CyberANAtor – Daily News Bulletin

CyberANAtor – Daily News Bulletin

20 top hotels including Starwood, Marriott and Hyatt hit by virus attack: HEI

NEW YORK: A data breach at 20 US hotels operated by HEI Hotels & Resorts for Starwood, Marriott, Hyatt and Intercontinental may have divulged payment card data from tens of thousands of food, drink and other transactions, HEI said. This happened due to malware attack present in payment system. The company has informed federal authorities and has installed a new payment processing system that is separate from other parts of its computer network.

Cyber Security Tips: To prevent from such kind of attacks secure your payment system, use email security, avoid to open spam mails.

Internet traffic hijacking Linux flaw affects 80% of android device

Around 80 percent of Android smartphones and tablets running Android 4.4 KitKat. Recently Linux kernel flaw vulnerability found in android. It allow attacker to terminate the connections, spying an unencrypted traffic and also able to inject malware into communication. t 80% of all Android devices in use today, which is nearly 1.4 Billion devices, are vulnerable to attacks, enabling hackers to spy on your communications without even compromising your network via man-in-the-middle-attack.

Cyber Security Tips: Make sure your Internet traffic is encrypted, Use a Virtual Private Network, use updated antivirus.

China launches world’s 1st ‘Hack Proof’ quantum communication satellite

China has launched the world’s first quantum communications satellite into orbit aboard a Long March-2D rocket earlier today in order to test the fundamental laws of quantum mechanics at space. The satellite is designed to develop a ‘Hack-Proof‘ communications system in this age of global electronic surveillance and cyber-attacks by transmitting uncrackable encryption keys from space to the ground. The satellite’s payloads include: Quantum key communicator, entanglement emitter, entanglement source, experiment controller, processor, and laser communicator.

Romanian frauds, Rs 49 thefts

At 6.27 am one morning in July, a 27-year-old man, subsequently identified as a Romanian named Gabrial Marian, entered an SBI ATM at Vellayambalam in Thiruvananthapuram. He attached a disk to ATM and set wireless skimmer. Data grabbed by the wireless skimming device and passwords captured by the camera while customers were using the ATM are suspected to have been sent wirelessly to a computer. They had thefts around 30 cards. They are arrested in Mumbai.

Cyber Security Tips:  Keep ATM devices secure from external devices, physical security at ATM, use strong passwords for access.

Star heroine falls prey to cyber crime

Nargis lost Rs 6 lakh from her bank account as someone stole the PIN number and other details of her credit card and duped her of Rs six lakh with a duplicate card. She got to know about this, when she got message from bank regarding withdrawals. The fraudster made a shopping of six lakh with credit card. After the fraud she had immediately block the card and she has also registered complaint at Mumbai police.

Cyber Security Tips: Protect your credit card details, do not share your card details, and use secure browsing when you are doing online shopping.

 

The NSA Hacked—What, When, Where, How, Who & Why?

The NSA was hacked on 15 August and leaked some files, tools and other details. It is hacked by the group “Shadow Brokers”. The group dumped a bunch of private hacking tools from “Equation Group” – an elite cyber-attack unit linked to the NSA – on GitHub and Tumblr.  The shadow group has published data in two parts one includes many hacking tools design to inject malware and other includes encrypted file containing the “best files” that they made available for sale for 1 Million Bitcoins. Over 300 computer files found in the Shadow Brokers archive have a common implementation of RC5 and RC6 encryption algorithms

Cyber Security Tips: NSA need to improve their cyber security, they need to check for both insider and external thread.

Sagar university website hacked

BHOPAL: Official website of Dr Hari Singh Gaur University in Sagar was hacked and Pakistani flag was posted on it on Wednesday 17 August evening. The Pakistani hackers hack website and also posted “Kamal karte ho Pandeyji. Well it is a hack by Pakistani hackers and a slap on the faces of Indian cyber security & the India government.” Mr Diwakar Singh told that they are using services of go daddy, there was cyber-attack on go daddy and affected large no of website. Soon after the hacking, the website was closed down and the objectionable posts were deleted

Cyber Security Tips: If it happened because of attack on go daddy web hosting, then they need to check for security loopholes and immediately patch it.

