Sunday, December 25, 2016

Issue 96- Week of Dec 19th - Merry Christmas


1.      Gigantic ad fraud: A group of Russian hackers are believed to have built a bot called 'Methbot' that can automatically generate ad views resulting in $3 to 5Million of revenue per day for themselves. To make things look real - the bot is capable of spoofing faked clicks, social network login information, and mouse movements. The hackers run fake websites hosted in Dallas / Amsterdam to run real ads, the bots generate fake traffic and fool the ad world.

2.      Power outage in Ukraine - hackers suspected: Last weekend - Russian hackers are suspected to have downed the power station in Ukraine rendering half of its capital powerless. The power station was switched to manual mode and power was restored within 75 minutes. Over the last month - hackers have been attempting the disrupt the energy and financial infrastructure of Ukraine.

3.      Alice malware makes ATM's spit cash: Crooks with physical access to ATMs can insert this malware called 'Alice' into the ATM via USB. The crooks also connect a keyboard to authenticate and run their malware which will empty all the cash in the ATM. Issue 79 - we discussed Thailand ATM hack and in Issue 92 - the European ATM hacks.

4.      Post the Russian Ambassador's killing: After the Ambassador was shot dead by an off-duty police man, conflicting reports in the media have emerged which claim that Apple has been approached by Turkey/Russia to break the police Man's iPhone 4s. Some reports claim Apple has not been approached. FBI had approached Apple in the San Bernardino's attack resulting in the famous Apple V/s FBI case.

5.      Android malware found in Ukraine links Russia to DNC hacks: An Ukrainian artillery officer developed an App that could expedite the processing of targeting data for D-30 Howitzers. A Russian hacker group called Fancy bear managed to insert its malware into this app, thereby compromising the location of the officers and Howitzers. The same group was held responsible for the DNC hack in the US, earlier this year.

6.      Free Ransomware alert tool: A free tool called 'Ransomfree' has been released which is capable of alerting the user to take action just before the Ransomware starts to encrypt the files. The tool currently works for Windows. A similar tool for Mac called 'Ransomwhere?' was built by a researcher in April this year.

7.      Flaws in In-flight entertainment system detected: A researcher has found holes in the Panasonic Avionics in-flight system that is used in planes run by 13 major airlines. Using these vulnerabilities hackers can spoof flight information like map routes, speed statistics, altitude values, and access credit card information of frequent filers that is stored in the automatic payment system. In 2015 - a cybersecurity researcher Chris Roberts caused an airplane's engine to climb after hacking its software.

8.      NSA hack was insider job: Issue 78 - we discussed the NSA hack by 'The Shadow Brokers' group which dumped several NSA hacking tools online. Last week an Intelligence report suggests that this was an insider job rather than outside hack. A rogue NSA insider just handed over the tools to 'The Shadow Brokers'. It is important for sensitive organizations to have tools that can monitor and block insider threats.

9.      Security and demonetization: There is widespread increase in digital transactions across India, which is moving towards a 'less cash' society. The Security challenges are now being discussed and addressed at various levels. The other challenges and the areas that need to be immediately addressed are Internet speeds, bandwidth. India also tops the world in terms of Ransomware attacks with almost no hacker being convicted to date. The investigations into recent big hacks in India - 3.2M debit card details stolen or Legion attacking Twitter accounts - have yielded no results yet.

16 Going on 17 (2017): From a cyber security perspective - 2016 was bad and it now appears that 2017 will be worse. After having supposedly influenced the US elections - hackers have apparently set their eyes on the upcoming German elections. 2017 not safe for ordinary folks either, Artificial intelligence and autonomous hacking machines are being built that will actively and rapidly seek vulnerabilities and exploit them. Human security operations will be outdone by AI.


Sunday, December 18, 2016

Issue 95- Week of Dec 12th


1.      Yahoo admits that 1 Billion accounts were hacked: Issue 83 - Yahoo had confirmed that personal data from 500m accounts was stolen in 2013, now Yahoo has admitted that the figure is 1 Billion accounts. It is now also being reported that this data was sold in Aug for $300k. This can potentially result in 'Password Reuse Attacks', kindly do not use same password across all your internet accounts.

