Cyber Security News 1st Week October 2016

  1. Cyber strikes after surgical strikes: After India announced its Surgical strike in Pakistan, Pakistani hackers have responded by defacing several Indian websites. Some of the reports suggest as many as 7000 sites were defaced. Indian hackers responded by launching Ransomware attacks on several Pakistani networks. Indians have managed to render several Pakistani networks unusable. In many cases they are not accepting any bitcoins to release the decryption key.
  1. Spotify hit by ‘Malvertising’ in app: Spotify has become the latest service to be hit by ‘Malvertising’, after a malicious advert pushed through the free tier of the music streaming site started opening “questionable” website pop-ups for some users. Spotify has confirmed the issue and have shut the adverts. Recently Spotify was hacked and in a different incident its premium accounts were exposed. Malvertising has hit some of the biggest websites, including Yahoo, the New York Times and BBC. The key reason being- most large sites sell advertising space through third-party resellers, who pull in adverts on the fly based on open auction. If malicious code can be smuggled on to the ad server, it can often be sent to multiple sites.
  1. 68 Million hacked Dropbox accounts now available for free download: The Dropbox hack. It was one of the mega breaches to join the infamous list of LinkedIn, MySpace, VK.com, Tumblr. Last week it was found that the hacker has uploaded the full dump of hacked Dropbox database online, it is now a free download. The best way to protect oneself is to change Dropbox password immediately and not to use the same password across various websites to prevent the Password reuse attack.
  1. TalkTalk fined $510K: TalkTalk, one of the biggest UK-based Telecos with 4 million customers was hacked last year. This not only affected its stock price but also attracted a fine of $510,000 for failing to implement the most basic security measures. 3 teenagers have also been arrested in connection with this hack and the investigation is still on.
  1. Another NSA Contractor arrested for stealing ‘Secret’ documents: The FBI has busted another NSA contractor over a massive secret data theft. He is charged with theft of highly classified government material, including “source codes” developed by the NSA to hack foreign government. If confirmed, this would be the second time (Snowden was first) in last 3 years when someone with access to secret data was able to steal NSA’s classified information. If convicted, he faces up to 10 years in prison.
  1. London police arrest Romanian ATM hacker who stole Millions: A Romanian man has been arrested and charged with conspiracy relating to his involvement in ATM theft. He was arrested in Romania by London police and extradited to the United Kingdom last week. He is believed to be a member of a European ATM hacking gang that stole more than $2 Million from cash machines across the UK in 2014 using ATM malware to bypass security controls. The gang would physically access the ATMs to directly load malware onto the machines, allowing them to withdraw “large amounts of cash.” Recently ATMs in Thailand were hacked and 12 Million Baht stolen.
  1. Verizon wants $1 Billion discount on Yahoo acquisition deal after recent scandals: Yahoo data breach may have hit over 1 Billion users’. Verizon, which has agreed to purchase Yahoo for $4.8 Billion, is now asking for a $1 Billion discount, according to recent reports. It is also possible that the deal may just fall through. The acquisition deal is supposed to close early next year, merging Yahoo’s search, advertising, content, and mobile operations with AOL to reach 1 Billion users.
  1. Mac Malware can secretly spy on your Webcam and Mic: The researcher who build ransomware blocker for Mac called ‘Ransomwhere?’, has discovered a way for Mac malware to tap into live feeds from Mac’s built-in webcam and microphone to locally record without detection. He has developed and released a free tool, dubbed OverSight, which not only monitors webcam and microphone activities but also alerts the user when a secondary process accesses the webcam. Oversight is a free to download, the other low-tech way to  keeping snoopers away is to tape the webcam like Mark Zuckerberg does.
  1. Hack a computer just using an Image: Researchers have disclosed a critical zero-day vulnerability in the JPEG 2000 image file format parser implemented in OpenJPEG library, which could allow an attacker to remotely execute arbitrary code on the affected systems. Hackers can exploit the security vulnerability by tricking the victim into opening a specially crafted, malicious JPEG2000 image or a PDF document containing that malicious file in an email. Once downloaded to the system, it would create a way for hackers to remotely execute malicious code on the affected system. The vulnerability is categorized as a high-severity bug and has been fixed in the latest release of OpenJPEG.
  1. FBI seeking access to another locked iPhone: Months after the controversial battle of Apple v/s FBI, now FBI is seeking access to iPhone of the criminal who stabbed 10 people in a Minnesota mall before being killed. Last time FBI spend more than million dollars to access the iPhone of the terrorist but got nothing valuable in return.