Presented on December 2018, Repercussions-U.S Charges Two Iranian Hackers for Ransomware Attacks
Faramarz Shahi Savandi and Mohammad Mehdi Shah were charged by the authorities in the U.S for being in link with a series of more than 200 notorious ransomware attacks.Unlike normal ransomware attacks, SamSam attacks hack organizations data’s manually one by one through a variety of techniques like brute-forcing their way into exposed RDP connections on a vulnerable server and making the use of pilfered login credentials.Harvesting of admin passwords and escalation of privileges would be done by hackers once with a intention to check out the gathering of further intelligence on the compromised network. Through this strategy, they mark and expand their foothold and unleash the SamSam ransomware to compromise and encrypt PC’s. By this, victims were steered to the webpages under the control of hackers whom contained their ransomware demands parallel with a threatening countdown, post which it was said that decryption keys will be deleted and recovery of the lost stuffs will be impossible. A mindboggling sum of US $8000 worth of Bitcoin would be demanded from the SamSam extortionists to recover the lost files or a US $55,000 whopping sum to decrypt the affected PC’s on a network. FBI’s investigation reveal that the existence both men is speculated to be in Tehran, the capital of Iran.In the absence of a physical person to place before a judge, the US authorities have instead published the Bitcoin addresses used by the pair for allegedly collecting their ransomware payments. Processing transactions relating to direct addresses is not being encouraged under the Cryptocurrency exchanges.
Presented on December 2018, Repercussions- Uber fined $1.1 million by UK and Dutch regulators over 2016 data
Uber-a renowned ride-sharing company was hit on Tuesday by the British and Dutch with an alleged fine of $1,170,892 (app 1.1 million) for failing to protect users sensitive personal information during a cyberattack on 2016, involving the data’s of millions of users.The massive data breach in October 2016 experienced by Uber unveiled the fact the breached data’s
contained names, email addresses and phone numbers of about 57 million Uber riders and drivers with Driving license numbers of 600,000 drivers. Apart from this, a ransom of $100,000 for maintaining the incident with secrecy and in privacy.Today Britain’s Information Commissioner’s Office (ICO) fined Uber 385,000 pounds ($491,102), while the Dutch Data Protection Authority (Dutch DPA) levied a 600,000 euro ($679,790) penalty on Uber for failing to protect the personal information of its 3 million British and 174,000 Dutch citizens, respectively.. . It gains the fame as the most widely used and deployed database engine in the world today that is used by countless of applications with billions of deployments including IoT devices, macOS and Windows apps, including major web browsers, such as Adobe software, Skype and more.Google Chrome, Opera, Vivaldi and Brave – all these Chromium based web browsers also support SQLite through the deprecated Web SQL database API, through which a remote attacker can target the affected browsers by conjuring them and then influencing them to visit a specially crafted web-page.Updated version3.26.0 of its software has been released by SQLite to address the issue and Google has also released Chromium version 71.0.3578.80 to patch the issue and pushed the patched version to the latest version of Google Chrome and Brave web-browsers.
Presented on December, Repercussions-Critical SQLite Flaw Leaves Millions of Apps Vulnerable to Hackers
Cybersecurity researchers have discovered a critical vulnerability in widely used SQLite database software that exposes billions of deployments to hackers by allowing remote attackers to execute malicious codes and by crashing apps.SQLite requires minimal support from operating systems or external libraries, and hence compatible with almost every device, platform, and programming language.SQLite is the most widely deployed database engine in the world today, which is being used by millions of applications with literally billions of deployments, including IoT devices, macOS and Windows apps, including major web browsers, such as Adobe software, Skype and more.Since Chromium-based web browsers—including Google Chrome, Opera, Vivaldi, and Brave—also support SQLite through the deprecated Web SQL database API, a remote attacker can easily target users of affected browsers just by convincing them into visiting a specially crafted web-page.SQLite has released updated version 3.26.0 of its software to address the issue and Google has also released Chromium version 71.0.3578.80 to patch the issue and pushed the patched version to the latest version of Google Chrome and Brave web-browsers.Tencent researchers said they successfully build a proof-of-concept exploit using the Magellan vulnerability and successfully tested their exploit against Google Home.Users and administrators are highly recommended to update their systems and affected software versions to the latest release as soon as they become available.
