Vulnerabilities in Facebook Chat and Messenger exploitable with basic HTML knowledge. From Help Net Security. Check Point’s security research team has discovered vulnerabilities in Facebook’s standard online Chat function, and its separately downloaded Messenger app. The vulnerabilities, if exploited, would allow anyone to essentially take control of any message sent by Chat or Messenger, modify its contents, distribute malware and even insert automation techniques to outsmart security defences.
‘Alarming’ rise in ransomware tracked. From BBC. There are now more than 120 separate families of ransomware, said experts studying the malicious software.Other researchers have seen a 3,500% increase in the criminal use of net infrastructure that helps run ransomware campaigns. The rise is driven by the money thieves make with ransomware and the increase in kits that help them snare victims.
A look inside the Department of Homeland Security’s cyber hub. From TheVerge. The building where the Department of Homeland Security tracks every cyber attack against the US is surprisingly bland. With its neutral exterior and circular drive, I wasn’t even sure we were at the right place until I saw our press liaison standing in the lobby. There are no signs to distinguish it from the generic office park that surrounds it, and the doorman wouldn’t even confirm if DHS had an office inside.
Engineering student arrested for hacking Indian Politician Lalu Prasad’s Facebook account. From Times Of India. An engineering student was arrested on Tuesday for allegedly hacking the Facebook profile and email account of RJD supremo Laluprasad Yadav. The Facebook profile of Yadav was hacked by the criminals on March 13. An FIR was lodged by his son and deputy CM Tejashwi Prasad Yadav with Secretariat police station and sections 419, 420 and 506 of IPC was lodged in the case. Two investigating officers (IO), ASP Nilesh Kumar and inspector Ramashankar Singh of the cyber cell of economic offences unit (EOU) first located that the hacking was committed from mobile phone device and not a desktop or laptop.
- History Of TCP/IP. From History Of Computers. The most popular network protocol in the world, TCP/IP proto cal suite, was designed in 1970s by 2 DARPA scientists—Vint Cerf and Bob Kahn, persons most often called the fathers of the Internet. Vinton Gray “Vint” Cerf (born June 23, 1943 in New Haven, Connecticut) obtained his B.S. in Math and Computer Science at Stanford University in 1965 and went to IBM, where he worked for some two years as a systems engineer, supporting QUIKTRAN—a system to make time-shared computing more economical and widely available for scientists, engineers and businessmen.
FBI Says a Mysterious Hacking Group Has Had Access to US Govt Files for Years. From VICE. The feds warned that “a group of malicious cyber actors,” whom security experts believe to be the government-sponsored hacking group known as APT6, “have compromised and stolen sensitive information from various government and commercial networks” since at least 2011, according to an FBI alert obtained by Motherboard.
- How is Malware Researched?. From Intego. You may wonder what goes on behind the scenes between the time when researchers get malware samples and the time virus definitions magically appear on your machine. All researchers do things a little differently, but there are some basic techniques that are common to a lot of them. For instance, which technique a researcher uses as his or her first or primary method of analyzing a file will depend on a lot of things. Some might seem obvious (such as how complicated or armored is the threat or how quickly do we need to analyze this), while others might seem a bit odd (how old is the researcher?).
A 10-year-old hacked Instagram so Facebook gave him $10,000. From Mashable. Before he even reached the age requirement to make a Facebook account, a 10-year-old found a major flaw in Instagram, earning him a cool $10,000 from Facebook. Jani (his parents withheld his last name), figured out a way to get into Instagram’s servers and delete text posted by Instagram users, Finnish news site Iltalehti reported.
Big data breaches found at major email services – expert. From Reuters. Hundreds of millions of hacked user names and passwords for email accounts and other websites are being traded in Russia’s criminal underworld, a security expert told Reuters.The discovery of 272.3 million stolen accounts included a majority of users of Mail.ru, Russia’s most popular email service, and smaller fractions of Google, Yahoo and Microsoft email users, said Alex Holden, founder and chief information security officer of Hold Security.
- A four-step plan to prevent ransomware attacks. From The Advisory Board. Ransomware attacks encrypt your files and demand ransom for the decryption key. In some cases, hospitals have paid thousands of dollars to regain access to their data. To protect your data, Advisory Board experts recommend four common-sense steps.
