Hackers attack Garmin services

Users of the American company Garmin, one of the world’s largest navigation equipment and “smart” watches manufacturers, faced a multi-hour failure of its services on July 22. The Garmin Connect service, designed to sync data on the physical activity of smartwatches’ owners, became completely unavailable, the company’s official website and the support service were disrupted: Garmin could not receive calls or emails from customers.

For several days until July 27 the services remained unavailable, an unusual situation for such a large international corporation as Garmin (Garmin’s revenue in 2019 amounts to more than $3.7 billion). According to some public sources, the cause of the failure was a hacker cyberattack on Garmin’s resources. The new WastedLocker ransomware that appeared back in May, like other similar malware, operates according to a particular scenario: it encrypts the victim’s data, deletes the original files, and then demands a huge sum as ransom. To “unlock” the required data hackers demand to transfer the ransom in cryptocurrency, usually in bitcoins. It is impossible for the victim to restore data without backup copies.

According to Malwarebytes analysts’ conclusions, WastedLocker creators are the hacker group Evil Corp. The group became world-known when the banking trojan Dridex infected thousands of computers around the world and was used for blackmail, fraud and identity theft. The impunity of Evil Corp costs the affected companies dearly. According to the US authorities, the total amount of damage caused by the group exceeds $100 million. The British authorities estimate damage to the UK alone at several hundred million pounds. They call Evil Corp the most significant threat in the field of cybercrime.

At the moment, Garmin services are gradually being restored. The Garmin Connect platform is available in a limited mode, and devices have started downloading data for syncing, but the process may take a long time, up to seven days. At the same time paying a “ransom” is not an option: Evil Corp is subject to sanctions from the US authorities, so if Garmin attempts to negotiate and pay the amount requested by fraudsters, it is likely to faces criminal prosecution since American companies are prohibited from participating in any transactions with members of the group. Besides, it doesn’t make sense to collaborate with the hackers as they are unable to provide any guarantees in case the ransom is paid .

ScaleFactor failure: ordinary accountants employed instead of artificial intelligence

For six years ScaleFactor, an American startup, has been assuring small business clients that the program it developed can fully take over their finances and keep their books in order. As a result, the startup managed to obtain $ 100 million in investments but later investors discovered that all calculations were made manually by ordinary accountants, not by artificial intelligence. Forbes told its readers how this startup worked and how it collapsed.

Kurt Rathmann created ScaleFactor in 2014. The idea was to keep the clients’ books by means of special software and make accounting fully controlled and computerized with the help of artificial intelligence. In 2017 the company acquired support from the Techstars Austin business incubator with total investment of $ 2.5 million. Then a partner from Canaan Partners paid attention to the startup and Rathmann’s business got $ 10 million in investment.

Six months later, ScaleFactor received $ 30 million in a round led by Byron Deeter, a partner at Bessemer Venture Partners and an influential Silicon Valley cloud computing investor.

Despite the support from well-known investors, over time customers began to realize that something was going wrong. In April 2019, one of them requested termination of the contract when he saw that statements were not provided in real time, but once a month, as they were processed manually.

During the financial and legal examination, one of the potential investors discovered that the company had a special team of “client managers”, but later it turned out they were accountants.

ScaleFactor convinced clients that after the initial consultation, a program based on artificial intelligence would run their books. The software was not supposed to provide monthly statements, but to report data on its own portal in real time.

However, the program had a lot of bugs and errors, it could not be used for accurate sorting of operations, so the company hired a special team of accountants. They had to manually fill in customer statements and fix the program’s errors.

As a result, it turned out that ScaleFactor had only one tool with an automation component – an internal work environment engine, a managed list of tasks for employees, through which tasks were organized for maintaining the client’s accounting.

Yet the startup was viable and managed to attract investment in a new round of funding in early June 2019.The company’s employees were promised to double their bonuses if they could earn $ 800,000 on contracts with new clients. According to customers, managers began to offer discounts in exchange for a recommendation and signed contracts even without payment details. At the end of the month, the sales department was told that the targets were met, but a few weeks later it turned out that the bonuses were not worth counting on: some transactions were illegal, and the goals were not actually achieved.

