Search This Blog

Showing posts with label Security Breach. Show all posts

84% of US Businesses Experienced Identity-Related Breaches

 

According to new information from the non-profit Id Outlined Safety Alliance, the range of security breaches resulting from phishing or exploiting identities has reached epidemic proportions (IDSA). For its 2022 Developments in Securing Digital Identities report, the IDSA surveyed 500 US identity and security experts. 

In the past year, 84 % of respondents reported having suffered an identity-related hack, with the clear majority (78 %) stating that it had a direct effect on the firm. Increased identity fraud in the corporate sector daily contributes to the issue. 

When leaders prioritize identity security, risky behavior is reduced. 71 % of companies have executives who publicly address staff members about password security. In the light of that, risky security behaviors were acknowledged by 60% of IT/security stakeholders. 

Having focused on the fundamentals and investments in security outcomes 97%  will invest in identity-focused security results. MFA is a major area of interest, especially for employees and privileged users. 

The report suggested a few basic steps businesses may take to enhance security outcomes of unauthorized access. When executives discuss corporate credentials, for instance, the survey found that 72% of respondents are more cautious with their work passwords than with using personal passwords. 

However, it seems that businesses are making sense. Almost all respondents (97%) stated they intended to invest in "identification-focused security outcomes," and 94 % reported that identity investments are a part of strategic efforts, such as cloud adoption (62 %), the deployment of Zero Trust (51 %), and digital transformation activities (42% ).

According to the Anti-Phishing Working Group(APWG), phishing reached an all-time high in the first quarter of 2022. 

Kaiser Permanente Reveals Data Leak of Nearly 70,000 Medical Records

 

Kaiser Permanente, California’s biggest hospital system has disclosed a data breach in one of its subsidiaries that put the sensitive medical data of almost 70,000 patients at risk. 

In a letter sent to patients on June 3, the healthcare provider termed the breach as a “security incident” that occurred on April 5 and involved unauthorized access to an employee’s emails. 

The leaked data included the first and last names of patients’, medical record numbers, dates of service, and laboratory test result information, the disclosure letter states. Sensitive data such as Social Security numbers and credit card numbers were not leaked in the data breach. 

After discovering that a hacker secured access to employees’ emails, Kaiser Permanente terminated the access within hours and launched an internal investigation to identify the scope of the data breach. Although there was no sign that the unauthorized party accessed the protected health information (PHI) contained in the emails, the healthcare firm could not rule out the possibility. 

Furthermore, the healthcare provider has taken multiple steps to boost the security which includes resetting the employee’s password for the email account where unauthorized activity was detected and additional training on safe email practices. 

“The breach occurred almost three months ago, yet Kaiser Permanente has only recently notified potentially impacted people that their data may have been compromised. During this time, the affected individuals could have been targeted by attackers using any specific information stolen in convincing social engineering campaigns. It’s critical that as a part of their larger cybersecurity culture, organizations include assessing their ability to quickly understand the scope of a potential breach in risk analysis or tabletop exercises,” stated Chris Clements, Vice President of Solutions Architecture at cybersecurity firm Cerberus Sentinel. 

Security tips to counter data breach 

The data breach took place nearly three months ago, but the healthcare firm just recently alerted potentially affected individuals that their private data may have been exposed. During the three-month period, the hackers may have exploited data to secure access to other restricted systems and also used it to access financial data such as credit card information, software codes, or online banking passwords.

As data breach attacks are becoming more common, it is critical to understand how to mitigate the risks. Here are some easy tips to shield your data from the threat of a security breach. 

• Change and Secure Your Passwords 
• Update data security features 
• Use Access Controls 
• Safeguard physical data 
• Encrypt data 
• Protect portable devices

Attackers Use Stolen OAuth Access Tokens to Breach Dozens of GitHub Repos

 

GitHub has shared a timeline of last month's security breach that saw an attacker using stolen OAuth app tokens to steal private repositories from dozens of organizations. 

OAuth tokens were issued to two third-party integrators, Heroku and Travis-CI but were stolen by an unknown hacker. According to GitHub's Chief Security Officer Mike Hanley, the company is yet to unearth evidence that its systems have been breached since the incident was first identified on April 12th, 2022. 

