1.
Mattel nearly loses $3M to a classic phishing scam: A finance executive with the maker
of children’s toys - Mattel, fell victim to a phishing scam and wired a cool $3
million to Chinese hackers. The phishing email was unremarkable and came
directly from their new CEO, or so the executive thought. She was wrong. She
wired the money and within few hours during a discussion with CEO she realized
the scam. Luckily the transfer took place on a bank holiday, with cooperation
from Chinese authorities, Mattel was able to reclaim the wired cash, before the
hackers could have claimed it on the next working day. Other recent
Phishing attacks have targeted W-2 data.
2.
MedStar Hospital forced to turn patients away after virus attack: Last week the hospital was hit by
ransomware, the hospital responded quickly by taking the infected IT systems
offline to avoid further corrupting its network infrastructure. The Baltimore
Sun reported a ransom of $18,500 was sought. MedStar declined to comment. FBI is
currently investigating the incident. Recently, a Cancer
Hospital reported a breach while a hospital
in Germany was held to ransom by cyber-attackers but they did not
pay-up and a LA
Hospital that went thru a similar attack paid $17k.
3.
Magento becomes fresh target for KimcilWare ransomware: Magento
is an e-commerce
platform - that is used by over 200,000 companies worldwide. A strain of
ransomware called KimcilWare is being used in campaigns against Magento
websites. The malware is installed via a script which encrypts all data and can
be spotted through the .kimcilware extension, which is added to all locked
files. A new index.html file displays a ransom note, alongside a readme file,
which demands a ransom of $140 to unlock the e-commerce store. There is no cure
for the Infection and Infected users should consider reverting to backups to
wipe clean the infection.
4.
New ransomware encrypts the whole hard drive: While most
ransomware focuses on infecting systems in order to lock files, a new breed
called Petya goes further – by completely removing access to hard drives and
operating systems. Phishing emails are being sent to targeted firms (mostly HR
departments) containing Dropbox links to applications which install Petya on
systems. Once installed Petya forces a reboot and loads the Malicious code,
which under the guise of system tool check disk (CHKDSK) -runs a 'scan'. As
this fake scan proceeds, Petya is encrypting the Master File Table on the
drive. The ransom price is 0.9 BTC ($370). Regular backup and good web security
solutions are a must to combat Ransomware.
5.
Apple v/s FBI: Last week, the FBI announced that the third
party had helped it unlock the iPhone, and the Department of Justice
dropped the case. Apple got some kudos from consumers for standing its ground
against the government. Apple is expected to tighten security even more with
its next iPhone software, likely to be announced in June and available in
September.
6.
Bangladesh Heist update: Last week - a Chinese casino junket
operator returned $4.63 million of the $81 million that hackers stole from the Bangladesh
central bank's account in the US Federal Reserve Bank and laundered in
Manila's casinos. Earlier, $20 million transfer was rejected by a receiving
bank in Sri Lanka because the beneficiary's name was misspelled.
7.
Prepare to be hacked if you don't use a password for VNC: By choosing to
use no authentication to secure VNC connection, users are sending out a 'please
hack me' invitation. A hacker created a script that cycles through internet IP
addresses and tries to connect to unsecured servers through a web-based VNC
viewer. If the script finds an available connection without any authentication,
it will connect and grab a screenshot, otherwise the script will kill the
session and move to a different IP address. The hacker now has about 23GB of
screenshots and some of them have been posted to VNC Roulette. Some of the
Images are mundane like people browsing Facebook, doing their online banking,
reading email, shopping etc., while other images feature SCADA systems and
sensitive data.
8.
Security flaw in Apple lets malicious apps in: Despite new
security features in iOS 9, businesses still need to be alert to employees
being duped into installing malicious configuration profiles on their iPhones.
Apple offers enterprise certificates to allow businesses to distribute apps
outside the App
Store and it allows any app installed by the MDM to be trusted. MDM is
third party to Apple and vulnerable to a man-in-the-middle attack. Researchers
have shown how an attacker can hijack and imitate MDM commands that iOS trusts,
including the ability to install enterprise apps over the air.
9.
6 Charged for hacking lottery terminals to produce more winning tickets: Police have arrested and charged
six people with crimes linked to hacking Connecticut state lottery terminals in
order to produce more winning tickets than usual. Prosecutors say all the six
suspects are either owners or employees of retail stores that produced a much higher
number of winning tickets than the state average. The hack appears to have
exploited some software weaknesses in lottery terminals that not only caused
ticket requests to be delayed but also allowed operators to know ahead of time
whether a given request would produce a winning ticket.
10. Tech companies play April Fool's Day
pranks: On April 1st every year - Internet gets its funny bone
and is filled with viral pranks from tech companies, this year Google, Samsung,
Kayak all had their pranks. One of Google's prank "Introducing the
self-driving bicycle in the Netherlands" was well received. Google said
the self-driving bicycle would enable safe navigation through the city for
Amsterdam residents, and it furthers Google’s ambition to improve urban
mobility with technology.
No comments:
Post a Comment