1. 'Panama Papers' Law Firm was hacked: In the
latest twist in the historic "Panama Papers" data leak and scandal,
the founding partner of the law firm whose files were dumped, exposing illicit
offshore holdings of global political leaders, celebrities, and others, says
his firm was hacked by an outsider. The law firm 'Mossack Fonseca' has two main
websites, one runs on WordPress and the customer portal runs Drupal. Both of
those sites were running outdated versions of the software and in both cases
significant security holes existed that would have allowed hackers access.
2. Heartbleed remains a risk 2 years after it was reported: On April 7,
2014, Heartbleed was publicly disclosed by the OpenSSL project, affecting
millions of users and devices around the world. It was used by hackers to
attack several corporates, government agencies like Canada's Revenue Agency
(CRA) and some of the largest banks in US. Two years after it was first
reported, the vulnerability remains a risk and is likely still being exploited
by attackers taking advantage of unpatched servers. Most of the organizations
that are still at risk because they don't know what their third-party vendors
are implementing in products that they run on their network.
3. Trump hotel chain suffers fresh data breach: Republican
candidate Donald Trump's hotel chain, The Trump Hotel Collection, has become
the victim of a credit card system data breach for the second
time in only a year. Experts have spotted a "pattern of
fraud" relating to customer credit cards, which implies the Trump Hotel
Collection may once again be harboring malware on point-of-sale (PoS) systems
within some hotels, or potentially all of them. In January - Hyatt
Hotels had admitted that 250 hotels in 54 countries were affected by a
cyber-attack which targeted customer financial information.
4. FBI says it can unlock 5c but not 5s or later phones: The Apple
V/s FBI case did not prolong as a third party helped FBI unlock the 5c
iPhone. The director confirmed that they now have a tool that works on a narrow
slice of phones. However, the agency could not unlock an iPhone 5s running iOS
7 that was used by a drug dealer in New York and has sought Apple's help. This new
case represents the latest battleground in the legal dispute between US officials
and Apple over encryption.
5. Philippines and Turkey suffer hacks: The database
of the Philippine Commission on Elections (COMELEC) has been breached and the
personal information of 55 million voters potentially exposed in what could
rank as the worst ever government data breach anywhere. Meanwhile in Turkey -
Personal details of nearly 50 Million Turkish citizens, including that of the
country's President, have been compromised and posted online in a massive
security breach.
6. Phishing email that knows your address: We are
moving into a “post-privacy” society, where it is not uncommon for an attacker
to have access to information that we have previously considered as personal.
Using this - Hackers carefully-craft user-specific emails that contain links
and personal information to trick victims into installing a new kind of Ransomware.
BBC News reported that some of their staffers have received such emails.
Ransomware is increasingly becoming problematic for private companies, hospitals
and citizens.
7. Dridex becomes more dangerous: Experts have
observed that in addition to stealing banking credentials, the malware
increasingly is also being used to steal credit card information. First few
versions of Dridex
were focused on English-speaking countries like Australia, the UK and the U.S,
while the current versions target companies from all over the world. Dridex
seems to be back after it was taken down by authorities in last Oct.
8. Adobe Patches Zero-Day Flaw Used by Exploit Kit: Adobe patches 24 vulnerabilities, including a zero-day issue being
exploited by the Magnitude Exploit Kit and flaws reported at the Pwn2own
contest. Some of the vulnerabilities were being used by the Magnitude
Exploit kit to deliver ransomware identified as Cerber and Locky thru "drive-by
downloads", which do not require user action to initiate. Unlike
attachment-based malware, simply visiting a Website, by browsing to the site or
clicking on a URL in email exposes the browser's Adobe
Flash Player to the exploit.
9. Over 135 million modems vulnerable to denial-of-service flaw: A
vulnerability, found in a modem used in millions of households, can allow an
attacker with access to the network to remotely reset the device, which wipes
out the internet provider's settings and causing a denial-of-service attack
until the modem owner contacts their internet provider. The problem lies with
how the modem, handles authentication and cross-site requests. A firmware
upgrade that ensures the need of credentials before rebooting or resetting will
sort this issue.
10. State Bank of Mysore customers lose money after accounts hacked: SBM has
initiated an internal probe and lodged a complaint following hacking of their
banking system last week, which resulted in many customers losing large sums
through multiple online transactions of ₹49. The bank has refunded the lost
money to its customers. It is reported that some of them have lost upwards of ₹50,000/-.
Experts familiar with the matter have blamed the bank for its unpatched systems
and poor security posture – which was not enough to defend against zero day
attacks or modern malware.
The series of text
messages that customers of State Bank of Mysore received:
No comments:
Post a Comment