Maze Ransomware Operators Leaked 2GB of Financial Data from Bank of Costa Rica (BCR) – Disposable mail news

Bank of Costa Rica (BCR) has been receiving threats from the threat actors behind Maze ransomware who have stolen credit card details from the bank, the ransomware gang started publishing the encrypted financial details this week.

The Banco de Costa Rica is one of the strongest state-owned commercial banks operated in Costa Rica, starting from humble origins of mainly being a private commercial bank, it expanded to become a currency issuer and one of the most renowned baking firms in Central America contributing largely in the financial development of the nation.

The hacker group behind the data leak have demanded a ransom from Banco de Costa Rica at various occasions, however, to their dismay they observed a lack of seriousness in the way the bank dealt with these previous leaks and it served as a primary reason that motivated the latest data leak, according to an interview with Maze ransomware operators.

As per the claims made by the attackers, Banco de Costa Rica’s network remained insecure till February 2020; it was in August 2019 when they first compromised the bank’s network and the second attempt was made in the month of February 2020 to see how the security has been improvised – if at all so.

The 2GB of data published by the Maze ransomware attackers on their leak site contains the details of at least 50 Mastercards and Visa credit cards or debit cards, a few being listed more than once.

As per the statements given by Brett Callow, a threat analyst with Emsisoft to ISMG, “Like other groups, Maze now weaponizes the data it steals,”

“The information is no longer simply published online; it’s used to harm companies’ reputations and attack their business partners and customers.”

“The Maze group is a for-profit criminal enterprise who are out to make a buck,” Callow says. “The credit card information has been posted for one of two reasons: Either to pressure BCR into paying and/or to demonstrate the consequences of non-compliance to their future victims,” Callow further told.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Online education take a boost in lockdown – Disposable mail news

Sandeep Gupta from California, a technology manager is taking an online course in artificial intelligence as a way “to try to future-proof your working life.”

Dr. Robert Davidson, an emergency-room physician from Michigan took up an online master’s degree course in public health.

Online learning has seen a rise in children and college students as a way to keep up with their studies during lockdown but interestingly they are not the only ones to turn to online education. Millions of adults working in various fields have subscribed to online courses as a way to stay ahead and make use of leisure time. This period could mark a renaissance for online learning business.

Coursera, an online learning platform developed by Stanford University saw 10 million new users from March to May, seven times in comparison to last year(according to pace). Other websites like Udacity and edX also saw a jump in users.

 “Crises lead to accelerations, and this is the best chance ever for online learning,” the co-founder and chairman of Udacity, Sebastian Thrun said. 

Coursera, Udacity, and edX were developed as an online learning project a decade ago called massive open online courses (MOOCs) but the experiment was not quite a success as few individuals completed the courses and were largely free.

 MOOCs mission to “democratize education” is now taking shape, earlier when they have launched thousands of students enrolled but hardly few completed the free courses. Though courses that were not free and provided a degree saw more completions and results.

“Active learning works, and social learning works. And you have to understand that teaching online and learning online are skills of their own” said Anant Agarwal, founder, and chief executive of edX.

A few years ago apps like Udacity were on the verge of drowning and their market was slowing down but through treil and error, they learned that these courses need to be focused on skill learning as that’s where the market is and now the popular courses are in tech field like coding, analytics, and AI.

People are turning this lockdown crisis into their advantage by building skills via online learning. As schools and collages tilt towards online education, the paradigm of education is evolving rapidly.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

The Blue Mockingbird Malware Group Exploits Vulnerabilities in Organizations’ Networks – Disposable mail news

Another notorious crypto-currency mining malware has surfaced which allegedly has been infecting the systems of countless organizations. The group with the control of operations goes by the code name of “Blue Mockingbird”.

The researchers who discovered it have reasons to believe that the Blue Mockingbird has been active since 2019’s last month. Per them, it also targets “public-facing servers” that run “ASP.NET” apps that use the “Telerik framework” for their User Interface (UI) aspect.

Reportedly, the vulnerability that the hackers exploit in the process is the “CVE-2019-18395” vulnerability which is then employed to embed a web shell on the target’s server. Per the same report, later on they employ a version of “the Juicy Potato technique” to obtain the admin-access and alter the server settings to get access to the “(re)boot persistence”.

After having obtained complete access to a system, sources mention, the malware group installs a version of XMRRig which is a famous crypto-currency mining application particularly for the “Monero (XMR)” crypto-currency.

