Issue 53 - Week of Feb 22nd

Anniversary edition. TWTW’s first edition was on- 02 Mar 2015. Thanks for your support.

1.       Beware of hacked ISOs if you downloaded Linux Mint on February 20th!: Linux Mint is a community-driven operating system which is both powerful and easy to use. Last week - On Feb 20th - the website of Linuxmint was compromised. The hacker uploaded a version of Linux Mint which contained 'Tsunami' aka Kaiten backdoor and Backdoor.linux.Tsunami.bh. The backdoor connects to absentvodka[.]com in Sofia, Bulgaria. Hundreds of people downloaded the infected version and were caught unaware. Some of the most critical applications run on Linux and it is always advisable to invest in Threat Protection technology for Linux that is capable of detecting the backdoor in the memory.

2.       Apple vs. FBI -update: Apple and FBI will face off at a congressional hearing on Tuesday, March 1, following Apple CEO Tim Cook's request for Congress to get involved in the legal battle over the San Bernardino shooting suspect's locked iPhone. If Apple were to allow this backdoor, other courts will come with similar requests, hackers & repressive regimes will exploit it and hence Tim rightly called the iPhone-cracking software the "software equivalent of cancer." Several high-profile technology companies have supported Apple's stance against the FBI, including Facebook, Alphabet, Twitter, and Microsoft.

3.       Hackers hold German hospital data hostage: Lukas Hospital in Germany was hacked and suffered a Ransomware attack. Staff noticed that there were error messages popping up, and the systems became suspiciously slow. A swift response by IT, averted major damage when they decided to go offline. They are now back to pen and paper - and a fax machine for intra hospital communication. Thankfully they have regular backup of data and will be able to restore the systems once they are cleaned up. Traditional security systems can hardly stop Ransomware attacks. A multi-layered approach and usage of Web Security with Real-time detection and blocking of both known and unknown binary threats will help. Recently - a LA hospital paid $17k in ransom.

4.       MasterCard Says It Will Use Selfies to Replace Passwords: Every security provider would like to find a replacement for passwords, which can easily be forgotten and are too often stolen, hacked and otherwise abused by bad actors. MasterCard thinks that faces and fingerprints can't easily be stolen, forgotten, hacked and otherwise abused quite as much as passwords, and it's probably right. With this in mind, the credit card company has announced that its customers will soon be able to replace their passwords with a selfie and a fingerprint to verify their identity to make payments online.

5.       Nissan Leaf hackable through insecure APIs: Nissan Leaf (Like Reva) is an electric car. It has a mobile app for Apple and Android devices to allow customers manage the car and to access some features like battery charge, status, climate control and trip reports. Last week, Researchers identified and revealed a flaw in the software that an attacker could use to run down the battery of a target's car and see data about its recent journeys. Nissan has disabled the Leaf app after car hack risk was revealed online. Unlike the Jeep hack, Nissan Leaf hack would not work when cars were moving and did not affect their steering controls, so in that sense, it would not threaten people's lives.

6.       Almost Every Victim Sees Unique Malware: According to a study, Nearly 97 percent of malware encountered on users' computers is unique, as criminals automatically generate variants in order to stymie defensive software. Traditional systems that rely largely on signatures will not be able to keep pace with these criminals. The study also saw a dramatic increase in the number of new Internet addresses from which malicious attacks came.

7.       3D printing piracy: Piracy is probably as old as software itself. The latest in the piracy list is designs of 3D printing objects. A large community of object designers who create objects for 3D printers post their design files to sharing sites. Pirates download these designs, print out the 3D objects and sell them on ebay. This happens with smartphone apps as well. There are a bunch of third-party app stores out there that sell highly discounted versions of commercial apps. The catch? The original developers aren't getting paid, and the buyers often find themselves getting not only a discount, but a very nasty malware infection. Hackers buy the original app, pad it with malware payloads, repackage them and sell it at bargain pricing.

8.       Thousands of apps running this code leak personal data: Thousands of apps running code built by Chinese internet giant Baidu  have collected and transmitted users' personal information to the company, much of it easily intercepted, researchers say. The apps have been downloaded hundreds of millions of times. Researchers said they found the problems in an Android software development kit developed by Baidu. These affected Baidu's mobile browser and apps developed by Baidu and other firms using the same kit. Baidu's Windows browser was also affected, they said. The same researchers last year highlighted similar problems with unsecured personal data in Alibaba's UC Browser. Alibaba has since fixed those vulnerabilities.

9.       Industrial transaction scam: Online fraudsters target mid-level importers by hacking into their business email accounts and scanning all correspondence with their regular foreign business partners. They then pretend to be the foreign company by registering a similar looking domain with minor change in spelling and communicate with the importer offering him items of his interest at a much lower price. The greedy importers who fail to notice the typosquatted domain name end up transferring and losing huge sums of money. Hackers go after companies that have poor security.

10.   Phishing campaign targets India's largest private bank: Customers of ICICI, India's largest private bank, have become targets in a phishing campaign tailored to dupe victims into handing over their bank credentials. This phishing campaign sent out emails with a sender address ICICI Bank, and at first glance, appears legitimate. The email then asks the recipient to update their bank details and other information. A link is provided, and if clicked, it sends the victim to a landing page, asking them to confirm key pieces of information including user ID, password, transaction password, debit card number, email ID and email password. All of this information is a treasure trove to attackers, who may be able to use it to pilfer funds, conduct identity theft or break into additional accounts through social engineering.