1.
Ashley Madison hackers released two data dumps last week. The first dump was on details of the
registered members and the second dump focused on private internal company
information. The data is leaked on various sites, but the data itself is not
easily searchable by folks who aren’t familiar with raw database files.
However, several sites have since popped up that allow anyone to search by
email address to find if an email address had an account at AshleyMadison.com.
In Canada, where Ashley Madison is based, a class-action lawsuit has been
lodged against the firm, seeking damages of up to $760 million on behalf of
Canadians whose data has been leaked online. In a spoof, the company's original
slogan 'Life is Short. Have an Affair' became "Life is short; Hire an
Attorney." Indeed, divorce lawyers maybe the only ones laughing all the
way to the bank.
2.
Retail
Giant Target suffered one of the biggest breaches in 2013. Last week, Visa and Target have reached an agreement that
reportedly will reimburse card issuers a total of up to $67 million for fraud
losses and other expenses. The breach had exposed an estimated 40 million
credit and debit cards. On Feb. 25, Target reported that its card breach cost
the retailer $252 million, with $162 million of that amount not covered by
insurance. As reported in this blog on May 31st - A proposed $19 million
settlement reached between Target and MasterCard fell apart.
3.
Microsoft issues emergency patch for all versions of Windows
"Microsoft has released an emergency out-of-band patch for a
"critical"-rated security vulnerability, affecting all supported
versions of Windows. The software giant said in an advisory Tuesday that users
visiting a specially-crafted website can lead to remote code execution on an
affected machine." The zero-day flaw (classified as CVE-2015-2502) works
by exploiting a flaw in how Internet Explorer handles objects in memory. If
successfully exploited, an attacker could "gain the same user rights as
the current user," the advisory said. Those running administrator accounts
are particularly at risk, it said.
4.
IRS breach claims 220,000 additional
US taxpayers
"The United States Internal Revenue Service (IRS) has revealed that in
excess of 220,000 taxpayers may have had their personal information accessed,
in addition to the 100,000 originally reported, as a result of a data
breach. Thieves used the IRS' "Get
Transcript" system to clear a multi-step authentication process, including
several personal verification questions that typically are only known by the
taxpayer, to access the personal taxation information of individuals.
5.
After Stagefright, Google patches
another 'high severity' bug in Android affecting Android versions 2.3 to 5.1.1, which experts say
could be used to abuse device owners' privacy. The bug, likely to be fixed in
Google's next monthly security update for Nexus devices, could allow attackers
to abuse Android's mediaserver program to spy on device owners. Unlike
Stagefright, which could be exploited simply by sending a malicious media file
to affected Android devices, in this case an attacker would need to trick
victims into installing a malicious app.
6.
A hacking group suspected of
operating from China
has had success stealing information from mostly
Indian targets, often pertaining to border disputes and trade issues. The
gang mostly uses spear phishing techniques- sending genuine looking emails from
seemingly known people to identified targets. If the target opens the email and
clicks on the link, their machine gets compromised. Some of the latest
spear-phishing emails have an attached Microsoft Word document, which contains
an exploit for a now-patched vulnerability in Word. The vulnerability is
“really ancient,” but still, it’s effective in organizations that haven’t
patched their systems. Once compromised - the attackers leverages Windows
Management Instrumentation (WMI) to explore computers and the network.
7.
Major discoveries in H1-2015: Adobe Flash vulnerabilities on the
rise; Angler dominates the exploit kit market; Emboldened by the success
Ramsomware have had - they are now investing more in development of newer and
deadlier attacks; Criminals are increasingly using TOR and I2P(Invisible
Internet Project) to avoid detection; Microsoft Macros are once again being
used to deliver malware; Some exploit kit authors are incorporating text from
Jane Austen’s classic novel Sense and Sensibility into web landing pages that
host their exploit kits. Antivirus and other security solutions are more likely
to categorize these pages as legitimate after “reading” such text; Hackers have
found ways to evade the sandbox by failing to detonate when it detects sandbox
activity; SPAM volume goes up; exploits involving Java have been on the decline
in the first half of 2015.
8.
A
white Hat Hacker claims that websites of
several leading varsities can be hacked, including that of DAVV-Indore and
Mumbai University. He said that the sensitive information like names, roll
numbers and marks of students can be altered. The hacker shared screen shots of
these databases and also showed how data can be altered. He also said that he
had contacted the universities but has not received any positive feedback from
them yet.
9.
The
website of the Karnataka State Higher
Education Council was hacked on Thursday by a group calling itself
Clinkz48. The homepage of the website (http://kshec.ac.in/) has an image of a
man laughing and holding a wine bottle saying: “Cyber Team Rocks” and the
message “Hacked by Clinkz48.” The hackers have also said: “Your data belongs to
me. F*** Your System India :P Noob!! its lol `”
No comments:
Post a Comment