Home Tags Turkey

Tag: Turkey

Remains from “skull cult” discovered at world’s oldest stone monuments

At Gouml;bekli Tepe in Turkey, a 11,500 year-old monumental construction was decorated with human skulls.

Turkey pulls evolution from its high school curriculum

If Turks want to understand biology, theyrsquo;ll have to wait for college.

An NSA-derived ransomware worm is shutting down computers worldwide

Wcry uses weapons-grade exploit published by the NSA-leaking Shadow Brokers.

Report: Ban on laptops in planes may expand to Europe

A no-laptops rule might be imposed on flights from Europe to the US.

Now UK bans carry-on lappies, phones, slabs on flights from six...

Hit list: Turkey, Lebanon, Egypt, Jordan, Tunisia, Saudi Arabia The UK has banned airline passengers on direct inbound flights from six countries in the Middle East and North Africa from taking a range of electronic devices into the cabin due to fears of a terrorist attack.…

Twitter app pwned by pro-Turkey hackers: Users’ accounts sling ‘Nazi’ slurs

Something Erdogan, something something cardigan A hack against the Counter third-party Twitter app was used to push propaganda messages containing swastikas through numerous high profile accounts on Wednesday.…

Turkcell selects TEOCO’s HELIX 9.0 for network service assurance

Turkcell’s #1-rated network will benefit from TEOCO’s unified service assurance suite FAIRFAX, VA., USA – 28 February 2017 – TEOCO, the leading provider of analytics, assurance and optimization solutions to over 300 communication service providers (CSPs) and OEMs worldwide, has been selected by Turkcell, who will use TEOCO’s HELIX 9.0 unified service assurance suite to reduce costs and increase the efficiency of its multi-vendor network.Turkcell serves over 66.7 million customers across nine countries, including Turkey,... Source: RealWire

Türk Telekom and Argela Announce that Türk Telekom will use Argela’s...

Argela and Türk Telekom announced that they have decided to utilize Argela’s Virtual Probes (vProbe) to monitor the Türk Telekom’s virtual network.

This will enable Türk Telekom to have end-to-end, real-time, and complete intelligence on its traditional network as well as its virtualized network which they are in process of transitioning into.

Türk Telekom, Turkey’s leading communication and entertainment technologies provider, and Argela, a leading provider of telecommunications solutions for mobile and fixed operators as... Source: RealWire

Chinese solar exports fall in 2016 with global anti-dumping measures

Besides trade issues, manufacturers have also been opening Southeast Asian factories.

Hack reveals data company Cellebrite works with everyone from US cops...

Enlarge / Leeor Ben-Peretz is the executive vice president of the Israeli firm Cellebrite.JACK GUEZ/AFP/Getty Images reader comments 38 Share this story On Thursday, Vice Motherboard reported that an unnamed source provided the site with 900GB of data hacked from Cellebrite, the well-known mobile phone data extraction company. Among other products, Cellebrite's UFED system offers "in-depth physical, file system, password, and logical extractions of evidentiary data," and is often the go-to product for law enforcement to pull data from seized phones and other devices. In a statement, Cellebrite called this hack "illegal" and noted that "the company is not aware of any specific increased risk to customers as a result of this incident; however, my.Cellebrite account holders are advised to change their passwords as a precaution." In addition, the trove of materials contains “customer support tickets” showing that the Israeli company sells its services to countries with questionable human rights records, including Turkey, Russia, and the United Arab Emirates. Cellebrite’s own website shows that the company works with numerous local, state, and federal law enforcement agencies, ranging from the Hartford, Connecticut police to the North Wales police in the United Kingdom. (The company reportedly aided the FBI to unlock the seized San Bernardino iPhone that became the center of a protracted legal battle.) However, little is known about the company’s business in many parts of the world. This would not be the first time that a digital surveillance company sold to unsavory regimes.
In 2015, data dumps from Hacking Team showed that it sold exploits to Egypt, Russia, Saudi Arabia, Bahrain, and the United Arab Emirates. Similarly, in 2014, documents leaked online showing that software created by the controversial UK-based Gamma Group International was used to spy on computers that appeared to be located in the US, the UK, Germany, Russia, Iran, and Bahrain.

Shamoon Can Now Destroy Virtual Desktops, Too

Enlarge / A computer infected by Shamoon System is unable to find its operating system.Palo Alto Networks reader comments 19 Share this story There's a new variant of the Shamoon disk-wiping malware that was originally unleashed on Saudi Arabia's state-owned oil company in 2012, and it has a newly added ability to destroy virtual desktops, researchers said. The new strain is at least the second Shamoon variant to be discovered since late November, when researchers detected the return of disk-wiping malware after taking a more than four-year hiatus.

