Kaspersky Lab ICS experts on the response to cyberncidentals CERT – analyzed the protocol OPC UA (Object Linking and Embedding for Process Control Unified Automation), developed specifically for industrial facilities.
The study identified 17 0-day vulnerabilities in OPC Foundation products, as well as several vulnerabilities in commercial applications, who use them. By exploiting these bugs, attackers could run third-party code and perform Denial of Service (DoS) attacks. It is reported that all gaps were detected and eliminated in March 2018.
The IEC 62541 OPC Unified Architecture (OPC UA) was developed in 2006 by the OPC Foundation consortium for reliable and secure data transmission in the process network. In fact, this is an improved version of the OPC protocol, which is universally applied in various industrial areas. New properties and well thought-out architecture of OPC UA make it more popular among automation system manufacturers, and over time the standard should become the basis of communication in industrial Internet systems of things and smart cities around the world.
Initially, Kaspersky Lab ICS CERT conducted security audit and pentest at several industrial sites. All audited organizations used the same software product for process control (ICS), and the experts looked for vulnerabilities in it. It turned out that part of the network services interacted precisely with the OPC UA protocol. This prompted experts to study the protocol.
During the research, all discovered vulnerabilities were immediately reported to the software developers. Representatives of the OPC Foundation and other commercial product development teams responded promptly to notifications and promptly fixed the problems found.
Most of the errors in third-party software products using OPC UA Stack were due to the fact that the developers misused the functions provided by the OPC Foundation API , implemented in the library uastack.dll – for example, misinterpreted the values of the fields of transmitted data structures.
“Very often software developers overly trust industrial protocols, and implement these technologies without conducting a thorough safety inspection. In this case, vulnerabilities can affect the success of the entire product line. It is necessary to pay close attention to innovations that are widely used in various industrial sectors. Many people think that creating their own protocols more efficiently and safely, but even completely new software can contain numerous vulnerabilities, “says Sergey Temnikov, senior researcher at Kaspersky Lab ICS CERT.
Are Facebook ready to launch its own crypto currency? Sensational news (or rumor?) Went through the news sites. Previously, it became known that Facebook has a group of people who work on the blockbuster platform.
The system of payments from Facebook will embrace billions of users, the prospects for it are much larger than those of Telegram, which caused a furore not only on cryptology.
It is known that the group of developers is headed by Marcus, who previously developed the Messenger in the bowels of the FB, and even earlier directed PayPal. David Marcus is also known as one of the bitcoins enthusiasts who invested in the crypt already in the year 10, and in 17 he joined the board of directors of the crypto-exchange Coinbase.
Agree – a very serious leader, but the team – a number of developers of the fastest growing service of the corporation Instagram.
For crypto-currencies it is very positive news that has already affected the courses.
On Friday, at 4:30 am Eastern Time, the Office of National Statistics will publish preliminary data on UK GDP for the first quarter. According to forecasts, in the first quarter the economy expanded by 0.3 percent. On the eve of publication of the data, the pound fell against its main competitors. As of 4:25 am ET, the pound was trading at 151.79 against the yen, 1.3763 against the franc, 1.3881 against the US dollar and 0.8697 against the euro.
Check Point Research experts have found vulnerabilities in the pre-installed virtual keyboard of flagship LG smartphones LGEIME), testing such flagship devices as LG G4, LG G5 and LG G6.
Researchers write that the detected bugs could be used to remotely execute code with elevated privileges on LG mobile devices. With their help, it was possible to use keyboard update processes, use a keylogger, and thus access confidential user data.
The first error was related to the MyScript handwriting function. It turned out that to update the interface language the device connects to an external server through an unprotected HTTP connection, through which it is possible to conduct an attack like “Man in the middle” (MITM). Such an attack allowed downloading a malicious file to the smartphone instead of a legitimate language update.
The second vulnerability was related to the location of the language file. With the help of a directory traversal, the attacker could change the file extension and inject malicious software into the configuration file of the LG keyboard catalog.
LG developers view the detected problems as a single vulnerability with the identifier LVE-SMP-170025. The company has already prepared the fixes and now strongly recommends users to update the OS of G (G5, G6), V (Q10, Q10, V8), X (X300, X400, X500) smartphones.