2.      Ashley Madision fined $1.66M: Infidelity website Ashley Madison, was hacked in July 2015 and 36 million user records were leaked on the internet resulting in several cases of blackmail and suicides. The investigation that followed the leak revealed that the company had created several fake female profiles to lure men and also did not fully delete records even though it charged $20 for a 'full deletion'.

3.      Accidental data leak at Ameriprise: Ameriprise is financial services company based in the US. A Researcher while doing random scans on Shodan search engine spotted an Ameriprise advisor's internet facing unsecured backup drive which was set to sync with his primary backup drive at his office. This exposed Investment portfolios worth millions of dollars & Personal data of 320 clients. Shodan is a search engine that can scan the internet for open and unsecured databases and devices.

4.      Kickass Torrents bounces back to life: Issue 74 - the Domain names of Kickass Torrents(KAT) was seized, owner was arrested and the site went down. Last week, a bunch of dedicated ex-KAT staffers came together and put together a forum called Katcr.co. This group has now bought back the Torrent site to life. The new site starts from scratch and is a clone of the original site.

5.      JPMC hacker arrested: Issue 38 - U.S. had charged three Israelis for the huge JPMC cyber-fraud. Two of them were arrested in Israel in 2015 and the third hacker was arrested in JFK airport last week when he flew in from Russia to face trial. The hackers manipulated their access to the JPMC clients with misleading stock pitches and profiteering from it. The famous Preet Bharara, is the US Attorney for this case.

6.      Ubuntu’s crash report tool vulnerable: A Cyber Researcher has discovered and privately reported a critical vulnerability to the Ubuntu team. He found that he could inject code into the OS's crash file handler by crafting a crash file that, when parsed, executes arbitrary Python code. This Remote Code Execution affects Ubuntu Linux installations Ver. 12.10 (Quantal) and later. Ubuntu users are advised to patch their systems ASAP.

7.      MacOS Filevault 2 can be hacked in 30 seconds: A researcher has demonstrated that if he could get physical access to a Mac, he can hack the password in 30 seconds, using a $300 device dubbed ‘PCILeech’. There are 2 weakness that the researcher exploited - 1. Mac system protects itself against Direct Memory Access (DMA) only after it is booted & 2. the decryption password is stored in clear text. The researcher re-booted the Victim's Mac and in 30 seconds he could access the password. This issue is fixed in the latest (10.12.2) Ver.

8.      NSA tools put on direct sale, Auction abandoned: Issue 78 -  Shadow Brokers hack NSA's hacking group and put the hacking tools on Auction. The hackers are now offering these tools on a direct sale in the price range of 1 -100 bitcoins.
8. A probe by NSA on how the tools were lost concluded that it was a mistake by an agent who left it behind during an operation.

9.      Exploit kit called DNSchanger is back: Similar to the Stegano Malvertisement discovered recently, researchers have discovered another malware that spreads via Malvertising called ‘DNSChanger’. The key difference however in this attacks is the exploit kit spreads thru a Malvertisement but the dropper file (actual malware) affects the router rather than the browser. The malware changes the DNS entries in the router from the ones provided by the ISP to the Malicious servers that are controlled by hackers. With this the attackers can redirect traffic, inject ads and install other malware. Users can mitigate this risk by not using default passwords on routers.

Legion's exploits in India: Legion continued its attacks in India by claiming to have hacked accounts of 74000 Chartered Accountants, government emails hosted on Sansad.nic.in and the server of Apollo Hospital in Chennai. Legion has said that the 'Banking System' in India is deeply flawed and has been hacked several times in the past. It claims it has access to 40,000 servers in Indian Banks and can paralyses the system.




