Connect with us

ZDNET

This phishing email is pushing password-stealing malware to Windows PCs

Published

on

A phishing campaign is delivering a new variant of one of the oldest forms remote access trojan (RAT) malware, in an effort to steal usernames, passwords and other sensitive information. It also aims to steal cryptocurrency from the victim.

Agent Tesla first emerged in 2014 and it remains a common form of malware in 2021. The malware is focused around stealing sensitive information from compromised Windows machines with the aid of a keylogger, which sends what the victim is typing to the attacker – allowing them to see usernames, passwords and more.

Now researchers at Fortinet have detailed a new Agent Tesla campaign which distributes an updated version of the malware via phishing emails.

The malicious messages are designed to look like a business email – for example, one asks the user to open a Microsoft Excel attachment titled “Order Requirements and Specs”. The document contains a macro which, if run, starts a process which executes and downloads Agent Tesla onto the machine.

SEE: A winning strategy for cybersecurity (ZDNet special report) | Download the report as a PDF (TechRepublic)

This is done across a number of different stages, including downloading PowerShell files, running VBScript and creating a schedule task, all to help mask the installation of the malware, allowing the attacker to secretly monitor activity on the machine. This version of Agent Tesla pings the operator every 20 minutes, sending them any new input detected.

In addition to this, the attack also hijacks any Bitcoin wallet on the victim’s device. By monitoring activity on the machine and the abuse of PowerShell code, the attacker can monitor for a  a valid bitcoin address. If this is spotted, the code modifies the Bitcoin address and changes it to one owned by the attacker, allowing them to steal cryptocurrency transfers.

Despite being around since 2014, Agent Tesla remains popular with cyber criminals by remaining effective and being relatively cheap: it can cost as little as $15 to buy a license for on underground forums.

In addition to low cost, the authors of Agent Tesla offer 24/7 technical support, allowing it to serve as an entry point for less sophisticated cyber criminals – while still being potentially damaging to any person or organisation which falls victim to the malware.

Many of the attacks continue to be distributed by phishing emails – which means if the right precautions are taken, falling victim can be avoided. Cybersecurity researchers recommend using anti-virus software to detect suspicious activity, while users should be careful when it comes to opening attachments from unknown or unexpected emails.

MORE ON CYBERSECURITY

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/this-phishing-email-is-pushing-password-stealing-malware-to-windows-pcs/#ftag=RSSbaffb68

ZDNET

AfterPay CEO believes Australia has an opportunity to be a tech talent exporter

Published

on

Anthony Eisen, co-founder and CEO of Australia’s buy now, pay later platform AfterPay, has told the audience of Macquarie Technology Summit that Australia has an opportunity to be an exporter of top tech talent.

“Australia is an incredibly attractive place where you can base global talent that don’t have limitations anymore in terms of being able to do business globally, particularly if it’s tech-based,” he said on Thursday.

“I think there’s a real opportunity to make this more of an export-style industry for our country. I think the government recognises that, and they’re doing more and more to facilitate it.”

He described that Australia’s tech talent pool is “very strong” and something that AfterPay reaps the benefit of first-hand.

“We’ve seen Australian talent, when they have the opportunity to build globally scalable platforms, just shine very strongly, particularly as Australians in our company have moved internationally with our business,” he said.

Recent statistics by Hays, however, indicated that Australia and New Zealand’s tech sector continues to suffer from a severe skills shortage, particularly as international borders remain shut.

For Eisen though, he believes distance should no longer be an excuse for why talent cannot be easily sourced.

“The tyranny of distance is lost with technology-based businesses. The most fabulous thing about the opportunity to build a platform that’s scalable is that it does transcend borders, especially when you look at what we’ve been through with COVID,” he said.  

He pointed out that AfterPay continues to run its head office out of Australia, despite operating in countries including the United States, United Kingdom, and Asia.