OAuth tokens are one of the go-to elements that IT vendors use to automate cloud services like code repositories and DevOps pipelines. While these tokens are useful for enabling key IT services, they are also susceptible to theft. 

“If a token is compromised, in this case, a GitHub token, a malicious actor can steal corporate IP or modify the source to initiate a supply chain attack that could spread malware or steal PII from unsuspecting customers," Ray Kelly, a researcher at NIT Application Security, explained. 

GitHub said it is in the process of sending the final notification to its customer. The firm’s examination of the hacker’s methodology includes the authentication of the GitHub API using the stolen OAuth tokens issued to accounts Heroku and Travis CI. It added that most of those affected authorized Heroku or Travis CI OAuth apps in their GitHub accounts. Attacks were selective and attackers listed the private repositories of interest. Next, attackers proceeded to clone private repositories.

“This pattern of behavior suggests the attacker was only listing organizations to identify accounts to selectively target for listing and downloading private repositories. GitHub believes these attacks were highly targeted based on the available information and our analysis of the attacker behavior using the compromised OAuth tokens issued to Travis CI and Heroku,” GitHub stated. 

GitHub also issued recommendations that can assist users in investigating logs for data exfiltration or malicious activity. This includes scanning all private repositories for secrets and credentials stored in them, checking OAuth applications authorized for a personal account, and adhering to GitHub policies to improve the security of their GitHub organizations. Others include checking their account activity, personal access tokens, OAuth apps, and SSH keys for activity or changes that may have come from the malicious actor.

Conti Ransomware Targets Taiwanese Apple and Tesla Supplier Delta Electronics

 

Taiwanese electronics manufacturing firm Delta Electronics was targeted by the Conti ransomware this week. The company operates as a supplier for major tech giants such as Apple, Tesla, HP, and Dell. 

According to a statement circulated on January 22, 2022, the company said the incident only affected non-critical systems, which had no significant impact on its operations. Delta is now working on restoring systems taken down during the attack and says it has hired the services of third-party security experts to help with the investigation and recovery process.

The company added that it had notified law enforcement agencies and hired information systems advisers to investigate the attack and to improve network security. While Delta's statement did not disclose who was behind the attack, an undisclosed information security company discovered a Conti ransomware sample deployed on the company's network. 

The Conti operators claim to have encrypted 1,500 servers and 12,000 computers out of about 65,000 devices on the company’s network. The Conti ransomware gang is said to have demanded a $15 million ransom payment from Delta and stopped leaking files stolen from its network. 

While Delta is still reportedly working with Trend and Microsoft's security teams to investigate the incident and claims that its production has not been affected, its website is still down one week after the attack. 

"The Conti ransomware group revealed a specific pattern part of the Delta attack leveraging Cobalt Strike with Atera for persistence as revealed by our platform adversarial visibility. Certainly, this attack is reminiscent of the REvil Quanta one affecting one of the Apple suppliers," Vitali Kremez, CEO of AdvIntel, stated. 

The Conti ransomware gang first emerged in 2020 and has been linked to the Russian-speaking Wizard Spider cybercrime group. The ransomware gang has targeted multiple high-profile organizations including Ireland's Department of Health (DoH) and Health Service Executive (HSE), and the RR Donnelly (RRD) marketing giant.

Conti has also been the subject of two government warnings. The first was by the U.S. Federal Bureau of Investigation in May, followed by a warning from the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency in September. 

“Cybercriminals continue to target organizations that provide a service or product to larger organizations with the expectation that they cannot suffer downtime due to a ransomware attack and will be inclined to pay up faster,” James McQuiggan, a security expert at security awareness training company KnowBe4 Inc., said. “While the attack was substantial, it appears the organization took the necessary actions to protect the critical equipment and systems within their organizations, as it seems that the cybercriminal group targeted corporate systems like their webpage.”

Howard University Cancels Online and Hybrid Classes After Ransomware Attack

 

Washington, D.C’s Howard University, one of the largest Black Schools in the United States, has canceled online and hybrid classes as it continues to investigate a ransomware attack on its computer network.

