Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

Tesco Bank blocks all online transaction as 20000 customers lose money after hack

The UK’s Tesco Bank has temporarily blocked all  online transactions after 20,000  of its customers have lost hundreds of pounds from their saving  accounts over the weekend  due to an online hacking attack.

The  Bank's chief executive, Benny Higgins has confirmed that nearly 40,000 customers had noticed  "suspicious activity" over the weekend, and they blamed "a systematic, sophisticated attack" for the hack.

However, customers  who have saving accounts will not get affected by this, and the current account holders will still be able to withdraw cash.

Higgins said: "This will only affect current account customers. While online transactions will not be available, current account customers will still be able to use their cards for cash withdrawals, chip and pin payments, and all existing bill payments and direct debits will continue as normal. We are working hard to resume normal service on current accounts as soon as possible.


"We are working hard to resume normal service on current accounts as soon as possible," said Mr. Higgins.

Before the official announcement the  bank has sent an alert to some account holders "have been subject to online criminal activity, in some cases resulting in money being withdrawn fraudulently".
Mr. Higgins also apologized for the "worry and inconvenience" that customers have faced.

Banks are on the hit list for the hackers and frauds. Recently, ATM of one of the largest bank in the world, State Bank of India was reportedly got affected by a malware, but fortunately, no major suspicious activity was reported. 
Read more »

Police investigate cyber attack on UK hospitals


The Yorkshire and Humber Regional Cyber Crime Unit are investigating a cyber attack which crippled the computer system of three hospitals a week before in the UK.

Thousands of patients had their operations and appointments cancelled at Isle hospital after a computer virus attack on October 30. National Health Service Trust’s computer network was shut down immediately after the attack to combat infection though the IT services were restored on November 02 but at least 35 patients had their operations cancelled across three hospitals in Goole, Grimsby and Scunthorpe. The trust, which runs Scunthorpe General Hospital and Goole and District Hospital, cancelled appointments and operations also on October 31 and November 01.

While the inpatients were continued to be taken care of, major trauma cases and high-risk women in labour were diverted to neighbouring hospitals.However, now Northern Lincolnshire and Goole NHS Foundation Trust (NLAG) is back online and some appointments in speciality areas, such as audiology physiological measurements, antenatal, community and therapy, chemotherapy, paediatrics and gynaecology went ahead on Nov 02.

Normal services across the three hospitals were resumed on November 3 after an hourly inspection.

The hospital hasn't revealed how it fell victim to a cyber attack but the investigating officers have been “working closely to help provide protection against any future attacks,” said investigating officer Detective Chief Inspector Vanessa Smith.

After this incident the “NHS digital is taking action by extending its computer emergency response team, CareCERT, which helps reduce vulnerability to cyber attacks and helps take decisive action to reduce the impact of a data security incident, if it does occur," said a Department of Health spokesperson.

This attack on a UK hospital's IT system isn't the first, and the British government has announced plans to combat such attacks by spending £1.9 billion to enhance cyber security. Just this February, a California hospital paid nearly $100,000 to a ransomware attacker. Also, 28 of the 29 NHS trusts that shared data with the request had suffered ransomware attacks last year.

Medical facilities are usual preys to cyber attacks due to the sensitive nature of the data they store and the urgency of healthcare services thus attracting cybercriminals like bees to honey.

As our lives are increasingly becoming dependent on the internet, it has become the need of the hour to invest in ways to protect ourselves and the future of the internet.
Read more »

Ukrainian Hackers Claim Huge Kremlin Data Breach

(pc-Google Images)
Two Ukrainian hackers claimed responsibility for a major Kremlin breach that compromised the accounts of top Russian officials.

(pc-Google Images/ Vladislav Surkov)
Several of them they claim to have hacked belonged to Vladislav Surkov, one of the main figures in Russia’s intervention in the Ukraine and Crimea rebellion and a key creator of Russia’s current political system.

The hackers who named themselves as self-styled ‘hacktivists’, didn’t reveal how they managed to crack the Kremlin’s cyber defences to steal the emails from Surkov’s inbox.

A portion of the hacked emails, which were shared with the BBC, imply that separatists in eastern Ukraine are controlled by Moscow. The separatists have been at war with Kiev since 2014.

The emails reportedly contain budgets for the pro-Russian “republics” in eastern Ukraine. They also contain a plan in which Moscow would provide fuel to separatist-held areas.

