1. NDTV and Vijay Mallya hacked: Days after a hacking group called Legion hacked Rahul
Gandhi and INC's Twitter accounts, they went on to hack India's famous
loan defaulter Vijay Mallya's Twitter account. Mallya is based in London for
the past 9 months. This morning the news broke out that Senior journalist
Ravish Kumar’s and NDTV Barkha Dutt's official Twitter handle has also been
hacked by ‘Legion’. In a tweet Legion has threatened to release over 1TB of confidential
data and also said the next attack will be on Lalit Modi - Another absconder of
Indian Law based in London.
2. Daily Motion Hacked:
85 million accounts hacked, Email
addresses, usernames and some passwords were stolen. If you have an account
with Daily Motion, kindly reset your password and if you were using the same
password across many sites - it is time you reset all your passwords. It is
safer not to reuse passwords across various platforms. Daily Motion was in news
last year for serving
malvertising to its visitors.
3. 'Distributed Guessing Attack' hacks Visa card in 6
seconds: Researchers at Newcastle
University have built a toolkit which can guess a Visa card’s details such as
Expiry date and CVV number in 6 seconds. The tool will send different values to
different e-commerce websites and will get confirmation from one of them. For e.g.
to guess the expiry date, the tool will send different dates to 60 e-commerce
sites, for CVV number it sends the request 1000 times to these e-com sites.
This attack works on Visa as it does not detect multiple incorrect attempts
across different sites. MasterCard has a centralized payment network and they
can detect such frauds quickly.
4. 'Popcorn Time' Ransomware launches victim reference
program: Like any other Ransomware,
Popcorn Time also encrypts the files and demands ransom in bitcoins. The
unusual aspect of this Ransomware is that it offers the victims the decryption
key for free- if the victims can infect 2 others and get them to pay the
Ransom. All the victim has to do is to send a link shared by the hackers to 2
other people, if they pay after getting infected the victim will get his files
back for free.
5. Stegano malvertising discovered: Researchers have discovered a Malvertising campaign
dubbed Stegano, which has remained undetected for nearly 2 years now. Hackers
hid the exploit code inside the Image's Alpha channel, packaged it as an Ad and
managed to display this ads in several popular websites - potentially infecting
millions. Whenever a user visits a site that is hosting this malware, the
exploit kit reports system info to C&C server. Depending the system
vulnerabilities like unpatched browsers or flash players, the malware can do a silent
redirect to a malicious site to download the dropper file and infect the
system. It could either lead to Ransomware or stealing of local data. Spotify
was hit by Malvertising recently.
6. Yahoo flaw allows access to any Yahoo Inbox: As part of its bug bounty program, a researcher was
awarded $10k for discovering and privately reporting a XSS bug that allowed the
attacker to view any Yahoo mail box. The bug has since been fixed. The
researcher said that finding the bug was difficult but exploiting it was very
easy as it only requires to send a specially crafted email to the victim.
7. Linux Kernel Local Privilege Escalation Flaw Discovered and
patched: A critical, local
code-execution vulnerability in the Linux kernel was patched last week, this
bug has been around since 2011. This bug allowed a local attacker to gain
kernel code execution from unprivileged processes. Issue
87 - we saw a nine year old Linux bug called 'Dirty COW' - being discovered and patched.
8. Gamification of DDoS attacks: A hacker group in Turkey is inviting users to launch
DDoS attacks on identified targets and win points in return. These points can
be accumulated and redeemed to win various hacking tools. Dubbed 'Sath-ı
Müdafaa', this attack was discovered by Forcepoint researchers.
9. Red Star OS can be hacked: North Korea's Linux operating system called Red Star can
be easily hacked by just sending it a link. Ever since the full install of Ver
3.0 was leaked outside North Korea - researchers have been regularly finding
holes in this OS. This OS was designed to keep the western OS out as North
Koreans find them suspicious. Red Star is strikingly similar to Mac OS and this
severe vulnerability was found in its Firefox derived browser called Naenara
3.5.
No comments:
Post a Comment