1. Wendy's investigates possible data
breach: Wendy's is an American international fast food restaurant
chain, like McDonald and Burger King. Last week, Wendy's confirmed in a
statement that they have launched a comprehensive investigation - after
learning of reports that fraudulent charges may have occurred elsewhere after
payment cards were legitimately used at some of its restaurants. Target data
breach -probably tops the PoS hacks; P.F. Chang's and Dairy Queen are other
recent victims in the food business. EMV
cards (Chip and PIN Credit card), contact-less credit cards with NFC
(Near Field Communication) and RFID technology which do not require swiping of
card - lower the chances of data leakage.
2. Another Angler exploit kit victim: Last
issue we discussed
Officeholiday[.]com, on similar lines - a famous European transport company's
website was hacked and visitors were silently redirected to Angler EK, which
then exploited the latest known vulnerabilities in Adobe Flash Player to
downloaded and execute CryptoWall
4.0 ransomware. Angler EK continues to be one of the biggest threats,
it tends to exploit newest vulnerabilities in Adobe Flash Player and uses high
profile websites. It is important to keep up to date with software updates,
especially for Adobe Flash Player which is often the weapon of choice for
malware actors when it comes to finding vulnerabilities.
3. Bumper week for Ransomware: Apart
from the above transport company, other big victims of Ransomware last week
were - Israeli Electric Authority & Lincolnshire County Council (in UK). It
also surfaced that hackers are now using fake salesforce notifications to LURE
users to click links or download malicious attachments leading to
ransomware. Android ransomware - Lockdroid was in news, New ransomware
detected called 7ev3n, which demands 13 bitcoins which is a deviation
from the usual demand of 1 bitcoin.
4. Hackers launch cyberattack against
cPanel systems: cPanel, is a Texas based
company that offers Web hosting platform management tool and is used by
millions. Last week, the company said in a statement that one of the cPanel
customer databases "may" have been breached. cPanel was able to
"interrupt" the breach, and so it is not known whether customer data
was exposed. The database included names, contact information and passwords.
However, luckily for users, the passwords were encrypted and salted, which
makes it difficult for cyberattackers to crack and elicit this account data.
All users of this service are advised to change their passwords.
5. Critical Open SSL bug patched: OpenSSL
is an open-source library that is the most widely used in applications and
Websites for secure data transfers using SSL or TLS encryption. However, after
serious security vulnerabilities were discovered in OpenSSL over the last few
years, the crypto library has been under much investigation by security
researchers. The OpenSSL Foundation has released the promised patch for a high
severity vulnerability in its cryptographic code library that let attackers
obtain the key to decrypt HTTPS & TLS based communications. The latest bugs
affect OpenSSL versions 1.0.1 and 1.0.2, which has been patched in new releases
of OpenSSL, versions 1.0.1r and 1.0.2f.
6. Lenovo used third 'worst password' in
file-sharing backdoor flaw: Recall the image
that we used in Issue 48, '12345678' is the third worst password and
Lenovo has hardcoded that to its file sharing software SHAREit that could
be exploited by anyone who can guess this password. Researchers have disclosed
four vulnerabilities in Lenovo ShareIT, the worst of which is – ‘Lenovo ShareIt
for Windows’, which when configured to receive files, a Wi-Fi HotSpot is set
with the hardcoded password, any system with a Wi-Fi Network card could connect
to that Hotspot by using '12345678' as password. The vulnerabilities were
discovered and privately disclosed to Lenovo in Oct’15 and have been patched
last week.
7. Critical Flaws in Magento leave Millions
of E-Commerce Sites at Risk: If you are
using Magento
to run your e-commerce website, it's time for you to update it now.
Millions of online merchants are at risk of hijacking attacks due to a number
of critical cross-site scripting (XSS) vulnerabilities in the Magento.
Virtually all versions of Magento Community and Enterprise Edition, are
vulnerable to the Stored Cross-Site Scripting (XSS) flaws. The flaws are awful
as they allow attackers to take over the site, Escalate user privileges, Siphon
customers’ data and Steal credit card information. However, the good news is that
the vulnerabilities are patched, and an update has been made available to the
public after a security firm discovered and privately reported the
vulnerability to the company.
8. Dridex Trojan targets UK banks, avoids
two factor authentication checks: The latest version of Dridex
was first detected this month, it is believed to be responsible for stealing up
to £20 million from UK accounts. Dridex spreads through email phishing
campaigns and includes features such as the ability to spy on victim PCs, with
the overall aim of stealing credentials which can be used to access bank
accounts and cash reserves. When the victim tries to access any banks, the
Trojan will redirect the user to a fake replica and harvest credentials
including the 2FA codes.
9. FinFisher spyware linked to Indonesian
government found in Sydney:
This spyware is capable of remotely
controlling any computer it infects, copy files, intercept Skype calls, and log
keystrokes. The sophisticated spyware suite is usually sold to government
agencies. Last week, an instance of this belonging to the Indonesian government
was found in Australian Datacenter. That would mean -Information from users
infected by an Indonesian department was going through Australia. In 2013, the
Australian government was accused of spying on Indonesia thanks to the
documents leaked by Edward Snowden. Now, it looks like the Indonesians are
taking revenge from the kangaroos.
10. If your SIM stops working, check your
bank account: A tech entrepreneur in Bangalore has joined the long list
of victims of phishing. Criminals procured a duplicate SIM
card of the victim and siphoned off ₹ 45 lakh (≈$70k) between January
13 and January 18. A few days after his mobile phone stopped functioning, he
went to the Reliance store to enquire about the reason. He was informed about
the issue of a duplicate SIM card. Criminals procured a duplicate SIM card from
a Reliance store at Jayanagar by producing a copy of his Aadhaar card. This new
SIM card was used to siphon the money. Service providers should be more
careful in issuing duplicate SIMs, maybe they should call the number once or
have some other sensible checks.