presented on December2018-china hacked HPE,IBM and then attacked clients
Hackers working on behalf of China's Ministry of State Security, breached the networks of Hewlett Packard Enterprise Co and IBM. After the incident, it was used to gain access for
hacking into their clients' computers, according to five sources familiar with the attacks. The attacks were part of a Chinese campaign known as Cloudhopper, which the United States
and Britain on Thursday said to the infected technology service providers in order to exploit secrets from their clients.While cybersecurity firms and government agencies have issued
multiple warnings about the Cloudhopper threat since 2017, they have not disclosed the identity of technology companies whose networks were compromised.Businesses and governments are increasingly looking to technology companies known as managed service providers (MSPs) to remotely manage their information technology operations, including servers, storage, networking and help-desk support.Cloudhopper attacks date back to at least 2014, according the indictment.They were from industries including finance, electronics,
medical equipment, biotechnology, automotive, mining, and oil and gas exploration.One senior intelligence official, who declined to name any victims who were breached, said attacks on MSPs were a significant threat because they essentially turned technology companies into launchpads for hacks on clients."By gaining access to an MSP, you can in many cases gain access to any one of their customers,"
On 28th February 2019, a computer virus penetrated Columbia state community college campuses, which remained closed for 2 days. This spread everywhere after an employee opened and clicked on a malicious email attachment, says the President Janet Smith. Two days of college was off. This was mandatory for ensuring remediation, says Richard locker- Tennessee Board of regents Director of Communications. Officials comforted the students saying no data of theirs were compromised. Ironically, many students were perplexed as of why the college was closed. As per the Director of Communications Amy Spears-Boyd, students were sent an email about the situation Tuesday afternoon. “Our information technology department has been working incessantly with expert consultants around the clock to safeguard sensitive data and to annul the virus,” the email said.
presented on December2018-Repercussions of hackres exploiting malwar attack through twitter memes.
According to a recent report, researchers at Trend Micro have found some malicious Twitter memes that obfuscate malware. When a victim downloads such memes, the malware thrives towards the victim’s device and executes its code in secrecy without cautioning the user. The researchers illustrated that the Hackers exploit this trick using steganography method for injecting malware. In this method, the author hides a malicious payload in an image to evade cybersecurity measures. According to Trend Micro, the hackers may now exploit the same trick via Twitter memes as well. Reportedly, they noticed an old Twitter account posting memes on October 25, 2018, and October 26, 2018. Regarding how this malware could execute, they state that, “what makes the discovery significant is the reliability of the source bearing the malicious memes, that is, Twitter. Identified asTROJAN.MSIL.BERBOMTHUM.AA. Taking the malicious memes down seemed impossible without suspending the malicious Twitter account”.
DDoS attacks have struck the University of Albania (UA) on Feb 19th. These attacks have impacted the availability and functionality of several UA IT systems, particularly Blackboard. According to Martin Manjak (CISO of UA), neither the integrity nor confidentiality of university information has been compromised. He also says all we know is that the resource being targeted is Blackboard. “We’re able to maintain access to electronic resources from oncampus\through a combination of firewall and filtering rules,” Manjak said, “but access from off-campus was affected because the attacker(s) filled our internet pipe.” “Communication is sent to the University community as when an active threat with the potential to impact the entire campus is identified, it will also be reported” Manjak said,
The University of Madras database was struck by a ransomware attack which encrypted the data. To regain normality, hackers demanded Rs 18 lakh as ransom. Fortune favoured the university as they had back-up data on the non-network system. Technical team recovered the data and restored it on the new built server, said sources in the university. The ransomware gets sent through various ways like email. When such staff member opened it, it got proliferated throughout the system and encrypted the data. The university plans for a security audit and will implement more security schemes to thwart such issues. Apart from this, plans for group- wise firewall as level 2 and level 3 security measures are also in pipeline, says professor Sivaji. The cybersecurity connoisseurs said the upgradation of security will lessen future threats. “If any outside threat is detected, an alert would be issued and the server would automatically shut down,” they concluded.
presented on December2018-Nasa confirmed data breach after an internal server was hacked
In a recent memo disclosed to employees, NASA confirmed a data breach that was related to one of their internal servers. Allegedly, the server contained personal information of employees which may have leaked to the hackers, the data included social security numbers. As revealed, the cybersecurity personnel at NASA found out the breach in October whileinvestigating a server containing employees’ . NASA haven’t poignantly stated what exactly the leaked data includes, however they confirmed the breach of Social Security numbers. At the moment, they haven’t disclosed any details regarding the impact of the breach. Rather they confirm that investigations are underway. This also includes investigations regarding the identification of hackers.
Optus customers feared a possible breach since few users attempted to access their accounts masquerading as someone else. The suspicious account activity witnessed customers logged inas “Vladimir” while other customers said they had seen being logged as “Sarah”. Optus verified the issue and said it is striving hard with 3rd party vendors to eliminate this. As a precaution, Optus shortly disabled the account and later re-enabled it. They also conveyed their apologies for this inconvenience. One of the customer reported that he could see another customer personal information when he logged in his own account. Apart from him, others also shared similar experiences. Using the domain “optusnet.com.au”, customers are sent an email telling them a document is available for them to download via the link provided. Once clicked, the victim’s computer will be infected by the malicious file.
