Issue 72 - Week of July 4th

1.       Indian-Origin Engineer guilty of revenge cyber-attack:  An Indian origin network engineer based in US, has pleaded guilty to a revenge cyberattack on a network security company and its clients after he was fired. He admitted in court to hacking the computer of his former employer to delete vital information resulting in $137,000 in damages. He has offered to compensate his victims, he will be sentenced on September 28 and he could face up-to 10 years in prison and $250,000 fine. Classic case of disgruntled employee.

2.       1,025 Wendy's outlets affected by hack: Wendy's said hackers were able to steal customers' credit and debit card information at 1,025 of its U.S. restaurants, far more than it originally thought. The Malware had been installed on Point-of-Sale (PoS) systems in the affected restaurants. We discussed the breach in Issue 49 - Week of Jan 25th. The company went public in May and initially thought less than 300 outlets would have been impacted. According to experts- Wendy's breach losses may exceed those of Target & Home Depot incidents.

3.       Microsoft Office 365 hit with massive Cerber ransomware attack: Millions of Microsoft Office 365 users were potentially exposed to a massive zero-day Cerber ransomware attack last month that not only included a ransom note, but an audio warning informing victims that their files were encrypted. To bypass defenses the malware encrypts the email attachment.  When executed, that code uses a technique to call a ‘.JPG’ file, but only to retrieve additional executable code to complete the attack. The good news is… Forcepoint customers were safe! 

4.       Hackers took down Wikileaks over a spat with Anonymous: OurMine, the hacker group that previously broke into the social accounts of tech heavyweights like Google CEO & Facebook founder, has now taken down the Wikileaks site in a DDoS attack. The reason? A spat with Anonymous, the global hacker group that’s been known to take down ISIS social media accounts, publish the names of KKK members and attack a Greek Central Bank’s website to protest the global financial system.

5.       Indian businesses lost $1mn from data loss in one year: According to a recent survey - Indian businesses lost over $1 million from data loss and downtime in the last 12 months. 46 per cent of organisations suffered unplanned system downtime and/or data loss due to an external or internal security breach, the study found. Ransomware is dramatically raising the stakes when it comes to cyber security. Regular backup and Advanced Web Security solutions are the best ways to combat Ransomware.

6.       New anti-terrorism law in Russia asks Telcos to record all phone calls: Last week - Russian President signed into law a controversial package of counterterrorism measures, including tougher sentences for extremism and heightened electronic surveillance of Russian citizens, that have provoked condemnation from rights activists. Several of the amendments require telecom companies to store recordings of their customers’ phone calls and text messages for six months and order messaging services such as Facebook and Telegram to provide decryption keys to Russia’s Federal Security Service.

7.       Hackers can steal your ATM PIN from your smartwatch or fitness tracker: When you enter your PIN in the ATM machine, your hand moves a particular pattern. If you happen to be wearing a smartwatch then the accelerometers, gyroscopes and magnetometers inside the watch record this movement. Researchers have developed an algorithm which can guess your password based on these hand movements. Best practice- Always enter your PINs with the hand that is not having a wearable device.

8.       BMW web portal vulnerabilities pose car hack risk: Two unpatched vulnerabilities in BMW's ConnectedDrive web portal create a mechanism to manipulate car settings, a security researcher warns. The first vulnerability creates a means for a hacker to access another driver’s Vehicle Identification Number (VIN) before changing in-car settings. The second issue involves a reflective cross-site scripting bug on BMW’s ConnectedDrive portal password reset webpage. BMW joins Mitsubishi, Jeep, Nissan and Tesla on the list of cars that have had vulnerabilities highlighted.

9.       Cyber spies are still using old Windows flaws to target their victims: Hackers using only the most basic forms of cyberattack have been able to successfully steal files from high-profile governmental and diplomatic targets. Researchers suggest that the hack originates in India and that attacks are undertaken using old exploits, low-budget malware tools and basic social engineering methods. The simple, but effective threat actor has been dubbed 'Dropping Elephant'.

10.   Keydnap malware goes after your Mac password treasure trove: Researchers have discovered a new kind of Mac malware- dubbed Keydnap, which burrows its way into PCs to steal passwords and install a permanent backdoor into a victim's system. The researchers are not sure how victims become exposed to the malware, but it may be through phishing campaigns, malicious email attachments or downloads from suspicious websites. Gatekeeper is a security feature of Apple OS, If Gatekeeper is active on the target machine, the malware will not execute and a warning is displayed to the user.

https://twitter.com/ootyajay