Sunday, December 18, 2016

Issue 95- Week of Dec 12th


1.      Yahoo admits that 1 Billion accounts were hacked: Issue 83 - Yahoo had confirmed that personal data from 500m accounts was stolen in 2013, now Yahoo has admitted that the figure is 1 Billion accounts. It is now also being reported that this data was sold in Aug for $300k. This can potentially result in 'Password Reuse Attacks', kindly do not use same password across all your internet accounts.

2.      Ashley Madision fined $1.66M: Infidelity website Ashley Madison, was hacked in July 2015 and 36 million user records were leaked on the internet resulting in several cases of blackmail and suicides. The investigation that followed the leak revealed that the company had created several fake female profiles to lure men and also did not fully delete records even though it charged $20 for a 'full deletion'.

3.      Accidental data leak at Ameriprise: Ameriprise is financial services company based in the US. A Researcher while doing random scans on Shodan search engine spotted an Ameriprise advisor's internet facing unsecured backup drive which was set to sync with his primary backup drive at his office. This exposed Investment portfolios worth millions of dollars & Personal data of 320 clients. Shodan is a search engine that can scan the internet for open and unsecured databases and devices.

4.      Kickass Torrents bounces back to life: Issue 74 - the Domain names of Kickass Torrents(KAT) was seized, owner was arrested and the site went down. Last week, a bunch of dedicated ex-KAT staffers came together and put together a forum called Katcr.co. This group has now bought back the Torrent site to life. The new site starts from scratch and is a clone of the original site.

5.      JPMC hacker arrested: Issue 38 - U.S. had charged three Israelis for the huge JPMC cyber-fraud. Two of them were arrested in Israel in 2015 and the third hacker was arrested in JFK airport last week when he flew in from Russia to face trial. The hackers manipulated their access to the JPMC clients with misleading stock pitches and profiteering from it. The famous Preet Bharara, is the US Attorney for this case.

6.      Ubuntu’s crash report tool vulnerable: A Cyber Researcher has discovered and privately reported a critical vulnerability to the Ubuntu team. He found that he could inject code into the OS's crash file handler by crafting a crash file that, when parsed, executes arbitrary Python code. This Remote Code Execution affects Ubuntu Linux installations Ver. 12.10 (Quantal) and later. Ubuntu users are advised to patch their systems ASAP.

7.      MacOS Filevault 2 can be hacked in 30 seconds: A researcher has demonstrated that if he could get physical access to a Mac, he can hack the password in 30 seconds, using a $300 device dubbed ‘PCILeech’. There are 2 weakness that the researcher exploited - 1. Mac system protects itself against Direct Memory Access (DMA) only after it is booted & 2. the decryption password is stored in clear text. The researcher re-booted the Victim's Mac and in 30 seconds he could access the password. This issue is fixed in the latest (10.12.2) Ver.

8.      NSA tools put on direct sale, Auction abandoned: Issue 78 -  Shadow Brokers hack NSA's hacking group and put the hacking tools on Auction. The hackers are now offering these tools on a direct sale in the price range of 1 -100 bitcoins.
8. A probe by NSA on how the tools were lost concluded that it was a mistake by an agent who left it behind during an operation.

9.      Exploit kit called DNSchanger is back: Similar to the Stegano Malvertisement discovered recently, researchers have discovered another malware that spreads via Malvertising called ‘DNSChanger’. The key difference however in this attacks is the exploit kit spreads thru a Malvertisement but the dropper file (actual malware) affects the router rather than the browser. The malware changes the DNS entries in the router from the ones provided by the ISP to the Malicious servers that are controlled by hackers. With this the attackers can redirect traffic, inject ads and install other malware. Users can mitigate this risk by not using default passwords on routers.

Legion's exploits in India: Legion continued its attacks in India by claiming to have hacked accounts of 74000 Chartered Accountants, government emails hosted on Sansad.nic.in and the server of Apollo Hospital in Chennai. Legion has said that the 'Banking System' in India is deeply flawed and has been hacked several times in the past. It claims it has access to 40,000 servers in Indian Banks and can paralyses the system.




No comments:

Post a Comment