Sunday, October 23, 2016

Issue 87- Week of Oct 17th


1.      Massive ATM hack hits 3.2 Million Indian Debit cards: India is undergoing the biggest data breaches to date with as many as 3.2 Million debit card details reportedly stolen from multiple banks and financial platforms. The massive financial breach has hit India's biggest banks including State Bank of India (SBI), HDFC Bank, Yes Bank, ICICI Bank and Axis, and customers are advised to change their ATM PIN immediately. Hackers stole the data by allegedly using malware to compromise the Hitachi Payment Services platform — which is used to power country's ATM, point-of-sale (PoS) machines and other financial transactions.

2.      An army of Million hacked IoT devices almost broke the Internet: A massive Distributed Denial of Service (DDoS) attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to a ton of websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify. Though the exact details of the attack remain vague, it is suspected that it could have been using hijacked IoT devices - very similar to the  1 Tbps DDoS attack on France-based hosting provider OVH.

3.      Weebly & Foursquare join the massive Data breach family: Weebly and Foursquare are the latest victims of the massive data breach, joining the list of "Mega-Breaches" revealed in recent months, including LinkedIn, MySpace, VK.com, Tumblr, Dropbox, and the biggest one -- Yahoo. Website building service company - Weebly, lost details of 43 Million users, which includes usernames, email addresses, passwords, and IP addresses. The passwords were encrypted and salted, so it will be difficult for hackers to obtain the real passwords. Location based search-and-discovery service mobile app company - Foursquare, lost details of 22.5Million customers.

4.      LinkedIn hacker arrested: The 29 year old Russian hacker responsible for massive 2012 data breach at LinkedIn, has been arrested in Prague. The breach had affected 117 Million users. He had managed to break into the company's computers in March 2012 by stealing the username and password of a LinkedIn employee who worked at the company's Mountain View, California, headquarters. This stolen data was put on sale by a hacker called 'Peace', who also put data dumps of MySpace, Tumblr, VK.com, and Yahoo! on the dark web marketplace. As of now it is not sure if the arrested person and ‘Peace’ are the same.

5.      Details emerge after the NSA contractor's arrest: Issue 85 - we discussed -  "Another NSA Contractor arrested for stealing 'Secret' documents". Now, according to a court document filed last week, the FBI seized at least 50 terabytes of data from the contractor that he had siphoned from government computers over two decades, he also took several physical documents, many of which were marked "Secret" and "Top Secret." The stolen data also contained the hacking tools that were recently leaked by 'The Shadow Brokers', further investigation will determine if there is any connection between these events.

6.      Dirty COW — critical Linux kernel flaw being exploited in the wild: A nine-year-old critical vulnerability Dubbed "Dirty COW", has been discovered in virtually all versions of the Linux OS and is actively being exploited in the wild. The flaw is a privilege-escalation vulnerability, that is part of every distro of Linux - RedHat, Debian, and Ubuntu and it can be easily/reliably exploited. The flaw gets its name from the copy-on-write (COW) mechanism in the Linux kernel, which is so broken that any application or malware can tamper with read-only root-owned executable files to gain administrative (root-level) access to the device and completely hijack it.

7.      This free tool protects PCs from master boot record attacks: In Issue 58 -we discussed - Petya Ransomware which not only encrypts the files but also locks down the entire computer by attacking the Master boot record. Now Cyber security experts have developed an open-source tool that can protect the master boot record of Windows computers from modification by ransomware and other malicious attacks. Dubbed ‘MBRFilter’, the tool is nothing more than a signed system driver that puts the MBR into a read-only state, preventing any software or malware from modifying data of the MBR section.

8.      Ransomware update: Ransomware has exploded in 2016 and is increasingly targeting business networks instead of individual users. The total cost of damages related to these attacks is set to cross $1 billion this year. The primary drivers of Ransomware growth have been that attacks are easy to carry out and victims are willing to pay to get their data back. The bad news is that ransomware doesn't show any signs of slowing down and it's likely to only become a bigger problem during 2017. Building awareness, regular back-ups and a good Web Security solution can go a long way in protecting networks from Ransomware.

9.      St. Jude Medical and Muddy Waters update: Issue 81 - St. Jude Medical (STM) sued Muddy waters to set the records right. Last week - Muddy waters launched a new website, posting more demo videos and information about vulnerabilities in STM's implantable cardiac devices. STM claims that MedSec and Muddy Waters falsely issued warnings about insecure medical devices in order to intentionally drop the share value of STM - with an objective to profit from it. Meanwhile, STM has announced plans for a Cyber Security Medical Advisory Board which will handle all issues related to cybersecurity standards of its medical devices.


10.   Indo-pak cyberwar update: Pakistani hackers often tap into the frequencies that Indian airlines use to communicate with ATC while landing in border towns like Jammu. The hackers then block the communication and start transmitting Pakistani patriotic songs. Indian pilots quickly coordinate with other Airforce ATC in the vicinity to change the frequency to restore communications. For all its IT prowess, cyberspace is one frontier on which India remains seriously vulnerable. Steps are being taken to plug the gaping holes. The ambitious Digital India program will also need to factor in Cybersecurity. We can also learn from the Yahoo breach and protect our own billion+ user database – Aadhar.

3 comments:

  1. Davidbenjaminltd@outlook.com is indeed the right place to get your blank ATM card. Much has been said about this company which i saw online about their reliability and certified services am reaffirming this because i have tested them too and they are trusted. I got my card 4 days ago and it took just 2 days for it to be delivered to me after i made all necessary payments. If you are tired of wasting your money an time on fake companies then davidbenjaminltd@outlook.com is the right place

    ReplyDelete
  2. I got my already programmed ATM card to
    withdraw the maximum of $50,000 daily for a maximum of 30
    days. I am so happy about this because i got mine last week
    and I have used it to get $100,000. MR mark wesley is giving out the card just to help the poor and needy. he also advice us to help the needy around us when we get the card so that God will keep blessing all of us. get yours from him now. Just send him an email
    On wesleymarkhackers@gmail.com

    ReplyDelete
  3. My name is Alicia , I have been hearing about this blank ATM card for a while and i never really paid any interest to it because of my doubts. Until one day i discovered a hacking guy called (OSCAR WHITE). he is really good at what he is doing. Back to the point, I inquired about The Blank ATM Card. If it works or even exist .He told me Yes and that its a card programmed for random money withdraws without being noticed and can also be used for free online purchases of any kind. This was shocking and i still had my doubts. Then i gave it a try and asked for the card and agreed to their terms and conditions. Hoping and praying it was not a scam. One week later i received my card and tried with the closest ATM machine close to me, It worked like magic. I was able to withdraw up to $4500. This was unbelievable and the happiest day of my life. So far i have being able to withdraw up to $28000 without any stress of being caught. I don't know why i am posting this here, i just felt this might help those of us in need of financial stability. blank Atm has really change my life. If you want to contact him, Here is the email address oscarwhitehackersworld@gmail.com And I believe he will also Change your Life....

    ReplyDelete