The security breach was identified on September 3, just weeks after students returned to campus when the University’s Enterprise Technology Services (ETS) noticed “unusual activity” on the University’s network and intentionally shut it down in order to mitigate the risk and to investigate the incident. 

There has been no evidence to suggest that private details of their 9,500 undergraduate and graduate students were retrieved or stolen, but the investigation is still active, the university wrote in a statement.

“Based on the investigation and the information we have to date; we know the University has experienced a ransomware cyberattack. However, our investigation remains ongoing, and we continue to work toward clarifying the facts surrounding what happened and what information has been accessed,” the statement said. 

Howard University canceled classes to determine the impact of the ransomware attack, only essential employees were allowed to continue their work. Campus Wi-Fi will also be down while the investigation is underway, though cloud-based software will remain accessible to students and teachers.

“This is a highly dynamic situation, and it is our priority to protect all sensitive personal, research, and clinical data. We are in contact with the FBI and the D.C. city government, and we are installing additional safety measures to further protect the University’s and your personal data from any criminal ciphering,” the university said.

But the university warned that that remediation will be “a long haul — not an overnight solution.”

Howard University is the latest educational institution to be hit by a ransomware attack since the start of the pandemic, with the FBI’s Cyber Division warning that attackers have changed their strategies and are currently focusing heavily on schools and universities due to the widespread shift to remote learning.

Last year, the University of California paid $1.14 million to NetWalker attackers after they encrypted data within its School of Medicine’s servers, and the University of Utah paid hackers $457,000 to prevent them from releasing data stolen during an attack on its network. 

In 2021 only, ransomware attackers have targeted 58 U.S. education organizations and school districts, including 830 individual schools, according to the report published by Emsisoft threat analyst Brett Callow last month. Emsisoft estimates that in 2020, 84 incidents disrupted learning at 1,681 individual schools, colleges, and universities. 

"The attack on Howard University is yet another sign that cyberattacks are global, interconnected, and evolving. Hackers, drawn by the lucrative potential of holding business-critical data hostage, are launching more sophisticated attacks every day,” Stephen Manley, the chief technology officer at Druva, a data protection software company, said in a statement.

Romania's Iimobiliare.ro Website Suffer Major Security Breach

 

The website Iimobiliare.ro, Romania's biggest advertisement platform for real estate ads, was infringed last December by a security breach that allowed unauthenticated access to more than 201,087 files in the company's data archive (including copies of identity cards), as reported by the IT security experts- Website Planet, informs the specialized site DPO-net.ro. The operator reported last month that it had remediated the flaw but did not report it to the Data Protection Authority. 

Although it remains unclear if consumer knowledge has fallen into harsh hands, as there is no password protection or authentication on the bucket of the company. The leaked data has been saved in 35,738.PDF and 165,316.JPG files, including full names, telephone numbers, home addresses, emails, CNP (social security), and personal signatures. This included personal identity information (PII) as well. Notably, anyone can just insert a correct URL to reach the bucket. 

This violation disclosed over 200,000 documents, but the exact number of persons impacted by the violation remains unclear. Additional customer information compromised includes real estate contracts between customers and the company, property records including architectural plans, detailed descriptions and location, land extractions and ANCPI document, user profile photos, scanned copies of national identity cards containing the identification of codes, demanded property price, detailed explanation of properties including Real estate agreements. 

Imobiliare.ro officials stated, "In January 2021, we detected a potential vulnerability in our internal data storage systems. Our company promptly launched an investigation. The vulnerability was quickly remedied. Internal investigations on the causes and potential consequences continue. We ensure in this way that for Imobiliare.ro data security is a priority and work continuously to protect the confidentiality and integrity of our platforms, meeting all current standards and in cooperation with. " 

Given the nature of the leaked information, the possible effects on consumers may be serious. Initially, malicious actors may use the information to learn about the residential address of the person, the estimated sales, and the financial status. Explicit financial data or information was not leaked, but unauthorized users could use property values as a proxy indicator for net wealth. Identity stealing is the primary concern of this material, but even other crimes such as robbery are more likely to arise from the leak. 