Sunday, December 11, 2016

Issue 94- Week of Dec 5th


1.      NDTV and Vijay Mallya hacked: Days after a hacking group called Legion hacked Rahul Gandhi and INC's Twitter accounts, they went on to hack India's famous loan defaulter Vijay Mallya's Twitter account. Mallya is based in London for the past 9 months. This morning the news broke out that Senior journalist Ravish Kumar’s and NDTV Barkha Dutt's official Twitter handle has also been hacked by ‘Legion’. In a tweet Legion has threatened to release over 1TB of confidential data and also said the next attack will be on Lalit Modi - Another absconder of Indian Law based in London.

2.      Daily Motion Hacked: 85 million accounts hacked,  Email addresses, usernames and some passwords were stolen. If you have an account with Daily Motion, kindly reset your password and if you were using the same password across many sites - it is time you reset all your passwords. It is safer not to reuse passwords across various platforms. Daily Motion was in news last year for serving malvertising to its visitors.

3.      'Distributed Guessing Attack' hacks Visa card in 6 seconds: Researchers at Newcastle University have built a toolkit which can guess a Visa card’s details such as Expiry date and CVV number in 6 seconds. The tool will send different values to different e-commerce websites and will get confirmation from one of them. For e.g. to guess the expiry date, the tool will send different dates to 60 e-commerce sites, for CVV number it sends the request 1000 times to these e-com sites. This attack works on Visa as it does not detect multiple incorrect attempts across different sites. MasterCard has a centralized payment network and they can detect such frauds quickly.

4.      'Popcorn Time' Ransomware launches victim reference program: Like any other Ransomware, Popcorn Time also encrypts the files and demands ransom in bitcoins. The unusual aspect of this Ransomware is that it offers the victims the decryption key for free- if the victims can infect 2 others and get them to pay the Ransom. All the victim has to do is to send a link shared by the hackers to 2 other people, if they pay after getting infected the victim will get his files back for free.

5.      Stegano malvertising discovered: Researchers have discovered a Malvertising campaign dubbed Stegano, which has remained undetected for nearly 2 years now. Hackers hid the exploit code inside the Image's Alpha channel, packaged it as an Ad and managed to display this ads in several popular websites - potentially infecting millions. Whenever a user visits a site that is hosting this malware, the exploit kit reports system info to C&C server. Depending the system vulnerabilities like unpatched browsers or flash players, the malware can do a silent redirect to a malicious site to download the dropper file and infect the system. It could either lead to Ransomware or stealing of local data. Spotify was hit by Malvertising recently.

6.      Yahoo flaw allows access to any Yahoo Inbox: As part of its bug bounty program, a researcher was awarded $10k for discovering and privately reporting a XSS bug that allowed the attacker to view any Yahoo mail box. The bug has since been fixed. The researcher said that finding the bug was difficult but exploiting it was very easy as it only requires to send a specially crafted email to the victim.

7.      Linux Kernel Local Privilege Escalation Flaw Discovered and patched: A critical, local code-execution vulnerability in the Linux kernel was patched last week, this bug has been around since 2011. This bug allowed a local attacker to gain kernel code execution from unprivileged processes. Issue 87 - we saw a nine year old Linux bug called 'Dirty COW'  - being discovered and patched.

8.      Gamification of DDoS attacks: A hacker group in Turkey is inviting users to launch DDoS attacks on identified targets and win points in return. These points can be accumulated and redeemed to win various hacking tools. Dubbed 'Sath-ı Müdafaa', this attack was discovered by Forcepoint researchers.

9.      Red Star OS can be hacked: North Korea's Linux operating system called Red Star can be easily hacked by just sending it a link. Ever since the full install of Ver 3.0 was leaked outside North Korea - researchers have been regularly finding holes in this OS. This OS was designed to keep the western OS out as North Koreans find them suspicious. Red Star is strikingly similar to Mac OS and this severe vulnerability was found in its Firefox derived browser called Naenara 3.5.

Uber wants to track your location 5 mins after the ride: Earlier in the year - Uber was tracking the battery life of a user's phone and charging differently. They believe a person with low battery is likely to accept a higher price for a ride than a person with full battery life. Now with the latest App, Uber wants to track the users even after the ride is over, so that they can offer the most precise transportation service around. In the latest version of the app, a popup will ask the users to 'allow / don't allow', location access even when they are not using the App.

