Issue 90- Week of Nov 7th

1.      Tesco Bank hacked: Tesco Bank customers have had their money stolen from their accounts after the banking arm of UK's biggest retailer fell victim to a hacking attack last week. As a result of the hack, Tesco Bank had frozen online transactions for few days, while only allowing the use of credit/Debit cards. Tesco Bank has confirmed that a total of £2.5 Million was stolen from its 9,000 customers in the cyber-attack, the entire amount has been refunded to the customers. Further details of the attack are yet to be disclosed and as of now all account services have returned to normal.

2.      Websites of 7 Indian embassies hacked, database leaked: Indian embassy websites in seven different countries have been hacked, and attackers have leaked personal data, including full name, residential address, email address, passport number and phone number, of Indian citizens living abroad. This incident is extremely worrying because it involves diplomatic personnel working in the embassies that have always been a favorite target of state-sponsored hackers launching cyber espionage campaigns. Security pen-testers have claimed responsibility for the hack and apparently the reason behind the hack was to force administrators to consider the cyber security of their websites seriously.

3.      5 major Russian Banks hit with powerful DDoS attacks: Distributed Denial of Service (DDoS) attacks have risen enormously in past few months, and mostly they are coming from hacked and insecure IoT. Recently, a similar DDoS attack against DNS provider Dyn brought down a large chunk of the Internet. Researchers said more than a half of the IoT botnet devices used in this attack, were situated in the United States, India, Taiwan, and Israel. In a similar but separate incident,   a  DDoS attack through hacked IoT devices led to the disruption of the heating systems for at least two apartments in Finland, literally leaving their residents in subzero weather. It is advised to change the default settings and credentials of IoT devices and always protect the devices behind a firewall.

4.      Recruitment firm hacked: Michael Page, a global recruitment consultancy, has been hacked and a wide range of personal information on 710,000 applicants has been stolen. The company has formally admitted the attack. The leaked personal information includes full names, email address, telephone numbers, locations, sectors, job types and current positions. The company claimed in the statement that due to the nature of the data, there is limited risk of fraudulent activity, they also confirmed that no other data was compromised.

5.      Gone in 60 seconds - Google phone hacked: At the 2016 PwnFest - the brand new Android smartphone launched by Google just a few months back has been hacked by Chinese hackers in less than a minute. The team demonstrated a proof-of-concept exploit that used a zero-day vulnerability in order to achieve remote code execution (RCE) on the target smartphone. They also won $120K for this effort, Google will now work to patch the vulnerability.

6.      Hackers launch targeted Cyberattacks hours after Trump’s win: Merely a few hours after Donald Trump declared his stunning victory, a group of hackers that is widely believed to be Russian and was involved in the breach of the DNC (Democratic National Committee) launched a wave of attacks against dozens of people working at universities, think tank tanks, NGOs, and even inside the US government. It is very common for hackers to use major world events to spread malware.

7.      Facebook buys leaked Passwords from Black Market: According to Facebook's Chief Security Officer, the company buys passwords that hackers are selling in the black market and cross-references them with encrypted passwords used on their platform. Facebook then asks the users to re-think the password and change it. While Password reuse is a big cause of harm on the internet, weak passwords like '12345'/'password' add to the problem.

8.      Russian court bans LinkedIn in Russia; Facebook and Twitter could be next: According to a new Russian data protection law, foreign tech companies are required to store the personal data of its citizens within the country. As LinkedIn violated this law, it will be banned in Russia. Other bigger companies, including WhatsApp, Facebook, and Twitter, could be next on the list. Some of the companies, including Google, Apple, and Viber, have reportedly moved some of their servers to Russia. LinkedIn, which has some 5 Million users in Russia, is considering arrangements that will allow it to avoid the ban. It could also appeal against the court's decision.

9.      SWIFT Hack: Bangladesh Bank recovers $15 Million from a Philippines Casino: Part of the $81 Million stolen in February from Bangladesh bank's New York Federal Reserve account earlier this year in the wake of the major malware attack on the SWIFT interbank transfer network has been tracked down to a casino in the Philippines and has been recovered.

RIP - For a short while, Facebook killed us all: Last week, Facebook declared everyone dead, including the company's CEO Mark Zuckerberg, in a massive memorial 'remembering' profile glitch. Facebook in a statement apologized and accepted that it was a terrible error. The bug was quickly fixed. This idea of memorial was suggested as part of a recent Facebook hackathon. Facebook didn’t comment further on the what caused the glitch.