One email is claimed to have been sent by separatist leader Denis Pushilin back in January which contains a map of Ukraine that has been separated into three regions, with the Eastern part marked in what translated to ‘New Russia’ and the central part as ‘Lesser Russia’.

Other emails leaked further strengthen the claims that Russia’s bond with the separatist movement is tighter then it claims. Russia has, however, denied all the allegations.
Read more »

Microsoft Blames Russian Hackers For Exploiting Windows Flaw

(pc-Google Images)
Microsoft has blamed a Russian hacking group for breaching a newly discovered Windows security flaw.

In an advisory on its website, the software giant named a group called Strontium which is more widely known as “Fancy Bear,” or APT 28; responsible for the small number of attacks using “spear phishing” emails.

Microsoft Windows Chief Terry Myerson said Strontium was exploiting the bug to infect PCs to get access to potentially sensitive data.

A U.S. intelligence expert on Russian cyber activity said that Fancy Bear primarily works for or on behalf of the GRU, Russia’s military intelligence agency, which U.S. intelligence officials have concluded were responsible for hacks of Democratic Party databases and emails.

In spear phishing, an attacker sends targeted messages, typically via email, that exploit known information to trick victims into clicking on malicious links or open tainted attachments.

Microsoft said the attacks exploited a vulnerability in Adobe Systems Inc’s Flash software and one in the Windows operating system.

Microsoft’s disclosure of the new attacks and the link to Russia came after Washington accused Moscow of launching an unprecedented hacking campaign aimed at disrupting and discrediting the upcoming U.S. election.
Read more »

Elon Musk warns of future cyber warfare due to AI


The chief executive of Tesla and Space X, Elon Musk told his followers on twitter that future of cyber warfare is terrifying as more and more attacks are happening on websites and artificial intelligence is developing enormously.

The warning pertains to a mixture of machine-learning AI and vulnerable systems that lay the foundation of the internet and through which the war may be waged.

“Only a matter of time before advanced AI is used to do this. Internet is particularly susceptible to a gradient descent algo,” read Musk’s tweet on Thursday (November 03).

Musk had raised his concerns earlier also, much before Tesla cars used the technology to partially drive themselves on public roads and learn how to improve their skills. He's characterized super smart robots as possibly more dangerous than nuclear weapons and even donated $10 million to the Future of Life Institute, an organization whose mission is to make sure that AI helps humans rather than harm them.

Musk tweeted the warning in response to an article by the Economist, which claims that recent attacks on the internet "could be a prelude to far worse ones". The article claimed that the world is facing a growing threat of DDoS attacks.

The article came after the internet boiled over the hack on Dynamic Network Services (Dyn) last month which affected hundreds of websites and online services including Netflix, PayPal, Twitter and many others. The website which monitors traffic for a lot of major websites was taken down on October 21 by a massive distributed denial of service by a group of unknown hackers in the West. Analysis of the incident confirmed that the hackers used a huge "botnet," or a system of computers that comprised simple internet of things (IoT) devices to overload Dyn systems.

Though it’s a guess whether the robots are plotting to take over yet the tech industry needs to be geared up.
Read more »
Hacking News
Government websites hacked Hacking News

Seven websites of Indian Embassy hacked, database leaked




Seven domains of Indian Embassy in Europe and Africa has been hacked and published by Kapustkiy & Kasimierz L on Pastebin.com (http://pastebin.com/GqJcwSSc).

The countries where Indian Embassy got affected are South Africa, Libya, Italy, Switzerland, Malawi, Mali, Romania.

Indian Embassy in South Africa (http://www.hcisouthafrica.in/)  was the first one to be hacked.  The hackers published the admin login detail and password, other than that they also published the whole database containing the name, passport number, email-id and their phone numbers. The published data contains 161 entries, and the database contains 22 tables.

While the  Indian Embassy in Bern was the second target (http://indembassybern.ch/) and it contains 3 databases with 19 tables with total 35 entries, and login details with passwords. The compromised data includes the name, last name, email id, address, college, and a course where students are enrolled.

The third country that got affected is Italy. The hackers hacked three databases with 149 entries, including the name, email-id, telephone numbers, and their passport numbers. Here also the affected are the students.

In Libya also the Indian embassy's three databases were hacked with 24 tables and 305 entries. While High Commission of Mali was the least affected by this hack, with 14  entries and 16 tables.