ScaleFactor struggled to recruit new customers while existing clients demanded compensation. In October 2019 an employee who monitored customer churn reported a real risk of losing about $ 600,000 in annual revenue.

In January 2020, Kurt Rathmann announced that ScaleFactor intended to switch to a commercial platform model that would connect ordinary accountants with potential clients.

In much 2020 the United States was hit by Covid-19 pandemic and existing clients were no longer satisfied with the company’s activity. In the spring investors discussed the future of the startup but eventually decided to stop its functioning.

In June Rathmann announced about the planned closure of ScaleFactor. He complained that due to a drop in demand from small businesses amid the pandemic the company’s annual revenue, which was $ 7 million at the end of 2019, would almost halve.

ScaleFactor said it would lay off about 100 employees with a three-month severance package and return funds to investors.

Some former clients and employees believe that Covid was a “convenient excuse” and the startup’s management tried to hide the extent of the real damage.

Data of more than 20 million VPN services users leaked

The data of more than 20 million users of free VPN services has become publicly available on the Internet. This is reported by the vpnMentor research team. Among the compromised applications were Free VPN, Super VPN, Flash VPN, Secure VPN and some others. According to the researchers who discovered the leak, this incident is a blatant case of disregard for basic safety rules.

VPN services are designed to protect users ‘ online privacy by anonymizing users’ data and protecting users from cybercriminals. In addition, VPN services help one to circumvent blockages in different countries, use applications that can’t be accessed in their region, and solve a number of other problems. Given that providing anonymity is one of the main tasks of VPN technology, data leakage from such services seems even more frightening.

As vpnMentor notes, this incident demonstrates “a complete disregard for VPN standards that puts users’ privacy at risk.”

The leak occurred in seven VPN services : UFO VPN, FAST VPN, Free VPN, Super VPN, Flash VPN, Secure VPN, and Rabbit VPN. At the same time, the total amount of personal data that became freely available equals 1.2 TB. The researchers found information about users ‘ Internet activity, their email addresses, unencrypted passwords, IP addresses, home addresses, smartphone models and their IDs, as well as other technical details.

According to vpnMentor, it is likely that all the services that lost their users ‘ data belong to one developer. This is indicated by the fact that they share the same ElasticSearch servers. Besides, all payments from these services are sent to the address of one recipient : Dreamfii HK Limited. At least three of the above-mentioned services have almost identical branding on their sites.

The interviewed experts admit that the data leak can lead to spam, phishing mailings, as well as hacking of other accounts, if  cybercriminals will make use of email addresses and passwords. VPN services users can also become victims of extortion or blackmail.

In addition, some users who have suffered due to the negligence of VPN owners may end up in prison since such services are often used by people living in authoritarian countries with repressive policies. If deanonymized, they will become an easy target for local authorities.

Elon Musk voiced chipping merits


Elon Musk, the founder of Tesla and SpaceX, is confident that a chip implanted in the brain will enable people to listen to music without other devices, monitor their health and compete with artificial intelligence according to LADbible.

Musk is sure the technologies developed by his startup Neuralink should improve people’s lives. For example, a new brain chip will direct music directly to the brain.

The inventor also spoke about the possibilities of chipping in medicine. He states that Neuralink can help control hormone levels. This, in turn, can increase mindfulness and concentration and relieve anxiety. In addition, Musk does not exclude that the chip will be able to fight addictions and depression.

Initially, the technology can be used to help people with brain diseases, including Parkinson’s disease. The main goal of connecting the human brain to a computer, according to Musk is to enable people to compete with advanced artificial intelligence.
The entrepreneur compared a Neuralink implant installation to laser eye surgery.

Testing of the new technology has already begun on animals. Human trials are planned for the end of this year.