Fake collection notices leads to cybercrime arrest

A 22 year old man arrested for sending face bank notices to organization. He sent bank notices to organization which includes link, and once victim click on link malware were automatically installed in systems. Once malware install in system attacker able to gain access in victims system. After that he start accessing bank details.

Cyber Security Tips:  To prevent from such attacks keep your data safe, use updated antiviruses, make sure before clicking on any link.

Microsoft open sources PowerShell; Now available for Linux and Mac OS

Microsoft today made its PowerShell scripting language and command-line shell available to the open source. Microsoft also launched Alpha version for Linux and Mac OS. PowerShell is Microsoft’s command line shell for Windows power users, and an extensible scripting language for automating system tasks. Windows PowerShell is a task automation and configuration management framework from Microsoft, consisting of a command-line shell and associated scripting language built on the .NET Framework.

Warning Bitcoin user could be targeted by state sponsored hacker

A bitcoin information site is warning users that an upcoming version of the Blockchain consolidation software and Bitcoin wallets could most likely be targeted by “state-sponsored attackers.” Bitcoin.org has posted a message on his website, next version of the Bitcoin Core wallet, one of the most popular bitcoin wallets used to store bitcoins, might be replaced with a malicious version of the software offered by government-backed hackers. Users are recommended to verify the Signature securely and hashes of Bitcoin Core binaries that are cryptographically signed with a key before running Bitcoin Core binaries to ensure the binaries are legitimate as being created by the Core developer’s team.

Cyber Security Tips:  You are advised to download the binaries from the official Bitcoin site only; otherwise, you may end up getting compromised.

 

Omegle, the popular chat with strangers service leaks your dirty chats and personal info

The popular, free online anonymous chat service that allows you to chat with random strangers, without any registration. The service randomly pairs you in one-on-one chat window where you can chat anonymously over text or webcam. Bhuyan wrote a simple python script, Omegle-Chat-Hack, which automatically downloads the saved screenshots from the website. The recorded online conversations are saved in such a way that anyone with a little knowledge of hacking can pilfer them, revealing your personal information along with those dirty chats that could be used to harass or blackmail you.

Cyber Security Tips:  You should be careful with what identifiable information you are sharing over such online service while chatting with strangers. The more personal information you share, the more chances there are for others to misuse your information.

Wikipedia Co-Founder Jimmy Wales Twitter Account Hacked By OurMine

The hackers group OurMine compromised Wikipedia co-founder Jimmy Wales Twitter account Saturday 20 August 2016. A tweet was sent out from Wales’ verified Twitter account that read, “RIP Jimmy Wales, 1966 – 2016. A few minutes later another tweet was posted that read, “I confirm that Wikipedia is all lies, OurMine is the true. The tweet also contained a link to a page with the OurMine logo advertising the group’s social security services. In addition to the tweets, Wales’ biography on his Twitter profile was also changed to “hacked by OurMine.”

Cyber Security Tips:  To prevent from such kind of attacks change your password, set strong password, enable two way authentication.

 

New Trojan Turns Linux Devices into Botnet

Researchers at Doctor Web have discovered a Linux Trojan that can turn an infected Linux device and websites into a P2P botnets. A malware is designed to infect devices in order to steal financial and personal data but ”Linux.Rex.1” malware has the ability to perform DDoS attacks from the infected device, send malicious messages and distribute itself to others networks. Once the device is infected, the malware sets it up as a bot and takes instruction from unknown cyber criminals using command and control (C&C) servers. It then distributes itself onto other networks using the same infected device. The malware program receives instructions over the HTTPS protocol and sends them to other botnet nodes, if necessary. When commanded by cyber criminals, Linux.Rex.1 starts or stops a DDoS attack on a specified IP address. Other than aforementioned functions this malware also sends spam messages to website owners threatening them with DDoS attacks.

