Sunday, August 9, 2015

The World this week..(Week of Aug 3rd)

1.       iPhones are generally considered to be safer than Android phones but the data leaked from 'hacking team' network shows that the company used sophisticated, remotely-controllable exploits for all major mobile platforms including iOS, Android, Windows Phone, BlackBerry and Symbian. For the iOS, the Hacking Team tool is disguised as an innocuous newsstand app and comes with a transparent icon that conceals its presence on an iOS device.  The attack method takes advantage of a now-patched flaw in multiple versions of iOS that allowed attackers to replace a legitimate application installed on an iOS device with a malicious application so long as both the apps had the same binary identifier or file name.

2.       OPM Wins Pwnie for Most Epic Fail at Black Hat Awards Show: One of the many categories at the Pwnie Awards is for the Most Epic Fail, with this year's nominees including the Ashley Madison and U.S. Office of Personnel Management (OPM) hacks. OPM came away with this year's Most Epic Fail award, as the hack of its systems resulted in 25.7 million Americans being at risk. The name Pwnie Award is based on the word ``pwn'', which is hacker slang meaning ``to compromise'' or to ``control'' based on the previous usage of the word ``own'' (and it is pronounced similarly).

3.       Starting from July 28th - for 7 days, hackers used Yahoo's ad network to infect millions of computers. A group of hackers bought ads across the Internet giant’s sports, news and finance sites. When a windows computer visited a Yahoo site, it downloaded malware code. Either the victims were being held at ransom until they paid money or their browsers were being redirected discreetly to websites which paid hackers on traffic. Yahoo acknowledged the attack but said the scale of the attack was grossly misrepresented.

4.      
Named after the life size terracotta Chinese soldiers, China has an illegal VPN service that is used to circumvent the Great Firewall of China. This service has over 1500 nodes in the outside world, obtained mainly through exploiting vulnerable Windows-based servers used by legitimate organizations. Terracotta also masks online users, which can be invaluable to individuals in a country where activists do not prove popular with the ruling party. Hackers have begun to exploit this and launch attacks through these VPNs which makes it impossible to track them.


5.       The Sri Lankan prime minister Ranil Wickremesinghe’s  office website was hacked by a hacktivist. The hacker going with the handle of Dr.MwNs, hacked and defaced the official website of Prime Minister’s Office in Sri Lanka last Thursday.

6.       Researchers participating in the Black Hat USA, have released details about the "Man in the cloud" attack. This attack does not depend on any malware or stolen credentials. It instead uses the synchronization token that is used by all cloud apps to authenticate the user and sync files. The attacker social engineers the victim to install a simple piece of code that creates a new synchronization token with the attackers cloud account, it also steals the victims original synchronization token and runs it on the attackers cloud account. Now every time the victim uses the cloud, the files are uploaded to the attacker's cloud account, from where it is synced to the victims cloud account.

7.       Classic case of typosquatting - Cybercriminals hacked into the email conversations between a Marine Lines pharmaceutical firm in Mumbai and a US company, they used the information in the mails, created a similar ID and duped the Mumbai firm of ₹5 lakh. Through the emails, the accused had found out that the Mumbai company had ordered for medical equipment. They created a fake ID by flipping just one letter of the US company’s ID.

8.       Some more news from Black Hat USA - researchers have shown how finger prints from Android devices can be stolen and maliciously used by hackers for the rest of Victim's life time. This  "fingerprint sensor spying attack" -- can "remotely harvest fingerprints in a large scale,", Many android phones use Finger print sensor to login the user into the phone, hackers can steal this image from the sensor and misuse it in a variety of ways as fingerprints are used in mobile payments, unlocking devices, identity, immigration, and for criminal records. Apple phones remain unaffected in this attack as Apple encrypts the image.


9.       A new Variant of Ransomware has surfaced in Australia, this variant can double the ransom price of decryption after a deadline of five days. The malware can encrypt text, image, data, web, database, video, web, backup, and other file formats. Once done, it deletes traces of itself from the machine and leaves only the .ZIP file in the temporary Internet files and some HTML warnings. Since the business owner did not engage with the cybercriminal, the company lost thousands of valuable files, including business-related databases.

No comments:

Post a Comment