1.
Android phones can be hacked with a text,
over 1 Billion devices at risk. A Critical flaw resides in the 'Stagefright'
component of Android OS, which is used by Android to process, record and play multimedia
files. To improve user experience any video file that is received by the OS is
automatically downloaded and kept ready for play back to the user, this feature
makes this vulnerability even more dangerous as hackers can hack any Android
device without depending on any action on part of the user. They have to just
send a text and hack the device. Researchers have discovered a method of
hosting this exploit on a webpage and infecting the visitors. Google has
delivered a patch for Stagefright attack but given the shaky history of handset
manufacturers and carriers rolling out security patches, it is not known how
long the companies will take to update vulnerable Android devices. Till then, the
users can protect themselves by turning off MMS auto-retrieval and using 3rd
party patched apps to view MMS.
2. Update on Auto hack - Chrysler has recalled
1.4 Million jeeps to fix the software issues, the company is being criticized for providing an option to send USB sticks to customers
that will fix the issue. There is always a possibility of customer not doing it
the right way or the sticks getting infected with new bugs during transit by malicious
actors. Another Security researcher revealed a kit last week that makes it
possible to track, remotely unlock and start the engine of GM vehicles that run
the OnStar connected car system. He calls his kit - OwnStar.
3.
Massachusetts General Hospital recently
notified 648 patients that their names, lab results and Social Security numbers
may have been exposed in May 2015 when an employee sent an email containing the data to
the wrong email address by mistake. To help prevent this from happening again,
the hospital will need to update their processes, re-educate their workforce
and invest in a world class Data Theft Prevention technology.
4.
Last week witnessed Windows 10 being
released, followed by overblown FUD reports of Wi-Fi Sense being a potential
security concern and finally the week ended with reports that Wi-Fi Sense not
being a security risk. The option to allow Internet sharing is enabled by
default but only for networks that the user chooses (like Outlook contacts,
Skype contacts, Facebook friends). If any one of these networks are selected
then the Wi-Fi Sense only shares Internet access. It doesn't allow any access
to local resources or personal files.
5.
Hackers and malicious actors are increasingly
targeting online ad networks as a means to infect users, more than half of
these "malvertising" (Malware + Advertising) attacks originate from
news and entertainment sites that inadvertently display infected online ads.
Attackers buy ads from online advertising companies and insert Exploit Kits in
these ads, which in turn help the hackers profile the victim’s machine and
launch the malware payload (Dropper file). The hosting websites cannot be
blamed completely as Ads are their key revenue model and it is impossible for
them to check all the ads, though they try to limit third party code running on
their sites.
6.
"National defense is too important to
leave to the military", is a famous quote - this also applies to
Cybersecurity. The IT team manages data on the frontlines but the impact of a
data theft is very severe most of the times and it is advisable for the Board
to get involved from the scratch. For many in the Board, cybersecurity is very
formidable and the best way to overcome is by investing in a "Right
Cybersecurity partner".
7.
White hat hackers are usually rejected and sometimes
even threatened by Indian firms, this is now gradually changing. After the
recent hacks of Ola cabs, Zomato and Ganna.com, where hackers publicly pointed
to flaws, some Indian firms are finally following in the footsteps of US bigges
by allowing ethical hackers to test their security systems for bugs. At stake
are cash rewards and career boosts. Ola now pays minimum of ₹ 1000 for bugs with no upper limit for
complex bugs, Indians identified the largest number of valid bugs in the last
two years for Facebook, which paid an average of $1343 per bug in 2014.
8.
Indian companies are increasingly suffering
huge losses due to rising cyber-attacks that leads to interruption of business
and loss of customer data. However, with only 100-150 policies covering 'cybercrime
liability insurance' being sold in the country, majority companies are
inadequately protected against the growing menace. A typical cybercrime policy
can take care of monetary loss arising out of the loss of financial data,
hacking leading to business interruption, loss of customer data, bank data and
patient data. BPOs and the software companies are the top buyers and mostly at
the insistence of their foreign clients.
9.
On the dark web’s marketplaces, the full
set of someone’s personal information—identification number, address,
birthdate, etc.—are known as “Fullz.” Each Fullz has a market price ranging
from $1 to $450, The median price for someone’s identity is $21.35. Fullz are
generally used to make fraudulent Credit card transactions, Online transfers,
Phone banking, Fake insurance claims, etc. The below screen shot is from the
Dark web:
No comments:
Post a Comment