Cyber Security Tips:  To prevent from this malware secure your system with updated antivirus, Secure your organization network by filtering request using Firewall, Intrusion Detection System, Keep backup of your data.

New security protocol will protect smart cars from hacking

A team of student researchers from University of Arkansas at Little Rock (UALR). In the US created a security protocol to protect from cyber-attacks smart cars with GPS, Bluetooth and internet connections. Yu and his student Zachary King, a junior majoring in computer science at the UALR, created a security protocol to protect smart cars from hacking in the project “Investigating and Securing Communications in the Controller Area Network (CAN)” King built an experimental environment that simulates the communication system in a smart car, which allows the security protocol to be tested through simulations. There are many ways that hackers can control CAN,” King said. Once they access it, hackers can pretty easily control your car however they want. We are proposing to add a layer of security, so if an unauthorized person accesses it, they still would not be able to control your vehicle,” King said.

Cyber Security Tips:  If you are using smart Car then it can be benefited for you, but attacker can control it by many ways so you need to wait until the solution is found.

Windows 10 anniversary update causes webcam malfunction worldwide

This August, Microsoft released the Windows 10 anniversary update fully loaded with new features and stuff. This new update is the way it exploits webcams and causes them to malfunction. When users across the globe downloaded this new update for Win 10, their webcams stopped functioning and millions of users were affected by this. If you are facing the same issue and you have updated your Windows lately, then blame it on the update.

However, Thurrott reports that a fix will soon be arriving. But you can expect it to be released in September. So, if you have been trying to use Skype but are unable to do video chat then this is the reason behind its malfunction. A wide range of webcams is getting affected by this issue including Logitech C920. Whenever this cam attempts to launch HD mode, it freezes.

Cyber Security Tips: You can do to resolve the issue from affecting your Skype conversations open Registry: HKLM\SOFTWARE\WOW6432Node\Microsoft\windows media foundation\platform. In this address, add DWORD “EnableFrameServerMode” and set it at “0”. After doing this, restart Skype.

Eddie Bauer’s customer info may have been targeted by malware

Retailer Eddie Bauer LLC said on Thursday customers’ payment card information used at its stores may have been accessed by unauthorized parties. A malware was used to access the data at its retail stores on various dates between January 2 and July 17, the company said. However, not all cardholder transactions during the period were affected, the company said. Payment card information used for online purchases on the company’s website was not affected. Eddie Bauer said its investigation determined that the malware attack was part of a larger attack directed at multiple restaurants, hotels and retailers. The company said it was notifying customers whose payment card information may have been involved.

Cyber Security Tips:  If you are using Eddie Bauer to purchase cloth online you need to rake about your cards, check your bank statements, avoid to pay online until issue will solve.

Kerala Cyber Warriors’ hack Maneka Gandhi’s website, demand stray dog-free India

The group of hacker name Cyber Warriors from Kerala on Monday hacked Union Minister Maneka Gandhi’s People for Animals (PFA) website, pledging to make India free from stray dogs. The group’s action comes a day after 65-year-old Sheeluamma was killed by more than 50 stray dogs in Thiruvananthapuram on Sunday the group had taken control of the site and blacked it out with a message “Stray Dog Free India”. The PFA website displayed news reports about Sheeluamma’s death and provided information about the website’s hacking,

Cyber Security Tips:  Today website security is an important issue, secure your website with secure coding, use security devices, monitoring tools

 

Mumbai: Directorate of Health Services trolled, files complaint with cyber cell

The Directorate of Health Services (DHS) on Monday filed a complaint with the cyber-crime cell of the Mumbai Police against a chain of messages circulating over the kidney racket against its director and officials probing the case. He first realized such messages are circulating when a colleague forwarded them to his on WhatsApp. The complaint requests for action against those defaming the state government over the kidney racket. Forwarded messages on WhatsApp and several tweets in the case have been attached and sent to the cyber cell for further investigation.