Sunday, December 4, 2016

Issue 93- Week of Nov 28th


1.      Rahul Gandhi and Indian National Congress' Twitter accounts hacked: Last week, Congress party, the key opposition party in India, confirmed that the official Twitter accounts of its vice-president Rahul Gandhi had been hacked. In less than 24 hours, Congress party's Twitter account was also hacked. A series of offensive posts were posted on the party's account. In the recent past, several celebrities like Facebook CEO, Google CEO, Twitter's CEO, Twitter's ex-CEO etc have had their Twitter accounts hacked. Courtesy the recent big hacks and high volume password dumps from sites like Yahoo, LinkedIn, MySpace, Tumblr, etc, there are more than 1 Billion passwords available on the net. This coupled with the human tendency to reuse most of the passwords, allows hackers to easily break into Twitter and other social media accounts.

2.      San Francisco Metro system hacked with Ransomware; resulting in free rides: The fare system of San Francisco's Metro got hacked by ransomware and station screens across the city started displaying a message that reads: "You Hacked, ALL Data Encrypted. Contact For Key(cryptom27@yandex.com)ID:681 ,Enter." Trains themselves were not affected by the malware attack. Though it is yet not clear exactly who was responsible for the attack, but according to local media reports, $73K was paid in Bitcoins to get the key and put the Fare system back to normal. Issue 52 - A LA Hospital has paid $17K in Ransom.

3.      Over 1 Million Google Accounts hacked by 'Gooligan' Android malware: A new Android malware Dubbed 'Gooligan', has already breached more than 1 Million Google accounts. The malware roots vulnerable Android devices to steal email addresses and authentication tokens stored on them. Armed with this information, the attackers are able to hijack the user’s Google account. The malware is part of legitimate-looking Android apps on 3rd-party app stores, when users download these apps, their device is compromised. Once installed the malware also tries to generate revenue for its master by downloading some apps and writing reviews on behalf of the user.

4.      Cyber-attack knocks nearly a Million Routers offline: More than 900,000 broadband routers belonging to Deutsche Telekom users in Germany were knocked offline over last weekend following a supposed cyber-attack, affecting the telephony, television, and internet service in the country. The hackers used Mirai Botnet and the ports/protocols that were meant for the ISP to manage the device remotely - to knock the routers off. Most of the routers were using default passwords. Experts recommend to avoid using default passwords in any internet facing device.

5.      Rule 41 — FBI gets expanded Power to hack any computer in the World: Hacking multiple computers across the world just got easier for the United States intelligence and law enforcement agencies. The changes introduced to the Rule 41 grants the FBI much greater powers to hack into multiple computers within the country, and perhaps anywhere in the world, with just a single warrant authorized by any US judge. Issue 92 - we saw " FBI hacked into 8,000 Computers in 120 Countries using a single warrant".

6.      Hacker who exposed Steubenville rape faces longer Prison term than rapists: In 2012, Steubenville (Ohio) high school's football team players gang-raped an unconscious teenage girl and took photographs of the sexual assault. In December 2012, a member of the hacker collective Anonymous hacked into the Steubenville High School football fan website and leaked some evidence of the rape, including a video taken and shared by the crime's perpetrators in which they joked about the sexual assault. The rapists who were 16 years at that time were sentenced to 2 years in jail. In 2013, FBI arrested the hacker who now faces 10 years in prison, the sentencing is scheduled in Mar'17.

7.      Anonymous Hacktivist 'Barrett Brown' released from Prison: Barrett Brown was arrested in 2012 for hacking and leaking 200GB data from a 'geopolitical intelligence and consulting firm' called Stratfor. The leaked data largely contained Emails, Credit Card Numbers and client lists. The hackers used the stolen credit card information to make donations to various charities exceeding one million dollars. Brown was convicted for five years in jail and nearly $900,000 in restitution and fines. He was released last week.