Imobiliare.ro users may have done little to avoid leakage of their results. The organization is held responsible for the server leak. Users will nevertheless minimize the danger they pose from weak cybersecurity from third-party firms, such as customer credit reviews offering identity recuperation support if they have leaked personal data to destroy the credit records of others or commit other crimes under a presumed name.

US Cybersecurity Company FireEye Hacked by 'Nation-Backed' Threat Actors


On Tuesday, one of the leading cybersecurity firms, FireEye said that it has been attacked by "highly sophisticated" state-sponsored hackers who stole the company's valuable hacking tools used for testing customers' security and computer networks. The attack was heavily customized to breach FireEye's systems. 
 
The breach substantiated the biting reality that the most advanced security vendors out there, primarily to protect others from intrusions can also be targeted and consequently hacked. Notably, the attacker mainly sought data of some government customers, using an unprecedented combination of tactics, according to the firm. CEO Kevin Mandia in his blogpost characterized the attack as a 'highly targeted cyberattack', a kind never witnessed before. So far, no customer data seem to be accessed by the attackers. 
 
There are a number of speculations about who might have performed the attack, however, the firm gave no clarity about the origins of the attackers and is investigating the matter along with the FBI. In a similar context, Mandia indicated in his blog post that the nation responsible for the attack is someone with world-class offensive capabilities as the unfamiliarity of the attack speaks volumes about the top-notch capabilities tailor-made to attack FireEye.  
 
On the basis of his 25 years of experience in cybersecurity, Mr. Mandia further said in his Saturday's blog that this attack was “different from the tens of thousands of incidents we have responded to throughout the years,” and “used a novel combination of techniques not witnessed by us or our partners in the past.” 
 
“These tools mimic the behavior of many cyber threat actors and enable FireEye to provide essential diagnostic security services to our customers,” the company said in the filing. “Consistent with our goal to protect the community, we are proactively releasing methods and means to detect the use of our stolen Red Team tools.” 
 
While giving insights, a CISA spokesperson told, "As details are made available we are working to share and implement countermeasures across the federal networks and with our private sector partners," 
 
Meanwhile, FireEye has been said to have a "ringside seat" for some of the most advanced intrusions carried out globally by Mike Chapple, a former NSA official who's currently working at the University of Notre Dame as a cybersecurity expert.

Largest ISP in Austria Hit by a Security Breach



The largest internet service provider in Austria was hit by a security breach this week, in the wake of enduring a malware infection in November 2019, following an informant's report.

A1 Telekom said that their security team identified the malware a month later; however, that expelling the infection was trickier than it was initially envisioned.

From December 2019 to May 2020, its security team had stood up to the malware's operators in endeavors to expel the entirety of their hidden backdoor components and kick out the intruders.

The Austrian ISP told a local blogger that the malware just infected computers on its office network, yet not its whole IT framework, which comprised of approximately more than 15,000 workstations, 12,000 servers, and a large number of applications.

In interviews with the Austrian press [1, 2, 3], A1 said that the multifaceted nature of its internal system kept the attacker from advancing toward various frameworks "because the thousands of databases and their relationships are by no means easy to understand for outsiders."

The attackers evidently assumed manual control for the malware and endeavored to extend this initial foothold on a couple of frameworks to the company's whole system.

A1 said the attacker figured out how to compromise a few databases and even ran database inquiries so as to become familiar with the company's interior system.

A1, which hadn't disclosed the nature of the malware, didn't state if the 'intruders' were 'financially-focused' cybercrime gang or a nation-state hacking group.

While A1 declined to remark on the informant's attribution. Christian Haschek, the Austrian blogger and security researcher who originally broke the story, said the informant asserted the hack was carried out by Gallium, a codename utilized by Microsoft to portray a Chinese nation-state hacking group specializing in hacking telecom providers across the world.


Data of 9 million customers of the Russian courier service CDEK leaked


Data belonging to nine million customers of the CDEC Express transportation service was put up for sale on the Web for 70 thousand rubles ($950). This is the largest leak of personal data in Russian delivery services

Telegram channel In4security noticed that the database contains information about the delivery and location of goods and information about buyers, including Tax Identification Numbers. The seller of the database sent the author of the Telegram channel screenshots dated May 8, 2020. This indicates that the databases are fresh.