Neurotechnological company Neuralink was founded by Musk in 2016 and has attracted more than $150 million in investment. The company’s current goal is to adapt the technology to treat patients with quadriplegia (partial or complete paralysis of all limbs) usually resulting from spinal cord injury.

Neuralink technology was officially introduced in 2019. From the presentation, it is known that the company is developing a special chip N1. It is assumed that four of these chips will be installed in the human brain. Three will be located in the area of the brain responsible for motor skills, and one in the somatosensory area (responsible for our body’s perception of external stimuli).

Each chip has very thin electrodes, no thicker than a human hair, which will be implanted into the brain with laser precision using a special technology. These electrodes will be used to stimulate neurons.

The chips will also be connected to an inductor, which will be linked to an external battery installed behind the ear. The final version of the Neuralink device will be connected wirelessly via Bluetooth. Thanks to this, paralyzed people will be able to control their smartphones, computers, and advanced prosthetic limbs.

Musk said last year that the prototype chip was successfully installed and tested on a monkey and a mouse. The Primate experiment involved leading experts from the University of California. According to Musk, the result was extremely positive.

Earlier, Musk also explained that the brain consists of two systems. The first layer is the limbic system, which controls the transmission of neural impulses. The second layer is the cortex system, which controls the limbic system and acts as a layer of intelligence. Neuralink can become the third layer, and once on top of the other two, work with them together.

Musk believes Neuralink will one day enable people to communicate with each other without words on a telepathic level. According to him, Neuralink will be able to restore lost vision even if the optic nerve is damaged. In addition, the technology will also to return hearing.

The Neuralink founder added that there is still a lot of work ahead. The technology has not been tested on humans, but it will happen soon.

PKI for the Modern Enterprise


As pressure builds to provide an increasing number of services online, the demands on security have begun to play a significant role within companies of all sizes. Organizations need to maintain reliable and highly trusted networks not only to safeguard all business functions but also to be able to meet specific confidentiality and privacy regulations.
Public Key Infrastructure (PKI) can meet the demand for authentication and encryption throughout the enterprise.
Did you know that Private PKI allows you to secure and manage devices and applications as diverse as: web servers, IoT devices, mobile devices, cloud/multi-cloud applications.

PKI is indeed gradually becoming an indispensible part of a modern enterprise. From that perspective, PKI consists of roles, security policies, communication protocols and procedures needed to generate, manage, distribute, and revoke digital certificates, while also managing public-key encryption to make secure and trusted communications between different entities both inside and outside an organization or business.

Therefore, PKI aims to aid in the secure electronic transfer of information for many networking tasks, from secure email to internet banking, or any activity in which passwords are deficient for authentication purposes, and to enable stricter and better verified proof of identity required to validate the information that is being transferred.

Cloud infrastructure is currently agile and secure and a new wave of highly reliable, cloud-based PKI offerings are now available for enterprises to use, known as PKI-as-a-Service (PKIaaS), which make it possible for IT departments to maintain control while all the complexity that comes with managing their PKI setup is contracted out to the service provider.

PKIaaS unites the necessary automation, infrastructure, control, billing, and distribution of certificates while also simplifying and centralizing client certificates’ management.

One more benefit of outsourcing PKI to the cloud is in having a centralized account. With a PKIaaS a company would be able to be vetted once, in contrast to each time that a certificate is issued, which is costly due to how time-consuming the vetting process is. This will make it possible for pre-vetted companies to be issued certificates from a single account while selected administrators have the authority to be able to issue any type of certificate on demand.

The use of a centralized account to control and manage all certificates also makes reporting and monitoring of the costs involved much easier.

For businesses that are considering deploying and managing client certificates internally, there are a few challenges to overcome: software licenses, operational capacity, maintenance costs, and the infrastructure required to support PKI.

An organization would need to build, maintain, update, and support everything themselves, and the employees must be trained and certified to keep up with the security compliance requirements. However, IT leaders insist that the ultimate effect from using PKI is worth giving the technology a try.

Will the US tech giants weaken encryption on Congress demand?

