Search This Blog
Powered by Blogger.

Blog Archive

Labels

Footer About

Footer About

Labels

Load More
Trendy Right Now

Popular Posts

200 Million Data Enrichment Records For Sale on Darknet

(pc-Google Images)
Full data enrichment profiles for more than 200 million people have been placed up for sale on the Darknet. Details of this incident came to Salted Hash via the secure drop at Peerlyst. The data was first vetted by the technical review board at Peerlyst, who confirmed its legitimacy. Once it was cleared by the technical team, a sample of the data was passed over to Salted Hash for additional verification and disclosure.

The person offering the files claims the data is from Experian, and is looking to get $600 for everything. However, sources at Experian said that they were made aware of this data breach last week, and investigations determined that it wasn’t their data.

“We’ve seen this unfounded allegation and similar rumors before. We investigated it again – and see no signs that we’ve been compromised based on our research and the type of data involved. Based on our investigations and the lack of credible evidence, this is an unsubstantiated claim intended to inflate the value of the data that they are trying to sell – a common practice by hackers selling illegal data,” Experian said in an emailed statement.

There are 203,419,083 people listed in 6GBs worth of records. The profiles include PII such as a person’s name, full address, date of birth, and phone number, but because it’s enrichment data - the records also include more than 80 personal attributes.
Read more »

Third Hacker Arrested In JP Morgan Breach Case

(pc-Google Images)
A third suspect alleged to be responsible for the 2014 JPMorgan Chase data breach, which resulted in the compromise of data linked to more than 83 million customers has been arrested.

32-yr-old Joshua Samuel Aaron was arrested at JFK International Airport after waiving extradition and asylum in Russia "to responsibly address the charges”.

Aaron, aka “Mike Shields,” was one of three men indicted in November 2015 for the massive hack and fraud scheme.

Aaron, a U.S. citizen, had been living in Moscow. He, along with co-defendants Gery Shalon and Ziv Orenstein, who were both arrested by Israeli authorities in July 2015 and extradited to the U.S. in June 2016, face charges that include securities fraud, wire fraud, market manipulation, identification document fraud, aggravated identity theft and money laundering.

The trio has been accused of ripping off the data of more than 100 people, and then using it in schemes such as stock manipulation that generated hundreds of millions of dollars in illicit gains.

The Chase breach resulted in the compromise of contact information, including names, addresses, phone numbers and email addresses, linked to 76 million households and 7 million small businesses.

According to a press release from the US Attorney’s Office of the Southern District of New York, the JPMorgan caper represents the largest theft of customer data from a US financial institution in history.
Read more »

Cybercriminals Make As Much As $20,000 in Bitcoin ((Per Month

(pc-Google Images)
There has been a continuous spur in the cases of cybercrimes in recent times. And for those who don’t know why, there is a major reason behind these acts. It is that the cybercriminals manage to make a decent amount of money each month at others’ expense.

The researchers have spent a lot of time studying and tracking the actual cybercrimes, activities on forums and analyzing the behavior of those involved in these activities over the last few months. The report, complete with a chart of hierarchy in cybercrime syndicates was released last month.

Per Recorded Future’s report, about 20 percent of cybercriminals are highly resourceful and they make 10 times the amount other 80 percent of their peers make per month (about $20,000 per month). For a handful of them, it may go as high as $50,000 to $200,000.

The potential involvement of former law enforcement officials in the cybercriminal network enables the hackers to breach the data easily. Moreover, their familiarity with the investigative techniques used by law enforcement agencies may prove handy to cybercriminals.

Most individual cybercriminals do not have any prior criminal records and are very careful when it comes to hiding their online identity, making it even harder to catch them.

The report advises companies to not inquire about cybersecurity testing solutions on dark net forums as hackers may find their infrastructure to be attractive targets. Instead, companies should seek help from reputed cybersecurity providers.
Read more »

Cerber Ransomware spreading through exploiting Web Browsers

A fresh ransomware campaign is spreading over the internet which is circulating Cerber ransomware. This campaign is capable of infecting a large number of systems.

A team of security researchers at Heimdal Security research has found that this ransomware could not only affect individual internet but could heavily damage enterprises. A member of the research team, Andra Zaharia revealed that  “targeting companies’ databases to maximize profits from the ransom, so this is another reason to take additional precautions.”


