPN or virtual private network encrypts user connections to prevent hackers from accessing the phone.

7. Charging station

This fraud is called juice jacking, the technique is carried out by infecting stations using malware. The target is users whose batteries are running low, which will not only provide a power boost, but malware connected to the cellphone will be able to monitor what the user does, collect and transmit personal data, and even make withdrawals from the user’s bank account.

8. Trojans

Trojans are malware that disguise themselves as harmless applications or files to trick users into opening them. Hackers can spy on users, use users’ cellphones in botnets (Robot Network), or even send malicious SMS messages.

9. Crypto piracy

Cryptopjacking FOR4D is the unauthorized use of a device to mine cryptocurrency without the knowledge or consent of the user. Hackers infect users’ phones and secretly install crypto mining malware that is used to mine cryptocurrency and send it directly to the hacker’s digital crypto wallet.