A long lurking dreaded vulnerability was just patched by WordPress in its core code. But a same flaw existing in third party plugin can still allow hackers to compromise websites which are using the popular publishing software, says German web security company RIPS technologies. To exploit the vulnerability, perpetrator must have access to the account with “author” privileges - a common designation for WordPress users. Once the hacker gains access, he can manipulate the data and use it for his own selfish motives. An attacker obtaining access with author privileges on WordPress can execute arbitrary PHP code on the server, waving a green signal for remote takeover, says RIPS researcher Simon Scannell in a blog post. The bug classified as a path traversal vulnerability has been running on one-third of all the websites for almost six years, said researchers. Scannell says in- spite the WordPress websites patching their core code, the software is still susceptible to be attacked through plugins. He further adds that any WordPress site installed with improper plugin can make exploitation, certainly with reference cited towards the code part handling image metadata. WordPress plugins have of late been trending in news for vulnerabilities.
Electric scooters are hacked!.... Isn’t this news like curiosity provoking?
Yes, a Xiaomi M365 scooter which can be manipulated through a Bluetooth connection was discovered by Rani Idan, a researcher with Dallas-based Zimperium whom also said that users with authenticated passwords alone can connect and access the scooter. But, he later disclosed that the password completely fails to protect the user. It was found that the password is validated on the application side but the scooter itself isn’t cognitive of the authentication state. From there, an app was written for his mobile device by him which allowed to mess with a Xiaomi scooter that was in motion. Due to this flaw, any M365 scooter can be locked and installed with corrupt firmware. Other top scooter sharing companies like Bird and Spin have used Xiaomi in past. But, CyberScoop figured out that Bird updated the firmware on M365 models before a year. A spokesperson told CyberScoop that buying of Xiaomi models were stopped. Xiaomi told Zimperium researchers that they knew the issue and blamed the “third-party products” for it.
Luka Sikic, a security developer at WebARX published a report briefing about the bug in Simple Social Buttons plugin. More than 40,000 websites leveraged them to spread their content on social media like Facebook, Twitter and many. WPBrigade have patched the issues in 2.0.22 software after the acknowledgement of Sikic, which had a Friday release. This was the firm that developed Simple Social Buttons. Last year, there was another similar case where hackers manipulated a vulnerability in the plugin WP GDPR compliance to develop their indigenous administer accounts on the WordPress websites.
A security update was released on Thursday which comprised the patch for 3 already exploited vulnerabilities. If users jeopardize to update the security patch, then they are vulnerable to threats. The much familiar Face Time bug which permissioned the attackers to espy on others through audio and video was fixed by the security patch iOS 12.1.14. It also rectifies the two zero- day vulnerabilities, says Google’s project Zero security team researcher, Ben Hawkes. The bugs CVE-2019-7286 and CVE-2019-7287 can let hackers to escalate privileges as well could also execute arbitrary code with kernel privileges, respectively. To know about these, users must update their phone and must visit the “Settings” page on their iPhone and then must follow “General” to “Software Update”. Next, click “Download and Install”. Another update insisting iOS users to update to 12.1.4 which the zero day issues fixed, has been a week later since the announcement from New York Governor Andrew Cuomo and Attorney General Letitia James about the state investment on the handling strategy of the FaceTime flaw. A 14-year-old boy from Arizona first found the problem while chatting with friends and playing the video game “Fortnite.” The boy’s mother spent roughly a week trying to notify Apple about the issue, with little feedback. The company now says it will compensate the family for an undisclosed amount for reporting the issue
A research published by the mobile security company named as Wandera said that at least 8 airlines used e-ticketing systems which could permit hackers to exploit the sensitive information about travellers. The systems didn’t secure the users personally identifiable information (PII) comprising names, boarding passes, passport numbers and flight numbers, said Wandera. Nevertheless, the email vulnerabilities continued to persist even after the notification of researchers to the attacked organisations, Wandera found. The reason for these attacks was found to be theusage of unencrypted and re-usable links which lured perpetrators to hack, says Michael Covington - vice president of product at Wandera. There isn’t proof about the vulnerability exploitation from external attackers. Southwest airlines is the best low-cost functioning airline in U.S as of 2019, as per the industry analysts at Center for Aviation. In a statement regarding the security of customers, a spokeswoman told “security of our customers is of utmost significance and we ponder into this issue to strengthen the security of our customers data. A spokesperson for the JetStar told “If users were using Wi-Fi or a physical network, this wouldn’t have been an issue. Further, we aren’t a testing company but the airlines with whom we’ve engaged are keen to listen more”, he concludes.