The Indian Embassy in Malawi hacked database contains the 74 entries with 16 entries, including their name, email-id, and their mother name. The Romanian Embassy saw the hack of two databases with 139 entries and 42 entries separately with their passport numbers.

When E Hacking News contacted the hacker, he clarified that "I am from Netherlands. I've found several SQL on their website and I reported it.But they ignored me so I dumped there db" - says hacker on email.
Read more »

US Government hacks into Russian networks

It seems that cyber attack war between US and Russia is not going to end soon. It is reported that now US government has "penetrated" Russia’s power grids, telecommunications networks, and the Kremlin's command systems.

According to the ministry's website, “If no official reaction from the American administration follows, it would mean state cyberterrorism exists in the US. If the threats of the attack, which were published by the US media, are carried out, Moscow would be justified in charging Washington,” Russian Foreign Ministry spokesperson Maria Zakharova.

An anonymous senior intelligence official said that US military hackers have hacked into Russia's crucial infrastructure, “making them vulnerable to attack by secret American cyberweapons should the US deem it necessary.”

It is not the first time when US government has infiltrated critical online infrastructure of other nations. However, the US has always accused Russia and China of disrupting and infiltrating into crucial systems.

Moreover, US presidential candidate Hillary Clinton has made strong  allegations against  Moscow in hacking and damaging her image, and it has become one of the most important  issue in the ongoing US election campaign. Though there is no proof of her and her party's claims. According to her  Russia had supplied the hacked emails that were published by WikiLeaks.

American private investigator and writer Charles Ortel told RT, “Hillary is a master. Back in the days when her husband was under threat, she suggested that there was a vast right-wing conspiracy. Now there is supposed to be a vast crazy conspiracy involving the FBI and Russia. It’s just fantasy land to me.” 
Read more »

Complaint registered for fitness wristband makers


Norway’s consumer watchdog has criticized most of the popular fitness wearable makers for having obscure and asymmetrical terms and conditions that impinge on Europeans’ consumer and privacy rights. It has claimed that users have little control over the data gathered by activity wristbands and thus registered a formal complaint with Norway’s data protection authority about the privacy policies of four fitness wristband companies-Fitbit, Garmin, Jawbone and Mio.

In an analysis of the privacy policies and T&Cs of the wearable makers, the Norwegian Consumer Council (NCC) found reasons to be critical about the various trade-offs all require consumers to sign up to in order to use their services. NCC has said that the makers have broken local laws governing the handling of consumer data.

“The wristbands are useful tools for monitoring and motivating fitness activities. Simultaneously we are giving up personal information about our health, activities, and location under asymmetrical and obscure terms,” said Finn Myrstad, director of digital services in the Consumer Council, in a statement.

The terms and conditions and privacy policies of the four company’s products do not state who sees the data and how long it would be kept. Their T&Cs also state that they won’t give proper notice about changes in their terms. The council examined the products of Fitbit Charge HR, Garmin VivoSmart HR, Mio Fuse, and Jawbone UP3.

Apart from privacy principles, this information can also be exploited for direct marketing and price discrimination purposes, added Myrstad.

The complaint came out of a research project carried out by the council. The Council says it intends to file a joint complaint against all four companies with the national DPA and the Consumer Ombudsman for breaching the European Data Protection Directive and the Unfair Contract Terms Directive.

Jawbone has reviewed the NCC report and has said in a statement that the company does not share the data with any third party till they are asked to do so by the user.

The report also noted that while Fitbit and Mio use easily understandable language, Garmin and Jawbone have terms of services that are quite difficult to parse for the average consumer.

Jawbone has assured that request to delete the data will be honoured by the company.
Read more »

Shadow Brokers post list of NSA's compromised servers

A hacking group Shadow Brokers released a  new data purportedly stolen from the NSA.  The group has threatened earlier that they would auction the  second set of data: “best files” it had stolen, but they hasn't published it yet. However, they posted some of the sexually explicit fanfic about Bill Clinton and Loretta Lynch on Medium.

On 31 October, the group posted a  list of servers compromised by the Equation Group, a hacking team with ties to the NSA.If the list is accurate then NSA is in great difficulty. Three months ago they published a list which was legit.

 According to security researcher Mustafa Al-Bassam the list appears to be old. And the server was compromised between 2000 and 2010.

