Issue 46 - Week of Jan 4th

1.       Time Warner Cable says 320,000 customers may have been breached: The company said there are ‘no indications’ its systems were breached, but pointed the finger at third-party firms that may have stored customer information. The company also said that email addresses and passwords may have been taken in the breach. Affected customers have been notified by email and direct mail. The company did not say if the breach was connected to a similar attack against Comcast, which led to 200,000 accounts being reset in November.

2.       Fake Tech Support scams evolve to include support, purchase history: The fake tech support scam is more than a decade old but it has now become more vicious, with  scammers having access to purchase history of the victims and other records that make them look authentic. There have been several cases reported wherein people have been getting calls from fake DELL tech support or R&D department and these scammers are able to share details that, it would seem, only Dell or perhaps its contractors would know. Once they gain trust, they remotely install malware and in some cases they have installed ransomware and tried to extract a lot of money.

3.       Former director of Basketball team (St. Louis Cardinals), pleads guilty to Cyber-Espionage charges: When an employee with the basketball team (Cardinals) quit to join a competing team (Houston Astros), he had to hand over his official laptop and password. Using a variation of this password the director accessed the employee's Astros email account and other details. He was charged with five counts of unauthorized access of a protected computer. Each conviction carries a maximum possible sentence of five years in federal prison and a possible $250,000 fine. Sentencing is set for April 11.

4.       New technique permits Trojan to be delivered via a .JPG file: Last week researchers noticed a Spam email that contained a Macro file which downloaded a Kangaroo image from C&C site. The image had the Ursnif malware appended to it, which is known to steal credentials and banking information. Hackers are always looking for new ways to fool victims and trick researchers and investigators. Their motivation is your money and they will use any means necessary to obtain user credentials and banking information. It is important to be aware of suspicious e-mails that you receive and to never open anything that you are unsure about.

5.       BBC, Trump web attacks "just the start," says hacktivist group: 'New World Hacking' has claimed responsibility for downing BBC and Trump's campaign website last week using DDoS attacks. One of the members of the group, told that the attacks were a "test of power" and server strength and their main target was ISIS. The hacktivist said the group is compiling a list of Islamic State-related targets and plans to release the list this week. Prior to these attacks, the group was involved in a number of activities, including unmasking members of the Ku Klux Klan. The group also said it was involved in the hacking of a major US retailer.

6.       Japanese Banks Targeted With New Rovnix Trojan: Researchers have begun to detect Rovnix attacks in Japan as well, hitherto a European malware. The hack begins with an email message containing the Rovnix downloader as an attachment. Recipients who click on the attachment -typically disguised as a package delivery waybill from an international transport company -end up downloading the malware. It uses a Web injection mechanism that is capable of perfectly imitating a targeted bank’s Web pages. Later, when the victim goes to a bank online - the malware will serve a page that looks and feels exactly like the bank’s actual site and steal credentials. In some cases it tries to get victims to download a malicious Android app on their smartphone so it can intercept authorization codes send via SMS by the bank.

7.       Apple, Google, Microsoft attack UK government hacking plans: Few provisions in the draft Investigatory Powers Bill would allow the intelligence and security services, police and the armed forces to hack into devices to obtain data, such as communications, when they have a warrant to do so. While the Govt. argues that these are required to intercept encrypted communications of Criminals, the tech companies have warned that the plan would be in the wrong direction which will set a dangerous precedent that would be followed by other countries and will damage trust in their services.

8.       Cloud host Linode resets user passwords after suspected hack: The company said that it found two Linode user credentials on an 'external machine', implying that usernames and passwords could have been read from its database, either offline or online. This statement came last week, after a massive distributed denial-of-service (DDoS) attack was launched  against its systems - by a 'bad actor' who purchased a large amount of botnet capacity in an attempt to significantly damage company’s business. In 2012, the accounts of eight Linode customers that held bitcoin electronic currency were compromised and roughly 40,000 bitcoins were stolen. In 2013, Linode’s web servers were accessed and the company had reset all account passwords.

9.       Social media survey results: 9% of users weren't aware that people outside their friends list could be seeing their posts on Facebook, leaving them vulnerable to identity theft and other security related concerns. This has nothing to do with Facebook or its security, but merely the ignorance of the users. There are several privacy related options on Facebook that allows users to hide their posts from those who aren't on their friends list. If you were one among the 9% mentioned above, make sure you make the changes accordingly. It is also advised to be cautious about whom you befriend and trust on in social media and never click on a link that you are not expecting.

10.   Indian hackers attack Pakistani websites as a tribute to Lt Col Niranjan Kumar: As a tribute to Pathankot terror attack martyr, National Security Guard (NSG) officer Lieutenant Colonel Niranjan Kumar, a group of Indian hackers have attacked a host of Pakistani websites last week. The Indian Black Hats hacker group has attacked more than six websites, and it is being dedicated to the officer's two-year-old daughter. However, the hackers haven't deleted the contents of the websites as it is not a cyber-war and their intention is only to give Pakistan a warning. The group had defaced Pakistani websites during seventh anniversary of 26/11 Mumbai attacks.