1.
Insider breach at T-Mobile Czech Republic: One of the T-Mobile's employees in
Czech Republic, stole more than 1.5 Million customer records in order to
sell it on for a profit. The
investigation into the issue has been handed over to the Czech Police's Unit
for combating organized crime, though the company said the data breach is not
due to a signal failure or a failure of system or procedures. Instead, the data
was stolen by one of its employees who was part of a "small team"
that "worked with customer data" and who was caught while attempting
to sell the database. T-Mobile said it would inform its customers of any
further developments in the investigation.
2.
Uber hacked for free Uber rides: A Security Researcher has discovered a critical
vulnerability in Uber app that could allow an attacker to brute force Uber
promo code value and get valid codes with the high amount of up to $25,000 for
more than one free rides. He has discovered a "promo codes brute-force
attack" vulnerability in the sign-up invitation link for Uber that allows
any user to invite another user to join the service and get one or more than
one free rides based on the promotion code value. Uber is yet to patch this
flaw.
3.
Air India frequent flier miles hacked: Unidentified individuals hacked into the loyalty
program of at least 20 accounts at Air India to steal nearly $24,000 worth of frequent
flier miles. The intruders succeeded in creating 20 email IDs to hijack the
reward points earned by Air India passengers. As a number of the phony tickets were
bought using invalid IDs and were signed with the same signature, Delhi Police
suspect the involvement of an insider familiar with security loopholes. The
airline has suspended the fraudulent IDs and deactivated accounts holding
identical user names and passwords.
4.
Twitter Ex-CEO got hacked: The same group of teenage hackers that hacked Facebook
CEO Mark
Zuckerberg's Twitter and Pinterest accounts have hacked another
high-profile person. The hacker group from Saudi Arabia, dubbed OurMine,
compromised Twitter account of former Twitter CEO on Sunday and managed to post
three tweets on his Twitter timeline.
The account was not directly hacked, instead, a third-party service that
cross-posted to his Twitter account was compromised, and the attackers used
this old service to post. The hackers claim their objective is to just to teach
people better security.
5.
Hacker breaks into Candaian political party's VC system: A critical flaw
in the video conferencing software of the Quebec Liberal Party (PLQ), allowed a
user to spy on and hear the strategy discussions of the party at its premises
and even access the live video camera feeds. When asked how difficult it was to
hack? The hacker told media that it was as easy as using a commonly used
password, that is often the default code that never gets changed. Both the
party and the hacker have confirmed that the password has been changed and the
security flaw fixed.
6.
DDoS attacks on central banks of Indonesia and South Korea: Public websites of the central
banks of both Indonesia and South Korea have been hit by cyber-attacks. Hacktivist
group Anonymous had pledged last month that they would launch a 30-day campaign
to attack central bank sites in what it dubbed as Operation Icarus. No money was
lost in the attacks but Central banks have been on high alert ever since the Bangladesh
central bank lost $81 million in fraudulent money transfers in
February.
7.
India - 68% of Nifty 50 companies are vulnerable to cyber-attacks: Out of the 50 companies in the Nifty
Index, 34 (or 68%) have identified vulnerabilities in at least one or more of
their Internet-facing properties. The PwC survey about transgressions in Indian
cyberspace of these companies further said, 525 email addresses belonging to
the 34 companies were compromised, meaning hackers had access to those email
addresses.
8.
‘Bug Poachers:’ A new breed of Cybercriminal: Bug Poachers are people who breach
a company's network to steal data but they do not sell this data in the dark
web. They use this data to extort their victims—telling the company they must
pay to get information on how they were breached. The bug poachers argue that
they are doing companies a service. A bug bounty program can go a long way
toward attracting the right kind of probing into a company network.
9.
Majority of SMBs would not pay Ransomware attackers: A survey of US small and mid-sized
business owners on ransomware attacks found that 84% wouldn't pay cybercriminals
even if it meant loss of data. Only 3% would be willing to pay $10,000 or more,
while 10% were okay with giving between $1 and $100. Businesses need a comprehensive
cyber security strategy that includes prevention, monitoring and damage
control. According
to the FBI, 2,453 ransomware complaints were received in 2015, costing
victims $25 million dollars.
10.
Be careful the next time you get an Invitation to connect on LinkedIn: Hackers in the guise of recruiters
- request to be connected - Many of us connect with such people with little hesitation.
Once connected the hackers gain accesses to you, your contact details, and the
rest of your network. Hackers use this to setup lures, spear-phishing, malware
drops, and other nefarious activities. More often than not, Hackers use this
connection to compromise our machines (to steal data or Ramsonware) or to
launch attacks on other people in our LinkedIn network. In Issue 28, we did discuss
- People
tend to expose a lot of information on LinkedIn / to headhunters.