“We haven’t regionalised our business, we’ve globalised our business, and while we have global functions now, it’s not about concentration in a geography … and that’s why I also say Australia can be a global head office in a lot of ways,” he said. 

“The global leadership team is spread out … [and] is split between Sydney, Melbourne, San Francisco, London, and we have a core group in Asia as well, so just approaching it that way I think is quite important and something we’re trying to get better at as we grow.” 

Besides exporting tech talent, being able attract talent to Australia and see them establish companies locally is equally important, Eisen said. 

“I think as Australia gets more and more on the map, being able just to attract that experience onto our shores is really important to mix with the talent that we have here,” he said.

“Australia has now produced a whole lot of pretty fantastic global startups that have become scale ups, terrific companies … but the more and more companies from Australia that can grow in that fashion, I think it’s really leading the light.”

During his virtual Q&A, Eisen also took the opportunity to highlight that AfterPay will soon be launching Money By AfterPay, which Eisen described as where “customers will actually be able to deposit money and they’ll have savings goals, and budgeting goals, and different services that go around our platform.”

In March, AfterPay, together with Zip Co, agreed to a buy now, pay later code of practice that was developed by the Australian Finance Industry Association as a vow to be transparent and focus on the needs of the customer.

RELATED COVERAGE

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/afterpay-ceo-believes-australia-has-an-opportunity-to-be-a-tech-talent-exporter/#ftag=RSSbaffb68

Continue Reading

ZDNET

Telstra wins 15-year Yarra Valley Water IoT contract

Published

on

Telstra has scored itself a contract with Yarra Valley Water to provide one million industrial IoT services on its IoT network.

The contract, touted as Telstra’s largest IoT deal to date, will span over 15 years.

As part of the deal, Telstra will enable Yarra Valley Water to utilise its new cloud-based platform-as-a-service IoT connection manager (ICM), as well as its cellular low power wide area network to access IoT coverage of about 4 million square kilometre for NB-IoT and over 3 million square kilometre for LTE-M. 

Telstra industry solutions and IoT group owner Mark Chapman claimed both networks were built specifically for scaled IoT deployments, including in challenging locations such as underground where digital meters are often located.

“Instead of getting four data points a year, our IoT connection manager will now allow Yarra Valley Water to get more than 17,000 data points annually for a much more accurate, near real-time, and robust understanding of its water infrastructure,” he said.

Leveraging both, according to Telstra, would enable Yarra Valley Water to automatically receive readings in near real time from in-field sensors so that the company can proactively prevent leaks from bursting, sewer blockages from becoming spills, and notifying customers about issues on their properties so they can act quickly.

“Internet of Things devices are a game changer for the water industry. By deploying a range of different sensors into our water and sanitation networks, we can detect leaks, minimise water wastage and save our customers money,” Yarra Valley Water managing director Pat McCafferty said.

In March, Telstra teamed up with the Queensland government and the Bureau of Meteorology (BoM) to run an IoT pilot program to help local farmers gain access to more accurate weather forecasts so they can manage the effects of weather and climate change on their farms.

As part of the pilot’s first phase, 55 IoT weather stations will be deployed to existing Telstra mobile network sites, private farms, and at the Department Agriculture and Fishers’ research facilities in the Lockyer Valley, Esk, Gatton, Toowoomba, Cecil Plains, and Darling Downs areas, to gather “hyper-local” weather data.

The data collection and trial phases will run until late 2021, with Telstra saying the data will be freely available to project participants via the Telstra Data Hub.  

Back in 2018, Telstra partnered with “major water utilities” on its Digital Water Metering IoT solution in an effort to prevent water wastage and bring down customer bills. 

Telstra launched its NB-IoT network in January during CES 2018, with the company touting at the time the NB-IoT network would provide connectivity for IoT devices with smaller packets of data being sent, such as sensors in the mining, agricultural, transport, logistics, manufacturing, and industrial IoT industries.  