8.      Researcher shows how to bypass BitLocker: Any laptop that relies on Windows BitLocker Hard Drive Encryption software can be easily hacked if the hacker gets physical access to the device and holds SHIFT+F10 during Windows 10 update procedure. This will allow the hacker to get CLI access and full access to the computer's hard drive, even when the user has enabled BitLocker disk encryption feature. Experts recommend users not to leave their PCs unattended during the update procedure.

9.      Firefox Zero-Day exploit to unmask Tor users released online: Tor (The Onion Router) is an anonymity software that not only provides a safe haven to human rights activists, journalists, government officials, but also is a place where drugs, assassins for hire, child pornography, and other illegal activities has allegedly been traded. Tor is a repackaged version of Mozilla Firefox web browser. A JavaScript zero-day exploit is currently being used to Unmask the identity of TOR users via a memory corruption flaw in Firefox.


10.   Malware used to steal Tesla car: Last week, researchers showed an easy way to steal a Tesla car. Tesla app generates an OAuth token when a Tesla owner logs in to the Android app for the first time and this token is stored in clear text in the device’s system folder to help the user access the app without credentials every time he logs into the app. Researchers have shown that if a Tesla owner's phone is infected with Android malware and hackers access the OAuth token, the hacker can locate, unlock and drive away a Tesla Model S. Tesla says it is not the issue with its product but common social engineering tricks used by attackers to first compromise victim's phone, rooting the device and then altering its apps data. Issue 83 – “ Tesla car hacked by Chinese security firm from 19km away using 'malicious' Wi-Fi hotspot”


Sunday, November 27, 2016

Issue 92- Week of Nov 21st


1.      Madison Square Garden admits hackers spent a year harvesting visitor credit-card data: Card issuing banks noticed suspicious patterns and notified MSG. After investigation, MSG has revealed that for a year malware has been capturing payment-card data from a system that processes payments for several of its properties. MSG warned customers that the breach had exposed customer data held on the magnetic strip of credit cards, including card numbers, cardholder names, expiration dates, and internal verification codes. Exact number of victims is not known, though it is known fact that millions of people visit MSG every year.

2.      Hackers attack Canada Army site, redirect visitors to China: Canada’s Defense Ministry has confirmed that hackers recently attacked its armed forces recruitment website and changed configurations redirecting visitors to the Chinese government’s official page instead, says a Reuters report. Canadian authorities have in the past complained of the country’s official network being frequently targeted by hackers. An official complaint had even been lodged with Beijing in 2014 about Chinese hackers compromising a key network system.

3.      FBI hacked into 8,000 Computers in 120 Countries using a single warrant: While investigating a child pornography website, the FBI used a malware on the site to gather details of all its visitors. FBI admitted in a court filing that they used the single warrant to hack 8000 computers in 120 countries.

4.      Hackers are targeting ATMs and stealing wads of cash: Issue 79 - we discussed - 'ATMs in Thailand hacked; 12 Million Baht stolen'. Now according to a Russian cyber security firm, cyber crooks have remotely infected ATMs with malware in more than dozen countries across Europe this year, which forces machines to spit out cash. The world's two largest ATM manufacturers, Diebold Nixdorf and NCR Corp., said they were aware of the ATM attacks and had already been working with their customers to mitigate the threat.

5.      Telecrypt Ransomware cracked, free Decryptor released: TeleCrypt, is a typical ransomware. For Russian victims, the blackmailing message is in Russian and they demand a ransom of 5,000 rubles ($77). Some of its unusual features are that it abuses Telegram Messenger's communication protocol to send decryption keys and other communication. If the victim has an unencrypted version of the file, Researchers can use this as an sample to generate the decryption key and thus easily crack this Ransomware.

6.      Locky ransomware spreading on Facebook Messenger via JPG file: Early part of last week - it was reported that a Malware in the form of .SVG image files was being spread using Facebook Messenger. Compromised FB accounts were extensively used to spread the Malware. Later part of last week - experts discovered how cyber criminals are hiding malware in image files, and how they are executing the malware code within these images to infect social media users with Locky variants. We discussed Locky way back in Issue 52, it has since become the biggest and most common Ransomware.

