1.
Apple vs. FBI - update: FBI wants to access the iPhone used
by the terrorist who killed 14 people in San Bernardino last year. The iPhone
is password protected and the 10th wrong attempt will permanently erase all the
data on it. Apple can't by-pass this on the iPhone, so FBI has instead asked
the company to disable certain features that would help its agents to unlock
the iPhone in multiple attempts. Apple has opposed the request and said that
this will create a backdoor which will make all iPhones insecure. Microsoft, WhatsApp,
Yahoo, Twitter and many others have expressed their solidarity with Apple and
support its decision.
2.
Ransomware attack - Hospital pays hackers $17,000 in Bitcoins: A Los Angeles
hospital network was hacked and computers were disrupted by Ransomware. The
disruption caused emergency rooms and treatments to be affected as doctors
could not access computer networks for patient data. This could have been
dangerous so the hospital decided to pay up the Ransom to obtain the decryption
key. Most of the times Ransomware
infiltrates a network with help of a Exploit
kit and these kits make it into networks thru Malvertising or email
attachments.
3.
Apple addresses error 53: Last
edition we
discussed 'Error 53' in iPhones, which bricks the phone if a non-apple technician
changes the finger print scanner (Touch ID) cum home button of iPhone. The Touch
ID is also used by millions of users to make payments using Apple's e-wallet
called Apple Pay. Last week Apple apologized for Error 53 and shared steps to
recover a bricked phone using iTunes. This will put life back into the bricked
phone but the Touch ID feature will remain unusable.
4.
Linux Systems Patched for Critical glibc Flaw: Google exposed a critical flaw
affecting major Linux
distributions. The glibc flaw could have potentially led to remote code
execution. The glibc DNS client side resolver is vulnerable to a stack-based
buffer overflow when the getaddrinfo() library function is used and the main
risk of this flaw is to Linux client-based applications that rely on DNS
responses. Linux runs some of the most critical applications across industries,
be it ERP for Manufacturing companies or Portals for the E-commerce world and it’s
no wonder that Linux threat protection
tops most CIO's investments and plans.
5.
Locky Ransomware - Encrypts Documents, Databases, Code, BitCoin Wallets: A new
ransomware named Locky has emerged recently. It uses 128-bit AES encryption and
has a domain generation algorithm (DGA). It is also capable of encrypting SQL
databases, source code, BitCoin wallets and more. The infection begins with a
email containing MS office attachments, which have harmful macros. Once opened
these macros connect to the C&C and install the Ransomware. DGA makes it
difficult for law enforcement to effectively shut down botnets as it will
generate thousands of domain names every day to connect for updates, malware
controllers cannot keep pace with this to protect.
6.
IRS Warns of 400% Surge in Email Schemes This Tax Season: The IRS has
issued an alert, warning consumers of an influx of tax-related Phishing schemes
this filing season which may ask taxpayers
about a wide range of topics – such as information related to refunds, filing
status, confirming personal information, ordering transcripts or verifying PIN information.
By clicking on malicious email links, consumers are taken to sites designed to
imitate an official-looking website like IRS.gov, which asks for Social
Security numbers and other personal data. The sites could also carry malware,
used to infect people’s computers and allow criminals to access their files or
track their keystrokes to gain more information, including important login
credentials.
7.
Hundreds Of Spotify Premium Accounts Exposed Online: The black-hat
hacker world is at it again–this time, publishing hundreds of Spotify Premium
user accounts online. The user info appeared in three different online data
dumps on Pastebin starting last week. Each dump contained email addresses with
their corresponding passwords for Spotify. For some accounts, home countries,
account types (such as premium or free), and account renewal dates were also
published. Many people use same or similar passwords across their various
accounts, hackers may exploit this and try to hack other sensitive accounts
like official emails or banking credentials.
8.
Twitter password recovery bug exposes data of 10,000 users: Twitter has
warned roughly 10,000 users that a bug discovered in the platform's password
recovery system may have exposed their personal data. In a blog post last week,
Twitter said the bug affected the micro-blogging platform's systems for approximately 24 hours. The password recovery bug, while "immediately
fixed," had the potential to expose the email addresses and phone numbers
linked to user accounts. Twitter has notified the 10,000-or so affected users,
so if you haven't had an email from the company land in your inbox recently,
you have nothing to worry about.
9.
5 top weapons used by hackers: (i) Macros in MS office; (ii) iOS & Android Malware
(iii) PHP Malware (iv) Adobe Flash vulnerabilities (v) Old vulnerabilities are
the best vulnerabilities as users do not always patch everything. We must learn
from these weapons, understand and monitor the risk environment, and build
security into the fabric of the organization to better mitigate known and
unknown threats, which will enable companies to Move forward without fear and focus on
their core business & growth.
10. SIM deactivation fraud linked to
bank insiders: Bangalore
Cyber Crime investigators suspect that unscrupulous bank employees could be
providing or selling online fraudsters confidential information of bank account
holders, including their mobile phone numbers and ID-proof details. They have
arrested a banker from Hyderabad for allegedly abetting in a ₹1Million fraud on
a Bangalore-based garment dealer. The fraudsters use this sensitive information
to get duplicate
SIM cards and then generate one-time passwords to siphon off money from
bank accounts. This could be a nation-wide scam as investigators have also
arrested two accomplices from Mumbai, non-banking staff, who routed the money
to various accounts that were emptied out via ATMs.
No comments:
Post a Comment