Issue 89- Week of Oct 31st

1.      Medical procedures cancelled after network attack: Hundreds of planned operations, outpatient appointments, and diagnostic procedures have been canceled at multiple hospitals in Lincolnshire, England, after a "major" computer virus compromised the National Health Service (NHS) network last week. Some patients, including major trauma patients and high-risk women in labor, were diverted to neighboring hospitals. Although the majority of systems are now back and working, the NHS Trust has not provided any specific information about the sort of virus or malware or if it managed to breach any defense. Issue 52 -  we discussed the Ransomware attack in which Hospital paid hackers $17,000 in Bitcoins.

2.      Hack attacks cut internet access in Liberia: A small African country - Liberia, has been repeatedly cut off from the internet by hackers targeting its only link to the global network. Experts said the same group that caused world-wide disruption recently is behind this hack. Mirai botnet have been used in this attack and vulnerable IoTs continue to be misused to launch massive DDoS attacks. Most IoT users are unaware that a simple step like changing default password can go a long way in making the world far more secure that it is now. The other steps can be disable universal Plug and Play (UPnP) & remote management thru’ Telnet.

3.      Hacker providing DDoS-for-Hire service arrested: A 19-year student created a tool called ‘Titanium Stresser’- that offers DDoS as a service. The tool was used to launch hundreds of attacks between Dec'13 to Mar'15 and also earned him $385K. The hacker was arrested in 2015 and will be sentenced in Dec'16.

4.      Microsoft fires back at Google for Windows 0-Day disclosure: Microsoft says Google's disclosure last week of a zero-day security vulnerability in Windows prior to a patch being issued put users "at increased risk." The flaw, which Google revealed under its policy of reporting bugs after 7 days if they haven't been fixed. The bug is a local privilege-escalation flaw in the Windows operating system kernel that can be used to bypass a security sandbox. Some of the hacker groups have been spotted exploiting this bug already.

5.      Cisco job applicants warned of potential mobile site data leak: Users of Cisco's Professional Careers mobile site, mjobs.cisco.com, have been warned of a potential leak of their data, which the networking giant is pinning on an incorrect security setting. Cisco said the impact was restricted to a "limited set of job application-related information", however the personal data that could have been exposed included name, address, race, gender, veteran status, disability status, username, password, answers to security questions, education, professional profile, cover letter, and resume text.

6.      Tracking cell-phones using Wi-Fi: A controversial cell phone spying tool, known as  ‘IMSI catchers’, is used to track and monitor mobile users by mimicking a cellphone tower and tricking their devices to connect to them. Sometimes it even intercepts calls and Internet traffic, sends fake texts, and installs spyware on a victim's phone. In a presentation at BlackHat Europe, researchers have demonstrated a new type of IMSI catcher attack that operates over WiFi, allowing anyone to capture a smartphone's IMSI number within a second as the users' pass by. The captured IMSI would then allow attackers to track the user's movements. Mobile manufactures have begun working to ensure the future protection of the IMSI number.

7.      MalwareMustDie spotted a new IoT Linux/IRCTelnet malware: Security researchers at MalwareMustDie have discovered a new malware family designed to turn Linux-based insecure Internet of Things (IoT) devices into a botnet to carry out massive DDoS attacks. Dubbed ‘Linux/IRCTelnet’, the nasty malware is written in C++ and, just like Mirai malware, relies on default hard coded passwords in an effort to infect vulnerable Linux-based IoT devices. The malware works by brute-forcing a device's Telnet ports to infect it, which then connects to a malicious IRC channel and reads commands sent from a command-and-control server.

8.      XSS flaw that places millions of websites at risk: An XSS vulnerability discovered on the Wix.com platform is putting millions of websites and their users at risk of attack. The website hosting provider, which provides free drag-and-drop website building tools, hosts millions of websites with 87 million registered users -- and all of which are currently vulnerable to an XSS bug which can be utilized by attackers to create worms capable of taking over administrator accounts. This, in turn, gives attackers full control over websites. A Spokesperson from Wix has confirmed that the issues have now been addressed.

9.      OAuth 2.0 - can be hacked to hijack mobile apps: OAuth 2.0 is an open standard for authorization that allows users to sign in for other third-party services by verifying existing identity of their Google, Facebook or other accounts. So, when a user wants to log into a travel app, he can request Facebook to authenticate him. Facebook sends a 'Access Token' to the user which is forwarded to the travel app. Now Researchers have found a loophole - the hacker can download the travel app, change the username to the person he wants to hack and request for the token from Facebook and get access to the user's data on the travel app. The Researchers presented their research paper at BlackHat Europe conference last week.

10.   Jharkhand emerges hotbed of low-tech cyber-crimes: Jamtara, a predominantly tribal district in Jharkhand is one of the biggest centers of organized cyber-crime in India. As per estimates, close to 150 gangs are involved in developing cyber fraud as a cottage industry. There are training centers in Jamtara, where for as low as ₹7000 ($100) for a four day training - hackers are taught to make fake phone calls, mostly in the guise of a bank employee, and seeking information like the CVV or ATM pin for urgent account verification. This is followed by prompt illegal transfer of money. There are also cases of card cloning and Ransomware.