1.
Dropbox
hacked: Hackers have obtained credentials for more than 68 Million
accounts of online cloud storage platform Dropbox from a known 2012 data
breach. Last week, Dropbox sent out emails alerting its users that a large
chunk of its users’ credentials that was obtained in 2012 data breach, may soon
be seen on the Dark Web marketplace, prompting them to change their password if
they hadn't changed since mid-2012. Dropbox is the latest to join the list of
"Mega-Breaches," which includes LinkedIn,
MySpace,
VK.com
and Tumblr.
2. Kimpton Hotels hit by Point-of-Sale breach:
Kimpton Hotels & Restaurants is alerting payment card customers of a
payment card breach at more than 60 of its hotels and restaurants that occurred
between February 16 and July 7 of this year. The hotel chain said in a message
on its website that it first got word of unauthorized charges on guests'
payment cards in mid-July. An ensuing investigation uncovered malware on PoS
servers at the front desks and restaurants of some of its hotels. "The
malware searched for track data read from the magnetic stripe of a payment card
and routed it through the affected server. Kimpton's POS woes follow that of Eddie
Bauer and HEI Hotels & Resorts, which operates Marriott, Hyatt
and Sheraton and Westin hotels.
3. Music website hacked: UK
based - Music website called Last.fm, was hacked in March 2012 and three months
after the breach, the company admitted to the incident and issued a warning, encouraging
its users to change their passwords. Now, four years later the stolen data has
surfaced in the public. The leaked records include usernames, hashed passwords,
email addresses, the date when a user signed up to the website, and ad-related
data. Last.fm stored its users’ passwords using MD5 hashing – which has been
considered outdated even before 2012 – and that too without any Salt. (Salt is
a random string added to strengthen encrypted passwords that make it more
difficult for hackers to crack them.)
4. St. Jude says Muddy Waters, MedSec video
shows security feature, not flaw: St. Jude Medical, is a medical
device company which makes pacemakers. MedSec is a Cyber security firm that specializes
in security flaws in medical devices. Muddy Waters Research is a due diligence
based investment firm. After a yearlong research by Medsec, it was found that
St Jude's products had severe issues. Medsec did not responsibly disclose its
findings to St Jude but instead joined hands with Muddy waters to profit in the
stock market with this information. St. Jude has refuted the allegations and
has issued a statement saying the supposed “flaw” was actually a “security
feature. If attacked, the pacemakers place themselves into a 'safe' mode to
ensure the device continues to work.
5. Double Whammy - Ransomware steals data
before Encrypting: Betabot, the first known weaponized
password-stealing malware that also infects victims with ransomware in a second
stage of attack. In many instances it is still able to evade detection, it uses
the Neutrino exploit kit, which uses infected documents disguised as CVs to ask
the victim to enable macros. If they do, the malware is able to steal login
data and passwords from web browsers. The Trojan then downloads and installs
the Cerber
ransomware onto the victim's computer, demanding the user pays up in
order to regain access to their compromised machine.
6. ‘Guccifer’ gets 52-month Jail term:
Romanian hacker “Guccifer,” who pleaded guilty in May this year to hacking and
identity theft of around 100 high-profile Americans, has been sentenced to 52
months in prison by a US court. Guccifer hacked the email and social media
accounts of his victims between October 2012 and January 2014 and made public
confidential emails, photographs and private medical and financial data. Not to
confuse with Guccifer 2.0, the hacker behind the DNC
hack.
7. Suspect arrested for 2011 Linux Kernel organization
breach: In September 2011, kernel.org site that hosts the core
development infrastructure behind the Linux kernel was breached. For the last
five years, not many details about the attack were revealed and the attacker
remained at large—that is, until he was picked during a traffic stop in Miami -
last week. The hacker had managed to steal login credentials of one of the
Linux Kernel Organization system administrators in 2011 and used them to install
a hard-to-detect malware backdoor, dubbed Phalanx, on servers belonging to the
organization. Using this backdoor, he installed malware on various Linux
installations. He faces a possible sentence of 40 years in prison as well as $2
Million in fines. Threat protection for Linux can help in such situations.
8. California may soon treat Ransomware as extortion:
Ransomware may soon be regarded as a form of extortion in California once
legislation is approved by governor. The Bill if passed, could land culprits in
jail for two to four years. The move has received widespread support from
different quarters that want ransomware attacks to be treated as a felony. The
state’s law enforcement unit and the tech sector all support the legislation.
9. SWIFT reveals new hacking attempts on member
Banks: SWIFT has revealed new hacking attempts on several member
banks following its June disclosure of the $81-million
Bangladesh Bank heist and is pushing members to comply with new safety
features. "The threat is persistent, adaptive and sophisticated - and it
is here to stay," SWIFT told the banks. SWIFT members have been warned
that failure to meet a November 19 deadline for installing latest security
software would be reported to banking regulatory bodies and partners.
10. India registers 350 percent rise in
cybercrime in last three years: According to a study, in India,
there has been a surge of approximately 350% in cybercrime cases registered
under the Information Technology (IT) Act, from the year of 2011 to 2014. The
Indian Computer Emergency Response Team (CERT-In) has also reported a surge in
the number of incidents handled by it, with close to 50,000 security incidents
in 2015. Bangalore leads in the number of cybercrime cases, the city recorded
1,041 cybercrime cases in 2015, the highest among the country's 53 mega cities,
and a 42% increase over the 2014 figures. State-wise data shows the worst
states to be: Maharashtra (2,195 cases) and Uttar Pradesh (2,208). Most cases
relate to credit card fraud, email hacking and online cheating, including fake
lottery scams. Use of technology and building awareness can reduce cybercrime.
Image
source: Times of India
No comments:
Post a Comment