Issue 79- Week of Aug 22nd

1.      Scorpene leak: The Scorpene-class submarines are developed a French company called DCNS. A former French Navy officer who quit the service in the early 1970s and worked for French defense companies for more than 30 years before becoming a subcontractor to DCNS - copied sensitive data from DCNS along with a French colleague and took it to a Southeast Asian country, where they were employed in a private company. This 22,400 page sensitive data was then stored in one of the company servers. In 2013, they both were sacked and the company found their replacement in Australia, with whom the company shared this data over the internet. Last week, the information on the Scorpene submarine and excerpts have been released by 'The Australian' newspaper.  The person plans to surrender the disk to the Australian government on Monday. Indian Defense Minister Manohar Parrikar played down the leak, saying it is "not a big worry".

2.      Apple releases 'Emergency' patch after advanced spyware targets human rights Activist: Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware was found targeting the iPhone used by a renowned UAE human rights defender. NSO Group, which sells spying and surveillance software, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists. The zero-day exploits have allowed the company to develop sophisticated spyware tools that can access the device location, contacts, texts, calls logs, emails and even microphone. Apple fixed these three vulnerabilities within ten days after being informed. Apple had recently announced a bug bounty reward of up-to US$200K.

3.      ATMs in Thailand hacked; 12 Million Baht stolen; 10,000 ATMs prone to hackers: An Eastern European gang of criminals has stolen over 12 Million Baht (approx. US$350k) from a total of 21 ATMs in Bangkok and other five provinces by hacking a Thai bank's ATM network. Hackers were able to infect the GSB (Govt. Savings Bank)'s ATM machines by inserting malware infected cards into it and then making it spew out up-to 40k Bhat for every transaction.

4.      Mail.ru forums hacked: Over 25 million accounts associated with forums hosted by Russian internet giant Mail.ru have been stolen by hackers. The databases were stolen in early August, according to breach notification site LeakedSource.com, which obtained a copy of the databases. The hackers' names aren't known, but they used known SQL injection vulnerabilities found in older vBulletin forum software to get access to the databases. In the recent past, using outdated software has led to hacking of Steam Game Forums and Clash of Kings Forums.

5.      Wildfire Ransomware code cracked: Victims of the Wildfire Ransomware can get their encrypted files back without paying hackers the ransom, after the ‘No More Ransom’ initiative released a free decryption tool. ‘No More Ransom’ runs a web portal that provides keys for unlocking files encrypted by various strains of ransomware, including Shade, Coinvault, Rannoh, Rakhn and, most recently, Wildfire. The Ransom was for 1.5 Bitcoins (1 Bitcoin = US$575) and the victims were Dutch speakers from Netherlands and Belgium. Meanwhile in India - Shri Dhanvantari Herbals - An Indian Ayurvedic pharmaceutical company based in Punjab has been hit by Ransomware.

6.      Dropbox prompts users to reset old passwords: Dropbox is asking users to change their old passwords as part of a "preventative measure". In a blog post, the file-sharing and cloud storage company called out to users who haven't changed their passwords since mid-2012, saying the login credentials are potentially at risk and should be updated. As is often the case, some people reuse their usernames and passwords across different web services, when anyone of them is compromised like LinkedIn or MySpace did, it leads to Password reuse attacks.

7.      Opera browser reports breach: The company revealed that attackers gained access to Opera Sync, a service that lets users synchronize their browser data and settings across multiple platforms. It is investigating the incident, but initially believes the attack may have compromised user data, including passwords and login names. Opera counts 350 million users across its range products with 1.7 million Sync users. The company has reset all passwords and emailed all registered Opera sync users with details.

8.      Leaked Exploits are Legit and belong to NSA- Cisco & Fortinet confirm: Last issue we discussed about the NSA hack and its leaked hacking tools. NSA was systematically spying on customers of big technology companies like Cisco, Fortinet, and Juniper for at least a decade. After a thorough investigation, Cisco confirmed the authenticity of these exploits, saying that these hacking tools contain exploits that leverage two security vulnerabilities affecting Cisco ASA software designed to protect corporate and government networks and data centers.  Fortinet, also warned of a high-risk vulnerability leaked in the NSA hack, which affects older versions of its FortiGate firewalls. The identity of the hackers-'The Shadow Brokers' is still

8.a mystery.