Related Coverage

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/telstra-wins-15-year-yarra-valley-water-iot-contract/#ftag=RSSbaffb68

Continue Reading

ZDNET

Oracle pledges to power global operations with 100% renewable energy

Published

on

Sunlight through the trees in the forest. Surrey, UK
Image: Getty Images/iStockphoto

Oracle has announced plans to power its global operations with 100% renewable energy by 2025.

This sustainability commitment will cover both its facilities and cloud operations, and builds on the existing sustainability priorities previously pledged by the company, including achieving 100% renewable energy use at all “next-generation” Oracle Cloud regions by 2025.

Oracle’s European Cloud regions are already powered with 100% renewable energy, and Oracle reports having 51 offices around the world using 100% renewable energy.

“Relying on renewable energy is an important step toward a more sustainable future,” Oracle CEO Safra Catz said. “Oracle will always make its biggest impact on the environment by providing customers with technology that enables them to reduce their carbon footprint, but this new goal reflects the shared values of our customers, partners, and investors.”

More from Oracle: Oracle wants to help you catalog your employees’ skills

Oracle has also previously committed to reducing e-waste, noting it collected 2.5 million pounds of retired hardware assets, of which 99.6% was either reused or recycled, during the 2020 financial year. It also touts decreasing the amount of waste sent to landfill at Oracle-owned buildings by 25% on a square foot basis since 2015.

It is also placing the responsibility on its suppliers, expecting that by 2025, all of its suppliers will have an environmental program in place.

“At Oracle, sustainability isn’t a slogan. It’s a concerted, constant, company-wide effort to do all we can to protect natural resources, minimise adverse environmental impacts, and lead the way toward a more sustainable future,” Oracle said previously in a blog post.

RELATED COVERAGE                                                                                            

A long-term battle: The tech industry’s role in combatting climate change

At a time when it has become a crucial part of staying in business.

Microsoft releases tool to calculate cloud-based carbon emissions

The company has also made further commitments to its goal to be carbon negative by 2030.

Your likes are getting greener: Facebook aims at net-zero emissions by 2030

The social media giant has announced new sustainability goals and a Climate Science Information Center.

Cloud providers compute a greener future

Microsoft’s joining of The Climate Pledge aligns the two biggest cloud computing providers at a time when cloud demand has skyrocketed and will only continue to grow.

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/oracle-pledges-to-power-global-operations-with-100-renewable-energy/#ftag=RSSbaffb68

Continue Reading

ZDNET

Australian law enforcement found to have issues with data destruction

Published

on

The Commonwealth Ombudsman’s Report to the Minister for Home Affairs on agencies’ compliance with the Surveillance Devices Act 2004, for the period 1 July to 31 December 2020 appeared this week, with three of the four law enforcement agencies inspected having issues with destroying data.

The report [PDF] looked at the Australian Federal Police (AFP), the South Australian Police, the Australian Criminal Intelligence Commission (ACIC), and the Australian Commission for Law Enforcement Integrity (ACLEI). Only the ACLEI law enforcement watchdog passed with flying colours.

For ACIC, the Ombudsman found three instances where protected information was not destroyed as soon as practicable. It added for each time this occurred, there was a “significant delay” between the authorisation and destruction of data.

“We identified one instance where protection information was not destroyed within five years,” the report said.

“The ACIC disclosed seven additional instances it did not destroy protected information within five years.”

The report also found issues with records kept to detail actions taken under warrant or tracking device authorisations to show agencies are acting lawfully.

“The computer access warrant action sheets we inspected did not provide sufficient information for us to understand what actions were taken under the warrant, or to confirm that the correct devices were accessed,” the report said.

“As a result, we could not verify that the computers the ACIC targeted were those it was authorised to access under the warrant.”

See also: ACIC believes there’s no legitimate reason to use an encrypted communication platform

For the AFP, the Ombudsman found four instances where it did not destroy information after authorisation for more than a month, and one instance where it took over five months.

