1.
Time Warner
Cable says 320,000 customers may have been breached: The company
said there are ‘no indications’ its systems were breached, but pointed the
finger at third-party firms that may have stored customer information. The
company also said that email addresses and passwords may have been taken in the
breach. Affected customers have been notified by email and direct mail. The
company did not say if the breach was connected to a similar attack against Comcast,
which led to 200,000 accounts being reset in November.
2.
Fake Tech
Support scams evolve to include support, purchase history: The fake
tech support scam is more than a decade old but it has now become more
vicious, with scammers having access to
purchase history of the victims and other records that make them look
authentic. There have been several cases reported wherein people have been
getting calls from fake DELL tech support or R&D department and these
scammers are able to share details that, it would seem, only Dell or perhaps
its contractors would know. Once they gain trust, they remotely install malware
and in some cases they have installed ransomware and tried to extract a lot of
money.
3.
Former
director of Basketball team (St. Louis Cardinals), pleads guilty to
Cyber-Espionage charges: When
an employee with the basketball team (Cardinals) quit to join a competing team
(Houston Astros), he had to hand over his official laptop and password. Using a
variation of this password the director accessed the employee's Astros email
account and other details. He was charged with five counts of unauthorized
access of a protected computer. Each conviction carries a maximum possible
sentence of five years in federal prison and a possible $250,000 fine.
Sentencing is set for April 11.
4.
New technique permits
Trojan to be delivered via a .JPG file: Last week researchers noticed a Spam email that contained
a Macro file which downloaded a Kangaroo image from C&C site. The image had
the Ursnif malware appended to it, which is known to steal credentials and
banking information. Hackers are always looking for new ways to fool victims
and trick researchers and investigators. Their motivation is your money and
they will use any means necessary to obtain user credentials and banking information.
It is important to be aware of suspicious e-mails that you receive and to never
open anything that you are unsure about.
5.
BBC, Trump web
attacks "just the start," says hacktivist group: 'New World Hacking' has claimed
responsibility for downing BBC
and Trump's campaign website last week using DDoS attacks. One of the members
of the group, told that the attacks were a "test of power" and server
strength and their main target was ISIS. The hacktivist said the group is
compiling a list of Islamic State-related targets and plans to release the list
this week. Prior to these attacks, the group was involved in a number of
activities, including unmasking members of the Ku
Klux Klan. The group also said it was involved in the hacking of a
major US retailer.
6.
Japanese Banks
Targeted With New Rovnix Trojan: Researchers have begun to detect Rovnix attacks in Japan
as well, hitherto a European malware. The hack begins with an email message
containing the Rovnix downloader as an attachment. Recipients who click on the
attachment -typically disguised as a package delivery waybill from an international
transport company -end up downloading the malware. It uses a Web injection
mechanism that is capable of perfectly imitating a targeted bank’s Web pages. Later,
when the victim goes to a bank online - the malware will serve a page that
looks and feels exactly like the bank’s actual site and steal credentials. In
some cases it tries to get victims to download a malicious Android app on their
smartphone so it can intercept authorization codes send via SMS by the bank.
7.
Apple, Google,
Microsoft attack UK government hacking plans: Few provisions in the draft Investigatory Powers
Bill would allow the intelligence and security services, police and the armed
forces to hack into devices to obtain data, such as communications, when they
have a warrant to do so. While
the Govt. argues that these are required to intercept encrypted communications
of Criminals, the tech companies have warned that the plan would be in the
wrong direction which will set a dangerous precedent that would be followed by
other countries and will damage trust in their services.
8.
Cloud host
Linode resets user passwords after suspected hack: The company said that it found two
Linode user credentials on an 'external machine', implying that usernames and
passwords could have been read from its database, either offline or online.
This statement came last week, after a massive distributed denial-of-service (DDoS)
attack was launched against its systems
- by a 'bad actor' who purchased a large amount of botnet capacity in an
attempt to significantly damage company’s business. In 2012, the accounts of
eight Linode customers that held bitcoin electronic currency were compromised
and roughly 40,000 bitcoins were stolen. In 2013, Linode’s web servers were
accessed and the company had reset all account passwords.
9.
Social media
survey results: 9%
of users weren't aware that people outside their friends list could be seeing
their posts on Facebook, leaving them vulnerable to identity theft and other
security related concerns. This has nothing to do with Facebook or its
security, but merely the ignorance of the users. There are several privacy
related options on Facebook that allows users to hide their posts from those
who aren't on their friends list. If you were one among the 9% mentioned above,
make sure you make the changes accordingly. It is also advised to be cautious
about whom you befriend and trust on in social media and never click on a link
that you are not expecting.
10. Indian hackers attack Pakistani websites as a tribute to
Lt Col Niranjan Kumar: As
a tribute to Pathankot terror attack martyr, National Security Guard (NSG)
officer Lieutenant Colonel Niranjan Kumar, a group of Indian hackers have
attacked a host of Pakistani websites last week. The Indian Black Hats hacker
group has attacked more than six websites, and it is being dedicated to the
officer's two-year-old daughter. However, the hackers haven't deleted the
contents of the websites as it is not a cyber-war and their intention is only
to give Pakistan a warning. The group had defaced
Pakistani websites during seventh anniversary of 26/11 Mumbai attacks.
No comments:
Post a Comment