1. Russia's largest portal hacked; nearly
100 million plaintext passwords leaked:
Another data breach from 2012, and this time, it's Russia's biggest internet
portal and email provider Rambler.ru. The portal suffered a massive data breach
in 2012 in which an unknown hacker managed to steal nearly 100 Million user
accounts, including their unencrypted plaintext passwords. The leaked user
records in the database included usernames, email addresses, social account
details & passwords. Rambler.ru is the latest victim to join the list
of "Mega-Breaches" revealed in recent months, when Millions of online
credentials from years-old data breaches on popular services, including LinkedIn,
MySpace,
VK.com,
Tumblr,
and Dropbox
were exposed online.
2. MedSec sued over St. Jude pacemaker
vulnerability report: Last
issue, we discussed this case. Now, St. Jude Medical is taking
allegations of serious security vulnerabilities in the firm's medical devices
to heart with a lawsuit designed to "set the record straight." The
medical device maker claimed on last week that MedSec and Muddy Waters falsely
issued warnings about insecure medical devices in order to intentionally drop
the share value of St. Jude and profit from a short-selling scheme, in which
investors sell stock with the belief that values will soon drop -- allowing
them to buy them back at a lower price and make a profit.
3. Just an Image can hack your Android
phone — Patch now: Similar to last
year's Stagefright
bug that allowed hackers to hijack Android devices with just a simple text
message without the owners being aware of it, a bug has been discovered that
Google has now patched. The bug allows attackers deliver their hack hidden
inside an innocent looking image via social media or chat apps. In fact, there
is no need for a victim to click on the malicious photo because as soon as the
image’s data was parsed by the phone, it would quietly allow a remote attacker
to take control over the device or simply crash it. Given the shaky history of
handset manufacturers and carriers rolling out security patches, it is not
known how long the companies will take to update vulnerable Android devices.
4. FBI arrests two hackers who hacked US
Spy Chief, FBI and CIA Director: US
authorities have arrested two men on charges that they were part of the
notorious hacking group "Crackas With Attitude." A 16-year-old
British teenager suspected of being part of the group was arrested in
February. These men had hacked into Intelligence
chief's and CIA
directors email accounts and Phone. They also leaked the personal
details of 31,000 government agents belonging to nearly 20,000 FBI agents;
9,000 Department of Homeland Security (DHS) officers and some number of DoJ
staffers. The hacking group used social engineering in order to trick the
victims into revealing their account number, password, and other details.
5. US law enforcement throw online scam
artists behind bars: US law enforcement
has sentenced seven criminals who were part of an online fraud ring which duped
victims out of their cash through romance, shopping and job opportunity scams.
Scams, phishing emails and job opportunities which land in our inbox are now
commonplace. While email providers usually do a good job of keeping these
schemes in our spam box, there are still many who fall for such schemes. All
the seven criminals will spend five years behind bars.
6. USB kill to destroy any computer within
seconds: A Hong Kong-based technology
manufacturer is selling a USB thumb drive called USB Kill 2.0 that can fry any
unauthorized computer it's plugged into by introducing a power surge via the
USB port. It costs $49.95. The company claims to have developed USB Kill 2.0
stick for the sole purpose of allowing companies to test their devices against
USB Power Surge attacks but looks like it can be misused for other purposes as
well.
7. New cross-platform Malware can hack
Windows, Linux and OS X Computers: Cyber
attackers have started creating cross-platform malware for wider exploitation.
One such malware family dubbed as Mokes, has recently been discovered by
researchers, which runs on all the key operating systems, including Windows,
Linux, and Mac OS X. The malware can capture audio-video, obtain keystrokes as
well as take screenshots every 30 seconds from a victim’s machine.
8. Microsoft Window’s name resolution
services abused to steal passwords: A
Security researcher has discovered a unique attack method that can be used to
steal credentials from a locked computer (but, logged-in) and works on both
Windows as well as Mac OS X systems. He modified the firmware code of USB
dongle in such a way that when it is plugged into an Ethernet adapter, the
plug-and-play USB device installs and acts itself as the network gateway, DNS
server, and Web Proxy Auto-discovery Protocol (WPAD) server for the victim's
machine. The computer automatically shares Windows credentials with the
connected device as it is the default behavior of Microsoft Window’s name
resolution services, which can be abused to steal authentication credentials.
9. Another hack developed for air gapped
computers: Researchers have discovered a
way to extract sensitive information from air-gapped
computers using a combination of a malware + USB. The secure Air gapped
computers first need to be infected with a malware, after which when 'any' USB
is plugged into that computer, the malware turns the USB into an RF
transmitter. This is a software-only method for short-range data exfiltration
using electromagnetic emissions from a USB. Dubbed USBee - this method can
transmit data at about 80 bytes per second, which is fast enough to steal a
4096-bit decryption key in less 10 seconds.
10. NCRB data: India’s cyber criminals are
mostly business rivals: The National
Crime Records Bureau’s 2015 data shows a wide range of profiles making up the
cybercriminal, the most prolific among them being business rivals (20%)
followed by 'neighbors, friends or relatives' (15%), Hackers (13%) &
Students (10%). Overall, cybercrimes in 2015 - witnessed an increase of 20.5
per cent since 2014. A total 11,592 cases of cybercrime were registered across
the country.
No comments:
Post a Comment