1. Yahoo confirms 'state-sponsored' hackers stole personal
data from 500m accounts: Hackers stole
the personal data associated with at least 500m Yahoo accounts, the company
confirmed last week. Details including names, passwords, email addresses, phone
numbers and security questions were taken from the company’s network in late
2014 by what was believed to be a state-sponsored hacking group. The company is
investigating the breach with law enforcement but currently believes that
credit card or bank details were not included in the stolen data. To avoid password
reuse attack, avoid using the same password across all accounts. "Mega-Breaches" revealed in recent months, include LinkedIn, MySpace, VK.com, Tumblr, and Dropbox.
2. Hacker who helped ISIS to build 'Hit List' of US military
personnel jailed for 20 years: A
computer hacker who allegedly helped the terrorist organization ISIS by handing
over data for 1,351 US government and military personnel has been sentenced to
20 years in a U.S. prison. The 21-year-old ISIS-linked hacker obtained the data
by hacking into the US web hosting company's servers in 2015. The stolen data
contains personally identifiable information (PII), which includes names, email
addresses, passwords, locations and phone numbers of US military service
members and government workers.
3. Tesla car hacked by Chinese security firm from 19km away
using 'malicious' wi-fi hotspot: A
Chinese security team has hacked into a Tesla car driving on autopilot from a
distance of 19km (12 Miles). The team was able to remotely control the
vehicle's brakes, dashboard computer, side mirrors and door locks in both
"parking and driving mode". In a video posted to YouTube, the hackers
demonstrate the remote operation of the car in a carpark at low speeds
"for safety". Tesla has confirmed the hack and has already deployed
an over-the-air software update that addresses the potential security issues. Last
year, there was similar demo of the Jeep hack.
4. Beware — Someone is dropping Malware-infected USB Sticks
into People's Letterbox: Australia's
Victoria Police Force has issued a warning regarding unmarked USB flash drives
containing harmful malware being dropped inside random people's letterboxes in
a Melbourne suburb. It seems to be one of the latest tactics of cyber criminals
to target people by dropping malware-laden USB sticks into their mailboxes, in
the hope unsuspecting users will plug the infected devices into their personal
or home computers. So, next time when you find any USB drive or receive it in
the post, show more caution and make sure you don't plug it into your laptop or
computer.
5. iPhone 7 and iOS 10 jailbreak is possible: It has only been a few days since the launch of Apple's
brand new iPhone 7 and iPhone 7 Plus, but it appears that the new iPhone has
already been jailbroken. Jailbreaking a smartphone removes certain restrictions
put on the device by its manufacturer, giving root access to the depths of the
iOS system itself. This then allows the user to download and install apps,
extensions and themes than are not typically available through the iOS App
Store. Apple is already beta testing the patch to address this issue- in iOS
10.1.
6. Apple weakens iOS 10 backup encryption: Apple has downgraded the hashing algorithm for iOS 10,
potentially allowing attackers to brute-force the password via a standard
desktop computer processor. This weakness is centered around local
password-protected iTunes backups. With iOS 10, it's possible for an attacker
to brute force the password for a user’s local backup 2,500 times faster than
was possible on iOS 9, using a computer with an Intel Core i5 CPU. However, an
obvious limitation to this attack is that it can't be performed remotely.
7. Critical DoS flaw found in OpenSSL: OpenSSL is a widely used in several websites and other
secure services, Over a dozen vulnerabilities in its cryptographic code
library, including a high severity bug that can be exploited for
denial-of-service (DoS) attacks, have been found. The vulnerabilities exist in
OpenSSL versions 1.0.1, 1.0.2 and 1.1.0. The OpenSSL Foundation has patched all
these vulnerabilities. If you are using these versions on your website - it is
time to patch. In Issue
63, we discussed – “High-severity
openSSL vulnerability allows hackers to decrypt HTTPS traffic.”
8. Probe of leaked U.S. NSA hacking tools examines
operative's 'mistake': In Issue
78, we discussed NSA's hacking group getting hacked. Last week, A U.S.
investigation has found that NSA itself was not directly hacked, but a former
NSA employee carelessly left those hacking tools on a remote server three years
ago after an operation and a group of hackers found them. The leaked hacking
tools, which enable hackers to exploit vulnerabilities in systems from big
vendors like Cisco Systems, Juniper, and Fortinet, were dumped publicly online.
The vendors confirmed
the authenticity of these exploits and patched them.
9. RBI says banks must report all cyber-attacks: The Reserve
Bank of India has issued an ultimatum to Indian banks on cybercrimes, asking
them to immediately report any breach of security so that the overall network
is not compromised. The tough stance follows the reluctance of some banks to
report such frauds in order to avoid negative publicity. The banking regulator
has set a deadline of March 31, 2017, for banks to put in place a mechanism to
report cyber-attacks immediately.
10. Hackers publish apparent scan of Michelle Obama's
passport: The White House says it is investigating a "cyber breach"
after what appeared to be a scan of Michelle Obama's passport, was published
online. The scan appeared to have been taken from a Gmail account belonging to
a White House employee, a spokesman said. Other confidential information was
published online, including travel details, names, social security numbers and
birth dates of members of staff. The White House said it had not yet verified
the documents. DCLeaks[.]com, a hacker group which last week published personal
emails from an account belonging to former US Secretary of State Colin Powell's
emails, claimed responsibility for the hack.
a
Image
courtesy: DCleaks[.]com
Facebook |