1. Zerodium offers $1.5 Million bounty for iOS Zero-day exploits: Exploit vendor Zerodium has tripled its bug bounty for
an Apple's iOS 10 zero-day exploit, offering a maximum payout of $US1.5 Million.
That is seven times more than Apple's $200k
Bug bounty program. Last year (Issue
31) - the same vendor had offered $1Million for an iOS 9 exploit and few
weeks later - a team of hackers won that money. The company has also
doubled its bug bounty for Android 7.x (Nougat) remote jailbreaks to $200,000.
The hike in the price is in line with demand and the tougher security of the
latest iOS and Android operating systems, and to attract more researchers,
hackers and bug hunters to seek complex exploit chains in iOS 10.
2. World's largest 1 Tbps DDoS attack launched from 152,000
hacked Smart devices: France-based
hosting provider OVH was the victim to the record-breaking Distributed Denial
of Service (DDoS) attacks that reached over one terabit per second (1 Tbps)
over the past week. As the Internet of Things (IoT) or connected devices (like
televisions, cars, refrigerators or thermostats) are growing at a great pace,
they continue to widen the attack surface at the same time, giving attackers a
large number of entry points. The worst part: There is no security updates in
line for these insecure IoT or internet-connected devices. In Issue
54, we discussed a 400 Gbps attack that could be rented.
3. Jive resets passwords after August data breach: US based, Jive Software is a provider of communication
and collaboration solutions for business. After the company discovered a data
breach, it has reset customers passwords. The breach was discovered in its
Producteev task management software, as its logins were held in a file outside
the normal encryption procedures of the company. No other Jive products were
impacted by the breach.
4. 'Syrian Electronic Army (SEA)' Hacker pleads guilty in US
court: One of the FBI's Most Wanted
Hackers who was arrested in Germany earlier this year has pleaded guilty to
federal charges for his role in a scheme that hacked computers and targeted the
US government, foreign governments, and multiple US media outlets. SEA hackers
were allegedly engaged in a long-running cyber-propaganda campaign and used
"spear-phishing" tactics to target computer systems. The hacker faces
up to 5 years in prison and is scheduled to be sentenced on 21st October.
5. Yahoo data breach may have hit over 1 Billion users: Last
issue- Yahoo confirmed 'state-sponsored' hackers stole personal data
from 500m accounts, Now a report indicates that the number of affected Yahoo
accounts may be between 1 Billion and 3 Billion. Yahoo's back-end system's
architecture is designed in such a way that all of its products use one main
user database (UDB) to authenticate users, this central database is what got
compromised.
6. Multiple backdoors found in D-Link Router: D-Link DWR-932B LTE router is allegedly vulnerable to
over 20 issues, including backdoor accounts, default credentials, leaky
credentials, firmware upgrade vulnerabilities and insecure UPnP (Universal
Plug-and-Play) configuration. If successfully exploited, these vulnerabilities
could allow attackers to remotely hijack and control any router, as well as
network, leaving all connected devices vulnerable to man-in-the-middle and DNS
poisoning attacks. The hacked router can
be easily abused by cybercriminals to launch massive Distributed Denial of
Service (DDoS) attacks. One of the vulnerabilities includes - sending
"HELODBG" string as a secret hard-coded command to UDP port 39889,
which in
6.return launch Telnet with root privileges without any
authentication.
7. First-ever Ransomware for smart Thermostat: Ransomware is known for its attacks on Computers,
Smartphones, TVs, now two white hat hackers have showed the first
proof-of-concept (PoC) ransomware that infects a smart thermostat. The hackers hacked
a US thermostat that runs a modified version of Linux, and used the SD card
slot meant to load custom settings. The downside of the PoC was it required
physical access to the IoT but since Internet of Things is currently being
deployed in a large variety of uses throughout homes, businesses, hospitals, and
even entire cities that are called Smart Cities, it gives attackers a large number
of entry points to attack some or the other way.
8. Majority of enterprises admit they are vulnerable to
insider threats: The majority of
enterprise players admit they are vulnerable to insider threats to their
networks and a third have already become victims, according to new research.
Insider threats are not always due to malicious, unprincipled employees. While
it is possible that such staff members could access corporate data for sale or
trade illegally, it is often accidental insider threats which are the source of
data breaches -- such as in the case
of Snapchat this year, when a cybercriminal posed as the firm's CEO in
order to dupe HR into handing over staff payroll data. In the majority of
organizations, employee training, identity management solutions, data leakage prevention solutions and Insider threat
solutions - were seen as effective tools to combat insider threats.
9. Clinton, Trump debate 'Twenty-First Century War' of
Cyberattacks: Both Clinton and Trump
stressed the importance of cybersecurity for the next administration. Both
candidates to date have had some very public cybersecurity woes of their own:
Trump with his Trump International Hotels data breach, and Clinton with the
Democratic National Committee (DNC) breach. She blamed Russia for the DNC hack
while he disputed that conclusion and said nobody knows who the actual hackers
are. Most experts welcome this political discussion on Cyber-security but would
like to hear more in terms policies for mitigating cybersecurity threats and prevention of Data leakage that affect
governments and private businesses.
Source: Zerodium website
No comments:
Post a Comment