1.
iPhones are generally considered to be
safer than Android phones but the data leaked from 'hacking team' network shows
that the company used sophisticated, remotely-controllable exploits for all
major mobile platforms including iOS, Android, Windows Phone, BlackBerry and
Symbian. For the iOS, the Hacking Team tool is disguised as an innocuous
newsstand app and comes with a transparent icon that conceals its presence on
an iOS device. The attack method takes
advantage of a now-patched flaw in multiple versions of iOS that allowed
attackers to replace a legitimate application installed on an iOS device with a
malicious application so long as both the apps had the same binary identifier
or file name.
2.
OPM Wins Pwnie for Most Epic Fail at Black Hat Awards Show: One of the many categories at the Pwnie Awards is for the Most Epic Fail, with this year's nominees including the Ashley Madison and U.S. Office of Personnel Management (OPM) hacks. OPM came away with this year's Most Epic Fail award, as the hack of its systems resulted in 25.7 million Americans being at risk. The name Pwnie Award is based on the word ``pwn'', which is hacker slang meaning ``to compromise'' or to ``control'' based on the previous usage of the word ``own'' (and it is pronounced similarly).
3.
Starting from July 28th - for 7 days,
hackers used Yahoo's ad network to infect millions of computers. A group of
hackers bought ads across the Internet giant’s sports, news and finance sites.
When a windows computer visited a Yahoo site, it downloaded malware code.
Either the victims were being held at ransom until they paid money or their
browsers were being redirected discreetly to websites which paid hackers on
traffic. Yahoo acknowledged the attack but said the scale of the attack was
grossly misrepresented.
4.
Named after the life size terracotta Chinese
soldiers, China has an illegal VPN service that is used to circumvent the Great
Firewall of China. This service has over 1500 nodes in the outside world,
obtained mainly through exploiting vulnerable Windows-based servers used by
legitimate organizations. Terracotta also masks online users, which can be
invaluable to individuals in a country where activists do not prove popular
with the ruling party. Hackers have begun to exploit this and launch attacks through
these VPNs which makes it impossible to track them.
5. The Sri Lankan prime minister Ranil Wickremesinghe’s office website was hacked by a hacktivist. The hacker going with the handle of Dr.MwNs, hacked and defaced the official website of Prime Minister’s Office in Sri Lanka last Thursday.
6.
Researchers participating in the Black Hat
USA, have released details about the "Man in the cloud" attack. This
attack does not depend on any malware or stolen credentials. It instead uses
the synchronization token that is used by all cloud apps to authenticate the
user and sync files. The attacker social engineers the victim to install a
simple piece of code that creates a new synchronization token with the
attackers cloud account, it also steals the victims original synchronization
token and runs it on the attackers cloud account. Now every time the victim
uses the cloud, the files are uploaded to the attacker's cloud account, from
where it is synced to the victims cloud account.
7.
Classic case of typosquatting -
Cybercriminals hacked into the email conversations between a Marine Lines
pharmaceutical firm in Mumbai and a US company, they used the information in
the mails, created a similar ID and duped the Mumbai firm of ₹5 lakh. Through
the emails, the accused had found out that the Mumbai company had ordered for
medical equipment. They created a fake ID by flipping just one letter of the US
company’s ID.
8.
Some more news from Black Hat USA -
researchers have shown how finger prints from Android devices can be stolen and
maliciously used by hackers for the rest of Victim's life time. This "fingerprint sensor spying attack"
-- can "remotely harvest fingerprints in a large scale,", Many android
phones use Finger print sensor to login the user into the phone, hackers can
steal this image from the sensor and misuse it in a variety of ways as
fingerprints are used in mobile payments, unlocking devices, identity,
immigration, and for criminal records. Apple phones remain unaffected in this
attack as Apple encrypts the image.
9.
A new Variant of Ransomware has surfaced in
Australia, this variant can double the ransom price of decryption after a
deadline of five days. The malware can encrypt text, image, data, web,
database, video, web, backup, and other file formats. Once done, it deletes
traces of itself from the machine and leaves only the .ZIP file in the
temporary Internet files and some HTML warnings. Since the business owner did
not engage with the cybercriminal, the company lost thousands of valuable files,
including business-related databases.
No comments:
Post a Comment