“Further, the AFP did not destroy protected information or certify it for retention within five years,” the report states.

“In three instances the AFP did not destroy the records until more than five years after the warrant was issued and could not provide files to demonstrate the protected information was certified for retention within five years.

“In the remaining instance, the AFP certified the protected information for destruction within five years but did not complete the destruction until after the five year period.”

The inspection found instances where AFP reported destroying data, but the Ombudsman found the warrant was not executed, or information was not gained from it. The AFP also had issues with its action sheets.

The report found the AFP was still conducting surveillance in foreign jurisdictions without lawful approval.

“While the AFP disclosed this instance of non-compliance, it did not quarantine the associated data until prompted to do so during our inspection,” the report said.

“We suggested the AFP quarantine any unlawfully obtained data as soon as it identifies it.”

“We identified that, while the surveillance device was first used extraterritorially on 17 December 2019, the AFP did not send written correspondence to the Attorney-General until 19 May 2020.”

The report said only after the Ombudsman inspection, did it quarantine the data it retrieved.

The AFP also disclosed two instances where data was collected outside of a warrant. It also disclosed two instances where it failed to inform its overseeing minister of a warrant or authorisation ceasing, with the Ombudsman later finding another two instances.

With the South Australian Police, the Ombudsman found there was no process to destroy records.

“SA Police informed us it does not have staff delegated to perform the functions of the chief officer under s 46(1)(b) of the Act,” the report said.

“SA Police advised it requested internal legal advice about its delegations more than 12 months prior to our inspection and had been told not to proceed with any destructions until that advice was given.”

The SA force said it was gaining the relevant delegation and would start destruction as soon as the instrument was ratified.

Related Coverage

Coinsmart. Beste Bitcoin-Börse in Europa
Source: https://www.zdnet.com/article/australian-law-enforcement-found-to-have-issues-with-data-destruction/#ftag=RSSbaffb68

Continue Reading
Esports5 days ago

Select Smart Genshin Impact: How to Make the Personality Quiz Work

Esports2 days ago

Dungeons & Dragons: Dark Alliance Voice Actors: Who Voices Utaar?

Blockchain5 days ago

Bitmain Released New Mining Machines For DOGE And LTC

Blockchain2 days ago

Is Margex A Scam?

Esports4 days ago

Genshin Impact Grand Line Conch Locations

Energy3 days ago

Inna Braverman, Founder and CEO of Eco Wave Power Will be Speaking at the 2021 Qatar Economic Forum, Powered by Bloomberg

Esports2 days ago

Valorant Patch 3.00 Agent Tier List

Blockchain2 days ago

Yearn Finance (YFI) and Synthetix (SNX) Technical Analysis: What to Expect?

Blockchain5 days ago

Coinbase Co-Founder Talks DeFi, NFTs, and Crypto Regulation

Blockchain5 days ago

Uniswap Reaches Bearish Exhaustion as Sellers Threaten to Short

Esports5 days ago

Chivalry 2 Crossplay Not Working: Is There a Fix?

AI2 days ago

New Modular SaaS Platform for Financial Services Sector Launched by Ezbob, a Customer Acquisition Tech Provider

HRTech1 day ago

TCS bats for satellite offices, more women in the workforce

Esports1 day ago

Is Dungeons and Dragons: Dark Alliance Crossplay?

Esports5 days ago

5 Things to Do Before Shadowlands 9.1

Aviation3 days ago

SAS Was The First Airline To Operate A Polar Route

Blockchain2 days ago

Cardano, Chainlink, Filecoin Price Analysis: 21 June

Blockchain5 days ago

Crypto coin to be sold at U.S supermarkets

Esports2 days ago

Ruined Pantheon Prestige Edition Splash Art, Price, Release, How to Get

Blockchain4 days ago

Amplifying Her Voice June 22, 10:45AM to June 24, 4:00PM EST BERMUDA

Trending