SwiftKey was accidentally leaking user details; company fixing bug

NEW DELHI: SwiftKey, one of the most widely-used third-party keyboard app on Android and iOS, has reportedly been leaking users’ private data since the past few days. According to The Telegraph website, multiple SwiftKey users recently started receiving unknown contact numbers and email addresses in their keyboard suggestions. Some users have also been receiving such suggestions in different languages indicating the issue to be a global phenomenon.”

They also took to Reddit to complain about the bug. “It’s bad enough to lose a trilingual dictionary built over almost four years. Now I’m also worrying about someone getting all my suggestions,” said one user on Reddit. “I logged into SwiftKey with Google+. And now, I’m getting someone else’s German predictions with only English (UK) pack installed. I have never typed German in my entire life,” wrote another user on the platform. SwiftKey has released an official statement on the bug and said that it has disabled the ability to sync the keyboard app on new devices. In a Twitter post, the company said, “Our team is looking into this as a matter of priority.

Cyber Security Tips: Avoid to use SwiftKey keyboard until issue has been solve, you can use google keyboard instead of SwiftKey.

Hacker selling 200 million yahoo accounts on dark web

Hardly a day goes without headlines about any significant data breach. In the past few months, over 1 Billion account credentials from popular social network sites, including LinkedIn, Tumblr, Myspace and VK.com were exposed on the Internet. Now, the same hacker who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web. The hacker, who goes by the pseudonym “Peace” or “peace_of_mind,” has uploaded 200 Million Yahoo! credentials up for sale on an underground marketplace called The Real Deal for 3 Bitcoins (US$1,824). Yahoo! admitted the company was “aware” of the potential leak, but did not confirm the authenticity of the data. The leaked database includes usernames, MD5-hashed passwords and date of births from 200 Million Yahoo! Users. In some cases, there is also the backup email addresses used for the account, country of origin, as well as the ZIP codes for United States users.

Cyber Security Tips: Immediately change your yahoo password, use strong password, use two way authentication.

Beware! Advertisers are tracking you via phone’s battery status

Two security researchers, Steve Engelhard and Arvind Narayanan, from Princeton University, have published a paper describing how phone’s battery status has already been used to track users across different websites. The issue is due to the Battery Status API. The battery status API was first introduced in HTML5 and had already shipped in browsers including Firefox, Chrome, and Opera by August last year. The API is intended to allow site owners to see the percentage of battery life left on a laptop, tablet, or smartphone in an effort to deliver an energy-efficient version of their sites. The researchers found that a combination of battery life loss in seconds and battery life as a percentage offers 14 Million different combinations, potentially providing a pseudo-unique identifier for each device that can be used to pinpoint specific devices between sites they visit.

Cyber Security Tips: Avoid to use third party battery app, use good antivirus, and avoid to click on any advertise

 

Android will alert you when a new device logs in your google account

Google has rolled out a new feature for Android users to keep its users account more secure: Native Android Push Notification when a new device accesses your Google account. Google has already been offering email notification for newly added devices, but since people usually ignore emails, the tech giant will now send a push notification to your device screen, giving you a chance to change your password immediately before an intruder gets in. So, from now on, when a new device is added to your Google account, or, in other words, when a new device accesses your account, you will receive a push notification on your current Android device, asking: “Did you just sign in?” If yes, you can just ignore the notification. But if the activity appears suspicious, you just have to tap the “Review account activity” button to know about the details of the new device. You can immediately change your password and add two-factor authorization (2FA) if you are worried someone else has accessed your account.

Telegram messaging accounts compromised by Iranian hackers – Researchers

Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters. The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years. Telegram’s vulnerability, according to Anderson and Guarnieri, lies in its use of SMS text messages to activate new devices. When users want to log on to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers, the researchers said.

Cyber Security Tips: Secure your telegram account with strong passwords.