The variant was almost identical to the original one except for the image that was left behind on sabotaged computers. Whereas the old one showed a burning American flag, the new one displayed the iconic photo of the body of Alan Kurdi, the three-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece. Like the original Shamoon, which permanently destroyed data on more than 30,000 work stations belonging to Saudi Aramco, the updates also hit one or more Saudi targets that researchers have yet to name. According to a blog post published Monday night by researchers from Palo Alto Networks, the latest variant has been updated to include legitimate credentials to access virtual systems, which have emerged as a key protection against Shamoon and other types of disk-wiping malware.

The actor involved in this attack could use these credentials to manually log into so-called virtual management infrastructure management systems to attack virtual desktop products from Huawei, which can protect against destructive malware through its ability to load snapshots of wiped systems. "The fact that the Shamoon attackers had these usernames and passwords may suggest that they intended on gaining access to these technologies at the targeted organization to increase the impact of their destructive attack," the Palo Alto Networks researchers wrote. "If true, this is a major development and organizations should consider adding additional safeguards in protecting the credentials related to their VDI deployment." Several of the usernames and passwords are included in official documentation as administrator accounts for Huawei’s virtualized desktop products, such as FusionCloud.

The researchers still aren't sure if Shamoon attackers obtained the credentials from an earlier attack on the targeted network or included the default usernames and passwords in an attempt to guess the login credentials to the VDI infrastructure. In addition to the virtualization-defeating update, the variant found by Palo Alto Networks also contained hardcoded Windows domain account credentials that were specific to the newly targeted organization.

The credentials met Windows password complexity requirements, a finding that suggests the attackers obtained the credentials through a previous breach. Like the previous Shamoon variant, the new one spread throughout a local network by "logging in using legitimate domain account credentials, copying itself to the system and creating a scheduled task that executes the copied payload." The Shamoon update was set to begin overwriting systems on November 29, 2016 at 1:30am.

The timing aligns with previous Shamoon strains, which attempted to maximize their destructive impact by striking when the targeted organization would have fewer personnel and resources available on site. Post updated in the headline and third paragraph to make clear VDI systems are manually accessed.

Shamoon disk-wiping malware can now destroy virtual desktops, too

Enlarge / A computer infected by Shamoon System is unable to find its operating system.Palo Alto Networks reader comments 14 Share this story There's a new variant of the Shamoon disk-wiping malware that was originally unleashed on Saudi Arabia's state-owned oil company in 2012, and it has a newly added ability to destroy virtual desktops, researchers said. The new strain is at least the second Shamoon variant to be discovered since late November, when researchers detected the return of disk-wiping malware after taking a more than four-year hiatus.

The variant was almost identical to the original one except for the image that was left behind on sabotaged computers. Whereas the old one showed a burning American flag, the new one displayed the iconic photo of the body of Alan Kurdi, the three-year-old Syrian refugee boy who drowned as his family tried to cross from Turkey to Greece. Like the original Shamoon, which permanently destroyed data on more than 30,000 work stations belonging to Saudi Aramco, the updates also hit one or more Saudi targets that researchers have yet to name. According to a blog post published Monday night by researchers from Palo Alto Networks, the latest variant has been updated to attack virtual desktops, which have emerged as one of the key protections against Shamoon and other types of disk-wiping malware.

The update included usernames and passwords related to the virtual desktop infrastructure products from Huawei, which can protect against a destructive malware through its ability to load snapshots of wiped systems. "The fact that the Shamoon attackers had these usernames and passwords may suggest that they intended on gaining access to these technologies at the targeted organization to increase the impact of their destructive attack," the Palo Alto Networks researchers wrote. "If true, this is a major development and organizations should consider adding additional safeguards in protecting the credentials related to their VDI deployment." Several of the usernames and passwords are included in official documentation as administrator accounts for Huawei’s virtualized desktop products, such as FusionCloud.

The researchers still aren't sure if Shamoon attackers obtained the credentials from an earlier attack on the targeted network or included the default usernames and passwords in an attempt to guess the login credentials to the VDI infrastructure. In addition to the virtualization-defeating update, the variant found by Palo Alto Networks also contained hardcoded Windows domain account credentials that were specific to the newly targeted organization.

The credentials met Windows password complexity requirements, a finding that suggests the attackers obtained the credentials through a previous breach. Like the previous Shamoon variant, the new one spread throughout a local network by "logging in using legitimate domain account credentials, copying itself to the system and creating a scheduled task that executes the copied payload." The Shamoon update was set to begin overwriting systems on November 29, 2016 at 1:30am.

The timing aligns with previous Shamoon strains, which attempted to maximize their destructive impact by striking when the targeted organization would have fewer personnel and resources available on site.