South African WhatsApp scam warning

Source: MyBroadband

The National Stokvel Association of South Africa (Nasasa) is warning South Africans about WhatsApp stokvel scams which are targeting victims through social media.

These WhatsApp stokvels catch unsuspecting victims by promising them a large return on investment in a short period of time.

For a R200 upfront investment the scammers promise that people will be paid R1,200 if their recruit more people into the scheme.

Participants said that as soon as they paid their money to the “WhatsApp stokvel”, the rest of the members disappeared.

Andrew Lukhele, founder and chairperson of Nasasa, warned that these WhatsApp stokvels are pyramid schemes.

As it is a pyramid scheme, only a few people who form part of the stokvel will get paid out. The rest will lose their money.

Lukhele warned that criminals are using the popularity of stokvels to promote their scams.

Police warning
The SA Police Service (SAPS) has also warned South Africans about these scams, saying that members of cash savings clubs (stokvels) must be cautious.

The SAPS said it has received multiple complaints from people who were scammed by criminals through a WhatsApp stokvel.

The police have asked the victims of the scams, or those who have knowledge about them, to contact the SAPS Crime Stop helpline on 0860 010 111.

The City of Cape Town has published its amended traffic by-laws for public comment.

If passed, changes will include:

  • Strict new rules on using smartphones while driving will be applied
  • Mobile phones may be impounded (rather than be destroyed or auctioned off) if a motorist is caught using a handset while driving
  • Confiscated phones may be donated to neighbourhood watches, NGOs, or non-profit organisations
  • Motorists will have a number of opportunities to get their phones back first

By Mohit Kumar for The Hacker News

The infamous eGobbler hacking group that surfaced online earlier this year with massive malvertising campaigns has now been caught running a new campaign exploiting two browser vulnerabilities to show intrusive pop-up ads and forcefully redirect users to malicious websites.

To be noted, hackers haven’t found any way to run ads for free; instead, the modus operandi of eGobbler attackers involves high budgets to display billions of ad impressions on high profile websites through legit ad networks.

But rather than relying on visitors’ willful interaction with advertisements online, eGobbler uses browser (Chrome and Safari) exploits to achieve maximum click rate and successfully hijack as many users’ sessions as possible.

In its previous malvertising campaign, eGobbler group was exploiting a then-zero-day vulnerability (CVE-2019-5840) in Chrome for iOS back in April, which allowed them to successfully bypass browser’s built-in pop-up blocker on iOS devices and hijack 500 million mobile user sessions in just a week to show pop-up ads.
apple malware advertisement

Though Google already patched the vulnerability with the release of Chrome 75 in June, eGobbler is still using the flaw to target those who haven’t yet updated their Chrome browser.

However, according to the latest report published by security firm Confiant, the eGobbler threat actors recently discovered and started exploiting a new vulnerability in WebKit, the browser engine used by Apple Safari browser for both iOS and macOS, Chrome for iOS and also by earlier versions of Chrome for desktop.

The new WebKit exploit is more interesting because it doesn’t require users to click anywhere on legit news, blog or informative websites they visit, neither it spawns any pop-up ad.

Instead, the display ads sponsored by eGobbler leverage the WebKit exploit to forcefully redirect visitors to websites hosting fraudulent schemes or malware as soon as they press the “key down” or “page down” button on their keyboards while reading the content on the website.

This is because the Webkit vulnerability actually resides in a JavaScript function, called the onkeydown event that occurs each time a user presses a key on the keyboard, that allows ads displayed within iframes to break out of security sandbox protections.

“This time around, however, the iOS Chrome pop-up was not spawning as before, but we were, in fact, experiencing redirections on WebKit browsers upon the ‘onkeydown’ event,” the researchers said in their latest report.
“The nature of the bug is that a cross-origin nested iframe is able to ‘autofocus’ which bypasses the ‘allow-top-navigation-by-user-activation’ sandbox directive on the parent frame.”

“With the inner frame automatically focused, the keydown event becomes a user-activated navigation event, which renders the ad sandboxing entirely useless as a measure for forced redirect mitigation.”

Though Apple’s app store guidelines restrict all iOS apps with web browsing ability to use its WebKit framework, including for Google Chrome for iOS, mobile users are still less likely to be impacted by the redirection flaw as the ‘onkeydown’ event doesn’t work on the mobile OS.

However, the eGobbler payload, often delivered through popular CDN services, also includes code to trigger redirections when visitors of a targeted web application try to input something in a text area or search forms, likely “to maximize the chances of hijacking these keypresses.”

As researchers believe, “this exploit was key in magnifying the impact of this attack.”

Between August 1 and September 23, the threat actors have been seen serving their malicious code to a staggering volume of ads, which the researchers estimate to be up to 1.16 billion impressions.
While the previous eGobbler malvertising campaign primarily targeted iOS users in the United States, the latest attack targeted users in Europe countries, with a majority being from Italy.