9.      GozNym Trojan spreads to attack German banks: Last week, Researchers confirmed that the financial malware, a Trojan discovered in April this year, has recently targeted 13 German banks and their local subsidiaries. The hybrid malware (Gozi ISFB Malware + Nymaim malware), includes an exploit kit dropper, web-injection capabilities, encryption, anti-VM, and control flow obfuscation, making the malware persistent, difficult to detect, and also very powerful. The malware sends victims to fraudulent, carbon-copy websites of financial institutions in order to lure them into parting with their online banking details.

10.   170 cyber frauds in 7 months in Visakhapatnam: In the past seven months, Vizag has registered 170 cyber fraud cases, of which 110 are related to siphoning off of money from bank accounts. The spurt in one-time passwords (OTP) frauds has left the police befuddled. “Despite several warnings, citizens fall prey to conmen and share confidential details. NIST (US National Institute of Standards and Technology) has declared -SMS-based Two-Factor Authentication (2FA), to be insecure.

Image Courtesy: The Australian

Issue 78- Week of Aug 15th

1.       NSA's hacking group hacked! Bunch of private hacking tools leaked online: Last week, unknown hackers calling themselves "The Shadow Brokers,"  hacked into NSA (US Intelligence agency)-- and dumped a bunch of its hacking tools (malware, private exploits, and hacking tools) online. The hackers are offering to sell more private "cyber weapons" to the highest bidder. The files mostly contained installation scripts, configurations for command-and-control (C&C) servers, and exploits allegedly designed to target routers and firewalls from American manufacturers. Last year, a company called Hacking Team was hacked and its tools were similarly leaked.

2.       Retailer says point of sales system was infected with malware: US retailer Eddie Bauer had said that hackers may have accessed customers' payment card information after infecting its point-of-sale systems with malware. The company says it's in the process of identifying customers whose payment information may have been stolen and will notify those who've been affected and is also working with payment card networks so that they can coordinate with card issuing banks to monitor for fraudulent activity. Wendy’s is the another recent example of such PoS attacks.

3.       Insider attack at Sage: Last week, Sage - a provider of accounting and business software for companies worldwide, admitted to a data breach caused by someone accessing internal systems with employee credentials rather than an external cyber attacker. A female Sage employee has been arrested from London Airport, following the data breach which may have exposed information belonging to hundreds of business customers. Cyber-attacks are on the rise, and now, businesses not only have to deal with the threat of external attackers but insider threats as well. According to experts, 55 percent of all corporate cyber-attacks are either caused by malicious employees or through accidental, human error on the inside.

4.       Another site hacked because it was not patched: DLH.net which provides Steam game related news, reviews, cheat codes, and forums, was breached using a known vulnerability found in older vBulletin forum software, which powers the site's community. The data stolen from the forum includes full names, usernames, scrambled passwords, email addresses, dates of birth, join dates, avatars, Steam usernames, and user activity data. The company is denying any breach though it is asking its users to change their passwords. “Clash of Kings” forum was hacked recently for similar reasons.

5.       Ransomware in Ranchi: Ransomware has become a modern form of extortion, with a small town like Ranchi reporting more than 3 dozen Ransomware cases in the past fortnight. Till date, the victims have been automobile companies, Software consultants providing services to the Govt. of Jharkhand, Medical establishments and few small wholesale traders. In its advisory, the Govt. of India  has advised not to pay ransom, as it doesn't guarantee the release of the files. Affected users should report such instances of fraud to computer emergency response team (CERT) and law agencies. India continues to be one of the top Victim countries and last week the Finance minister revealed that a major attack on the public banking system in India was averted. In May this year - there was a major Ransomware attack in Maharashtra’s Mantralaya. Other news from India - Websites of Sagar university and Goa Institute of Management were defaced by Pakistani hackers.

6.       Clinton Foundation suspected to have been hacked: Bill and Hillary Clinton's charitable foundation hired experts to examine its data systems after seeing indications they might have been hacked. Though no message or document hacked from the New York-based Clinton Foundation has surfaced in public, Democrats are worried that leaked info may be used to attempt damage the campaign. The hack is very similar to the techniques used in the DNC hack and DCCC hack.