Delhi HC orders blocking of 73 ‘rogue websites

NEW DELHI: The Delhi High Court has ordered blocking of 73 “rogue websites” which indulged in “rank piracy”, saying mere blocking of the uniform resource locator (URL) was not sufficient as it could be easily changed. A bench of justices Pradeep Nandrajog and A K Pathak also said that to “block the website as a whole is justified” as these were illegally streaming “pirated” videos. “The respondent (Star India Pvt Ltd) has placed enough material in the suit to show that the rogue websites are indulging in rank piracy and, thus prima-facie the stringent measure to block the website as a whole is justified because blocking a URL may not suffice due to the ease with which a URL can be changed, and as noted above, the number of URLs of the rogue websites range between 2 to 2026 and cumulatively would be approximately 20,000.”On the issue of whether the appellant could be directed to ensure compliance with the blocking order directed against the service providers, it is suffice to state that it is the duty of the government, its instrumentalities and agencies to assist in the enforcement of orders passed by the courts,” the bench added.

Hacker group targets billionaire Czech minister’s company websites

PRAGUE: The Anonymous hackers’ group briefly shut down company websites of billionaire Czech Finance Minister Andrej Babis’s food and Agriculture Empire in protest at a law giving the state the power to close illegal gambling sites. Babis, the country’s second-richest man, founded a political movement that stormed to power in 2013. But his businesses have left him exposed to criticism of potential conflicts of interest, and hackers have now also taken aim at his companies.

Lupa.cz, a private news agency, reported that Czech hackers from Anonymous shut down the websites of Babis’s holding company Agrofert and bakery group Penam for a short period on Monday evening. “On the issue of whether the appellant could be directed to ensure compliance with the blocking order directed against the service providers, it is suffice to state that it is the duty of the government, its instrumentalities and agencies to assist in the enforcement of orders passed by the courts,” the bench added.

Cyber Security Tips: Secure website with secure code, monitor website, Check vulnerability assessment.

4 Flaws hit http/2 protocol that could allow hackers to disrupt server

HTTP/2 was launched properly just in May last year after Google bundled its SPDY project into HTTP/2 in February in an effort to speed up the loading of web pages as well as the browsing experience of the online users. Now, security researchers from data center security vendor Imperva today at Black Hat conference revealed details on at least four high-profile vulnerabilities in HTTP/2 – a major revision of the HTTP network protocol that the today’s web is based on. The vulnerabilities allow attackers to slow web servers by flooding them with innocent looking messages that carry a payload of gigabytes of data, putting the servers into infinite loops and even causing them to crash. The four key vulnerabilities found in HTTP/2 include: 1. Slow Read (CVE-2016-1546), 2. HPACK Bomb (CVE-2016-1544, CVE-2016-2525), Dependency Cycle Attack (CVE-2015-8659), 4. Stream Multiplexing Abuse (CVE-2016-0150)

Cyber Security Tips: By implementing a web application firewall (WAF) with virtual patching capabilities can help enterprises to prevent their critical data and applications from cyber-attack while introducing HTTP/2.

Bitcoin price drops 20% after $72 million in bitcoin stolen from bitfinex exchange.

One of the world’s most popular exchanges of the cryptocurrency has suffered a major hack, leading to a loss of around $72 Million worth of Bitcoins. Hong Kong-based Bitcoin exchange ‘Bitfinex’ has posted a note on their website announcing the shutdown of its operation after discovering a security breach that allowed an attacker to steal some user funds. While the company did not mention a total amount lost in the breach, one of their employees — Bitfinex community director Zane Tackett — confirmed on Reddit that the total amount stolen was 119,756 bitcoins — worth up to $72 Million in cash. Bitfinex is the third-largest Bitcoin exchange in the world. After the news of the Bitfinex hack had broken on August 2, the price of Bitcoin dropped almost 20%, from $602.78 to $541 per Bitcoin, within the day after the announcement.

Cyber Security Tips:  The safest place to store your Bitcoins or any other cryptocurrency is on your own (if possible, offline) wallet; instead on any website or cryptocurrency exchange.

