Issue 78- Week of Aug 15th

1.       NSA's hacking group hacked! Bunch of private hacking tools leaked online: Last week, unknown hackers calling themselves "The Shadow Brokers,"  hacked into NSA (US Intelligence agency)-- and dumped a bunch of its hacking tools (malware, private exploits, and hacking tools) online. The hackers are offering to sell more private "cyber weapons" to the highest bidder. The files mostly contained installation scripts, configurations for command-and-control (C&C) servers, and exploits allegedly designed to target routers and firewalls from American manufacturers. Last year, a company called Hacking Team was hacked and its tools were similarly leaked.

2.       Retailer says point of sales system was infected with malware: US retailer Eddie Bauer had said that hackers may have accessed customers' payment card information after infecting its point-of-sale systems with malware. The company says it's in the process of identifying customers whose payment information may have been stolen and will notify those who've been affected and is also working with payment card networks so that they can coordinate with card issuing banks to monitor for fraudulent activity. Wendy’s is the another recent example of such PoS attacks.

3.       Insider attack at Sage: Last week, Sage - a provider of accounting and business software for companies worldwide, admitted to a data breach caused by someone accessing internal systems with employee credentials rather than an external cyber attacker. A female Sage employee has been arrested from London Airport, following the data breach which may have exposed information belonging to hundreds of business customers. Cyber-attacks are on the rise, and now, businesses not only have to deal with the threat of external attackers but insider threats as well. According to experts, 55 percent of all corporate cyber-attacks are either caused by malicious employees or through accidental, human error on the inside.

4.       Another site hacked because it was not patched: DLH.net which provides Steam game related news, reviews, cheat codes, and forums, was breached using a known vulnerability found in older vBulletin forum software, which powers the site's community. The data stolen from the forum includes full names, usernames, scrambled passwords, email addresses, dates of birth, join dates, avatars, Steam usernames, and user activity data. The company is denying any breach though it is asking its users to change their passwords. “Clash of Kings” forum was hacked recently for similar reasons.

5.       Ransomware in Ranchi: Ransomware has become a modern form of extortion, with a small town like Ranchi reporting more than 3 dozen Ransomware cases in the past fortnight. Till date, the victims have been automobile companies, Software consultants providing services to the Govt. of Jharkhand, Medical establishments and few small wholesale traders. In its advisory, the Govt. of India  has advised not to pay ransom, as it doesn't guarantee the release of the files. Affected users should report such instances of fraud to computer emergency response team (CERT) and law agencies. India continues to be one of the top Victim countries and last week the Finance minister revealed that a major attack on the public banking system in India was averted. In May this year - there was a major Ransomware attack in Maharashtra’s Mantralaya. Other news from India - Websites of Sagar university and Goa Institute of Management were defaced by Pakistani hackers.

6.       Clinton Foundation suspected to have been hacked: Bill and Hillary Clinton's charitable foundation hired experts to examine its data systems after seeing indications they might have been hacked. Though no message or document hacked from the New York-based Clinton Foundation has surfaced in public, Democrats are worried that leaked info may be used to attempt damage the campaign. The hack is very similar to the techniques used in the DNC hack and DCCC hack.

7.       'Massive' Locky Ransomware campaign targets hospitals: A 'massive' cybercriminal campaign is targeting hospitals with the notorious Locky Ransomware and is using a new technique in an effort to infect systems with the file encrypting software. Hospitals are an appealing target for cybercriminals to infect with Ransomware not only because of the crucial role of IT in healthcare, but also because the data held by hospitals is so vital. Earlier this year a Los Angeles hospital paid a $17,000 Bitcoin ransom after a Locky infection took down its network.

8.       VeraCrypt security audit is being spied upon: VeraCrypt is an open-source freeware utility used for on-the-fly encryption. OSTIF (The Open Source Technology Improvement Fund) announced at the beginning of this month that it had agreed to audit VeraCrypt independently. Last week, the OSTIF announced that its confidential PGP-encrypted communications with the auditors were mysteriously intercepted and it suspects some outsiders are attempting to listen in on and/or interfere with the VeraCrypt security audit process.

9.       Post Bitfinex hack; Bitcon.org is worried: Recently, Hong Kong based crypto currency exchange-Bitfinex, was hacked resulting in a loss of around $72 Million worth of Bitcoins. Last week, Bitcoin.org, the website that hosts downloads for Bitcoin Core, posted a message on its website warning users that the next version of the Bitcoin Core wallet, one of the most popular bitcoin wallets used to store bitcoins, might be replaced with a malicious version of the software offered by government-backed hackers. The advisory also went on to say that one should securely verify the signature and hashes before running any Bitcoin Core binaries.

10.   Chat service can be hacked: Omegle is a free online chat website that allows users to socialize with others without the need to register. The service randomly pairs users in one-on-one chat sessions where they chat anonymously. The anonymity encourages users to talk dirty and sometimes share identifiable info. Unfortunately, the chat conversations are recorded and stored on their servers. An Indian bug bounty hunter, found a way to hack into these servers to access these conversations. One should be careful with what identifiable information you are sharing over such online service while chatting with strangers. The more personal information you share, the more chances there are for others to blackmail or misuse the information.