Confiant privately reported the WebKit vulnerability to both the Google and Apple security teams. Apple fixed the flaw in WebKit with the release of iOS 13 on September 19 and in Safari browser 13.0.1 on September 24, while Google has yet to address it in Chrome.

By Stephen Collinson for CNN

The Trump administration is frenetically throwing up road blocks in a belated grasp for a strategy to slow a Democratic impeachment machine the President is now branding a “coup.”

But the intrigue that has pitched Donald Trump’s presidency into its deepest-ever crisis took a new twist after the independent inspector general from the State Department, Steve Linick, asked for an “urgent” briefing with congressional committees on Wednesday about documents related to the Ukraine scandal. A congressional aide described the request as “highly unusual and cryptically worded.”

The dramatic development came after Secretary of State Mike Pompeo attempted to prevent witnesses linked to his department from appearing on Capitol Hill in the coming days. The move appeared to be an attempt to buy time to come up with a long term blueprint to save Trump by turning the politics of impeachment.

Pompeo’s initiative was at least more substantive than Trump’s tweeting and cable news appearances from conspiracy-theory touting supporters that constituted his early defense.

But the sharp Democratic response to Pompeo’s claims of bullying against potential witnesses, and a key source’s decision to show up anyway, suggested that the added gravity of a formal impeachment process could shift Washington’s balance of power.

It is only a week since House Speaker Nancy Pelosi formally announced an impeachment probe into evidence that Trump pressured Ukraine to dig up dirt on his potential 2020 rival Joe Biden. But the drama has turned Washington on its head and comprehensively altered the dynamics of the Trump presidency.
Trump appears under siege from multiple directions. Late Tuesday, for example, The New York Times cited administration officials as saying the President previously suggested fortifying his southern border wall with a trench filled with alligators and snakes and wanted to shoot undocumented migrants in the legs.

Fast-moving developments
The latest fast-moving developments show how Democrats are using their constitutional authority to quickly build a framework for their investigation.

“This is an extraordinary crime. I suspect this is the greatest crime a president has committed in my lifetime,” Rep. Mike Quigley, a Democratic member of the House Intelligence Committee told CNN’s John Berman Tuesday.
The pace is sure to heat up Wednesday with Pelosi and House Intelligence Chairman Adam Schiff and the President himself expected to hold news conferences.

Trump offered Americans a glimpse into the state of his mind at the end of a tumultuous day with a unfounded tweet that warned illegal attempts were underway to steal the votes and constitutional rights of his supporters.
“As I learn more and more each day, I am coming to the conclusion that what is taking place is not an impeachment, it is a COUP,” Trump declared.

Aside from the inflammatory social media posts, the White House clearly understands that its best interests lie in stalling the inquiry for as long as possible, likely with legal challenges challenging subpoenas to give its surrogates time to fog the case and to build public frustration with impeachment.
A day after being subpoenaed for documents related to his role in consultations with Ukraine, Rudy Giuliani, the President’s personal lawyer, engaged his own counsel, and in an historical echo chose former Watergate prosecutor Jon Sale.

The former New York mayor has not said if he will comply with the subpoena. But he could be an early test case of the administration’s intentions to gum up the impeachment works with contentious legal challenges that could last for months.
“I really have to study it. I can’t shoot from the hip,” Sale told CNN’s Michael Warren.
“Every time I turn around, Rudy’s on another TV show,” Sale continued. “He and I could have a conversation, and then I turn on the television and he could be doing something else.”

‘Intimidation and bullying’
Pompeo, one of the President’s most valued aides, launched the most serious attempt yet by the administration to disrupt the impeachment investigation.
In a letter to House Foreign Relations Committee Chairman Eliot Engel, he said the proposed timetable for witnesses to testify in the coming days was too compressed.
In a tweet, the nation’s top diplomat warned the request could be “understood only as an attempt to intimidate, bully, & treat improperly the distinguished professionals of the Department of State, including several career (foreign service officers).”

The Democratic response was swift, reflecting an apparent belief among party leaders that they have the upper hand over the administration in the early stage of the probe.
In a letter to Pompeo, who is in Europe, the chairmen of the House Intelligence, Foreign Affairs and Oversight committees said that holding back testimony “is illegal and will constitute evidence of obstruction of the impeachment inquiry.”

In effect, the chairmen were warning that an attempt to frustrate the impeachment inquiry could eventually itself turn into a rationale for impeachment.
The administration has been largely successful in derailing previous Democratic efforts to oversee the White House by launching legal challenges and sweeping executive privilege claims. But impeachment already looks like a different animal.

The lawmakers also accused Pompeo of intimidating State Department witnesses to protect himself and the Ambassador Kurt Volker, the former special envoy to Ukraine who had been scheduled for a deposition on Thursday, has made clear he still plans to show up, despite Pompeo’s letter.