Hack Apple & get paid up to $200,000 bug boundary reward

On Thursday, Apple announced at the Black Hat security conference that the company would be launching a bug bounty program starting this fall to pay outside security researchers and white hat hackers privately disclose security flaws in the company’s products. Head of Apple security team, Ivan Krstic, said the company plans to offer rewards of up to $200,000 (£152,433) to researchers who report critical security vulnerabilities in certain Apple software. While that’s certainly a sizable bounty reward — one of the highest rewards offered in corporate bug bounty programs. Earlier this year, Apple fought a much-publicized battle with the FBI over a court order to access the locked San Bernardino shooter’s iPhone. Perhaps the company is trying to eliminate these lucrative backdoors into its software to make its iOS devices so secure that even the company cannot crack them.

This ATM hack allows crooks to steal money from Chip and Pin cards

Chip-and-PIN cards are just as easy to clone as magnetic stripe cards. It took researchers just a simple chip and pin hack to withdraw up to $50,000 in cash from an ATM in America in under 15 minutes. We have been told that EMV (Europay, MasterCard and Visa) chip-equipped cards provides an extra layer of security which makes these cards more secure and harder to clone than the old magnetic stripe cards. First, the criminals need to add a small device known as a Shimmer to a point-of-sale (POS) machine (here, ATM’s card reader) in order to pull off a man-in-the-middle (MITM) attack against an ATM. The shimmer sits between the victim’s chip and the card reader in the ATM and can record the data on the chip, including PIN, as the ATM reads it. It then transmits this data to the criminals. The criminals then use a smartphone to download this stolen data and recreate the victim’s card in an ATM, instructing it to eject cash constantly.

Cyber Security Tips: Keep watch on your bank statements.

Torrentz.eu shut down forever! End of biggest torrent search engine.

Over two weeks after the shutdown of Kickass Torrents and arrest of its admin in Poland, the world’s biggest BitTorrent meta-search engine Torrentz.eu has apparently shut down its operation. Torrentz.eu was a free, fast and powerful meta-search engine that hosted no torrents of its own, but combined results from dozens of other torrent search engine sites including The Pirate Bay, Kickass Torrents and ExtraTorrent. The meta-search engine has announced “farewell” to its millions of torrent users without much fanfare, suddenly ceasing its operation and disabling its search functionality. Still, it would be fair enough to wait for an official announcement from the site owners.

Chinchwad-based company duped of Rs 1 cr over mail

On Thursday, a Chinchwad-based MIDC company that deals with automobile spare parts, lost over Rs 1crore to such fraudsters. The accused had sent a fake mail to the company officials by hacking a foreign enterprise’s website with whom the former was dealing. Cops suspect that the whole scheme is a part of some international racket. Officials of the Chinchwad-based Kinetic Electrical Company have lodged a complaint at the Pimpri police station. The police have registered a case of cheating under Section 420 of Indian Penal Code (IPC) as well under the Information and Technology Act. According to the Pimpri police officials, the company deals in the starter switches of various vehicles and also imports some automobile parts from a Taiwan-based company. One of the cops from Pimpri police station said, “The company officials here have been in touch with a Taiwan- based company through emails. In May 2016, unidentified people hacked the company’s email address and sent a mail to this Chinchwad based enterprise. In that mail, the hackers mentioned that they have recently made new bank accounts at the Metro Bank in London. The hackers instructed the company officials to deposit money and carry out other transfers at this account. After the transaction, both the companies carried on with their regular business. However, nearly three months after depositing the money, when the Chinchwad-based company did not receive components from Taiwan, they immediately contacted the officials to know what the problem was. They found out that their mails were neither received by the company, nor had they asked anybody to deposit Rs 1.18 crore in the bank account.

Cyber Security Tips:  Always make sure about your client for payment, contact with them if you got any mail regarding payments.