7.      Stampado ransomware gets worm-like techniques to spread in network: Stampado ransomware is available for sale on the dark web for $39, the seller describes this as a easy to manage ransomware with life time license. This ransomware also has capabilities to spread in the network like a worm and re-encrypt already encrypted files. It installs itself in the %AppData% folder under the name scvhost.exe, a slight deviation on a genuine Windows process named svchost.exe, and creates a registry entry to load automatically. Researchers advise victims not to pay the ransom, stating that it's possible to decrypt files infected by Stampado on their own.

8.      Headphones can be used to Spy - even with disabled Microphone: Issue 70, we saw the picture of Mark Zuckerberg with his laptop’s Webcam and Microphone taped for Privacy. Researchers have now shown that even if one tapes his camera and microphone, it is possible to turn headphones into a microphone by turning the output channel on the laptop for input signal, in order to spy on all the conversations in the background without user's knowledge. This malware is dubbed as 'Speake(a)r'.

9.      NTP DoS exploit released: A proof-of-concept (PoC) exploit for a critical vulnerability in the Network Time Protocol daemon (ntpd) has been publically released that could allow anyone to crash a server with just a single maliciously crafted packet. The vulnerability has been patched by the Network Time Foundation with the release of NTP 4.2.8p9, which includes a total of 40 security patches, bug fixes, and improvements.

PM Modi urges India to go Cashless / Less-Cash: After the demonetization process started 3 weeks ago, there has been a great push towards cashless society, while this is a welcome move - the experts are cautionary. They say that Cyber Security is clear and present danger and it is here to stay. Major concerns include - Card cloning, Malware infections, Card theft and misuse. Building awareness can help in keeping the crime under check. If these security issues result in declined / failed transactions - people will revert to the older ways of handling cash, slowing down the process of going cashless


Sunday, November 20, 2016

Issue 91- Week of Nov 14th


1.      Mobile company in UK hacked: One of UK's biggest mobile operators called 'Three', has been hacked and massive data containing personal information and contact details of 6 Million of its customers exposed. The company admitted the data breach last week, saying that computer hackers gained access to a phone upgrade database. It is reported that hackers used an employee login to gain entry. Three people have been arrested. In 2015, another British carrier called TalkTalk was hacked and it suffered a loss of 60M pounds.

2.      Hacker group breaches Mega.nz servers: MEGA is New Zealand-based website that offers  cloud storage and file hosting service. A hacking group has hacked this site and dumped the stolen data online. In a statement released following the dump, Mega Chairman confirmed the incident but said no user data was compromised. The hackers managed to steal the credentials of one of Mega's contractors and using that they gained access to the servers. The dump includes admin logins of several employees, Mega's CMS and some emails. The hackers also claimed to have stolen source codes of various Mega apps and have put them on Auction.

3.      Some Android phones secretly sent user data to China: Shanghai Adups Technology, a China-based company, developed a back-doored firmware software that is installed in thousands of Android-based devices. This backdoor sends all text messages, call log, contact list, location history, and app data to China every 72 hours. It also has the capability to remotely install and update applications on a smartphone. Google issued a statement saying that the company is working with all affected parties to patch the issue, though the tech giant said that it doesn't know how widely AdUps distributed its software.

4.      Three Million Android smartphones infected with dangerous Rootkit: Nearly 3 Million Android devices worldwide are vulnerable to man-in-the-middle (MITM) attacks that could allow attackers to remotely execute arbitrary code with root privileges, turning over full control of the devices to hackers. According to a report, the issue is due to a vulnerability in the insecure implementation of the OTA (Over-the-Air) update mechanism used by certain low-cost Android devices. This vulnerability is associated with Chinese mobile firm Ragentek Group and it runs with root privileges to communicate over unencrypted channels - allowing a remote attacker to extract personal information from an affected device, remotely wiping the whole device, and even make it possible to gain access to other systems on a corporate network and steal sensitive data.

