Issue 97- Week of Dec 26th
1. US Election hacking fallout: US expelled 35 diplomatic personnel from Russia embassy
last week, it is alleged these Russians interfered in US presidential election
by hacking
the DNC. Russia did not do the usual tit for tat but it trolled
President Obama by calling him a Lame duck.
2. Super Mario Run APK is a malware: Nintendo's 'Super Mario Run' was released recently for
iOS devices only. Some of the Mario lovers went looking for the Android version
of the game outside the Goggle play store and ended up with malware. This
malware can take full control of the Android device. It is advised to wait for
the official version on Play Store.
3. Lithuania computers infected with Russian Spyware: Reuters reports that Lithuania has accused Russia of cyber-attacks
on it Government networks. Lithuania fears Russia is trying to infiltrate its political
sphere. Russia has rejected this as Laughable and unsubstantiated. Meanwhile in
Germany, its intelligence believes Russia may interfere in its National
elections in 2017.
4. Application for Marijuana seller's details leaked: Recreational marijuana is legal in Nevada. Details from
the 11700 reseller applications that Nevada state government had received was
easily accessible via Google on the State Government's Website. Experts are not
willing to call this a cyber-hack. The site is currently down.
5. Another DDoS attack:
For most part of 2016 - DDoS attacks was launched using Mirai botnet in hacked
IoT devices. Last week - A 650Gbps attack was launched using a new botnet
called Leet Botnet. Issue
84 - A 1.5Tbps attack was launched on France-based hosting provider OVH
and Issue
87 - DNS provider DYN suffered massive DDoS attack.
6. Android Trojan infects Wi-Fi router: A new Android Trojan called Switcher comes in disguised
apps and does not affect the device but targets the Wi-Fi router it is
connected to. It changes the DNS settings of the router to redirect traffic to
malicious websites. Issue 95 - we saw something similar called 'DNS
Changer' - where the router was attacked via a PC. Issue
94 - we saw Stegano Malvertising redirecting traffic.
7. Amazon Echo's help required to solve murder case: Amazon Echo is a smart device that responds to voice
commands. This device was being used in a home where a murder took place. The
police have issued a Warrant to Amazon to handover the voice recordings during
the suspected time of murder. Amazon has declined. Sounds very similar to Apple
v/s FBI case wherein Apple declined to unlock the San Bernardino
terrorist's iPhone.
8. InterContinental Hotels may have been hacked: After a debit and credit card fraud pattern was found at
some of the InterContinental properties - the hotel has launched an
investigation. Kimpton
Hotels & HEI Hotels & Resorts (which operates Marriott, Hyatt
and Sheraton and Westin hotels) recently suffered PoS breach.
9. Critical flaws in PHP 7 detected: Experts have found 3 critical 'Zero Day' vulnerabilities
in PHP 7. Two of the flaws allow hackers to take full control of the web server
and steal data. The third flaw helps in DoS attack shutting down the server.
PHP was notified about these flaws in Sep and as of now they all have been
patched.
10. Security and demonetization: Recall the story we discussed in Issue
49 - wherein a Bangalore businessman's account was hacked and $70K was
stolen. The hackers were able to very easily obtain a duplicate SIM card of the
businessman's phone number and then hack the bank account as the OTP was now
being delivered to the criminals. With Demonetization and Digital India - thousands
are embracing e-wallets and online transactions every day. Criminals now have a
much wider attack surface, one should stay alert to prevent such hacks.
Source - idtheftcenter.org
No comments:
Post a Comment