 

Mumbai: Ashutosh Gowariker’s wife loses Rs 1.3 lakh to cyber crime

Sunita, on August 5 received a message that Rs 1, 34, 333.08 was spent for online shopping using the card. Immediately, she contacted the manager of Ashutosh Gowariker Productions Pvt. Ltd (Khar West), and asked him about the transaction. The manager, Vishwanath Nayar (35) replied her in negative after confirming from the concerned department, after which Sunita asked him to file a police complaint the next day. Police is suspecting that it’s a hacker’s handiwork or Sunita had shared her PayTM account details with somebody, who mis used it. Neither Nayar nor Sunita could be reached, as Nayar “was not available in office for comment and Sunita madam is out of town,” informed an employee who identified himself as Sanjay. “A complaint under sections 420 of the IPC [Cheating and dishonestly inducing delivery of property] and section 66(c) (d) of the IT Act [punishment for Phishing] has been registered,” said Ramchandra Jadhav, senior inspector of Khar police station, adding that the Cyber cell has not been informed yet. Sunchita Trivedi, the spokesperson of Gowariker, said, “Sunita’s credit card was lost and somebody has used it for online shopping. The matter was reported to the police and is under investigation.

Cyber Security Tips: Keep secure your credit card, immediately inform respective bank to block it once you lost, and Keep eye on your bank account.

Pakistan-based hacker defaces Canara Bank site, tries to block e-payments

MUMBAI: Amid frosty relations with Pakistan, a hacker from the neighboring country has attacked Canara Bank, one of India’s largest lenders. On August 2, the hacker, who calls himself Faisal, defaced the bank’s site by inserting a malicious page and tried to block some of the bank’s e-payment services. Within 24 hours of the attack, the Reserve Bank of India, in a letter marked ‘confidential’, advised bank chairmen to review funds lying in their bank’s (overseas) nostro accounts and carry out hourly reconciliation of payment emails by comparing outward messages with SWIFT confirmations. “There was no loss. As of now we are seeing 20,000 online payment transactions,” said the official.

Cyber Security Tips: Canera bank need to improve their security with vulnerability assessment, check for security breaches and immediately patch it if available.

Car Thieves can unlock 100 million Volkswagens with a simple wireless hack

There are two distinct vulnerabilities present in almost every car sold by Volkswagen group after 1995, including models from Audi, Skoda, Fiat, Citroen, Ford and Peugeot. Computer scientists from the University of Birmingham and the German engineering firm Kasper & Oswald plan to present their research later this week at the Usenix security conference in Austin, Texas. The first attack can be carried out using a cheap radio device that can be made for just $40 with a small control board and a radio receiver, but is capable of eavesdropping and recording the rolling code values used by keyless entry systems. The code values are included in the signal sent every time a driver presses the key fob’s buttons, which is then used together to emulate a key that is unique to every vehicle. The researchers then managed to reverse engineer one component inside a Volkswagen’s network and were able to extract a cryptographic key that is shared among millions of Volkswagen vehicles. In the second attack, the team managed to attack a cryptographic scheme called HiTag2 — decades old rolling code scheme but still used in Millions of vehicles, including Alfa Romeo, Chevrolet, Peugeot, Lancia, Opel, Renault, and Ford. To carry out this attack, all a hacker needs is a radio setup similar to the one used in the above hack.

Cyber Security Tips: Secure your wireless network, check for vehicle recalls.

NSA’s hacking group hacked! Bunch of private hacking tools leaked online

An unknown hacker or a group of hackers just claimed to have hacked into “Equation Group” a cyber-attack group allegedly associated with the United States intelligence organization NSA and dumped a bunch of its hacking tools (malware, private exploits, and hacking tools) online. Hacker group demand for 1 million bitcoins.  Equation Group was also linked to the previous infamous Regin and Stuxnet attacks, allegedly the United States sponsored hacks, though the link was never absolutely proven. It is yet not confirmed whether the leaked documents are legitimate or not.

If NSA has successfully been hacked, the hack would be a highly critical cyber security incident.

UK-based Software Company Sage hit by data breach, clients data at risk

LONDON: Sage Group, a provider of accounting, payroll and payments software for businesses, said cyber attackers had used an internal login to access the data of some of its British customers. The personal details of the employees of about 280 British companies were potentially exposed in the breach, a company source said.

Cyber Security Tips:  To prevent from data breaches use encryption for storing data, do not use same password for different account, use secure transmission of data.

Leave a Reply