The CDEC claims that there was no data leak from the company. As the representative of the service stressed, personal data is collected by many companies, including state aggregators, the leak could have occurred on any of these resources.

Andrey Arsentiev, Head of Analytics and Special Projects at InfoWatch Group of Companies, said that this is the largest leak of personal data from Russian delivery services. He notes that the information of CDEC users is not leaked for the first time: previously, customers of the delivery service complained that personal data of other people is visible on the company's website due to vulnerabilities.

Head of Security Department of SearchInform Alex Drozd warned that after leaks there are always calls from scammers. They call the victim and introduce themselves as company employees and try to find out information about billing information.

The interest of fraudsters in the data of courier services may be associated with an increase in demand for their services during the coronavirus pandemic and self-isolation.
The company also recalled that recently, cases of detection of fraudulent sites that act on behalf of CDEC have become more frequent.

It should be noted that in recent weeks, there has been an increase in phishing sites: online cinemas, online stores, training courses, legal advice, government portals.  Earlier, E Hacking News reported that Russia has bypassed the USA in hosting for phishing resources.

One of Today's Most Popular E-Commerce Platforms Hit By A Major Security Breach


Recently Magento Marketplace, a portal for purchasing, selling, and downloading plug-ins and themes for Magento-based online stores was hit by a major security breach revealed by Adobe, as Adobe acquired Magento for $1.68 billion in May 2018.

The impacted users incorporate both the regular ones who purchased themes and plugins as well as the theme developers who were utilizing the portal to sell their code and make money.

In an email sent to users, the company said it was the vulnerability in the Magento Marketplace website that permitted "an unauthorized third-party" to access the account data for the registered users. The vulnerability enabled access to user information, like name, email, store username (MageID), billing and shopping addresses, phone number, and limited commercial information like percentages for payments Adobe made to theme/plugin developers.

However, fortunately, any account's passwords or financial information were not exposed, according to Adobe.

Jason Woosley, Vice President of Commerce Product and Platform, Experience Business, at Adobe, says “We have notified impacted Magento Marketplace account holders directly and already took down the Magento as soon as we learned of the hack in order to address the vulnerability.”

The store is currently back online.

The Adobe VP although didn't share the exact number of affected accounts. A Magento representative when approached didn't comment past the company's official blog post.

Nonetheless Adobe executive said the hack didn't bring about any outages or disturbances to the company's core Magento products and services, and, at the hour of writing, there is no reason to accept that the hacker compromised Magento's core backend or plugins and themes facilitated on the 'marketplace'.

Justdial Smacked By a Subsequent Security Breach in Two Weeks; Poor OpSec To Blame!


Justdial is a renowned Indian hyper-local search engine which recently became prone to two security breaches in the span of two weeks.

Only a few weeks ago, the database of all the customers of Justdial was laid bare on the dark web and now the reviewers’ data got on the line.

The company that has beyond 134 million QUA can’t afford to make such reckless mistakes.

April 18th saw the private data including names, addresses, email IDs etc. of over 100 million users which was stored in the search engine’s database to be laid out in the open.

The organization owed the breach to an expired API which allowed anyone to access the data of users. Major percentage of the affected included the hotline number users.

Security researchers were the first to discover the breaches that so thrashed Justdial. They also cited that no specific actions against them were taken.

These claims were denied by Justdial mentioning that the data was stored in a double-encrypted format.

The same group of researchers again found out a lacuna in the API of Justdial on April 29th.

Herein the people who post reviews were harmed in the form of their data being exposed.

Reportedly, the API connected to Justdial’s reviewers’ database had been unprotected since the company’s foundation.

Hence, the reviewers’ names, mobile numbers, locations and all became easily accessible thanks to the loophole.

But this issue was immediately fixed, according to the reporters.

No matter what happened, the unprotected database and the loophole contributed largely to the data breaches.

Justdial employs a humongous database and hence has large number of data stored within it.

Weak API and poor “Operation Security” is majorly to blame for all the breaches Justdial saw in these couple of weeks.

