1. Think twice before using USB drives: Security researchers have discovered a new data-stealing
Trojan called USB Thief, that has the capability of attacking air-gapped or
non-internet computers without leaving any trace of activity on the compromised
systems. The malware resides as a Plug-in/DLL and executes from the USB itself,
it is bound to that USB making it hard to be replicated or reverse engineer. To
stay safe - Never use USB storage devices from non-trustworthy sources, Turn
off Auto-run and Regularly backup your data.
2. Anti-hacker unit of Verizon hacked: Records
for more than 1.5 million customers of the computer security wing of Verizon,
appeared for sale earlier last week. This division aids large corporations when
they’ve been the victims of a hack, ironically, now the division itself has
been breached. The entire database was offered up for $100k on a cybercrime forum,
or in increments of 100,000 records for $10k apiece. The company has since
fixed the security vulnerability and confirmed that the attacker only obtained
basic contact information and no customer proprietary network information
(CPNI) was accessed.
3. Uber launches Bug-bounty program: The
new bug bounty program is designed for white hat hackers to identify flaws
in Uber's codebase; critical bugs could yield up to $10,000 in rewards,
the company said. Uber's first reward program will run for 90 days, starting on
May 1st. Uber says it will share publicly the
"highest-quality" vulnerability discoveries if the winners who found
them agree to the disclosure.
4. Cybersecurity expert assisting with
Bangladesh bank heist probe goes missing: A cybersecurity
expert was reportedly abducted last week, according to his family, after
commenting on an attempted cyber-attack of $1Billion
from Bangladesh's central bank. Before disappearing, he met the special
police force appointed by the central bank. He also addressed media, where he
talked about the three user IDs used for the heist. Police are yet to comment
on his disappearance. Meanwhile, the police are seeking both technical and
human assistance from the FBI and have confirmed that criminals from multiple
countries were involved. $100 million that was stolen has been traced to Sri
Lanka and the Philippines
5. Apple v/s FBI: Last
week – court suspended the proceedings
of this case, at least until next month after FBI told the federal
judge that it needs some time to test a possible method for unlocking the
shooter's iPhone for which they have hired an "outside party". Some
reports have pointed to a forensic firm- assisting the Justice Dept. in opening
the iPhone.
6. Stop 'rewarding' victims of online fraud
with refunds: A top cop has said that Banks should stop automatically
reimbursing victims of online financial fraud, since it rewards their bad
security habits. He believes consumers would learn to take computer security
more seriously, if full refunds are stopped. He suggests banks could refund
only a portion of funds lost in online fraud, if the victim is running outdated
software. Malware takes advantage of unpatched
flaws in browsers and plugins, such as Adobe Flash, Java, etc. Experts
advice to keep all the software updated and run an Anti-malware software.
7. Phishing attacks continue to target W-2
data: Playing on fear and basic human nature in order to
succeed - Scammers continue to impersonate CEO/CFO/Senior people to seek
W2(Form 16) data from mid/lower rung employees. Attackers play on the trust
relationships that exist within the company and exploit the fact that most
employees often cannot say ‘No’ to bosses. In the first three months of 2016 -
41 large and small organizations have reported such data loss, these include
names like Snapchat,
Seagate,
Polycom, Netcracker Technology...
8. Iranians charged with cyber-attacks on
US banks, New York dam:
The Justice Dept. has charged seven Iranian
nationals with computer hacking offences against US banks and a dam in New
York. They are said to have carried out numerous distributed denial-of-service
(DDoS) attacks, disabling bank websites, preventing customers from gaining
access to their online accounts. One of the attackers gained unauthorized
access to Bowman dam's industrial automation control (SCADA) system, thru which
he could have remotely operated and manipulated the dam's sluice gate. The
attackers face up to 10 years in prison. Iran has brushed aside the charges.
9. Malvertising campaign strikes top
websites worldwide: Hackers continue to have a free run with Malvertising.
Popular websites - including The New York Times, BBC, AOL, MSN, Lenovo and many
others across the world fell prey to a malicious advertising campaign which
sent unwitting visitors to the Angler exploit kit which serves TeslaCrypt
ransomware. Hackers identify sites with high traffic and leverage third-party
ad networks to slip in fraudulent and fake adverts. A mere visit to such sites
installs Angler on victim's machines, it is not necessary to click those ads.
10. Badlock - another branded bug trying to
make money?: Samba is a
re-implementation of the SMB/CIFS networking protocol, it facilitates file and
printer sharing among Linux and Windows systems as an alternative to NFS.
Stefan Metzmacher is contributed in the development on Samba; last week he
announced a Bug in Samba on a newly created website and indicated it will
patched on April 12th – coinciding with the next patch Tuesday.
InfoSec professionals across the world panned this move as it gives a heads-up
to criminals who can exploit this bug.
No comments:
Post a Comment