1. Online 'Batman' Takes On Dridex Trojan: Someone
appears to have disrupted at least part of the channel that distributes the
malware and replaced the malicious links with installers for a free antivirus
tool (Avira) instead. So users who click on malicious links get Avira’s
antivirus tool instead of the banking Trojan. The hacker who has discovered how
to do a good thing but perhaps with not strictly legal methods - is being
dubbed as the Online Batman. Dridex has caused considerable damage and has so
far resisted Govt. efforts to take it down.
2. Linux.Wifatch - White hat virus that
helps: A new virus called Linux.Wifatch has been spotted that
instead of hijacking the internet routers and IoT devices for criminal
purposes, is improving their security. Most often these devices have poor
security and top of that -people use default settings and default admin
password. The Virus tends to address these issues - It closes the telnet
protocol so that nothing else can get in, it leaves a message asking the
router's administrator to change the password on the router's firmware, and the
goes hunting in the router for any other malware it can kill off. However it
still is a virus and one cannot be really sure of its long term intentions.
3. US Homeland security’s $6B Firewall has
many frightening blind spots: A recent audit revealed the
US Cybersecurity Protection System—aka EINSTEIN—does not scan for 94% of
threats and doesn't monitor web traffic. The system is signature-based and can
detect only known patterns of malicious traffic. It is also limited in regards
to detecting advanced persistent threats (APTs) and Zero day attacks. In terms
of known vulnerabilities in common applications - it was able to identify only
29 of the 489 known vulnerabilities. Information sharing is another goal
of EINSTEIN which is also in need of attention as 1 in every 4 notifications
are not received by agencies who use the Firewall.
4. Login duplication allows 20m Alibaba
accounts to be attacked:
To begin with - Hackers obtained a database
of 99 million usernames and passwords from a number of websites in China. They
then tried out these credentials on Alibaba and were able to access 20.59
million accounts. The hackers used compromised accounts to place fake orders, a
practice known as "brushing" in China and used to raise sellers' rankings.
The hackers also sold these accounts to fraudsters. Hackers have exploited the
human tendency to frequently use the same set of credentials for all
applications and websites, it probably helps to remember at least 2 credentials
- one for sensitive apps/Websites and other one for rest.
5. PGP co-founder says Ad companies are the
biggest privacy problem today, not governments: The
big tech companies today- Apple, Facebook, Google, and Microsoft, have
more data on you than anyone or anything else out there. Apple and Microsoft
use the data to make their products better and their revenue primarily depends
on selling these products to us. On the other hand, Facebook and Google are
‘free to use’ and advertising revenue is what keeps it that way. For better ads
- they collect data like browsing habits, search results, and other demographic
data (such as your age, location, and education). Many find the ads intrusive
and don't like being tracked.
6. Mattel's Smart Toy Bear & HereO
watches - patch vulnerabilities: The Wi-Fi-enabled stuffed
animal, was vulnerable to a remote flaw. An attacker could trick the web
service (API) to send requests that shouldn't be authorized. From there, an
attacker could allow easily access children's profiles (reminds of Vtech
hack). The attacker could also force the toy to perform actions that the
child user didn't intend, interfering with normal operation of the device. A
similar flaw affecting HereO, a smart GPS watch designed for children, allows a
hacker to trick a family's group into accepting a request to join their group
and be able to access every family member's location and location history. Both
these companies were receptive to these findings and have since fixed these
vulnerabilities.
7. Apple Phone's 'Error 53' - its security
v/s convenience: When those iphone6 users who had their ‘home button
replaced by non-Apple technicians’ were trying to update their iOS, their
expensive phones got bricked. It becomes permanently unusable and can be at
best used as a brick. Many customers were furious and felt Apple was arrogant
enough to do this. Apple has hit back at criticism, claiming it is part of
measures to protect customers’ security. When iOS finds a mismatch in hardware,
Touch ID including Apple Pay use, is disabled. If a customer encounters Error
53 or any other issues it is better to contact Apple Support. Maybe Apple
should have informed users about this feature before the OS update.
8.
Hack
Hall of Shame – January 2016:
a.
A new hacktivist
group called New World hacking emerges - BBC,
Trump web attacks "just the start," says hacktivist group.
b.
Anonymous keep
themselves busy - They hack Saudi Arabian government websites, Thai police
sites, Nigerian government websites & Nissan websites.
c.
Scathing report
shows Microsoft failed to warn the Chinese Govt. hack on thousands of Hotmail
accounts of China’s Tibetan & Uighur minorities.
d.
Britain’s Opposition
Leader had his Twitter account hacked.
e.
Tech support scam
points to Dell
breach
i.
Melbourne
hospital’s computer system is taken down by virus
j.
Java bug also found
in PayPal
9. Hackers are sending social-engineering
emails to SMBs in India to steal money: Hackers begin by either
stealing somebody’s email account or spoofing - to send emails to Finance dept.
of targeted companies. These emails either contains a link to some malicious
site or a malicious attachment. The subject line and body of the email are designed
to LURE these employees to open the link / attachment. Once they do so, their
machine gets compromised and from there on the hacker has full control on the
machine. The hackers objective is to steal money. They use their access to the
machine to observe the user and trick them to transfer money. There have been
instances where the hackers would change the bank details for remittances etc. ONGC
is classic Business
Email Compromise (BEC) example.
10. Deceptive-site-ahead; Google will warn
legit sites carrying Malvertising: Google is casting a wider
net with its Safe Browsing technology to protect Chrome users, not just from
deceptive websites but also from deceptive ads on legitimate sites. Google
notes the new Safe Browsing feature may have an impact on legitimate websites
that display deceptive ads. The warning Google posts in its blog demonstrates
that its alerts will indicate that the site itself is deceptive.
Nice blog...Very useful information is providing by ur blog..here is a way to find.
ReplyDeleteBatman Phone Cover
Kindly add RSS feed to your blog
ReplyDeleteyou shared a superb content. I felt very good but if share with images of above issues it could be better to understand.
ReplyDeleteSameera
Mobile Cases and Covers Designer.