The other officials schedules to be deposed by the House Foreign Affairs Committee include former US Ambassador to Kiev Marie “Masha” Yovanovitch, Counselor T. Ulrich Brechbuhl and Ambassador Gordon Sondland — who were mentioned in the whistleblower complaint that helped trigger the impeachment push.

A fifth official — Deputy Assistant Secretary George Kent — has overseen policy on Ukraine at the State Department since September 2018 and was previously the deputy chief of mission at the US Embassy in Ukraine.
Yovanovitch, who was previously scheduled to appear Wednesday, will now do so on October 11 with the agreement of both the Committees and counsel, a congressional aide told CNN.

Democrat calls for Trump to be jailed
The President stayed out of sight at the White House on Tuesday. But he was as active as ever on Twitter, seeking to discredit the whistleblower much as he attempted to impugn the credibility of special counsel Robert Mueller.
“If the so-called ‘Whistleblower’ has all second hand information, and almost everything he has said about my ‘perfect’ call with the Ukrainian President is wrong (much to the embarrassment of Pelosi & Schiff), why aren’t we entitled to interview & learn everything about…the Whistleblower,” Trump wrote, decrying another “Democratic hoax.”

In fact, the whistleblower’s complaint was judged urgent and credible by the intelligence community’s independent, Trump-appointed inspector general for the intelligence community Michael Atkinson.
And on Monday, Atkinson issued a highly unusual statement rejecting the central plank of Trump’s argument — that the whistleblower based his complaint on hearsay.

While events seemed to be running largely in the favor of Democrats on Tuesday, there was another sign of a breach in discipline that could harm their efforts to avoid the political pitfalls of impeachment.

“I’m calling on the GOP to stop Trump’s filthy talk of whistleblowers being spies & using mob language implying they should be killed,” California Rep. Maxine Waters tweeted. “Impeachment is not good enough for Trump. He needs to be imprisoned & placed in solitary confinement.”

The tweet was a far cry from Pelosi’s request for her party to approach the impeachment process in a non-partisan and “prayerful” manner.

CNN’s Kylie Atwood and Manu Raju contributed to this story.

Cool Ideas hit by a DDoS attack again

Internet service provider (ISP) Cool Ideas was hit by a second distributed denial of service (DDoS) attack in as many weeks on Saturday.

The first attack took place on 11 September and knocked the provider out for more than eight hours.

Cool Ideas then put a number of measures in place to mitigate these attacks; however, the second attack, on 21 September, was more than four times the size.

Below are highlights of the events that took place:

  • Cool Ideas posted a notice to its website at 14:00 on Saturday to inform clients that it was being hit with another distributed denial of service attack (DDoS)
  • It seemed that the cybercriminals were watching for announcements from the ISP, as the attack then increased in intensity
  • DDoS attacks work by using “zombie” devices, which fake or “spoof” the amount of traffic on a given network
  • DDos attacks do not have a specific target – the idea is merely to do reputational damage
  • The attack occurred across the whole IP space, changing over time to use different ports and protocols
  • One aspect of the attack was DNS amplification or DNS reflection attacks. A poorly configured Domain Name System (DNS) is used to flood computers with network traffic. The high volume of fake traffic prevents the computer from being able to carry out legitimate commands and the website appears to be offline
  • The sheer size and distribution of the attack made it as effective as it was
  • It is not known who attacked the ISP nor what the motivation for doing so was

SAPS launches free app to fight crime

Published by Kirsten Jacobs for Cape Town Etc

An app for citizens to use in the fight against crime has been launched by the South African Police Service (SAPS). Called My SAPS, the app was developed by Vodacom and will be available on both Apple and Android devices.

The app is described on the App Store as a way of “enabling everyone to contribute towards building a more crime free society”.

“My SAPS is a free application available for iPhones and other smartphones, provided by the South African Police Services,” it says on the App Store. “My SAPS will allow you to submit crime tip-offs (anonymously) to the Crime Stop Centre and send updates.”

The app allows users to submit anonymous tip-offs and call crime stop.

“It also allows you easy access to all SAPS Stations information using the SAPS Station finder, as well as all SAPS Social Media platforms.”

Users can find their closest police station using the app.

Download it for Android: https://tinyurl.com/y5s8z3u9

Download it for iOS: https://tinyurl.com/y5orqtou

ISP Cool Ideas hit in DDoS attack

Internet service provider Cool Ideas yesterday suffered a distributed denial of service (DDoS) attack, which affected all customers on their network.

The attack lasted almost four hours. Customers experienced intermittent connectivity loss and degraded performance during this time.

In a statement issued last night, the company did not have an exact time to resolution. By this morning, however, the issue affecting the Cool Ideas network has been mitigated.