The main motive behind this campaign is to basically try to exploit weaknesses in the internet browsers like Silverlight, Internet Explorer, Edge and software like Flash Player.

According to the reports of hackread, "The campaign starts with infecting genuine websites through injecting malicious script, which is actually the Nemucod generic malware downloader. The script then redirects the traffic to a Cerber gateway called Pseudo Darkleech. It is a kind of malware infection that adds a strong clouding layer so that detection could be avoided. Nemucod is used in this campaign because it can easily run Cerber ransomware. Remember, Nemucod was recently used in another campaign in which hackers were using images on Facebook Messenger to drop Locky ransomware. However, it was firstly identified in December 2015 as a “Trojan downloader.”

This campaign is totally different from the other ransomware campaigns as in this ransomware there are several types of malware.

The cyber criminals aim to make the infection resistible to all the antiviruses in the mean time it completes the encryption of the data present on the computer, and when data encryption is complete, the victim is asked to pay the ransom, which ranges from 1.24 BTC (bitcoins) to 2.48 BTC, equivalent to $1,068 to $2,136 as per the latest BTC rates.

Cerber ransomware was discovered three months ago.

There is no way to keep oneself protected from the ransomware, just never download files from an unknown email and always keep a backup of your data.
If you are the victim of this ransomware then contact ‘No More Ransom,’ an anti-ransomware portal that recovers encrypted data for free. 
Read more »

Nasscom-DSCI unveil security roadmap for 10 years

(pc-Google Images)
To make India a global platform for cyber security-related requirements, The National Association of Software and Services Companies (Nasscom) & Data Security Council of India (DSCI) launched the Growing Cyber Security Industry, Roadmap for India report.

The report defines a roadmap for the next 10 years that will grow the cybersecurity market in the country.

"For India to become a global cyber security hub, a list of 16 initiatives has been formulated by Nasscom-DSCI. Effective programme roll-out and strategic vision realisation will require disciplined management of the 16 key initiatives suggested by the report," said R Chandrashekhar, President, Nasscom.

Nasscom envisages the Indian IT industry to achieve a size of $350-400 billion by 2025.

“India should aspire to build a cybersecurity product and services industry of $35 billion by 2025, and generate a skilled workforce of one million in the security sector, to cater to the rise in global demand”, said the report.

With cybersecurity products constituting a $38 billion market in 2015, network security will emerge as the most attractive product segment by size, while security and vulnerability management has the highest growth prospects across various geographic regions.

"India being a primary hub for growing smartphone penetration and digitisation, it is imperative to build a robust cyber security products and services industry in the country," Nasscom stated.
Read more »

Netgear Working To Fix Security For Its Routers

(pc-Google Images)
Netgear has released firmware updates for several of its routers to address a critical command injection vulnerability that can be exploited to remotely hijack affected devices.

This after several Netgear routers were exposed to a critical security vulnerability, potentially allowing hackers to take control of those devices. The flaw enables code injection tactics by hackers with which they can gain root privileges into Netgear routers.

Initially, only Netgear R7000, R6400 and R8000 routers were believed to be affected, but the vendor’s analysis revealed that other models are impacted as well, including R6250, R6700, R7100LG, R7300DST and R7900.

Considering this, Netgear has released beta firmware for each of the affected devices mitigating the immediate security issue while it works on finalizing the production firmware. However, the company has notified that the beta firmware is offered as a temporary solution and it may not work for all devices as it has not been fully tested.

In a statement, Netgear said that, “We appreciate and value having security concerns brought to our attention. Netgear constantly monitors for both known and unknown threats. Being pro-active rather than re-active to emerging security issues is fundamental for product support at Netgear.”
Read more »

IT Ministry Vows To Strengthen Cyber Security In India

(pc-Google Images)
In the wake of hacking of twitter accounts of many high-profile personalities e.g. Congress Vice-President Rahul Gandhi, liquor baron Vijay Mallya and some journalists; the ministry of electronics and IT has asked the social media portal to ‘strengthen security’.

Union minister of electronics and IT, Ravi Shankar Prasad said that he has ordered a review of the “entire IT infrastructure” of India and the need of the hour is “hardening” of the security wall.

