Issue 37 - Week of Nov 2nd

1.       Dridex malware is behind the recent draining of over £20 million from UK bank accounts. The malware harvests banking details which are then used to steal cash. The victims get infected when they open documents from seemingly legitimate emails. The National Crime Agency in the UK said there might be thousands of infected computers out there and most of these are Windows. An interesting development last week was a regional move to target Australia. Dridex botnet related email were being sent to potential victims in the land down under. The focus on Australia in the email lure targeting was further confirmed by analysis of the botnet configuration file. The configuration file downloaded by infected computers included directions to take "Clickshots" when potential victims access certain Australian banking websites.

2.       Vodafone admits hack, customer bank details stolen: Vodafone has admitted to a security breach which has led to the theft of sensitive information belonging to 1,827 customers in the United Kingdom. Last week, the telecommunications provider released a statement saying that "unauthorized account access" took place between midnight on Wednesday 28 October and midday on Thursday 29 October. The company says the cyber-attack took place through email address and password credentials "from an unknown source" outside of Vodafone, and the firm's systems have "not been compromised or breached in any way. Be that as it may - 1,827 customer accounts were accessed, giving the hackers data including names, telephone numbers and the last four digits of their bank account -- potentially leading to identity theft and fraud.

3.       Anonymous exposes identities of 1000 KKK members: Under the informal handle #opKKK, Anonymous revealed the impending reveal several days ago and now has released the identities of 1000 alleged KKK members in a data dump online.

4.       In Issue 31 we did discuss this offer - "Cybersecurity firm offers $1 million for Apple hack". In less than 2 months - Hacker claims $1 million iOS 9 exploit bounty: Last week the cybersecurity firm has announced the payout of a seven-figure prize to a team which has provided a remote exploit for Apple's latest mobile operating system. They said a team has managed to provide an exclusive exploit for use against iPhone users running iOS 9, leading to an award of $1 million. The winning team setup a compromised web page and when the victim visited this webpage through Safari or Chrome browsers, an arbitrary app was remotely installed, the compromise is also possible through a text or multimedia text message.

5.       BlackBerry promises monthly Android patches; can override carriers for critical hotfixes: BlackBerry has joined other Android phone makers by promising timely security fixes. The smartphone maker said last week - it will join other device makers by rolling out security patches within about a month of their initial disclosure. BlackBerry, now an Android phone maker, following the debut of its first phone running Android, said in a blog post that it was "critical" to fix Android flaws in a timely fashion.

6.       Hacking Team returns with encryption cracking tool pitch to customers: As law enforcement grumbles over the uptake in encryption services offered by technology firms, Hacking Team is keen to get back in the game and restore its client list through a new set of encryption-breaking tools. Companies including Apple and Google are taking the personal security and privacy more seriously. Google's latest mobile OS, Android L, will offer encryption by default, mirroring and keeping up with Apple's iOS 8 operating system. In retaliation to these movements, the FBI is complaining that encryption will cause terrorist and criminal cases to " go dark," hampering efforts to prevent criminal incidents. In middle of all this Hacking team finds a market. This blog reported the hacking team hack on July 12th 2015.

7.       Mobile malware evolves: Adware now breaks and roots your phone: Mobile threats just raised their game with adware-based malware which can root your device without your consent. In the past, adware was little more than a nuisance and hackers had to entice users to click on the banner or ad to infect the machine/device. Times have now changed and it may only take a victim viewing a compromised Web page for third-party apps to be installed without user consent. Another issue is Repackaged apps. The cyber-attackers repackage and rebuild apps (ex: Candy Crush, Facebook, GoogleNow, Twitter, Snapchat and WhatsApp) with malicious code before releasing them back into the wild and third-party app stores. The problem? It's not easy to tell what is legitimate and what isn't.

8.       Racket on prowl for OTPs, too: The one-time password (OTP) security feature is your best friend for online transactions. Cyber fraudsters are trying every trick in the book to get past it. Most e-commerce sites now insist on a third-level authentication — the four-digit or six-digit OTP. Given the nature of transactions now, time-barred OTPs are sent by the banks only to the registered mobile number of the customer. A roadblock which the fraudsters are trying to breach. They call and try to convince or feign to be an authentic bank employee and ask for the OTP. Banks are going to great lengths to create awareness about this, Banks will never call customers seeking account or card related information. Callers may have all the details of the victim's credit or debit card number, expiry date and even CVV number. But given the third-level authentication systems in place, they would need the OTP to carry out any net-based transaction with the card.

9.       Raytheon | Websense Security Labs researchers have identified a recent malvertising campaign affecting a popular Indonesian technology news site, Tabloid Pulsa. Users browsing to this site are being redirected to an exploit kit and served up malware, due to a compromised advertising script that is being used by the site. The website has close to 1 million hits per month. It is worth noting that no user interaction was required at any point--simply visiting the compromised website was enough to end up with malware being executed on the victim’s machine. Raytheon | Websense customers are protected against this threat via real-time analytics in ACE, the Websense Advanced Classification Engine.

10.   Class 12 student finds Gauhati University website highly insecure, says can be hacked through phone: Students of the prestigious Gauhati University aren't aware that their mark sheets stored on the servers of the university could be easily accessed by a mid-level cyber expert with chances of serious compromise to the data. Last December, a class 12 student found flaws in the network server of the university and had accessed their complete database through his Android phone. He informed the university registrar through a mail immediately. While he thought the vulnerabilities he pointed out to the university were rectified, he was shocked to find that the issue wasn't resolved till last week. He again mailed to the university, but nothing was done. He told media, "I am a web security enthusiast and while researching on security faults, I managed to access the Gauhati University control panel with ease through my Android phone. What if someone with bad intentions exploits the vulnerabilities and play with the future of thousands of students studying in the university?"