7.       'Massive' Locky Ransomware campaign targets hospitals: A 'massive' cybercriminal campaign is targeting hospitals with the notorious Locky Ransomware and is using a new technique in an effort to infect systems with the file encrypting software. Hospitals are an appealing target for cybercriminals to infect with Ransomware not only because of the crucial role of IT in healthcare, but also because the data held by hospitals is so vital. Earlier this year a Los Angeles hospital paid a $17,000 Bitcoin ransom after a Locky infection took down its network.

8.       VeraCrypt security audit is being spied upon: VeraCrypt is an open-source freeware utility used for on-the-fly encryption. OSTIF (The Open Source Technology Improvement Fund) announced at the beginning of this month that it had agreed to audit VeraCrypt independently. Last week, the OSTIF announced that its confidential PGP-encrypted communications with the auditors were mysteriously intercepted and it suspects some outsiders are attempting to listen in on and/or interfere with the VeraCrypt security audit process.

9.       Post Bitfinex hack; Bitcon.org is worried: Recently, Hong Kong based crypto currency exchange-Bitfinex, was hacked resulting in a loss of around $72 Million worth of Bitcoins. Last week, Bitcoin.org, the website that hosts downloads for Bitcoin Core, posted a message on its website warning users that the next version of the Bitcoin Core wallet, one of the most popular bitcoin wallets used to store bitcoins, might be replaced with a malicious version of the software offered by government-backed hackers. The advisory also went on to say that one should securely verify the signature and hashes before running any Bitcoin Core binaries.

10.   Chat service can be hacked: Omegle is a free online chat website that allows users to socialize with others without the need to register. The service randomly pairs users in one-on-one chat sessions where they chat anonymously. The anonymity encourages users to talk dirty and sometimes share identifiable info. Unfortunately, the chat conversations are recorded and stored on their servers. An Indian bug bounty hunter, found a way to hack into these servers to access these conversations. One should be careful with what identifiable information you are sharing over such online service while chatting with strangers. The more personal information you share, the more chances there are for others to blackmail or misuse the information.

Issue 77- Week of Aug 8th

1.       Data Breach — Oracle's Micros payment systems hacked: Oracle has confirmed that its Point-of-Sale (MICROS) division has suffered a security breach. Hackers had infected hundreds of computers at the division, infiltrated the support portal used by customers, and potentially accessed sales registers all over the world.  It is likely that hackers installed malware on the troubleshooting portal in order to capture customers' credentials as they logged in. These usernames and passwords can be used to access customer accounts and remotely control their MICROS point-of-sales terminals. POS terminals have emerged as the favorite target for cybercriminal gangs- Two of the best-known victims to be hit by POS malware are Target and Home Depot.

2.       DNC hacker leaks personal info of nearly 200 Congressional Democrats: The hacker behind the DNC hack has claimed responsibility for hacking into the Democratic Congressional Campaign Committee (DCCC) as well. Last week, to prove his claims, the hacker dumped a massive amount of personal information belonging to nearly 200 Democratic House members onto his blog. The dumped data also contains passwords to access multiple DCCC accounts. The hacker goes by the name Guccifer 2.0

3.       Pune based Indian Manufacturing Co. loses $175k: Very similar to the modus operandi of ONGC scam, hackers send an email to Kinetic Electrical Company that looked like, it had originated from its Taiwan based supplier (Typosquatting). The fake email informed the company about supplier's new bank account and asked the next advance payment to be transferred to new account. Pune company officials promptly transferred $175k (1.18 Crore) to the account and were waiting shipment. After three months when the shipment did not arrive they called Taiwan to realize the scam. Ronnie Screwvala's NGO lost $50k recently in similar fashion. Finance and purchase departments should call the recipients of funds (Suppliers or CEO) whenever there is bank change request. This hack is also called BEC - Business Email Compromise.

4.       Pakistan-based hacker defaces Canara Bank site, tries to block e-payments: According to a statement issued by Canara bank, a Pakistani hacker defaced the bank’s home page and also tried to block certain online transactions but failed to access any data or transactions. Within hours of the attack, the Reserve Bank of India, alerted all banks to double check the SWIFT payments. With the recent $81 Million hack on Bangladesh bank - one should not take any chances.