Many are not without reason afraid that hackers and hackers will get to their phones, or rather, money on their account or attached to them bank cards.
If you received SMS from DCB_ASSOCIATION, then the owner wants to know why.
In the article we will tell you what this sms means and what its purpose is.
Immediately need to specify that the SMS data is not incoming, but outgoing, which only heats the panic, because the owner did not send anything.
What kind of message is this?
DCB_Association is the confirmation of the binding of your phone number to the Play Store account. The abbreviation stands for Direct Carrier Billing, and translates as “a direct method of paying for a ticket (content).” SMS is a verification message and sent once, at the time of purchase in the Market.
If from your phone SMS is sent to the number of type 6105 or +79685310009, and the message text looks something like DCB_ASSOCIATION: P10912234535445d45f86d27, the Play Line operator was specified in the Play Store as a method of payment and you are given the opportunity to purchase content using a mobile phone account. Depending on the operator, the additional code may be different, for example Y3890K.
Is there a fee for this?
On the Google Play Market during the first registration can be written off from the account in the area of 60 rubles (1 dollar at the rate). Such withdrawal is a check, and the amount will be returned during the first purchase. In addition, payment for sending SMS can be canceled. As for the descriptions on the part of the operator – everything depends on the tariffs. Billing Beeline is free to pay for purchases on the Play Store.
Users feedback on sending DCB_ASSOCIATION
This service is not known to many, which is why you can find a huge number of questions on the topic of such messages on the net. In most cases, SMS causes panic, which is so great that not every subscriber notices that it was sent, but not received.
After receiving the answers, many calm down, because such SMS does not yet indicate the action of scammers or hacking, and in In most cases, subscribers remember that they tried to make a purchase.
Is there any reason for panic?
The answer to this question is, in fact, ambiguous. If the user remembers that he visited the content store for Android and tried to make a purchase, then you should not be afraid of the message. For greater confidence, it is recommended that you check the list of paid subscriptions in the Play Store account to prevent future write-offs.
A similar SMS can be observed when an inexperienced user or child used the gadget. From the purchase, alas, I can not refuse, but it will not be superfluous to check the absence of paid subscriptions.
It’s another matter when the user did not perform any actions and did not even visit the store. This is an excuse to suspect the burglars in what is happening. The risk group includes owners of devices with rooted rights, as well as smartphones, for which applications were installed not from the Play Store, but by downloading the installer from various sites. As a rule, cybercriminals spend all the money from the account on purchases not of the content itself but of the game currency in various games, followed by the transfer of “acquired wealth” to themselves or the client.
What to do if your phone is hacked?
We recommend the following actions .
Pull Sim card.
Download antivirus from Play Store and check the system. You can alternately try out different ones – choose a large AVG, Kaspersky, ESET, Dr.Web, etc.
Unlink the card and phone number from payment methods in the store. About this below.
Reset – return to factory settings.
Replace passwords from important accounts – Google, mobile banking.
Change social networking and email passwords.
Do not forget to check the contents of your mailbox. Pay attention to the registration on social networks, which you did not commit. Check the Recycle Bin and the Spam section.
Installing the software after the reset, refuse to download applications from the Internet, trusting Play Store.
It is not recommended to get root-rights in the first months. And in Android from 7.0 with this in general there can be problems.
Check the paid subscriptions in the Play Store account and in the personal account on the mobile operator’s website.
We recommend that you check your other devices, as well as the PC or laptop.
How to untie the payment methods in the Play Store?
Open the store, go to the account menu, select the “Account” item.
Go to “Payment Methods” and select “Other settings.”
After that you will be offered to go to site where you will need to delete the details.
Now you know which DCB_ASSOCIATION messages appear on the phone. It is worth noting that this test function is useful, convenient and facilitates purchase in the Play Market. At the same time, you need to be more careful when giving the phone to strangers or children. Usually, finding a verification SMS with a code does not pose a threat, but on the condition that it was initiated by the owner. Otherwise, you need to take measures to protect personal information and money on the account – nobody is insured against hacking.
