1. FDIC suffers data breach: Federal Deposit Insurance Corporation (FDIC) provides
deposit insurance to depositors in US banks, it suffered a major data breach-
exposing the records of 44,000
customers. A former employee - who had legitimate access to the data -
downloaded the data to a personal device and left the corporation with the data.
An FDIC spokeswoman confirmed that the former employee has signed an affidavit
specifying no breached information was used in any form. This growing threat
from Insiders is a big worry for all CIOs whose companies handle sensitive
data.
2. Hybrid GozNym malware targets customers of 24 financial
institutions: A group of cybercriminals
have combined two powerful malware programs (Gozi ISFB Malware + Nymaim malware),
to create a new online banking Trojan (GozNym) that has already stolen millions
of dollars from customers of 24 U.S. and Canadian banks. Nymaim is a dropper
file that uses a DLL of Gozi- which is capable of injecting malicious code into
Web browsing sessions. Together they are used to steal credentials and perform
online banking fraud.
3. Cybercriminals now target tier-2 systems: With Tier 1 systems like retail banking becoming more
secure, the Cybercriminals targeting Australia are shifting their focus to
other targets where money is held and security is poor, such as payroll,
invoicing, and superannuation systems. The criminals log in to these systems
using stolen credentials, check the date of the next pay run, and log out. They
log back in just before the pay run, change employees' bank details to their
own or to accounts that they control and let the payroll run proceed.
4. Are you using Apple iPad? if yes- upgrade to iOS 9.3.1
immediately: iOS versions pervious to
this are vulnerable to 1/1/1970 bug attack. If the iPad is in untrusted Wi-Fi
network with a spoofed NTP server that sets the date as 1/1/1970, then the
iPad's software becomes unstable and causes overheating and permanently damages
the device. Fortunately this cannot happen to iPhone, as the phone depends on
GSM network for its date and time.
5. Are you using QuickTime for Windows? if yes- uninstall it
now: Two reasons why you should do it -
(i) Apple has abandoned QuickTime for Windows and it will not deliver security
updates. (ii) There are two known critical vulnerabilities that could allow an
attacker to take control of a system running QuickTime.
6. Apple v/s FBI:
After getting a third
party to hack the shooter's iPhone – Sources have confirmed that nothing
useful was found on it. In the drug dealer iPhone case, Apple resists FBI’s
call to unlock the iPhone. Apple told a federal court last week that it should
not be asked to help the FBI unlock the iPhone used by the drug dealer and that
the case would lead to "an avalanche" of similar demands if
prosecutors prevailed.
7. FBI Director puts tape over his webcam: The director admitted that he has put a piece of tape
over his personal laptop's webcam. On one hand he says 'absolute privacy hampers
the law enforcement' but on the contrary, he is doing exactly the same with his
personal webcam. However, tape on webcam cannot stop hackers or government spying
agencies from recording your voice. FBI in the past has used malware to hack
into cameras to spy on targets.
8. Petya ransomware cracked: In
issue 58, we spoke about this new ransomware that encrypts the whole
hard drive. A researcher discovered a weakness in the nasty malware's design. To
crack the malware - victims need to run a tool that extracts specific data from
the infected hard drive and upload it to the researchers password generator
tool - which will generate the decryption key for free. This is a great
solution to decrypt the infected files, but most likely, the Petya authors have
already heard about this tool and are modifying their code to disable the
solution. So, there is no guarantee the tool will continue to work
indefinitely. Regular backups and good web security solution are the best bets
against ransomware.
9. Cox investigates as employee data appears for sale on the dark web: Names, email addresses,
phone numbers, and other information relating to some 40,000 Cox Communications
employees is currently advertised on a marketplace specializing in stolen data
and computer exploits. Cox is aware of this matter and have engaged a third-party
forensic team to conduct a comprehensive investigation and are actively working
with law enforcement.
10. Online banking and plastic card-related fraud in India
increases: The incidence of ATM,
credit, debit card and net banking-related fraud has gone up by more than 35
percent between 2012-13 and 2015-16 in India, according to Reserve Bank of
India. 11,997 cases have been booked in the first nine months of 2015-16. In
Mumbai alone the credit card fraud rises 151% and it makes up 55% of cyber-crimes
this year.
No comments:
Post a Comment