Tech companies might be forced to comply with “lawful access” to encrypted information, possibly threatening the technology’s security features.

A short time ago a group of  Republican lawmakers introduced the Lawful Access to Encrypted Data Act, which can bring to an end “warrant-proof” encryption. If the bill is passed, the act will require tech companies to assist investigators with access encrypted data in case such assistance would help with a warrant.

Lawmakers and the US Justice Department have long argued with tech companies over encryption, which is used to encode data. The Justice Department claims that encryption prevents investigators from getting the necessary evidence from suspects’ electronic devices and has requested that tech giants provide “lawful access.”

Giving access specifically to government agencies upon request is often referred to as an “encryption backdoor,”  which endangers privacy and might harm citizens.

Encryption is used to protect citizens’ personal data from hackers, authoritarian governments and abusive intruders by providing security measures that even the companies themselves aren’t able to crack. Investigators  ability to legally access that data raises concerns that the method could also open the door for criminals or hackers to abuse that exposure.

The legislation proposed does not explicitly demand tech companies to create a backdoor making it up to companies to decide  how to comply with lawful access orders. Besides, tech companies are allowed to appeal to the federal court to change or set aside the orders for information exposure.

Many world-known companies oppose the idea of weakening encryption, Facebook and Apple among them. The Justice Department has criticized these companies for embracing encryption, arguing the technology is protecting terrorists and all sorts of criminals.

The bill hasn’t been approved yet, however, it has brought out the matter of encryption and privacy on the agenda of the US tech companies and broader public.

Historical Twitter hacking and cryptocurrency fraud: Bill Gates, Elon Musk, Barack Obama and many other celebrities affected

Users lost more than 100 thousand dollars

Last week there was a planned hacker attack on the Twitter accounts of many famous personalities, including Microsoft founder Bill Gates, Amazon CEO Jeff Bezos, musician Kanye West, former US President Barack Obama, Tesla founder Elon Musk and many others.

It all started around 23: 00. The accounts of the crypto community representatives were the first to suffer from the hackers’ actions where unidentified offenders started publishing links to the phishing site CryptoForHealth. Then unknown hackers broke into dozens of accounts belonging to well-known entrepreneurs and companies. Messages were posted on their page on Twitter saying that they decided to share their savings, returning twice the amount that everyone will transfer to them within 30 minutes in bitcoins: “If you send $ 1000, I will refund $ 2000 back.”

These messages hung on the pages of the above-mentioned people for only a few minutes, after which they were deleted. Users in the comments suggested that this was most likely some kind of joke, but many decided to try their luck. The total amount of transfers in a few minutes exceeded 100 thousand dollars.

Twitter quickly responded, saying that they are investigating the hack, but it is not yet known how the hackers gained access to the celebrities’ accounts. Twitter CEO Jack Dorsey wrote about this on his microblog.

“A difficult day for us on Twitter. We all feel terrible about what has happened, ” Dorsey said, adding that the investigation is ongoing.

The Twitter founder is not targeted  by hackers for the first time. A year ago, hackers broke into his account and posted a number of messages that included offensive designations of African-Americans, as well as anti-Semitic statements with references to the Holocaust and bomb threats.

Wirecard Scandal Brief Overview

The prominent German payments processing firm Wirecard collapsed after $2 billion in its accounts were found missing or non-existent. The company is well-established as a global provider of payment services across online and mobile platforms. The scandal as we know it has just been uncovered , however, there were money laundering allegations dating back to  a decade-long times.

The scandal started to develop due to the activity of the Financial Times which watched Wirecard closely especially its headquarters in Singapore due to the alert about its plan to fraudulently send money to India via third parties. Back in 2019 the Singapore police raided the Wirecard offices, but Wirecard continued functioning dismissing all the allegations.

