ESET malware researcher Matthieu Faou detected a malicious JavaScript on 7 lakh websites, done with the connotation of Bitcoins pilferage. Post code analysis, researchers found the compromised StatCounter and replaced JavaScript with malicious javaScript. Perhaps the infliction of the contemporary malicious codes, script gets activated only when URL contains a specific Uniform Resource Identifier. The malicious script injected was intended to replace Bitcoin address destination to hackers address. Stat Counter successfully breached on Nov 3rd and was notified on Nov 5th labelling it as “supply chain”, as it appeared on service used by the target. StatCounter eliminated the malicious script on Nov 6th before the Gate.io stopped the usage of familiar analytic service on time. Gate.io also stimulated its customers to enhance security parameters through implementation of 2FA and 2 step login.
During the past year, there has been a surge in data breach reporting regarding Amazon S3 servers left accessible online, and which were exposing private information from all sorts of companies and their customers. most companies believe that if they're the only ones knowing the database's URL, they are safe. This is not true. Attackers can obtain these URLs using MitM attacks on corporate networks, accidental employee leaks, or by brute-forcing domains for hidden URLs. 7% of all S3 buckets have unrestricted public access According to statistics by security firm Skyhigh Networks, 7% of all S3 buckets have unrestricted public access, and 35% are unencrypted. Amazon S3 ecosystem. These lapses in security best practices have resulted in some serious breaches, from army contractors to big-time US ISPs. Below is a (most likely incomplete) list of all the major data leaks caused by companies leaving Amazon S3 buckets configured with public access during the past few months
T-Mobile confirmed that the telecom giant suffered a security breach on its US servers. The hackers were able to exploit an internal API (application programming interface) on its servers that handled personal information. The leaked information includes customers' name, billing zip code, phone number, email address, account number, and account type. T-Mobile said more than 2 million people may have had their information stolen, representing about 3 per cent of its 75 million-plus customer base. However, the good news is that no financial information like credit card numbers, social security numbers, or passwords, were compromised in the security breach.
US and UK were hit by data breaches which encompassed data’s like Names, email and much more. This incident is likely to panic Indian users where millions of users are desired towards Prime video and Prime music, with chances for Indian data’s to be breached. Amazon silenced their tensed customers by saying that their data’s are now secure and the issue has been fixed. More than 150 million users are there for amazon in India as of September 2018 with more users likely to join with the inception of localized products like Amazon Prime video and Shopping app in Hindi. User details falling into rogue hands while purchasing speakers, e-reading services when online can steer the user towards disastrous repercussions.
Presented on oct 2018, Repercussions-73 GB of Sensitive Data Exposed on pocket Inet,website-www.pocketinet.com
An internet provider from Washington state, Pocket iNet, kept an AWS S3 server exposed online without a password, according to the UpGuard. The UpGuard cyber-risk team brough forth that the exposed information included 73 gigabytes of downloadable data, which comprises of passwords and other sensitive files, ranging from the spreadsheets to pictures and diagrams.Upguard also discovered, expedited and reported the exposed bucket, named pinapp2, on October 11, 2018, though Pocket iNet was basically unable to confirm the exposure. After a week’s time, according to an UpGuard blog post, the exposure was secure.The exposure was finally secured on October 19th, preventing the exploitation of this data from any future malicious activity.”Not all of the contents were able to be downloaded, with the bucket itself being exposed. However, a folder named tech, which contained sensitive information, was downloadable within the bucket. Pocket iNet’s AWS misconfiguration also exposed several lists of plain-text passwords to multiple devices and services that belong to its employees. Included in the list of plain-text passwords were firewalls, core routers, switches, servers and wireless access points.
On 20th September 2018, The vulnerability is caused by an out-of-bounds (OOB) write in the JET database engine. Microsoft’s OLE DB Provider for JET and Access ODBC only support 32-bit, which means that direct utilization is not available on 64-bit hosts. But on a 64-bit host, the 32: wedit.exe can be used to start the PoC by starting c:\ windows \ SysWOW64 \wscript.exe poc.jsAt the same time, this kind of attack can be triggered by Internet Explorer. Even on 64-bit Windows, the Internet Explorer rendering process is 32-bit. However, on IE11 – Security settings “cross-domain access to data sources” are disabled in the Internet and intranet zones, which can lead to JavaScript errors and unable to trigger the vulnerability. Launching malicious poc.html from a local drive (or USB disk) also triggers the vulnerability. However, the user needs to press “Allow Blocked Content” to trigger
Customers information were disclosed during a busiestshopping period, says Amazon which also said that the issue was fixed and instantly emailed to all the victims. Amazon officials have said that no losses were incurred and Despite Amazon’s assurance, cyber security experts insisted customers to change their passwords for security betterment. Indeed the existence of GDPR (general Data Production regulation) for security, Amazon failed to disclose the incident. It is the company’s responsibility to identify the breached citizens and prevent them from enduring further harm, a spoke person said. Tech firms must provide transparent solutions to companies when problem arises, for earning the people’s trust.