In the new published leak there are more than 300 IP addresses and more than 300 domain names  that have been compromised by the Equation Group. According to a Hacker House analysis,  this hack has affected hosts around the world. “However, the top 10 impacted countries are China, Japan, Korea, Spain, Germany, India, Taiwan, Mexico, Italy & Russia,” Hacker House reports. “The top three, China, Japan and Korea, make up a substantial number of the attacked hosts.”

The Shadow Brokers referred the DNC hack, the U.S. election, and the auction of  “best files " on a Medium post. The group suggests that the hacks was perpetrated by Iran rather than Russia as revenge for U.S. interference in that nation’s election.

“USSA elections is coming! 60% of Amerikansky never voting,” the group wrote. “TheShadowBrokers is having suggestion. On November 8th, instead of not voting, maybe be stopping the vote all together? Maybe being grinch who stopped election from coming? Maybe hacking election is being the best idea? #hackelection2016. If peoples is not being hackers, then #disruptelection2016, #disruptcorruption2016. Maybe peoples not be going to work, be finding local polling places and protesting, blocking , disrupting , smashing equipment, tearing up ballots?”

Read more »

Cybersecurity boot camp to turn amateurs to elite hackers in UK


The UK government is creating an army of elite hackers to defend the country against cyber threats. A cyber-security boot camp will be held to provide skills to budding cyber spies on how to hack into drones and crack codes.

Matt Hancock, the minister for digital and culture, said students would gain the skills to help keep the UK safe.

The 10-week course has been certified by UK spy agency; GCHQ’s Cyber Retraining Academy and has been created in partnership with cyber-security training firm, SANS Institute which will use advanced psychometric tests to unearth hidden hacking talent in unlikely walks of life, from doctors to soldiers. It will be funded as part of the government's £1.9bn National Cybersecurity Strategy.

The government-backed training programme has been launched in response to the "urgent and immediate demand" for crack cyber defenders across the economy and law enforcement.

The recruits must pass a series of tests before being considered for the boot camp, including a multiple-choice quiz before they can even submit an application. Fifty chosen candidates will then be put through a "birth of fire", which will involve tackling simulated national virus outbreaks and hacking into unmanned airborne drones.

The chosen candidates will then receive a two year intensive cyber security training in 2017 which has been condensed into 10 week course in London.

However, some security experts have raised questions about the need for the course and the intent behind it as they believe that companies won’t be able to trust security consultants who have been approved by GCHQ whereas others are all in for the initiative.
Read more »

UK chancellor warns of increasing cyberattacks


 The UK Chancellor of the Exchequer, Philip Hammond on Tuesday (November 01) spoke about rising cyber capability of "hostile foreign actors" and said the country must be able to retaliate in kind against cyber-attacks by enhancing its offensive cyber capabilities to combat hackers who may soon target British critical infrastructure including airports and power grids.

 While announcing the plan of spending £1.9bn on cyber security, Hammond made it clear that the UK will "strike back" if it comes under cyber-attack.

 Indicating over the internet based lives, Hammond warned that if the country does not respond to cyber attacks, it leave the nation in darkness and “we would be left with the impossible choice of turning the other cheek and ignoring the devastating consequences or resorting to a military response."

 The speech which was made during the launch of the UK's latest National Cybersecurity strategy (2016-2020) also addressed ways to tackle cyber-scammers and defend businesses, government and citizens from online threats including state-sponsored hackers.

The cyber security strategy and the funds will be used to enlarge specialist police units, train cybersecurity experts invest in the latest cybercrime protection technology and help establish a so-called 'Cybersecurity Research Institute'.

 The speech also elaborated on how the UK government – and British intelligence agencies MI5 and GCHQ – will now develop a "fully functioning and operational cyber counter-attack" capability.

 Due to the risks that internet has posed in everyday life ministers had deemed cyber threats to the UK to be as serious as the risk from terrorism in a defence and security review last year.

 A rare intervention from the head of MI5 warning of aggressive Russian behaviour in cyberspace is a sign of government grappling with how to respond to a changing threat.

 Though the countries which posed cyber risk were not specified but the launch of the strategy follows Russia coming under suspicion about involvement in hacks aimed at Hillary Clinton's US presidential campaign.

 The cyber security strategy itself names "Russian-language organised criminal groups (OCGs) in Eastern Europe" as a major source of "fraud, theft and extortion" cyber attacks against the UK.

 UK is at a risk from a handful of countries presently but many other nations are developing sophisticated cyber programmes to pose a threat to the UK in near future.
Read more »
Subscribe to: Comments (Atom)