Sunday, January 1, 2017

Issue 97- Week of Dec 26th - Happy New Year

Issue 97- Week of Dec 26th

1.      US Election hacking fallout: US expelled 35 diplomatic personnel from Russia embassy last week, it is alleged these Russians interfered in US presidential election by hacking the DNC. Russia did not do the usual tit for tat but it trolled President Obama by calling him a Lame duck.

2.      Super Mario Run APK is a malware: Nintendo's 'Super Mario Run' was released recently for iOS devices only. Some of the Mario lovers went looking for the Android version of the game outside the Goggle play store and ended up with malware. This malware can take full control of the Android device. It is advised to wait for the official version on Play Store.

3.      Lithuania computers infected with Russian Spyware: Reuters reports that Lithuania has accused Russia of cyber-attacks on it Government networks. Lithuania fears Russia is trying to infiltrate its political sphere. Russia has rejected this as Laughable and unsubstantiated. Meanwhile in Germany, its intelligence believes Russia may interfere in its National elections in 2017.

4.      Application for Marijuana seller's details leaked: Recreational marijuana is legal in Nevada. Details from the 11700 reseller applications that Nevada state government had received was easily accessible via Google on the State Government's Website. Experts are not willing to call this a cyber-hack. The site is currently down.

5.      Another DDoS attack: For most part of 2016 - DDoS attacks was launched using Mirai botnet in hacked IoT devices. Last week - A 650Gbps attack was launched using a new botnet called Leet Botnet. Issue 84 - A 1.5Tbps attack was launched on France-based hosting provider OVH and Issue 87 - DNS provider DYN suffered massive DDoS attack.

6.      Android Trojan infects Wi-Fi router: A new Android Trojan called Switcher comes in disguised apps and does not affect the device but targets the Wi-Fi router it is connected to. It changes the DNS settings of the router to redirect traffic to malicious websites. Issue 95 - we saw something similar called 'DNS Changer' - where the router was attacked via a PC. Issue 94 - we saw Stegano Malvertising redirecting traffic.

7.      Amazon Echo's help required to solve murder case: Amazon Echo is a smart device that responds to voice commands. This device was being used in a home where a murder took place. The police have issued a Warrant to Amazon to handover the voice recordings during the suspected time of murder. Amazon has declined. Sounds very similar to Apple v/s FBI case wherein Apple declined to unlock the San Bernardino terrorist's iPhone.

8.      InterContinental Hotels may have been hacked: After a debit and credit card fraud pattern was found at some of the InterContinental properties - the hotel has launched an investigation.  Kimpton Hotels & HEI Hotels & Resorts (which operates Marriott, Hyatt and Sheraton and Westin hotels) recently suffered PoS breach.

9.      Critical flaws in PHP 7 detected: Experts have found 3 critical 'Zero Day' vulnerabilities in PHP 7. Two of the flaws allow hackers to take full control of the web server and steal data. The third flaw helps in DoS attack shutting down the server. PHP was notified about these flaws in Sep and as of now they all have been patched.

10.   Security and demonetization: Recall the story we discussed in Issue 49 - wherein a Bangalore businessman's account was hacked and $70K was stolen. The hackers were able to very easily obtain a duplicate SIM card of the businessman's phone number and then hack the bank account as the OTP was now being delivered to the criminals. With Demonetization and Digital India - thousands are embracing e-wallets and online transactions every day. Criminals now have a much wider attack surface, one should stay alert to prevent such hacks.


Source - idtheftcenter.org

No comments:

Post a Comment