Hackers claim to have stolen personal information belonging to 20000 Superdrug customers in a targeted cyber attack. The details of 20,000 users, including names, dates of birth and contact numbers. Credit or debit card information linked to the accounts were not accessed, it added. Superdrug had evidence that 386 accounts had been affected by the breach, and urged its online customers to change their passwords. The group attempted to force the company to pay a ransom, it confirmed. We believe the hacker obtained customers’ email addresses and passwords from other websites and then used those credentials to access accounts on our website,” Superdrug said in a statement.
New email-based phishing attack designed to steal the login and password credentials for their Internet payment accounts. The scam email, which is just the latest hoax targeting the PayPal community, tells users that several different computers have recently tried to access their account with numerous failed password attempts.In order to "restore" access, users are advised to fill out an attached form, identified Restore_your_account_PayPal.html.Entering your confidential information into the form is only going to pass your private data to the cybercriminals behind this spam campaign who will use it to phish your account for money and perhaps steal your identity
Presented on oct 2018, Repercussions-Private data exposed .
A storming catastrophe was reported by google, “An API bug in Google+ exposed the personal details of about 500,000 accounts”. Later it was believed that the stolen data weren’t misused just like “Calm after Storm”. Ben smith- A google guy and an engineering vice-president has said that the patched bug by google wasn’t disclosed publicly fearing that it would be accorded to regulatory scrutiny and the organizations reputational hazard, due to the request on behalf of the privacy and data protection office perhaps being compelled to reveal after The Wall Street Journal on Monday. Especially in this era of heightened sensitivity over data leaks and increasing questions about whether massive technology firms that gather, store and sell personal data are being both proactive and transparent in how they handle and safeguard the data.
Two critical vulnerabilities in Bluetooth low energy (BLE) chips were unveiled by the security researchers which allowed remote hackers to take full control of devices of any data’s through the execution of arbitrary codes. Discovered by researchers at Israel security firm, it was notified to be made by Texas instruments being used by Cisco, Meraki and by much more.CVE-2018-16986 the 1st vulnerability, sustains in TI chips CC2640 and CC2650 and many Cisco and Meraki’s Wi-Fi access points. The bug takes the extra edge of a loophole in the way Bluetooth chips supervise the processing data. According to the researchers, launching more traffic to a BLE chip causes memory corruption alias buffer overflow attack, which could allow an attacker to run malicious code on an affected device.“First, the attacker sends multiple benign BLE broadcast messages, called Advertising Packets.“Next, the attacker sends the overflow packet, which is a standard advertising packet with a subtle alteration, researchers explained. The 2nd vulnerability, notified as CVE-2018-7080 , exists in CC2642R2, CC2640R2, CC2640, CC2650, CC2540, and CC2541 TI chips, and affect Aruba’s Wi-Fi access point Series 300, arising from a stem with Texas Instruments’ firmware update feature in BLE chips, termed as Over the Air firmware Download (OAD). Texas Instruments finalised the vulnerabilities and generated the security patches for affected hardware which can be made use through respective OEMsechanism of the firmware running on the BLE chip over a GATT transaction,” researchers explained.
One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails. Their clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments. The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”. The account required only a single password and did not have “two-step“ verification, sources said. Emails of 244,000 staff were stored in the Azure cloud service, which was provided by Microsoft. This is Microsoft’s equivalent to Amazon Web Service and Google’s Cloud Platform.the hackers had potential access to usernames, passwords, IP addresses, architectural diagrams for businesses and health information. Some emails had attachments with sensitive security and design details. The breach is believed to have been US-focused and was regarded as so sensitive that only a handful of organization’ss most senior partners and lawyers were informed
An IPhone techy freak has bypassed the security features of it through malicious codes that allows viewers to espy the private information on the locked iPhone. Jose Rodriguez a Spanish security researcher confirmed that he discovered an iPhone bypass bug in the latest version in iOS 12.1, released by Apple today. Apple with iOS 12.1 released a new feature called Group face Time that enables users to easily chat with max 32 people. Unlike previous hacks, the new method functions without saving Siri or Voice Over screen reader and the steps to execute those are cited below:
1. Call the target iPhone from other iPhone Initiate the “Facetime” post call connection.
2. Now select ‘Add Person”+ icon and access the contact list with 3D enabling for more intimate perusal.
Since there’s no remedy for fixing the issue, until Apple issues a software update for bypassing the bug, users have to wait for it.Other than these, Rodriguez has discovered tow passcode bypass hacks in iPhone 12.0.1 and in iOS 12, with both taking advantage of Siri and Voice over screen reader, thus providing easy physical access to contacts and photos.
Presented on oct 2018, Repercussions-Malware affected the utility on www.wuc.bw.