As per reports, if the public-facing IIS servers are linked with a company’s internal network, the malware group has a probability of trying to expand internally through an improperly-secured Server Message Block (SMB) connections or Remote Desktop Protocol ((RDP).

The exact number of infections that the botnet has caused isn’t all too clear but if an estimate was to be made the operations include 1,000 infections at the least. There also doesn’t seem to be a way to find the intensity of the threat.

Not many organizations out of the ones that were being observed by the researchers have been hit with this particular threat. And over a really little amount of time that they were tracked the above-mentioned number of infections surfaced.

Nevertheless, all companies alike are susceptible to this attack, even the ones that think they are safe and the number of infections could be more than estimated.

As per sources, the Telerik UI component which is allegedly vulnerable is a part of ASP.NET applications that run on their latest versions, even then the Telerik component may have versions that are out-dated but harmful to organizations, nonetheless. This component could exist in the applications used by a company and they might not even know about it leaving them endangered.

The Telerik UI CVE-2019-18935 vulnerability, per reports, has been widely let known as the one that is employed to embed web shells on servers. Another mentioned that this vulnerability is the most exploited and organizations need to better their firewalls to fight it. If for some reason the organizations don’t happen to have a web firewall they could always look for warning precursors in the server and workstation, reports cite.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Russian experts assessed the level of protection of corporate data from hacker attacks – Disposable mail news

Even a low-skilled hacker can hack the internal network of global companies. An experienced attacker will not need more than half an hour to penetrate the local network. Such conclusions were made by experts from Positive Technologies in their research.

“It took an average of four days to penetrate the local network, and at least 30 minutes. In most cases, the complexity of the attack was estimated as low, that is, a low-skilled hacker who possesses only basic skills could also carry it out,” said experts.

Positive Technologies experts analyzed information dated 2019 on the protection of corporate information systems of 28 companies from external intruders and pentest (the penetration test). As part of external pentests, specialists managed to penetrate the local networks of 93% of organizations. In some cases, there were several ways to overcome network protection.

According to experts, every sixth company showed signs of hacker attacks, malicious links on official sites or valid accounts in public leak databases. Based on this, the researchers concluded that the company’s IT infrastructure could be controlled by hackers.

Specialists advise companies for protection, first, to follow the General principles of information security: regularly check their information resources available for external connection, as well as develop strict rules for corporate password policy and monitor their implementation. In addition, they recommend regularly updating the security settings for operating systems and installing the latest versions of software products.

Recall that, according to Kaspersky Lab, in April, the number of attacks on the infrastructure of Russian organizations whose employees work remotely exceeded 18 million, which is five times more than in February. Positive Technologies found that up to 48% of the passwords of employees of organizations is made up of a combination of a word indicating the time of the year or month and four digits indicating the year.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

China and Digital Currency : multifaceted advantages or a surveillance and tracking juncture? – Disposable mail news

People’s Bank of China (PBoC), China’s central bank issued a public notice on April 29, 2020, “In order to implement the FinTech Development Plan (2019-2021), the People’s Bank of China has explored approaches to designing an inclusive, prudent and flexible trial-and-error mechanism. In December 2019, a pilot programme was launched in Beijing. To intensively advance the trial work of fintech innovation regulation, the PBoC supports the expansion of the pilot program to cover the cities of Shanghai, Chongqing, Shenzhen, Hangzhou, Suzhou, as well as Xiong’an New Area of Hebei, by guiding licensed financial institutions and tech companies to apply for an innovation test.”

After five years in making China’s digital yuan is ready to be made public. While the world is battling Corona and settling the blame over China, the republic pushes out China’s central bank digital currency (CBDC), Christened Digital Currency Electronic Payment (DCEP) will be made available via mobile wallets.
This new digital cash values the  same as yuan and if this experiment succeeds than China will be the first sovereign that uses crypto.

Cryptocurrency has been received skeptically by the whole world but the case is quite the opposite in China. After 2015-16, Chinese investors became intrigued by ether,and Bitcoin became a popular alternative asset.

“China has emerged as the capital of the crypto ecosystem, accounting for nearly 90% of trading volumes and hosting” The Hindu reports.

Outside China, people are dwelling if the digital yuan will takeover the dollar, as this stroke by the  People’s Republic will forever change the trading way.

Advantage or Surveillance? 

Beijing gives a mundane explanation for circulating digital yuan as a way to control shadow banking and other risks.
Digital Currency will pave multifaceted advantages like combating tax evasions and money laundering. Also, paper currency consumes
around 2% of the GDP. It will also help in financial inclusions and direct benefit transfer especially in emergencies. Overall, the digital currency will speed up transactions and also ease international trade.