5.      BlackNurse attack: BlackNurse is the name of a recently discovered network attack that can crash firewalls and routers via ICMP packets, known by most of us as "pings". In this attack, Type 3 ICMP packets with a code of 3 are send to cause a Denial of Service (DoS) state by overloading the CPUs of certain types of server firewalls. The vulnerable firewalls are - some Cisco ASA models, Sonicwall, Palo Alto & Zyxel firewalls. The BlackNurse traffic volume is very small - 40,000 to 50,000 packets per second, which is tiny when compared to the recent 1.1 Tbps DDoS attack on French ISP OVH. The good news is that there are several ways to defend and some of the Vendors have already issued Advisories.

6.      iPhone lock screen hack puts contacts, messages and pics at risk: A new exploit video has been put on Internet, this shows - Hackers can bypass the passcode to access Contacts, Pictures and Messages of a locked phone. All that they need is a physical access to the phone. This vulnerability is across all the current versions of Apple. The Company is likely to patch this in its next release. As this exploit leverages SIRI, one can turn off SIRI till the patch is available.

7.      $5 'Poison Tap' hacks locked computers: A developer has created a $5 device that can hack into an unattended computer even with a locked screen. The tool called Poison Tap can break into a password-protected computer if the user has left an internet browser running in the background. The attacker can then remotely use the victim's web accounts undetected. Samy Kamkar, who has made a YouTube video showing what happens when it breaks into a computer, created the device on a Raspberry Pi microcomputer. As physical access to a machine is required, the best defense is to avoid leaving laptops and computers unattended.

8.      Gone in 70 seconds - Holding Enter key can smash through defense: If a hacker enters a blank password 93 times – or simply holds down the 'Enter' key for roughly 70 seconds – he will gain access to a root initramfs (initial RAM file system) shell. The simple exploit, which requires physical access to the system, exists due to a bug in the Linux Unified Key Setup (LUKS) used in popular variations of Linux.  Exploiting the flaw remotely is also possible. With access to an 'initramfs' environment shell, an attacker could then attempt to decrypt the encrypted filesystem by brute-force. Fortunately, the vulnerability is easy to fix - all that one needs to do is add a command to stop the boot sequence after 'x' number of password attempts.

9.      Password typing fingers can leak passwords: Researchers have found a technique, dubbed 'Windtalker', to exploit a feature called CSI in the WiFi protocol. CSI monitors the general information about the status of the signal. When a user is typing his password (or using keyboard), his fingers are interfering with signal in a certain pattern, which causes the CSI to fluctuate. Analyzing the strong correlation between the CSI fluctuation and the keystrokes, it is possible with 68% accuracy to infer the user’s keystrokes. If the keypad layouts are randomized this attack can be defeated. In Issue 72, we discussed how “Hackers can steal your ATM PIN from your smartwatch or fitness tracker”, using related tricks.

10.   Indian Cybercrime victims refuse to learn from past experience: Consumers in India may be increasingly becoming aware of the cyber threats they face but their online behavior is often contradictory and puts them at risk to ransomware, malware and attacks from cyber criminals. It is also estimated that there are at least 15 ransomware attacks per hour in the country and one in three Indians fall prey to it. In another report based on figures from Ministry of Finance - Top 51 Banks in India have lost ₹485Cr ($71M) between Apr'13 to Nov'16. 56% of the money lost is due to Net-banking thefts and Card cloning.

Sunday, November 13, 2016

Issue 90- Week of Nov 7th


1.      Tesco Bank hacked: Tesco Bank customers have had their money stolen from their accounts after the banking arm of UK's biggest retailer fell victim to a hacking attack last week. As a result of the hack, Tesco Bank had frozen online transactions for few days, while only allowing the use of credit/Debit cards. Tesco Bank has confirmed that a total of £2.5 Million was stolen from its 9,000 customers in the cyber-attack, the entire amount has been refunded to the customers. Further details of the attack are yet to be disclosed and as of now all account services have returned to normal.

