1. Ubuntu Linux forum hacked: A silly mistake of not installing a patch for a known
bug caused exposure of user's personal data - in Ubuntu online forums. The vulnerability
is one of the oldest, but most powerful and most dangerous flaw that could
affect any website or web application that uses an SQL-based database. The bug allows-
SQL injection attack, in which malicious SQL commands/payloads are injected
through the client to the application in order to breach the database and get
access to the user's personal data. The hack did not affect the Ubuntu
operating system, or it was not due to a vulnerability or weakness in the OS.
2. Downloading Pokémon GO game for Android? beware! it could be malicious: "Pokémon Go" has become the hottest iPhone and Android
game to hit the market with enormous popularity and massive social impact. The
app has taken the world by storm since its launch last week. The location-based
augmented reality game allows players to catch Pokémon in the real life using
their device's camera and is currently only officially available in the United
States, New Zealand, UK and Australia. In other countries users are side-loading
the app from untrusted sources which needs modification of core security
settings. This allows the apps to install a backdoor on phones, enabling
hackers to compromise a user's device completely.
3. For iOS, Pokémon GO doesn't Intend, but has Power to look
inside: The iOS version of the official
Pokémon GO app is a "huge security
risk" as the game, for some reason, grants itself "full account
access" to your Google account when you sign into the app via Google on
iPhone or iPad. This allows the app to Read /send email, Access Google Drive
documents, Look at search history as well as Maps navigation history and a
whole lot more. The game developer has acknowledged this and said the company
is actively working on a fix to downgrade the permission.
4. Chinese hacker who stole information on US military jets jailed: A 51-year-old aviation specialist Chinese national, has
been thrown behind bars after admitting to his part in a year-long conspiracy
to steal valuable technical data belonging to military and defense contractors
in the United States. He pleaded guilty to one count of conspiring to gain
unauthorized access to a protected computer and to violate the Arms Export
Control Act by exporting defense articles on the US Munitions List.
5. Microsoft wins! Govt. can't force tech companies to hand over
data stored overseas: Last week, a court
ruled that the United States government cannot force tech companies to give FBI
or other federal authorities access to their non-US customers' data stored on
servers located in other countries. US Government can't go beyond its
boundaries to collect data. The case was an international drug trafficking
case, in which FBI wanted data from the US & Ireland data centers.
6. The World's first all-machine hacking tournament: Today's approach to cybersecurity depends on computer
security experts to identify new flaws/threats and remediate them manually.
This process takes time and critical systems may have already been breached.
DARPA wants to address this and is conducting a tournament called 'Cyber Grand
Challenge', in which the participants will build a smart Artificial
Intelligence System that will automatically detect and even patch security
flaws. The Tournament will be held in Las Vegas on Aug 4th, winning team gets
$2M, runner up gets $1M. If successful, the speed of autonomy could someday
blunt the advantages hackers enjoy in cyber offense.
7. 3 popular Drupal modules found vulnerable, patch released: Three popular Drupal modules - RESTful Web Services,
coder & Webform Multiple File Upload, have been found to be Vulnerable. The
Drupal Security Team released critical patches to address these security
issues. If you own a Drupal website, you are advised carefully to review the
list of affected modules and apply the security patches as soon as possible. Panama
Papers leak was largely due to unpatched Drupal & WordPress
systems.
8. Fiat Chrysler debuts Bug Bounty program: A year ago, IT security researchers hacked the onboard
computer in Fiat Chrysler's Jeep
Cherokee, that led to the recall of 1.4 million vehicles. Now, the
company is launching its first public bug bounty program. The bug bounty
program will award researchers up to $1,500 per vulnerability that is
responsibly disclosed to Chrysler. Other recent Bug bounty programs – MIT,
Uber,
General
Motors, Pentagon.
9. State-sponsored SCADA malware targeting European energy companies: Security researchers have discovered a new campaign
targeting energy companies in Western Europe with a sophisticated malware that
almost goes to great lengths in order to remain undetected while targeting
energy companies. The malware, dubbed 'SFG', features a vast arsenal of tools
rarely seen in ordinary malware samples. The malware provides its masters with
a backdoor, which could then be used to install other malware on systems to
extract data or potentially shut down the energy grid.
10. Are you prepared for Ransomware?: Ransomware is no longer a consumer threat, it has begun
affecting government and enterprise. The decision "To pay or not to
pay", must take into account a balanced view. FBI had initially suggested
the victims should not pay, later they suggested paying hackers was an option.
The Hollywood
hospital is one of the victims that paid $17K. For as long as
ransomware remains profitable, attackers will continue to frustrate and damage
organizations around the world. Ultimately, Advanced content security
protection and a good backup strategy is the safety net that underpins the
mitigation strategy against Ransomware.
https://twitter.com/ootyajay
https://www.linkedin.com/in/ootyajay
No comments:
Post a Comment