In late 2019 the Financial Times finally published documents indicating that profits at Wirecard’s units in Dublin and Dubai were fraudulently inflated. Despite denying this, Wirecard appointed KPMG to carry out a special audit, that in April 2020 resulted in a report they could not verify that arrangements responsible for the ‘lion’s share’ of profits reported from 2016 to 2018 were genuine. At this point questions about Wirecards auditors, EY, started to appear since they used to sign off on Wirecard’s accounts for more than a decade. European Investors VEB have called for a “thorough investigation” of EY’s work to be led by the German financial watchdog. Last week Wirecard’s board has decided to file an application for insolvency in the district court of Munich. It remains unknown whether insolvency applications for Wirecard group subsidiaries are likely to follow.

Naturally, the company’s financial scandal has had due impact on its share price which plunged over 75% following the insolvency announcement. The scandal has led to the arrest of the firm’s former chief executive Markus Braun who  is now accused of inflating Wirecard’s market position and financial health to appeal to investors. The ex-CEO has been released on a €5 million bail.

It goes without saying the scandal damages trust in auditors. Experts claim EY might have uncovered the fraud sooner if they’d been more diligent about a process called bank balance “confirmation.” Currently Wirecard intends to continue operating despite its insolvency application. Naturally there will be questions asked about how they managed to fraud investors, and EY, for so long. Bloomberg quotes Felix Hufeld, head of the German financial regulator Bafin, who said Monday on a panel discussion: “It’s a shame that something like that happened.” “It starts with looking at complete failure of a senior management, despite many, many hints to discover the facts,” he said. “It goes on to the scores of auditors who couldn’t dig up the truth and it goes on with a whole range of private and public entities including my own who have not been effective enough to prevent something like that happening.”

DIGITALIZATION IS PUSHING FORWARD

Cash will not always rule the world. Applications and cards are gaining popularity and central banks are considering whether their countries actually need a digital currency, and if yes, how to create one.


The usual way to pay for purchases is rapidly changing. Visa and MasterCard strengthen their positions in many parts of the world. At the same time, companies such as Apple, Chinese Ant Financial, Swedish Swish and Kenyan M-pesa are conquering the market through mobile applications. Facebook also had some ambitious plans, but faced governmental restrictions.

Technical innovations are pushing out cash payments, and the governments start to wonder how to replace obsolete banknotes and coins. According to the data provided by the Bank for International Settlements (BIS), dozens of countries are studying, testing or implementing digital currencies in central banks.

But the issue persists: there is a significant difference between physical money and electronic wallets. Banknotes and coins are issued by the central bank, the basis of the country’s financial system, while digital money depends on the stability of commercial structures and as a result is more vulnerable.

Apple and Google are working on contact tracking technology to counter COVID – 19.

Government agencies and health services around the world are working together to find ways to counteract the spread of the COVID-19 coronavirus in order to protect people and help society return to its normal life.

Software developers also contribute by creating technical tools to contain the virus and save lives.

Following the spirit of worldwide collaboration, Google and Apple have begun to jointly develop technology that will help governments and health services use Bluetooth to combat the spread of the virus. The basic principles of the new technology are the security and privacy of users.

As long as COVID ‑ 19 coronavirus can be transmitted from infected people to those near them, health authorities have come to the conclusion that contact tracing is one of the most effective ways to contain the pandemic. The world’s leading healthcare services, universities and nonprofit organizations from around the world are already developing technologies for voluntary contact tracing. To support these efforts, Apple and Google will soon launch a comprehensive solution that will include application programming interfaces (APIs) and operating system-level technologies to help launch contact tracing. Given the urgency of this issue, this solution is planned to be implemented in two stages. First, in May, the two companies will jointly release an API to ensure compatibility between Android and iOS devices when using applications created by health services. Users will be able to download these official tools from their respective app stores. Then, in the coming months, Apple and Google will jointly launch a broader Bluetooth-based contact tracking platform by integrating the relevant functionality into their operating systems. This is a more robust solution than the API: it will give users the ability to enable contact tracing and will provide for interaction with a wider ecosystem of healthcare applications and services.  Confidentiality, transparency and voluntariness are the main priorities in the development. Besides, all necessary information on the project will be publicly available.