But, this crypto retail system would not be cryptic and the anonymity of cash will disappear. Authorities can very well look into transactions for illegal and unwanted activities. The rising state of surveillance has questioned citizen privacy as physical contact tracing and now financial tracing becomes the new normal.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

New Spectra Attack that breaks the division between Wi-Fi and Bluetooth to be released at Black Hat Security Conference – Disposable mail news


The developers call it “Spectra.” This assault neutralizes “combo chips,” specific chips that handle various kinds of radio wave-based remote correspondences, for example, Wi-Fi, Bluetooth, LTE, and others.

The attack system is set to release in August at the Black Hat Security Conference in a virtual session. The full academic paper with all details will also be published in August. The researchers teased a few details about the attack in an upcoming Black Hat talk, “Spectra, a new vulnerability class, relies on the fact that transmissions happen in the same spectrum, and wireless chips need to arbitrate the channel access.”

The Spectra assault exploits the coexistence mechanism that chipset merchants incorporate within their devices. Combo chips utilize these systems to switch between wireless technologies at a quick pace.

Specialists state that while this coexistence mechanism speeds execution, they likewise give a chance to attackers for side-channel assaults.
Jiska Classen from Darmstadt Technical University and Francesco Gringoli researcher from the University of Brescia state that they are the first to explore such possibility of using the coexistence mechanism of Combo chips to break the barrier between Wireless.

“We specifically analyze Broadcom and Cypress combo chips, which are in hundreds of millions of devices, such as all iPhones, MacBooks, and the Samsung Galaxy S series,” the two academics say.

“We exploit coexistence in Broadcom and Cypress chips and break the separation between Wi-Fi and Bluetooth, which operate on separate ARM cores.”

Results change. However, the research group says that specific situations are possible after a Spectra assault.

“In general, denial-of-service on spectrum access is possible.

The associated packet meta-information allows information disclosure, such as extracting Bluetooth keyboard press timings within the Wi-Fi D11 core,” Gringoli and Classen said.

“Moreover, we identify a shared RAM region, which allows code execution via Bluetooth in Wi-Fi. It makes Bluetooth remote code execution attacks equivalent to Wi-Fi remote code execution, thus, tremendously increasing the attack surface.”

Though the research used Broadcom and Cypress chips for Spectra attacks, the researchers Gringoli and Classen are sure that this attack will work on other chips.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

TV Equipment Used To Eavesdrop On Sensitive Satellite Communications – Disposable mail news

With just £270 ($300) of home television equipment an Oxford University-based security researcher caught terabytes of real-world satellite traffic including sensitive information from “some of the world’s largest organizations.”

The news comes as the number of satellites in the orbit is said to have an increment from around 2,000 today to more than 15,000 by 2030.

James Pavur, a Rhodes Scholar and DPhil student at Oxford will detail the attack in a session at the Black Hat security conference toward the beginning of August.

Alongside it Pavur will demonstrate that, “under the right conditions” attackers can easily hijack active meetings by means of the satellite link, a session overview revealed.

While full details of the attack won’t be uncovered until the Black Hat conference, a 2019 conference paper published by Pavur gives a ‘sneak peek’ into a small part of the challenges of security in the satellite communications space.

It seems to all come down into the absence of encryption-in-transit for satellite-based broadband communications.

The May 2019 paper (“Secrets in the Sky: On Privacy and Infrastructure Security in DVB-S Satellite Broadband“) notes:

“Satellite transmissions cover vast distances and are subject to speed-of-light latency effects and packet loss which can impair the function of encryption schemes designed for high-reliability terrestrial environments (e.g. by requiring re-transmission of corrupted key materials). Moreover, satellites themselves are limited in terms of computing capabilities, and any on-board cryptographic operation risks trading off with other mission functionality.”

It additionally uncovers how a small portion of the eavesdropping in was led utilizing a “75 cm, flat-panel satellite receiver dish and a TBS-6983 DVB-S receiver….configured to receive Ku-band transmissions between 10,700 MHz and 12,750 MHz”

Pavur grabbed sensitive communications using tools costing less than $300, including a Selfsat H30D Satellite Dish, a TBS 6983 Satellite PCI-E, and a three-meter coaxial cable.

Pavur even focuses on the Digital Video Broadcasting-Satellite (DVB-S) and DVB-S rendition 2 protocols, which transmit information in MPEG-TS format.