Website admins are forced to install updates from the Drupal (popular CMS) project instantly, since the find of a highly critical remote code execution bug. Drupal security team identified the bug as CVE-2019-6340 and alerted it as extremely dangerous. According to Drupal, the bug is due to few file types not lucid from non-form sources like RESTful web services. If this jeopardizes, it warns of directing to arbitrary PHP code execution. Till the completion of update to a secure version, admins can disable all web services modules for alleviating the bug. Corrupted branches of Drupal core encompasses Drupal 8.6.x and Drupal 8.5.x. These must be upgraded to Drupal 8.6.10 and Drupal 8.5.11. Drupal warns that after updating Drupal core, admins must install security updates for affected 3rd party Drupal projects comprising of Font Awesome Icons, Transalation Management tools, video, metatag, JSON, and API. Recently, hackers used Drupal sites to address ‘Drupalgeddon 2’ flaws, with main connotation of installing cryptocurrency miners on affected web servers
presented on December2018-Repercussions saint john parking tikect system data breach impacting users
A minimal of 6,000 people in Saint John, N.B have been affected by a data breach that impacted the municipality’s online parking ticket system. Alex Cooke of the national news agency The Canadian Press reports, “As many as 6,000 people in Saint John, N.B., could have had their personal information exposed, an analyst group said as the city announced it was one of dozens of municipalities affected by a data breach to its online parking ticket payment system.” The report also reveals that the city has learned about a breach to the third-party software product Click2Gov; HackerCombat has already reported about the data pilferage from local Click2Gov government systems across US cities. Click2Gov, which is being run by CentralSquare Technologies, gives people the options to make online payments and make use of the many government services. The Saint John online parking ticket system, which functioned through this software, permitted people to pay parking tickets through the city’s website.
Presented on December2018-Repercussions on Facebook share plunges following allegations of data sharing
The shocking news of Facebook allowing companies like Spotify, Bing, Royal bank of Canada to access user’s private messages has been the hot news for various people in the earth. This waning news has hit the Facebook shares badly. After an earnings report indication, it is evident that Facebook is witnessing the second steepest fall this year with a drop of 19% on July 26th. It is the only major tech company to see its stock below the red line. By end of Wednesday’s Federal Reserve meeting, it became worst when the Nasdaq composite Index steeped down to 2.17 percent.As per the allegations reported in Times may put Facebook in trouble for violating its 2011 agreement with the Federal trade Commission. The agreement needed Facebook to make poignant stands on how much data it shared with 3rd parties and banned it from sharing friends data without their permission. Facebook reportedly considers its “partners” to be extensions of its core business, rather than third-parties.
Presented on December2018-Repercussions on a healthcare provider who becomes a malware victim
BJC HealthCare, a non-profit healthcare organization,, headquartered in St. Louis Missouri became a recent victim of malware which is now being blamed for the loss of personally identifiable information. This includes credit and debit card details of 5,850 patients. BJC HealthCare confirmed the theft of data more than a month ago, November 19. The malware had allegedly intercepted all patient records entered into the system from October 25 - November 19 of all those who received service from BJC HealthCare. The healthcare institution advised the patients and their families to monitor their bank accounts for detection of illegitimate transactions. At the time of this writing, BJC HealthCare has already contacted all the affected patients. “BJC has no indication to date that any information was actually misused. As a precaution, individuals whose payment information may have been exposed are advised to carefully review credit card and bank statements and immediately contact their credit card holder or banking institution about any inconsistencies or suspicious activity
Presented on December2018-Repercussions leading to almost 19,500 leaking WI-FI Credentials
Over the weekend, a security researcher has discovered that nearly 19,500 Orange Livebox ADSL modems are leaking WiFi credentials.roy Mursch, co-founder of Bad Packets LLC, says his company's honeypots have detected at least one threat actor scanning heavily for Orange modems. Scans started Friday, December 21, Mursch said.The attacker is exploiting a vulnerability affecting Orange LiveBox devices (CVE-2018-20377) that was first described in 2012. The vulnerability allows a remote attacker to obtain the WiFi password and network ID (SSID) for the modem's internal WiFi network just by accessing the modem's get_getnetworkconf.cgiServices like Widle allow an attacker to get the exact geographical coordinates of a WiFi network based only on its SSID. Since the Orange modem also leaks the WiFi password, an attacker can travel to a suspected high-value target, This vulnerability can also be used to build online botnets. .This panel can be used to alter the modem's settings, but also to gain access to sensitive information."They can obtain the phone number tied to the modem and conduct other serious exploits detailed in this Github repository," Mursch said today in a security advisory published by his company.