“We have told Twitter so. If there are any incidents of cyberattacks, they should immediately inform CERT,” said Union minister Ravi Shankar Prasad. The Computer Emergency Response Team-India (CERT-In) is the nodal agency under the ministry that handles and counters cyberattacks. Twitter was unavailable for a comment. Sources said police and CERT sleuths were considering the matter and asked for the details of hacked accounts.

Prasad said that the ministry has started a review of the IT Act to strengthen it as the Act was formed in 2000, almost 16 year ago – and may have to be updated to deal with the move towards digital payments and mobile banking.

“The Act came into being in 2000. It has, by and large, served us well. Now, as we move towards a digital economy, we are reviewing if there is a need to relook at its architecture, to make it more deterrent for cyber criminals,” Prasad said.

The government has formed two teams in CERT-In, one to respond to cyber-attacks and the other to monitor digital payments.

“All digital payments agencies have been asked to report to CERT-In any unusual activity on their platforms. We are taking several measures to ensure a resilient system. We will audit the IT infra of NPCI (National Payments Corporation of India) and have formed crack teams at CERT-In for immediate response. CITOs (chief IT officers) have been appointed in every ministry and government department. We are undertaking a massive programme to create awareness among the administrative machinery,” the minister said.
Read more »

Galaxy Note 7: Virgin flight delayed

A Virgin flight in America was halted in mid-air after a passenger pranked by changing the name of their wi-fi device to 'Samsung Galaxy Note 7'.

The US Department of Transportation has banned the  Samsung Galaxy Note 7 phones from planes by the US Department of Transportation after there was news that several of the devices caught fire.

Lucas Wojciechowski, a passenger on Virgin America flight 358 from San Francisco to Boston,  told BBC News that he took the screenshot of the hotspot after his laptop detected a wi-fi named   'Samsung Galaxy Note 7'.

Immediately there was a call for the passenger with a Note 7.

Mr. Wojciechowski twitted the the pilot's  warning after no one claimed to own a Samsung Galaxy Note 7.

"This isn't a joke. We're going to turn on the lights (it's 11 pm) and search everyone's bag until we find it.

"This is the captain speaking. Apparently, the plane is going to have to get diverted and searched if nobody fesses up soon."

After all this drama in the mid-air, the owner came forward and  confessed that  had changed the name of their SSID wireless device to 'Samsung Galaxy Note 7_1097.'

To ease the tension in the flight, the flight crew announced: "Ladies and gentlemen, we found the device. Luckily only the name of the device was changed to 'Galaxy Note 7'. It was not a GN7."

While, Serenity Caldwell, managing editor of Apple products news and reviews, was there on the ground where she has to board the flight. She twitted a series of the tweet:

"When I got to the airport (early) today, I found a huge line of people at the counter to my gate. Turns out, the flight had been canceled.

"It took about two hours for everyone to get their itineraries finally sorted. Finally, they all move on to their new gates and our crew comes.

"They're hanging out while we wait to begin boarding, and one of them lets this slip: "Know why the 9 am flight got canceled?

"The plane was mid-flight when an attendant noticed a wi-fi hotspot. A Galaxy Note 7 wi-fi hotspot. Everyone else makes a horrified face."

Read more »

Vulnerabilities in McAfee enterprise system gives hacker root access

(pc-google images)
McAfee has issued patches for ten flaws in its enterprise version of VirusScan for Linux that allow attackers to remotely take over a system, after originally being notified of the security holes six months ago.

Security researcher Andrew Fasano from MIT Lincoln Laboratory said that a total of 10 security flaws allows the execution of code remotely as a root user.

“At a first glance, Intel's McAfee VirusScan Enterprise for Linux has all the best characteristics that vulnerability researchers love: it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time,” he explained.

Four of the flaws are deemed critical. Attackers can exploit CVE-2016-8020, CVE-2016-8021, CVE-2016-8022, and CVE-2016-8023 to escalate their privileges to root and remotely force the target machine to run malicious script.

The six additional flaws involve a cross-site scripting vulnerability, file test and read bugs, HTTP response splitting, tokens forgery, and authenticated SQL injection.