News[WU1] of the online attack against West Haven follows Onslow Water and Sewer Authority in Jacksonville, North Carolina, reporting that it was hit by an attack that began on Oct. 4, when Emotet malware infected its systems. The authority is a public, non-profit entity that provides water and sewer services to the unincorporated areas of the county as well as most local municipalities, serving more a population of more than 100,000. Officials say the attackers appeared to deliberately target the authority with a two-stage attack after last month's Hurricane Florence. The systems in [WU1]West Haven were again hit by another malware called as E motet with the attack initiating on Oct 4th which was followed by the On slow water and the sewer authority in Jacksonville, North Carolina. The unincorporated areas of the county as well as most local municipalities are being provided with water and sewer services by an authority that is non-private and non-profit entity, helping a population of more than 100,000. The authority was deliberately targeted by the attackers with a two- stage attack after last month's Hurricane Florence, report officials.
Three hacking groups are once again targeting MongoDB databases, hijacking 26,000 open servers and asking for a ransom to release the data. These attackswere simple for hackers to launch: They simply scanned the internet for MongoDB databases left open to external content, wiped the content and replaced data with a ransom demand.Two healthcare organizations were part of these initial attacks.This new wave of attacks occurred over the weekend, and in total 45,000 databases were destroyed. Included among the latest victims was a database containing three years of leukemia patient data, which was used for research to improve treatments.there are about 21,000 unsecured instances of MongoDB, and he estimates that 99 percent were ransacked.Euifax said data on 143 million U.S. customers was obtained in a breach.Personal data including birth dates, credit card numbers
Two white hackers have scored a massive $50,000 payout for exposing massive Flaws on iPhone X that gains access to recently deleted files.Richard Zhu and Amat Cam, through bug bounty found the loopholes in iOS’s just-in-time (JIT) compiler when connected to malicious Wi-Fi access point. Delete option in iOS doesn’t leave your phone exactly but sticks around your memory for 30 days.This made the hackers penetrate into the deleted images before a month and possibly even more. However perplexes are still unclear that is this flaw existing only for iPhone X or even for others.
More than 70% of the global markets for personal, commercial and military use were supplied by the Chinese drone giant-Da-Jiang.Concerns are arousing about drone security and privacy issues.Checkpoint has cautioned the firms that a huge vulnerability has been inflicted in servers that could easily excavate the personal data’s of the personnel’s.Oded Vanunu, head of Check point’s threat prevention team said that the Hacker could access logs, photos, videos personal information, cards and much more by just inflicting a cookie that monitors the users activities.To add more fuel to the flame, another vulnerability with identification tokens was exploited to hack 50 million’s FB profiles in September.
This week’s breach roundup highlights the healthcare sector's ongoing struggle with email, with three breaches caused by email errors.
Because of a faulty email sent inadvertently by an employee to a rogue recipient, 6450 patients data’s including patient names, birthdates, telephone numbers, sex, race, insurance details, account numbers were breached and this was informed by Nebraksa based Prairie field family on December 13,2018. In this breached list, financial and health information weren’t involved. In-spite of the repeated attempts made in contacting the email owner to caution about deleting the database, no response was seen. This unresponsiveness from the email address owner aroused a suspicion among officials, “Is the account active or dormant?”.
Similar to this breach, there were also breaches happening in Butler Country causing health data’s of 1350 people on September and also from Iowa based Thielan student health centre on November 5th with names, insurance information, appointment date’s and many things compromised. As a sign of remediation from Officials, the provider amended their security features and cautioned people to stay alert for thwarting any such kind of massacres in the yet to come times.
Presented on oct 2018, Repercussions-hacker attacked industrial plant .
Critical industrial systems were targeted by hackers through a Russian government link for a certainty of a nefarious cyberattack at a Saudi petrochemical plant which was a part of global operation to destroy computers. A blog post published on Tuesday, aroused a feeling of suspicion that they have supreme confidence that a Moscow government’s indigenous research facility being built with some of the malware is used in the attack, which temporarily halted operations at the plant. FireEye researchers said that “During the attack, the malware triggered a safety system that terminated the operations. If this was prevented, the attackers would have set off a potentially deadly chain of events and government involvement”-said Hulquist.
Vulnerabilities in DJI Drone web app were discovered and revealed by the Check Point today to DJI security team after 6 months of attack that held data’s on sensitive information, flight records, live video camera feed and much more.Advantage of 3 different vulnerabilities in DJI infrastructure including secure cookie bug in DJI identification process, XSS flaw and a SSL Pinning issue in its mobile app.Once captured, the login cookies takes control over DJI web account on its centralized drone operations management platform called DJI Fight hub.DJI classified the vulnerability as High, medium and low risks.DJI faced scrutiny in the US after the DHS (Department of Homeland security) released memo accusing the frim of sending sensitive information.However the drone maker refused those allegations claiming it as a FAD.