According to security researchers, API handlers and managers should be employed. Also easily implemented software switch could help in protecting the access points.


Also the first breach should have been taken seriously and used as a means of learning to help secure the system from future attacks.

It is evident that the company needs to strengthen their operational security and up their game in terms of securing the present loopholes and possible lacunae.

Phishing Scam Disguised As Some of Victims' Most-Trusted Websites Hits Google Chrome's Mobile Browser




A shockingly simple however convincing phishing scam has struck Google Chrome's mobile browser, camouflaged as some of the victim' most-confided in and trusted sites.

Being alluded to as the 'Inception Bar' it has targeted on the Android mobile users for Chrome by utilizing a 'fake address'  bar that not just shows the name of a real site, yet in addition a SSL badge - used to confirm a site's authencity - demonstrating that the said page is protected.

This 'Initiation Bar' is basically a webpage inside a webpage where regardless of whether a user endeavors to scroll back up the top of the page to get to the address bar; they're constrained down, caught in the fake page.

As indicated by developer Jim Fisher, who posted about the endeavor on his own blog, hackers can utilize a blend of coding and screenshots to trap exploited people into surrendering their private information.

Fisher even exhibited that he had the capacity to change the displayed URL of his own site to that of HSBC Bank.




This trick is valuable especially for scammers who endeavor to cover a pernicious website page as a genuine one and steal significant data from uses like passwords and credit card information.

With some additional coding, Fisher says that the trick could be made increasingly advanced, by simply making the fake bar intuitive.

While his demo was done on Google Chrome, the trick would possibly influence different browsers with comparative highlights.

In any case Google has proceeded to introduce a rather large group of new security feature that explicitly targets phishing including forbidding embedded browsers and different highlights that notify users when they're perusing a 'potentially harmful' website.

Hackers released around 845GB of username and password dump from old breaches



According to Kaspersky Lab, the database of users with billions of passwords, published at the end of January, was collected from well-known old leaks.

On January 31, Wired reported that hackers released a giant database that contains 2.2 billion unique usernames and passwords. In total, the entire archive of stolen data was the size of 845 gigabytes.

Kaspersky Lab studied this database and concluded that it does not contain any new information.

"This is a database of already known old leaks," said a representative of Kaspersky Lab.

It’s interesting to note that among the stolen data were accounts for such popular services as Yahoo, LinkedIn, Dropbox. All three of these companies previously reported major leaks of their bases. Russian hackers were suspected of involvement in the thefts.

However, Experts of Kaspersky Lab advised to check the availability of email in the database through the website https://haveibeenpwned.com and change passwords for the most important accounts.

Russian Hacking Group Targets The German Government’s Internal Communications Network


An infamous Russian hacking group known as Fancy Bear, or APT28, is by and large broadly considered responsible on account of a security breach in Germany's defence and interior ministries' private networks as affirmed by a government spokesman.

It is said to be behind the reprehensible breaches in the 2016 US election likewise including various cyber-attacks on the West. The group is accounted for to have targeted on the government's internal communications network with malware.

As per the reports by the DPA news agency the hack was first acknowledged in December and there may have been a probability of it lasting up to a year.

"We can confirm that the Federal Office for Information Security (BSI) and intelligence services are investigating a cyber-security incident concerning the federal government's information technology and networks," a German interior ministry spokesman said on Wednesday.




The group apparently hacked into a government computer system particularly intended to operate separately from other open systems i.e. public networks to guarantee additional security known as the "Informationsverbund Berlin-Bonn" (IVBB) network. The framework is utilized by the German Chancellery, parliament, federal ministries and a few security institutions.

Fancy Bear, also called Pawn Storm, is believed to run a global hacking campaign that is ", as far-reaching as it is ambitious" as indicated by a report by computer security firm Trend Micro.
Palo Alto Systems, a cyber-security firm, on Wednesday released a report saying that Fancy Bear now gives off an impression of being utilizing malevolent emails to target North American and European foreign affairs officials, incorporating a European embassy in Moscow.

"Pawn Storm” was even reprimanded for a similar attack on the lower house of the German parliament in 2015 and is likewise thought to have targeted on the Christian Democratic Union party of Chancellor Angela Merkel.