5.       United Airlines pays bug bounty in Air Miles: Two computer hackers have earned more than 1 Million frequent-flyer miles each from United Airlines for finding and reporting multiple security vulnerabilities in the Airline's website. Last year - United Airlines had rewarded 1 Million Air Miles to a vulnerability researcher for identifying remote  code execution (RCE) vulnerabilities in its web properties. Many companies including Apple, Twitter, Pentagon, Pronhub etc offer bug bounties.

6.       Blackhat Firm Offers $500,000 for Zero-day iOS Exploit; Double Than Apple’s Highest Bounty: Issue 76, we discussed Apple's $200k bug bounty Reward. A blackhat company is now offering more than double Apple's maximum payout for zero-day vulnerabilities affecting the newest versions of iOS 9.3 and above. Last year, a security firm paid $1 Million to a group of hackers for an iPhone hack. The zero-day market has long been a lucrative business because governments, law enforcements, criminals, and the private sector shop for zero-days. In recent times, we have seen FBI paying more than $1M to hack into a terrorist's phone.

7.       Over 900 Million Android Phones vulnerable to new 'QuadRooter' attack: A high security alert for Android devices was issued last week. Dubbed "Quadrooter," the set of four vulnerabilities discovered in devices running Android Marshmallow and earlier that ship with Qualcomm chip could allow an attacker to gain root-level access to any Qualcomm device. An attacker needs to trick a user into installing a malicious app to exploit one of the four vulnerabilities which will give the attacker full access to the device, including its data, camera and microphone. Last year, 1 Billion Android phones were under risk due to the Stagefright vulnerability. Users getting their Android OS updated is a messy affair as it involves Google, Device manufacturer and Telcos.

8.       Linux TCP flaw allows Hackers to hijack Internet traffic and Inject Malware remotely: Linux is used widely across the Internet, from web servers to Android smartphones, tablets, and smart TVs. Researchers have uncovered a serious Linux flaw, which if exploited, could allow attackers to terminate or inject malware into unencrypted communication between any two vulnerable machines on the Internet. The flaw resides in the design and implementation of the Request for Comments: 5961 (RFC 5961) – a relatively new Internet standard that's designed to make commonly used TCP more robust against hacking attacks.

9.       Car Thieves can unlock 100 Million Volkswagens with a simple wireless hack: Every car that Volkswagen group has sold since 1995 can be unlocked using a simple $40 device. The device first listens to the rolling code values used by keyless entry systems whenever the driver presses the key fob's buttons. These codes along with the cryptographic key that was extracted from the Volkswagen network, are used to clone the key fob and access to the car. In past 20 years, only four common keys are used in all the 100 Million cars sold by Volkswagen.

New hack uses Hard Drive's noise to transfer stolen data from Air-gapped Computer: For security reasons, many super sensitive networks like that of Defense and research organizations have computers that are not connected to internet (Air-Gapped computers). Now, researchers have devised a new method to steal data from such Air Gapped computers. The first step is that such computers are infected with a malware which is capable of transmitting data like passwords, cryptographic keys, etc, via covert Hard Drive noise. The malware manipulates the movements of the Hard drive coil in very specific way to generate acoustic noise (like morse code) that is interpreted into binary data using a smartphone app from six feet away.

Issue 76 - Week of Aug 1st

1. Telegram Hacked: Reuters and several media outlets are reporting that the phone numbers of 15 Million Telegram users in Iran have been compromised by Iranian hackers exploiting a SMS text message flaw. The attack targeted Telegram’s one-time SMS activation and not its end-to-end encryption. Telegram sends an SMS with a verification code to users who want to log in to the app from a new device. The SMS can be intercepted by phone companies and sold to hackers who can then access the user’s contact list and archived messages. 'SMS Interception' is not a Telegram's vulnerability. Such attack can be used against any messaging app, like Whatsapp and Viber, whose registration is based upon SMS-based verification mechanism. No wonder that many experts are predicting possible end of SMS-based 2-Factor Authentication.

