Issue 74 - Week of July 18th

1.       KickassTorrents — Domain names seized! owner arrested! website goes down!: Last week, The federal authorities have arrested the alleged mastermind behind the world's largest Bit Torrent distribution site KickassTorrents (KAT). After The Pirate Bay had suffered copyright infringement hardship, KickassTorrents (KAT) became the biggest and most-used pirate site on the Internet, attracting millions of daily unique visitors. How was he caught? - Authorities went undercover to buy ad slots on this site, this gave them access to an email id, the authorities then managed to access the entire mail box to figure out IP addresses and physical location.

2.       WikiLeaks releases 20,000 DNC emails: In issue 69 - we discussed about the Democratic National Committee (DNC) compromise and the hacker had been able to read all email and chat traffic. Last week, whistleblowing website WikiLeaks published more than 19,000 DNC e-mails with 8,000 attachments. Hillary Clinton was also targeted in the attack, and the hackers announced that a "series" about Hillary Clinton is coming soon.

3.       Hacker steals 1.6 million accounts from top mobile game's forum: A hacker has targeted the official forum for popular mobile game "Clash of Kings," making off with close to 1.6 million accounts. The stolen database contains usernames, email addresses, IP addresses. The hacker exploited a known weakness in the forum's software, which had not been updated or patched for long. Last week it was Ubuntu Linux Forum that was hacked for similar reasons.

4.       Cybersecurity company executives plead guilty to hacking rival firm: Five employees from UK based cybersecurity reseller Quadsys have admitted to hacking into a rival company's servers to allegedly steal customer data and pricing information. They have been arrested and are due to be sentenced in September, this could lead up to 12 months in prison or fines.

5.       Ex-Cardinal exec jailed for hacking Astros: In Issue 46, we discussed about the misuse of shared password of an employee, who was switching jobs between two basketball clubs - Cardinal and Astros. Last week, the ex-Cardinal exec was sentenced to 46 months in prison and fine of $278K.

6.       Beware! your iPhone can be hacked remotely with just a message: Last year, Android phones were under risk due to the Stagefright vulnerability. Last week, a similar bug was discovered in iPhone as well. Just one specially-crafted message can expose personal information, including authentication credentials stored in iPhone's memory. The critical bug resides in ImageIO – a API used to handle image data – and works across all widely-used Apple operating systems. The attack could also be delivered through Safari web browser. For this, the attacker needs to trick the victim into visiting a website that contains the malicious payload. Apple has patched this critical issue in iOS version 9.3.3.

7.       Hidden 'backdoor' in Dell security software gives hackers full access: Security researchers are warning Dell security management software (GMS) admins to patch their systems after finding six high-risk vulnerabilities. One of the highest-rated "critical" flaws involves a hidden default account with an easily-guessable password. Dell acknowledged the flaws affect the most recent versions of the GMS software and have issued patches to fix the bugs.

8.       Police unlock dead man's phone by 3D-Printing his fingerprint: Police in Michigan is considering 3D printing a dead man’s fingers so they could unlock his smartphone in a crime investigation using the biometric sensors. Police had this murder victim's fingerprints scanned from a previous crime and these fingerprints were used to 3D print fingers. This has the potential to be misused in the future - if criminals access high resolution pictures of a person's hand, they can hack his/her devices by 3D printing fingers.

9.       Your favorite website is under attack: Websites and web-based services are increasingly under attack. A recent report suggests that the largest number of web application attacks originate in the US. Ironically, the US is also the target for the maximum number of attacks. Along with US - UK, Brazil, India, China & Netherlands appear both in Top 10 source of attack countries as well as top 10 victim countries list. In terms of the sectors being targeted by hackers and malware, the retail industry tops the list, followed by hotel and travel, all of which involve a lot of transactions.

Spoof emails used to steal $50k from Indian media company CEO's NGO: Ronnie Screwvala, CEO of UTV runs a NGO as well. A top finance official of the NGO received an email from what appeared to be from Ronnie, asking for $50k to be transferred to a bank account, she followed the instructions. Few days later, she received another such transfer request. This time Ronnie happened to be in the NGO office, so the finance official, got suspicious and walked up to the Ronnie to confirm. This is when they realized that they had been scammed. They were quick to file a complaint and the police has recovered 60% of the money so far. ONGC had lost ₹197 Crore($30M)- in a similar unbelievably simple scam.