What is a DDoS attack?
Accoding to CloudFlare, a DDoS attack is defined in the following way:

“A distributed denial-of-service (DDoS) attack is a malicious attempt to disrupt normal traffic of a targeted server, service or network by overwhelming the target or its surrounding infrastructure with a flood of Internet traffic. DDoS attacks achieve effectiveness by utilizing multiple compromised computer systems as sources of attack traffic. Exploited machines can include computers and other networked resources such as IoT devices. From a high level, a DDoS attack is like a traffic jam clogging up with highway, preventing regular traffic from arriving at its desired destination.”

 

By Arnold Zafra for Reclaim The Net

Affidavits and other documents of former State Security Agency Director-General Arthur Fraser reveal that the South African government has been conducting mass surveillance on all communications in the country. This was filed in 2017 during the court case on the South African nonprofit investigative journalism organization, the amaBhungane Centre for Investigative Journalism.

Interestingly, the mass surveillance has been happening since 2008. In the said affidavit, South Africa’s State Security Agency said that the Signal Intelligence collection process is formed by the National Intelligence Priorities and this includes imminent and anticipated threats. The surveillance was supposedly designed to cover information about organized crime and acts of terrorism. It even involves surveillance on food security, water security, and even illegal financial flows.

The report also revealed that the South African government has done bulk interception of Internet traffic by way of tapping into fiber-optic cables under the sea. What is not clear though is whether the surveillance covers all Internet traffic or limited only to some of the fiber cables.

The SSA said that the automated collection of data was specifically geared for foreign communications that pose threats to state security only. However, even the SSA admits to the fact that it will require human intervention to determine whether any communications that pass through the fiber cables are foreign or not. Hence, it would be difficult to distinguish between foreign and local communications.

Given that information, it is clear that the SSA has been collecting data and communications of South Africans without permission. This is considered an unconstitutional and illegal activity in the country. Unfortunately, the SSA is not worried about it and even commented that such surveillance is a common practice internationally.

While this is maybe quite alarming, it seems that the SSA is not bothered at all since it has been accused of widespread and indiscriminate surveillance back in 2017. amaBhungane even started legal proceedings after they’ve found out their editor’s communications were being recorded for six months. This resulted in the widespread revelations about widespread indiscriminate surveillance conducted by the SSA in South Africa.

By Roger Bambino for Tech JaJa

Dr. Bright Gameli Mawudor heads the Cyber Security Service Team at Internet Solutions. He recently bumped into some MultiChoice credentials on the open Internet as he was giving a live demo at a conference.

Dr Gameli is also the co-founder of AfricaHackOn and was giving a speech at a recent MyBroadband CyberSec Conference, where he revealed that the DStv hack was more less accidental and uncovered a text file full of MultiChoice credentials on a misconfigured web server in the middle of a live demo.

He told MyBroadband that he was demonstrating a technique known as Google Dorking. This involves using Google’s highly technical search operators to find information people didn’t imagine would be found on the open Internet. To put this in context, many people put a lot of information on the internet including ripped media series for download on Internet-connected servers, which Google eventually crawls and indexes.

As he was trying to demonstrate how easy it was to find credentials for streaming services like Netflix and Hulu with a Google search, Mawudor thought he could do the same for DStv.

“Nobody knew what happened, I took it off quickly. I didn’t want anybody to see. Later I went to analyse the details,” Mawudor said.

Being an ethical hacker, Mawudor chose not to misuse the information he found as it would have done tremendous amount of damage to DStv’s business.

“I would have been able to use those credentials to log into the monitoring of live [sports] matches that were going on, [or] into the VPN and into the internal network,” he said.

He would have used this data to shut down systems, or changed live broadcasts if he so wished. While advising companies in regards to security Mawudor said:

“Organisations need to go beyond occasional penetration testing and do vulnerability management — frequently doing an assessment of all your systems, networks, and appliances to make sure they always screened for the latest vulnerabilities.”

Source: Mapletronics

In a time when billions of login credentials are floating around the internet, Google’s new Chrome extension aims to help.

Google’s new extension (currently only available for Chrome) will alert you if one of your username/password combinations is known to already be ‘out in the wild’, according to the company’s blog post.

The extension called Password Checkup, works in the background whenever enter your login details on a site. It compares the data against a large database with nearly four billion credentials that are known to be compromised over the years. If Password Checkup finds a match a red alert box appears and gives you a suggestion to change your password.

Google worked closely with cryptography experts at Stanford University to ensure that your credentials are not compromised while using Password Checkup. In its security blog, Google highlighted that Password Checkup scrambles all credentials with hashing and encryption as protection. Google also assures users that their login details are never seen by the company itself, either.

Don’t have Chrome? There are several other services available for free on the internet that can check to see if your credentials or other personal details have been compromised in a growing number of breaches. Check out Have I Been Pawned, Identity Leak Checker, or Firefox Monitor.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top