2.      Websites of 7 Indian embassies hacked, database leaked: Indian embassy websites in seven different countries have been hacked, and attackers have leaked personal data, including full name, residential address, email address, passport number and phone number, of Indian citizens living abroad. This incident is extremely worrying because it involves diplomatic personnel working in the embassies that have always been a favorite target of state-sponsored hackers launching cyber espionage campaigns. Security pen-testers have claimed responsibility for the hack and apparently the reason behind the hack was to force administrators to consider the cyber security of their websites seriously.

3.      5 major Russian Banks hit with powerful DDoS attacks: Distributed Denial of Service (DDoS) attacks have risen enormously in past few months, and mostly they are coming from hacked and insecure IoT. Recently, a similar DDoS attack against DNS provider Dyn brought down a large chunk of the Internet. Researchers said more than a half of the IoT botnet devices used in this attack, were situated in the United States, India, Taiwan, and Israel. In a similar but separate incident,   a  DDoS attack through hacked IoT devices led to the disruption of the heating systems for at least two apartments in Finland, literally leaving their residents in subzero weather. It is advised to change the default settings and credentials of IoT devices and always protect the devices behind a firewall.

4.      Recruitment firm hacked: Michael Page, a global recruitment consultancy, has been hacked and a wide range of personal information on 710,000 applicants has been stolen. The company has formally admitted the attack. The leaked personal information includes full names, email address, telephone numbers, locations, sectors, job types and current positions. The company claimed in the statement that due to the nature of the data, there is limited risk of fraudulent activity, they also confirmed that no other data was compromised.

5.      Gone in 60 seconds - Google phone hacked: At the 2016 PwnFest - the brand new Android smartphone launched by Google just a few months back has been hacked by Chinese hackers in less than a minute. The team demonstrated a proof-of-concept exploit that used a zero-day vulnerability in order to achieve remote code execution (RCE) on the target smartphone. They also won $120K for this effort, Google will now work to patch the vulnerability.

6.      Hackers launch targeted Cyberattacks hours after Trump’s win: Merely a few hours after Donald Trump declared his stunning victory, a group of hackers that is widely believed to be Russian and was involved in the breach of the DNC (Democratic National Committee) launched a wave of attacks against dozens of people working at universities, think tank tanks, NGOs, and even inside the US government. It is very common for hackers to use major world events to spread malware.

7.      Facebook buys leaked Passwords from Black Market: According to Facebook's Chief Security Officer, the company buys passwords that hackers are selling in the black market and cross-references them with encrypted passwords used on their platform. Facebook then asks the users to re-think the password and change it. While Password reuse is a big cause of harm on the internet, weak passwords like '12345'/'password' add to the problem.

8.      Russian court bans LinkedIn in Russia; Facebook and Twitter could be next: According to a new Russian data protection law, foreign tech companies are required to store the personal data of its citizens within the country. As LinkedIn violated this law, it will be banned in Russia. Other bigger companies, including WhatsApp, Facebook, and Twitter, could be next on the list. Some of the companies, including Google, Apple, and Viber, have reportedly moved some of their servers to Russia. LinkedIn, which has some 5 Million users in Russia, is considering arrangements that will allow it to avoid the ban. It could also appeal against the court's decision.

9.      SWIFT Hack: Bangladesh Bank recovers $15 Million from a Philippines Casino: Part of the $81 Million stolen in February from Bangladesh bank's New York Federal Reserve account earlier this year in the wake of the major malware attack on the SWIFT interbank transfer network has been tracked down to a casino in the Philippines and has been recovered.

RIP - For a short while, Facebook killed us all: Last week, Facebook declared everyone dead, including the company's CEO Mark Zuckerberg, in a massive memorial 'remembering' profile glitch. Facebook in a statement apologized and accepted that it was a terrible error. The bug was quickly fixed. This idea of memorial was suggested as part of a recent Facebook hackathon. Facebook didn’t comment further on the what caused the glitch.