- Critical flaws in ImageMagick library expose websites to hacking. From CIO.com. A tool used by millions of websites to process images has several critical vulnerabilities that could allow attackers to compromise Web servers. To make things worse, there’s no official patch yet and exploits are already available. The vulnerabilities were discovered by Nikolay Ermishkin from the Mail.Ru security team and were reported to the ImageMagick developers who attempted a fix in version 6.9.3-9, released on April 30. However, the fix is incomplete and the vulnerabilities can still be exploited.
- Introduction to Digital Certificates. From Comodo. Digital Certificates are a means by which consumers and businesses can utilise the security applications of Public Key Infrastructure (PKI). PKI comprises of the technology to enables secure e-commerce and Internet based communication. The number of people and businesses online is continuing to increase. As access becomes faster and cheaper such people will spend even more time connected to the Internet for personal communication and business transactions. The Internet is an open communications network that was not originally designed with security in mind. Criminals have found they can exploit its vulnerabilities for fraudulent gain. If the Internet is to succeed as a business and communications tool users must be able to communicate securely
70 customers duped in cyber hacking of bank. From Times Of India. An internal inquiry by Bank of Baroda (BoB), has found that at least 70 customers from various parts of the Uttar Pradesh state were duped in March. So far, 373 fraudulent transactions adding up to about Rs 10.67 lakh (USD 18,000) have been detected in what could be the biggest cyber heist in India.
- Hacking Risks Found in US Army’s $12 Billion Mobile Network. From NewsMax. A $12 billion mobile Internet network that the U.S. Army is using in Iraq, Afghanistan, and Africa has significant cyber-security vulnerabilities that were found in combat testing.
- Number of DDoS Bots That Can Bypass Mitigation Tools Rises to 36 Percent. From Softpedia. During the first three months of the year, DDoS protection firm Imperva observed a series of interesting trends regarding the DDoS landscape. According to the company’s latest quarterly report, both network layer and application layer attacks grew in size and sophistication.
- Massive Philippines data breach now searchable online. From Wired. A website called wehaveyourdata.com that claims to contain the full database of hacked Filipino voter data has appeared online. The hacking of the Philippines’s voter registration system and database is believed to be the biggest data breach in government history, with more than 55 million people affected.
- Facebook bug hunter stumbles on backdoor left by… another bug hunter. From ITWorld. When Orange Tsai set out to participate in Facebook’s bug bounty program in February, he successfully managed to gain access to one of Facebook’s corporate servers. But once in, he realized other hackers had beaten him to it.The backdoor script stole Facebook employee credentials from a corporate server.
- Detailed account of the Hacking Team data breach by FinFisher. From Softpedia. Hacking Team is a Milan-based IT company that sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. On July 5, 2015, the Twitter account of the company was compromised by an unknown individual who leaked links to over 400 gigabytes of data, including alleged internal e-mails, invoices, and source code. This article explains how that breach was conducted.
- Dump Adobe QuickTime, Department Of Homeland Security tells Windows users. From Krebs On Security. Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Furthermore, there are two new, unpatched vulnerabilities which could be used to remotely compromise Windows computers.
- More US commandos, choppers and bases are hacking ISIS. From Daily Beast. Three U.S. officials told The Daily Beast that US cyber operations against ISIS have moved beyond mere disruption and are entering a new, more aggressive phase that is targeted at individuals and is gleaning intelligence that could help capture and kill more ISIS fighters.
- The National Institute of Standards and Technology is poised to deliver new cybersecurity guidance, according to NIST fellow Ronald Ross. From HealthcareITNews. “We can build and deploy systems that we can trust, too, in a hospital environment, so the systems can better withstand cyberattacks, are more penetration-resistant, and limit the damage an adversary can do if an attack comes through the perimeter,” Ross said.
- Indian political party accused of hacking Facebook. From Economic Times. An internal email communique allegedly from the AIADMK IT Wing president to his team informing that they have hacked Facebook for making posts about their party “go viral” has leaked and the mail itself has gone viral.