The vigilant user, known by the nickname Tarwirdur, drew attention to the hidden crypto-currency miner , who was present in the 2048buntu application (clone of the popular 2024 game) on the Ubuntu Snap Store.
Miner disguised himself as a systemd and extracted Bytecoin (BCN) currency for an account tied to the mail address [email protected] The code that caused suspicion from the user can be seen below.
After reacting to the message Tarwirdur, the administration of Ubuntu Snap Store quickly removed the application from the catalog, thanking the supervisory user. As it turned out, the application belonged to the developer Nicholas Tomb, and while his other packages were also excluded from the Ubuntu Snap Store before the investigation was completed.
Since there are no download counters and settings in the Ubuntu Snap Store, the number of affected users is unknown. Moreover, anyone can add their own snap-package to the directory, in essence. Unlike official Google or Apple directories, snap-packages do not undergo a multi-step security check
Kind time of the day for all those who are reading this now. In order to launch a project, a service, a business or any other business, it is important to notice the possibilities.
You need to see what you can fill, because in almost every moment there are “empty niches” that you need to learn to see and use.
Something like the sale of umbrellas on a rainy day or soft drinks on the beach under the hot sun, the installation of a coffee machine in the waiting room or services for the presale preparation of a car near or in the car market. All these examples find their place in the chain where they will be really useful, convenient and necessary.
My entrepreneurial activity began on the same principle. I noticed one trend that online stores began to appear more and more in the Instagram social network. It seemed to me that this would be the most convenient platform to start trading my product. What did I want to sell? Thermal underwear.
This was the perfect option in my city at the onset of cold weather and little competition among other stores, since I had almost no one like me. The idea is chosen, the supplier is found, the goods are in stock, all kinds of photos and product descriptions are made.
What happened next? Attracting the audience of the store. I needed to find and attract potential buyers. Before me was the question – who wants to buy my product?
Mostly I advertised my store in sports communities, sports thematic forums (football, snowboard, skis and other outdoor sports). There is a lot of information in the online store about attracting an audience in the online store, you should not write about it now.
The biggest problem at that time for me was that I did not have a place to sell / a store / shop where a person could look or try on my goods. From my warehouse I sent parcels with thermal underwear to the customer by courier service.
The dimensions could not be approached, or the merchandise was with the marriage, and I was constantly harassed by the return or exchange of the goods – in general it came in a decent amount for me.  It is useful: what business to run on the Internet – we study online options.
It was decided by all renting a regular office and re-profiling it into a store. Since the main stream of buyers was coming from the Internet, the location of the store in a shopping center or in a crowded place did not play a big role for me.
Business developed, subscribers grew, sales too.
Slowly I expanded the range, added other sports goods and supplies. So far it has gone on an income of 100.000 rubles / month clean. And “rested in the wall”: whatever I do, there is no growth. I want to develop further.
I wish everyone to come up with and realize a business idea and find their place in the market of sales and services.
Editor: we get a lot of questions and stories on the subject of refinancing, today a publication about the quite successful experience of one of the readers.
I missed a car, and I did not want to contact the auto loan. He applied to the Bank of Moscow because he already had his debit card and hoped that I would make concessions.
Indeed, I was given a one percent discount on my loan, saying it was a special program. Approved the application for 250 thousand on the same day.
But it was necessary to insure the received amount for 50 thousand. And this amount was included in the main debt. Satisfied, I received money at my own expense.
But after a couple of months he began to worry. Despite the relatively high monthly payments (6467 ), the main debt remained virtually unchanged.
I applied to the bank and explained to me that I have annuity payments, and under such a scheme, first interest is paid off, and then the principal debt is damped. That I happen to have different schemes of repayment of loans, I did not even guess.
As a result, having rummaged on the Internet, I found Rosselkhozbank where it was possible to refinance my debt at 13.2 percent. Having turned this simple operation, I reduced the loan repayment period from five to three years and won about 70 thousand rubles.
Yes, I needed a certificate from work, to spend time, however, it was worth it: refinancing is a very convenient thing. If you have been paying off loans for some time without delay – try to contact one of the major banks for refinancing at a lower interest, but keep in mind that they can impose insurance that will devour all the benefits.