Authorities in the nation issued rehashed notices about the capability of "outside manipulation" in a last year's German election.

The hacking bunch has been linked to the Russian state by various security experts investigating its international hacks and is additionally known by certain different names including CozyDuke, Sofacy, Sednit and Tsar Group.

Hacker breaks into Telangana’s TSPost website, exposes flaw

Indian government sites are often criticized for their lack of cyber security and safety of people’s information. Pointing out a flaw in Telangana government’s NREGA portal, French hacker and independent security researcher Robert Baptiste hacked into the state government’s website.

He reportedly contacted the site owners regarding the issue and after receiving no response for some time, published his results on social media.


The website (http://tspost.aponline.gov.in) was vulnerable to one of the most basic web hacking technique, an SQL injection. It has now gone offline in the wake of this news.

“A basic SQL injection allows an attacker to access the database of the website,” Robert said. “To be clear, all the data on this website can be a dump. Telangana government officials say they are working to fix it. For this website, they have to hire decent web developers to protect it from attacks.”

TSPost, Telangana’s government benefit disbursement portal, contained the account details and Aadhaar numbers of over 56 lakh NREGA beneficiaries and 40 lakh beneficiaries of social security pensions.

Using the SQL injection, Robert was able to access not just the Aadhaar and account details from the website but also the API keys of UIDAI’s Aadhaar database, the access of which can enable anyone capable enough to make a fake Aadhaar app that could be uploaded to Google Playstore for malicious use.

This is one of the many cases pointing out how vulnerable the Aadhaar system is to hacking and security breaches.

Unknown Hackers demand Ransom in Bitcoin

Recently the news came out of a ransomware attack in Old Delhi after three of the hacked victims came forward to uncover more about the attack. The victims i.e. the traders were demanded ransom in Bitcoin from the unknown hackers.

Although it is believed that the hackers are supposedly from either Nigeria or Pakistan, they were responsible for encrypting files on the computers of the businessmen which comprised of key records. The hackers at that point, as indicated by the police coerced the victims, gave them the links to purchase bitcoins through which they needed to make payments for the release of critical documents.

 “Some traders paid in Bitcoins and got their data back. Some deposited the money from abroad. When my data was hacked, I spoke to fellow traders and learnt that there were other such cases. I wrote to the hackers and they agreed to decrypt the files for $1,750 (around Rs 1.11 lakh),” Mohan Goyal, one of the victims was quoted saying in the report.

According to reports, the hacked traders found the message that said there was a 'security issue' in the system displayed on their computers. The traders were then given case numbers and email addresses for correspondence. They were then at first offered decryption of five of their documents and files for free by the hackers, who later demanded the payment of ransom for the rest of the records.

While one of the IP address utilized by hackers was purportedly traced back to a system in Germany, but the fingers remain pointed towards hackers from Nigeria and Pakistan.

Experts say that for making it difficult to trace the money, getting the money in bitcoin works for the hackers. The Delhi crime branch which registered the FIR has already sent the hard disks of the complainants for further forensic tests. As of not long ago, three complaints already have been registered by the police and it is believed that the number of victims could be much higher.

Larceny of $70 million from the largest crypto-mining marketplace

The notice announcing "service unavailable" as well as an official press release was displayed on the website of the Slovenian digital currency mining firm NiceHash, which it said endured a hack of its Bitcoin wallet on the seventh of December.

 In a video update that streamed live on Facebook, the CEO and co-founder Marko Kobal provided an update to a rather startling declaration that the organization, established in 2014, had been subjected to a hack and ensuing theft which additionally compromised its payment system also.

 The news was accompanied by the increasing reports of vacant wallets as well as an additionally expanded downtime period for the service's website; every one of the operations for the website in question has been halted for the following 24 hours.

As per Kobal, the attack began in the early hours of December 6 after a worker's PC had been compromised , he further added that their team is working with law enforcement and clarified that " we're still conducting a forensic analysis” to determine how it all happened and to discover the exact amount of bitcoin that was stolen.