All these vulnerabilities have already been confirmed in version 1.9.2 to 2.0.2, so all Linux systems are recommended to update to the latest release that McAfee shipped this month.
Read more »

Vulnerabilities Found in cabin entertainment systems

A security researcher from Security firm IOactive  found security flaws in Panasonic's cabin entertainment systems.  The flaws were found back in March 2015 but were not reported till now.

Passengers who use in-seat USB ports, attackers could hack passengers' credit-card data when they pay to access to wifi or premium movies, spoof the data sent to seat-back screens, switch off lights, change altitude readings, display bogus maps and broadcast messages via the PA.

The vulnerabilities were found by Ruben Santamarta in the Panasonic Aero in-flight systems at security firm IOActive.

The Aero cabin entertainment system are used by many different airlines including Virgin, Emirates, AirFrance, American Airlines and KLM.

However,  Panasonic rebuked all the claims by the  IOActive and said that the findings were "not based on any actual findings or facts".

"The implied potential impacts should be interpreted as theoretical at best, sensationalizing at worst, and absolutely not justified by any hypothetical vulnerability findings discovered by IOActive," said a spokesman for Panasonic Avionics Corporation.

 Panasonic also claimed that they had reviewed "all of the claims made by Mr. Santamarta" all his concerns had been remedied.

Santamarta wrote on his blog, "So how far can an attacker go by chaining and exploiting vulnerabilities in an In-Flight Entertainment system? There’s no generic response to this, but let's try to dissect some potential general case scenarios by introducing some additional context (nonspecific to a particular company or system unless stated).

Relying exclusively on the DO-178B standard that defines Software Considerations in Airborne Systems and Equipment Certification, the IFE would technically lie within the D and E levels. Panasonic Avionics’ IFE, in particular, is certified at Level E. This basically means that even if the entire system fails, the impact would be something between no effect at all and passenger discomfort.

Also, I should mention that an aircraft's data networks are divided into four domains, depending on the kind of data they process: passenger entertainment, passenger-owned devices, airline information services, and finally aircraft control.

Physical control systems should be located in the Aircraft Control domain, which should be physically isolated from the passenger domains; however, this doesn’t always happen. Some aircraft use optical data diodes, while others rely upon electronic gateway modules. This means that as long as there is a physical path that connects both domains, we can’t disregard the potential for attack.

In-flight entertainment systems may be an attack vector. In some scenarios, such an attack would be physically impossible due to the isolation of these systems, while in others an attack remains theoretically feasible due to the physical connectivity. IOActive has successfully compromised other electronic gateway modules in non-airborne vehicles. The ability to cross the “red line” between the passenger entertainment and owned devices domain and the aircraft control domain relies heavily on the specific devices, software, and configuration deployed on the target aircraft."
Read more »

Nigerian man behind hacking of Los Angeles county emails

A Nigerian national has been charged with the hacking of Los Angeles County emails which have exposed the personal data of more than 750,000 people.

According to the office of the Los Angeles County chief executive, the accused Kelvin Onaghinor, 37, faces nine charges against him which includes unauthorized computer access and identity theft.  However, he has not been arrested, and officials are not even able to trace his current location and now speculating that he left the US.

“My office will work aggressively to bring this criminal hacker and others to Los Angeles County, where they will be prosecuted to the fullest extent of the law,” District Attorney Jackie Lacey vowed in a statement Friday.

It is to be believed that there are more suspects in the hack, and the search for them is going on.  The hack happened in  May when a phishing email deceived 108 county employees into providing usernames and passwords.

A forensic  examination team found that about 756,000 individuals could have been affected by this breach.

According to county officials, the several  department's effects by the hack  include: Assessor, Chief Executive Office, Children and Family Services, Child Support Services, Health Services, Human Resources, Internal Services, Mental Health, Probation, Public Health, Public Library, Public Social Services and Public Works,

There was no evidence of any confidential information had been released because of the breach.

Information  which might have compromised  include first and last names, dates of birth, Social Security numbers, driver’s license or state identification numbers, payment card information, bank account information, home addresses, phone numbers, and/or medical information, such as Medi-Cal or insurance carrier identification numbers, diagnosis, treatment history or medical record numbers.
Read more »
Subscribe to: Comments (Atom)