Sunday, September 18, 2016

Issue 82- Week of Sep 12th


1.      About 100 FreeCharge clients lose money after cyber-attack: FreeCharge is e-wallet payment app, based out of India. Last week, Nearly 100 customers of FreeCharge lost Rs.10,000 ($150) each, across the country in cities like Chennai, Mumbai, Hyderabad, Delhi only to be restored later as the e-wallet's system met with a phishing attack. The attacks happened between June and August 2016. The hackers used the e-wallet for online shopping, transferring the money to various bank accounts.

2.      Online Ad service ClixSense hacked; 6M plain-text passwords leaked: ClixSense, a website that claims to pay users for viewing advertisements and completing online surveys, is the latest victim to join the list of "Mega-Breaches" revealed in recent months, including LinkedIn, MySpace, VK.com, Tumblr, and Dropbox. In addition to 6.6M passwords and email addresses, the dump database includes first and last names, dates of birth, sex, home addresses, IP addresses, payment histories, and other banking details of Millions of users. ClixSense admitted the data breach and said some unknown hackers were able to get access to its main database through an old server which the firm was no longer using, but at the time, still networked to its main database server.

3.      Olympic Athletes' medical data compromised by Russian Hackers: Last week, The World Anti-Doping Agency (WADA) revealed that its Anti-Doping Administration and Management System database was recently hacked -- allegedly by Russian hacker group Fancy Bear. Confidential data of athletes were stolen and some released publicly. The International Olympic Committee called the leaks an "outrageous" breach of confidentiality and have offered to assist WADA in communicating with Russian authorities over the matter. In total, 40 athletes have now had their TUE history disclosed. TUE - (Therapeutic Use Exemption) is a certificate which allows an athlete to take an otherwise banned substance.

4.      Mystery surrounds possible BlueSnap data breach: Around 324,000 users have likely had their payment records stolen either from Payment Gateway BlueSnap or its customer Regpack; however, neither of the company has admitted a data breach. Whoever is guilty of this breach is also in line for a serious fine, because they also stored CVV numbers, an action prohibited by financial authorities and credit card companies.

5.      British Hacktivist 'Lauri Love' to be extradited to USA: British citizen and alleged hacker Lauri Love will be extradited to the United States to face allegations of hacking into US government computer systems - including FBI, NASA and US Army. Love was involved in an online protest linked to the untimely death of another activist, who committed suicide in 2013 while under federal charges for data theft. He has few legal options left before he can be extradited but if it happens, he will face 99 years in prison.

6.      Xiaomi can silently install any App on Android Phone using a backdoor: Xiaomi in the past has been criticized for spreading malware, shipping handsets with pre-loaded spyware/adware and secretly stealing users' data. Now, a researcher has found that the smartphone runs a pre-installed app called AnalyticsCore.apk, that runs 24x7 in the  background and reappears even if it is deleted. The app sends the phone data including IMEI number to the company server every 24 hours to check for updates, which automatically gets installed silently. The worry is that the handset maker- can remotely and silently install any application on the device just by renaming it to "Analytics.apk" and hosting it on the server.  Hackers can also exploit this backdoor.

7.      Using 'Signal' app? install the patch: Two Researchers have discovered a couple of vulnerabilities in Signal, the popular end-to-end encrypted messaging app. One of those vulnerabilities could allow potential attackers to add random data to the attachments of encrypted messages sent by Android users, while another bug could allow hackers to remotely crash vulnerable devices. The vulnerabilities have just been patched and the updated version is available on Github but not yet on Google play.

8.      Google’s Project Zero is offering upto $200,000 to find vulnerabilities in Android: Google’s security analyst team, Project Zero (that works on finding vulnerabilities in the Android system) has announced the launch of its hacking contest to discover flaws in the mobile ecosystem. The goal is to find a bug chain that can give remote access to multiple Android devices by just knowing their email address or phone numbers. The first prize in the competition is $200,000; the second prize is $100,000 and the third prize is $50,000. There will be additional awards for winning entries that are able to find flaws in the Google’s operating system.

9.      Instead of spending $1.3 million, FBI could have hacked iPhone in just $100: The infamous encryption fight of Apple V/s FBI, where Apple paid $1.3M to hack the phone and got nothing useful out of it, could have been done in just $100. A researcher has shown a technique called NAND mirroring, in which he physically removes the NAND memory chip from the iPhone - copies the data and brute forces the passcode. 4 digit passcode takes few hours while 6 digit passcode take few weeks. The big problem FBI faced with the iPhone was that the 11th attempt to open the phone with a wrong passcode would have deleted all its contents, hence they had to hack the phone.


10.   FBI Director says you should cover your Webcam with tape: In issue 70, we saw a Photo that revealed even Zuckerberg tapes his Webcam and Microphone for Privacy, last week, the FBI director in a conference, confirmed that he too tapes his webcam. He said like we lock our cars and lock our door at night, we should also tape the camera on our laptops for privacy. In reality, taping the camera just solves a small issue, the bigger issue is IoT devices like Security Cameras. Due to their insecure implementation, hackers routinely hijack Security Cameras and use them as weapons in cyber-attacks


1 comment:

  1. Want To Increase Your ClickBank Traffic And Commissions?

    Bannerizer makes it easy for you to promote ClickBank products with banners, simply visit Bannerizer, and grab the banner codes for your picked ClickBank products or use the Universal ClickBank Banner Rotator to promote all of the available ClickBank products.

    ReplyDelete