1.
Hillary Clinton's Presidential campaign also hacked in attack on
Democratic Party: There's a lot more to come from the DNC
Hack. The Associated Press confirmed last week that the computer
systems used by Hillary Clinton's presidential campaign were hacked as part of
the recent Democratic National Convention (DNC) hack. According to experts
investigating the DNC hack - Fancy Bear APT (also known as APT28 and Pawn
Storm) used a piece of malware called X-Tunnel to steal data from the
system without getting detected.
2.
Kimpton Hotel chain investigating payment Card Breach: Kimpton Hotels
has confirmed a possible payment card breach at around 24 of its properties
across the US and says it is investigating the charge. Kimpton authorities
alerted customers, noting: “If there are unauthorized charges, individuals
should immediately notify their bank.” In the past 2 years, most of the credit
card breaches have been done by remotely planting malicious software at
point-of-sale (PoS) devices. Recent hotel chain victims include - Hyatt
Hotels, Trump
Hotel Collection, Starwood
Hotels, and Hilton
Hotels.
3.
Using VPN in the UAE? You'll be fined if you get caught!: If you get
caught using a VPN in UAE, you could face temporary imprisonment and fines of
up to $545k. Online Privacy is one of the biggest challenges in today's
interconnected world. The governments across the world have been found to be
using the Internet to track people’s information and conduct mass surveillance.
The top two telecom companies in UAE, have also banned VoIP and the phone
calling features in popular apps. China
has an illegal VPN service that is used to circumvent the Great
Firewall of China.
4.
PornHub pays hackers $20,000 to find Zero-day flaws in its Website: Two
months ago,
PornHub had launched a Bug bounty program and last week they paid $20,000 bug
bounty to a team of three researchers, who gained Remote Code Execution (RCE)
capability on its servers using a zero-day vulnerability in PHP – the
programming language that powers the website.
5.
Indian hacker discovers Vine’s source code; Twitter pays him $10,080 for
his efforts: An Indian Bug bounty hunter, discovered a loophole in
Vine that allowed him to download a Docker image containing complete source
code of Vine without any hassle. Vine is a video sharing service where people
can share 6-second-long video clips on Twitter. The 23-year-old reported this
blunder to Twitter, the company rewarded him and fixed the issue within 5
minutes.
6.
LastPass bug lets Hackers steal all your Passwords: LastPass is a cloud password
manager that automatically fills credentials for you. Last week, a critical
zero-day flaw has been discovered in Lastpass that could allow any remote
attacker to compromise an account completely. LastPass has quickly patched the
reported vulnerability. Lastpass was in similar news in 2015
as well as in Jan
2016 (when it was mocked as LostPass).
7.
KeySniffer lets Hackers steal keystrokes from Wireless Keyboards: Wireless keyboards from eight
different hardware manufacturers, have been found to use cheap transceiver
chips (non-Bluetooth chips) – a less secure, radio-based communication
protocol. They also use unencrypted radio transmission. This means anyone
within 100 meters range of the computer with a long-range radio dongle can
intercept the communications between affected wireless keyboards and computer.
The vulnerability is called KeySniffer. Issue
66 - we discussed Keysweeper - a simple device that exploited weak
encryption used by Microsoft wireless keyboards.
8.
Possible end of SMS-based 2-Factor Authentication: SMS-based Two-Factor Authentication
(2FA), which is used as an added layer of security, has been declared insecure by
the US National Institute of Standards and Technology (NIST). NIST argues it's
too easy for anyone to obtain a (replacement) phone and the website operator
has no way to verify whether the person who receives the 2FA code is even the
correct recipient. Other issues include design flaws in SS7 which allows SMS to
be diverted to other devices and possible leak of code when it gets displayed
on a locked screen. Issue
49 - we saw how a duplicate SIM card was used to steal $70k from a Bangalore
based entrepreneur.
9.
QRLJacking — hacking technique to hijack QR Code based quick login system: QR codes are two-dimensional
barcodes that contain a significant amount of information, many websites use
this in place of usernames and passwords for authentication. Last week, an
expert revealed a method in which a cloned QR login code on a phishing site could
capture login details of a victim and allow the hacker to steal.
10. 'No More Ransomware', a new way to fight
back when your Data's taken hostage: Participants of a new initiative called 'No More
Ransomware', have launched a website last week featuring tools that can help
some victims decrypt their data without paying off the criminals. The site
offers four decryption tools, each designed to help unlock data from different
strains of ransomware. Though this will not be able to help all victims, it definitely
offers another option to paying-up or losing-data. Regular Data backup and a
good web security solution are the need of the hour to combat this Ransomware Menace.