1. Phishermen target sensitive data- Again: On the lines of the recent Snapchat
attack - in which a scammer impersonating their CEO tricked their
payroll department into emailing an attacker the payroll information of current
and former Snapchat employees. Last week, it was reported that Alaskan telecom
GCI was tricked into handing over employee W-2 forms by a phisher posing as the
company's CFO, while a Seagate employee was also fooled into sending thousands
of employee W-2's by email to a phisher posing as the company CEO. W-2 (Form 16
in India) contains virtually all of the data one would need to fraudulently
file someone’s taxes and request a large refund in their name. Last year -
Hackers stole this directly from IRS
website. Data security solution prevents accidental data leak.
2. Cancer clinic warns 2.2 million patients of data breach: Cyber-attackers accessed a key
database of the clinic in early October. They were able to access and steal
data including patients' names, Social Security numbers, physicians' names, diagnosis
and treatment information, as well as insurance records. FBI had requested to
delay the announcement and patient notification till last week as they were
investigating. There is growing trend of core services being struck by cyber-attacks.
Recently, a hospital
in Germany was held to ransom by cyber-attackers but they did not pay-up
while a LA Hospital that went thru a similar
attack paid $17k.
3. ISIS data breach: A defector
has allegedly leaked what appears to be a USB drive's worth of ISIS’s secret data,
including the personal information of 22,000 ISIS fighters. The leaked ISIS
information could be a unexpected gift for security agencies and prosecutors
trying to track ISIS’ members and prevent more recruits from joining. The names
of three Paris attackers were found in the list.
4. Restaurant recommendation site 'Burrp' serves EKs, TeslaCrypt: Researchers spotted the Indian restaurant
recommendation site “Burrp” redirecting visitors to a website that was serving
Angler exploit kits (EK) that ultimately led to the delivery of TeslaCrypt
ransomware. To begin with - Burrp website was compromised and malicious code
was injected in the JavaScript which redirects users. Last week another popular
website www[.]missmalini[.]com
was compromised. Hackers routinely monitor sites with high traffic and
whenever they spot an opportunity - they launch their attacks.
5. Obama on Apple v/s FBI: The president answering a question on this subject said that one can’t
take an absolutist view. He spoke at length on encryption and his position favored
the American government's current position in this case. He favored strong
encryption with secure keys, accessible to small set of people for a subset of
important issues. He repeatedly reassured the audience the agencies are pretty
scrupulous and trustworthy. Meanwhile, responding to Justice Dept.'s arguments
- Apple
slammed it as "cheap shot" and will next appear in
court in California on March 22, a day after an expected product announcement.
6. Spelling mistake saves $1 Billion: Attackers successfully
breached Bangladesh Bank's systems and stole its credentials for payment
transfers, they then "bombarded the Federal Reserve Bank of New York with
nearly three dozen requests to move money (total value $1B) from the Bangladesh
Bank's account there to entities in the Philippines and Sri Lanka. The first
four transfers, totaling about $81 million, went through, but for the fifth transfer,
Hackers misspelled "foundation" in the NGO's name as
"fandation," prompting a routing bank, Deutsche Bank, to seek
clarification from the Bangladesh central bank, which stopped the transactions.
7. Automakers in the hot-seat for vehicle cybersecurity: Most of the new cars today are equipped with
internet connectivity with third party apps running on board, making them
vulnerable to hackers. Recently, researchers demonstrated hacks on Nissan
Leaf and Chrysler Jeep. Car
owners hold car makers responsible for security though many components of this
system are not owned by car makers - like Infotainment, Connectivity, OS &
Apps. General Motors now has a bug bounty program underway as well as a product
security officer position. Someday in near future, we will have end point
agents running in our cars like the way they
run on our laptops.
8. First Fully Functional Mac Ransomware: The first fully functional ransomware for Mac OS X has been discovered in
the wild, but was contained before it did damage. The new ransomware
is called 'KeRanger' and it bypasses Apple's Gatekeeper -- the tool that
prevents unsigned code from running on Mac operating systems -- by piggy-backing
on an infected version of Transmission, an open-source BitTorrent client, which
is signed with a valid Mac application developer's certificate. Apple responded quickly to the announcement,
revoking the abused certificate and updating XProtect signatures.
9. Researchers can unlock some Android phones with inkjet-printed
fingerprints: Researchers
demonstrated a method in which, they first took high resolution image of victim's
fingerprints, then print it on a special kind glossy paper. The printed
fingerprints could fool the Android device into believing it was human. Way
back in 2013, Apple's TouchID was hacked and more recently hackers showed ways
to harvest
fingerprint data from Android phones.
10. The Bounty Hunter: A 22-year-old
e-commerce company’s employee in Bangalore, earned ₹ 13 Million ($200K) just by
reporting bugs for Facebook, Twitter and a host of other US-based companies. He
recently found a simple vulnerability on Facebook that could have been used to
hack into any user's account to get access to credit or debit card details,
personal pictures, and messages without any user interaction, For this - he was
awarded $15K (₹1Million). Bug bounty is highly recommended strategy to find new
bugs especially for high traffic websites.
No comments:
Post a Comment