The paper includes: “A collection of Python utilities… was used to analyze each of these transponders for signs of DVB-based internet transmissions.”

The 2018 experiment takes note of that through manual review of the intercepted traffic, the security researchers distinguished “[traffic] flows associated with electrical power generation facilities”

“Vulnerable systems administration pages and FTP servers were publicly routable from the open internet. This means that an attacker could sniff a session token from a satellite connection, open a web browser, and log in to the plant’s control panel…”

Alongside further details on the attack, Pavur will at Black Hat present an “open-source tool which individual customers can use to encrypt their traffic without requiring ISP involvement.”


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Russia puts cryptocurrency under a ban – Disposable mail news

Russian parliamentarians have developed a package of bills that assume administrative and criminal responsibility for the use of cryptocurrencies. Experts believe that such measures can lead to the destruction of the blockchain industry in Russia.

“People who currently own cryptocurrency will be forced to get rid of it before the law comes into force, or risk “going underground”, and this is a loss or risk,” said Dmitry Kirillov, a senior tax lawyer at Bryan Cave Leighton Paisner. Based on the amendments, mining or exchanging 3.5 bitcoins will lead to criminal liability.

Penalties are provided for any use of digital assets, from the organization of a crypto exchange and mining farm, attempts to pay with cryptocurrency on the Internet.  Fines range from 500 thousand rubles ($7,000) for individuals and up to 2 million rubles ($28,000) for legal entities.

Founder of the stable cryptocurrency platform Stasis.net Gregory Klumov called the new amendments “putting nails in the coffin of financial innovation and technological progress.”
“In fact, it is proposed to build a new iron curtain in the digital economy with their own hands,” said Yuri Pripachkin, president of the Russian Association of Cryptoeconomics and Blockchain.

Currently, in the Russian Federation, in addition to software, the hardware is being actively developed – means for storing tokens, cryptocurrencies. Many young specialists from the Russian Federation are already involved in this industry, and experts are worried that the adoption of this bill will put an end to the innovative economy.

Earlier, Disposable mail news reported that, according to First Deputy Chairman of the Bank of Russia, Blockchain is not a panacea, and cryptocurrency is not money. So, the Central Bank of Russia is not going to change its negative attitude to these assets.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.

Wishbone Breach: Hacker Leaks Personal Data of 40 Million Users – Disposable mail news

Personal data of 40 million users registered on Wishbone has been published online by hackers, it included user details like usernames, contact numbers, email addresses, Facebook and Twitter access tokens, DOBs, location, gender, and MD5 hashed passwords. Researchers have confirmed the authenticity of the data that has found to be accurate – belonging to the users who have used the app. It could be used by attackers to carry out various malicious activities such as phishing campaigns, identify thefts, credential stuffing attacks, and account takeovers.

Wishbone is a mobile survey app that provides users a social platform to compare social content, the app hasn’t disclosed its total user count in recent times, Wishbone has been enlisted as one of top 50 most popular social networking apps in iOS App Store for years now, also making it to the top 10 in its prime.

This breach came as the second-largest security incident in the last three years for the app, earlier in 2017, hackers breached around 2.2 million email addresses and 287,000 phone numbers. It mainly contained kids’ personal details. However, the recent breach mainly consists of numbers belonging to young women.

According to the reports, the database was circulating secretly since March, it has been put up for sale on dark web forums for thousands of dollars. Later, ‘ShinyHunters’, a dark web trader who allegedly leaked the data, stated that they will be publishing the data for free after individuals began reselling it.

While commenting on the matter, senior vice president of data security specialists comforte AG, Mark Bower said, “It looks like security and privacy have been an afterthought, not a matter of culture and software development process. If the passwords are hashed with MD5, then the users affected should be immediately making sure their ID’s and passwords aren’t used elsewhere with the same password. MD5 is a goner as far as security is concerned but used by mistaken developers unfamiliar with its security risks or using older code libraries using MD5. Hashed MD5 passwords aren’t difficult to brute force. The bigger issue here is the personal data though – so now attackers have a bunch more data for social engineering.”

Security experts have recommended Wishbone users to update or change their passwords and stay wary of any suspicious activity in their account.


Temp Mails (https://tempemail.co/) is a new free temporary email addresses service. This service provide you random 10 minutes emails addresses. It is also known by names like: temporary mail, disposable mail, throwaway email, one time mail, anonymous email address… All emails received by Tempmail servers are displayed automatically in your online browser inbox.