2.       Bitcoin exchange 'Bitfinex' hacked: Hong Kong-based Bitcoin exchange 'Bitfinex' has posted a note on their website announcing the shutdown of its operation after discovering a security breach that allowed an attacker to steal bitcoins worth $72 Million. The cause of the security breach and the hacker behind the incident is still unclear. After the news of the hack had broken on August 2, the price of Bitcoin dropped almost 20%. Maybe, it is safer to store cryptocurrency in an offline wallet; instead on any website or cryptocurrency exchange.

3.       Hacker Selling 200 Million Yahoo Accounts On Dark Web: A hacker who calls himself Peace, who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web. The leaked database includes usernames, MD5-hashed passwords and date of births. In some cases, there is also the backup email addresses used for the account, country of origin, as well as the ZIP codes for US users. This can increase the 'Password reuse attacks', it is high time users change their online passwords and have different passwords for different accounts.

4.       Pokémon GO creator's Twitter account hacked: After hacking the Twitter account of Google's CEO, Facebook's CEO, Twitter's CEO, Twitter's ex-CEO, Oculus CEO, Ourmine last week hacked Pokemon GO creator's Twitter account. Over 1 billion passwords are now available on the net after the high volume dumps from Yahoo, LinkedIn, MySpace, Tumblr and VK.com. Ourmine is believed to be reusing these passwords to hack well known people.

5.       Torrentz.eu shuts down forever! End of biggest Torrent search engine: Over two weeks after the shutdown of Kickass Torrents and arrest of its admin in Poland, the world's biggest BitTorrent meta-search engine Torrentz.eu has apparently shut down its operation. The surprise shutdown of Torrentz marks the end of an era. Torrentz.eu was a free, fast and powerful meta-search engine that hosted no torrents of its own, but combined results from dozens of other torrent search engine sites including The Pirate Bay, Kickass Torrents and ExtraTorrent.

6.       Hack Apple & get paid up to $200k bug bounty Reward: Last week, Apple announced at the Black Hat security conference that the company would be launching a bug bounty program to pay outside security researchers and white hat hackers privately disclose security flaws in the company's products. This decision comes in the wake of the recent Apple v/s FBI court case. Apple joins a long list of companies offering bug bounty programs, the list includes  – Fiat, MIT, Uber, General Motors, Pentagon. PornHub and Twitter paid bug bounty recently.

7.       Your battery status is being used to track you online: In HTML5, a feature called Battery Status API, was introduced. The API is intended to allow site owners to see the percentage of battery life left on a laptop, tablet, or smartphone in an effort to deliver an energy-efficient version of their sites. Some companies (like a famous taxi hailing app), analyze and monetize this access by charging differently for different levels of battery life. A person with low battery is likely to accept a higher price for a ride than a person with full battery life.

8.       Flaws hit HTTP/2 Protocol that could allow Hackers to disrupt servers: HTTP/2.0 which is used by nearly 10% of the websites, is a major revision of the HTTP network protocol. It was originally developed by Google. It has been around for four months now and last week in the Black Hat conference, researchers revealed four flaws in the HTTP/2 protocol. These vulnerabilities allow attackers to slow down the web servers. All the four vulnerabilities have already been fixed.

9.       This ATM hack allows crooks to steal money from chip based cards: A team of security engineers at Black Hat USA 2016 conference in Las Vegas demonstrated how a small and simple modification to ATM would be enough for attackers to bypass the Chip-and-PIN protections and enable unauthorized transactions. A device called Shimmer is added to the ATM, which can read data from the card as the ATM reads and transmit the data to the hacker's smartphone enabling replication of the cards. We believed the chip based EMV cards are secure but that now stands shattered.

10.   Ransomware attack on Delhi based Diagnostic Centre: A Diagnostic Centre in the national Capital of India was recently targeted by unknown hackers, who gained illegal access to the Diagnostic Centre and encrypted its data. A Ransom of $1300 was demanded. The cyber cell of CBI has registered a case. Most of the times- Ransomware gains entry when users open links in spam or phishing emails. Training users, regular backup and good web security solution will help against such attacks. According to a leading cyber security firm - Nearly 40% of enterprises were hit by Ransomware last year.