Kobal went ahead to state that he couldn't give extra points of interest, however, he added that the attack seems, by all accounts, to be “an incredibly coordinated and highly sophisticated one.”

However the Wall Street Journal reported that, Andrej P. Škraba, the head of the marketing at NiceHash, affirmed to the outlet that roughly 4,700 bitcoins, worth up to $70 million disappeared from NiceHash's bitcoin wallet, Škraba also told the Journal that he too like Kobal trusted that "it was a professional attack", but would not give any more information on the matter, taking note of that the further improvements would be released at a later date.

NiceHash, which exhorted its clients to change their online passwords after it stopped operations on Wednesday, has given a couple of other insights about the attack on its payment system also.

"We ask for patience and understanding while we investigate the causes and find the appropriate solutions for the future of the service", it said on its website.

The Slovenian police said that were investigating the hack, but however, declined to further comment.

Hack on cPanel exposes customer details

cPanel was hacked this weekend which exposed details of its customers,including their names, contact details, and encrypted passwords.

Though hacking did not affect payment information which was kept on a separate system.

The firm warned its customers with older passwords to change them,though the possibility of its exposure is less.

   “Although current passwords are stored salted and encrypted, we are accelerating our move to stronger password encryption at the same time in order to minimize disruption. In order to safeguard the system, we will force all users with older password encryption to change their passwords,” said the company’s e-mail.

Though the breach is fairly minor but if attackers make use of exposed information, the customers may be badly impacted.

The company has been in control since 1997 and promises its customers to be most reliable company in web hosting industry. 

Hilton payment system attacked

One of the largest US based hotel chain Hilton revealed that hackers had infected some of their point-of-sale computer systems with malware crafted to steal credit card information.

They didn’t disclosed what data was taken, but cautioned everyone who used payment cards at Hilton Worldwide hotels between November 18 and December 5 of last year or April 21 and July 27 of this year to check for any irregular activity from their debit or credit cards.

In an online post Hilton said that the Malware that infected system had a potential to retrieve cardholders' names, account numbers, security codes and expiration dates.

They further wrote that they are investigating the breach with the help of third-party forensics experts, law enforcement and payment card companies.

Starwood hotels, which operate the Sheraton and Westin chains, announced four days before Hilton that hackers had attacked their payment system resulting in leaking of customer credit card data in some of their establishments.

"The malware was designed to collect certain payment card information, including cardholder name, payment card number, security code and expiration date," the group said in a statement.

Starwood and Hilton are not the only one whose payment system has been hacked but last month Trump hotels has face the similar incidence of cyber attack.

"We believe that there may have been unauthorised malware access to some of the computers that host our front desk terminals and payment card terminals in our restaurants, gift shops and other point-of-sale purchase locations at some hotels," Trump Hotel Collection said at a website devoted to details of the incident.

According to Trump hotels, the access could have taken place in between May 19 of last year and June 2 of this year.

Brian Krebs, cyber threat blogger at KrebsonSecurity.com explained the cyber attack on payment systems as "just the latest in a long string of credit card breaches involving hotel brands, restaurants and retail establishments."



E-Trade notifies its 31,000 customers that their contact information may have been compromised


A report published in Washington Post confirmed that E-Trade, a U.S. based financial corporation which provides financial services, informed its 31,000 customers that hackers might have accessed their email and other addresses during a cyber-attack in late 2013.  

However, the company claimed via email that the hackers did not get any sensitive customer account information, including passwords, Social Security numbers, or financial information.

As per the email sent by the company, it got to know about the attack when officials of federal law enforcement alerted to the evidence that customer contact information may have been breached.

The company has announced that it will provide one year of free identity protection services, which includes credit monitoring to those whose information had been compromised.

According to the news report, a person familiar with the investigation who spoke on the condition of anonymity informed that soon after the attack, it launched an internal investigation while it worked with law enforcement.

However, during that time the company did not believe customer information had been compromised, the person added.


"Security is a top priority, and we focus significant time and energy to help keep E-Trade customer data and information safe and secure," a company spokesperson said in a statement. "We take these matters extremely seriously, and in all instances we continuously assess and improve upon E-Trade’s capabilities. We have also contacted any customers we believe may have been impacted."