Top CyberSecurity News For October 25th 2016

  1. India suffered a massive debit card data breach because no one connected the dots. From Scroll.in. 

    The biggest lesson emerging from the recent recall of 3.2 million debit cards by various Indian banks is that most of the systems that the government and the country’s financial sector put in place to deal with a major cyber attack failed to detect the data breach that necessitated this recall.

    As banks scramble to put together a root cause analysis of the events that led to the malware (malicious software) attack that led to one of the biggest security breaches in banks in India in September and October, there is a realisation that institutions failed to share information with each other, leading to cascading failures that permitted the breach to continue undetected for a while.

2. Data breach at Weebly affects 43 million usersFrom Graham Cluely. 

A data breach at free website builder Weebly has compromised the personal information of over 43 million users.

News of the breach arrived on 20 October when LeakedSource.com published a database of 43,430,316 Weebly users’ information on its website. Those records contain a username, email address, password, and IP address.

Little information is known about how those responsible for the breach exfiltrated all of that data, but we do know that the breach occurred at the web-hosting service in February 2016 and that an anonymous source provided LeakedSource with the database.

 

Top CyberSecurity News For 4th June 2016

  1. APT GROUP SENDS SPEAR PHISHING EMAILS TO INDIAN GOVERNMENT OFFICIALSFrom FireEye Blog. On May 18, 2016, FireEye Labs observed a suspected Pakistan-based APT group sending spear phishing emails to Indian government officials. This threat actor has been active for several years and conducting suspected intelligence collection operations against South Asian political and military targets.

Top CyberSecurity News For 30th May 2016

  1. Teen held for hacking into EPABXFrom The Hindu. A 19-year old man pursuing ITI course from a college in Odisha was caught by the Cyber Crime team of Cyberabad police for hacking the EPABX of a private firm in the city using a mobile phone, resulting in financial loss to the company.According to the police, Himalaya Mohanty, who lives in Shibapura village in Balasore district in Odisha, is pursuing ITI course from a private institute. In November 2015, Mohanty hacked the EPABX code of Lloyd Electrical and Engineering Limited in Hyderabad, resulting in a bill of Rs. 60 lakh.

Top CyberSecurity News For 1st May 2016

  1. CyberSecurity Market ReportFrom Cybersecurity Ventures. 
    • Market research firm Gartner says global spending on IT security is set to increase 4.7 percent in 2015 to $75.4 billion, and the world will spend $101 billion on information security in 2018.
    • The cyber security market is estimated to grow to $170 billion (USD) by 2020, at a Compound Annual Growth Rate (CAGR) of 9.8 percent from 2015 to 2020, according to a report from Markets and Markets. The aerospace, defense, and intelligence vertical continues to be the largest contributor to cybersecurity solutions.
  2. North Korea’s missiles don’t frighten me, but the realities of cyber warfare are chillingFrom The Telegraph. The advent of cyber warfare means that you do not need to construct the vast infrastructure of a missile programme to cause mayhem; the only requirement is a team of able people with laptops and internet connections. If they are clever enough, this hit squad of nerds can knock out power grids, disable banking systems and paralyse normal life in a target country. And they can do all this from the safety of their office thousands of miles away.

  3. Indian hackers hack 100 Pak websites after attack on actor Mohanlal’s websiteFrom India Today. “We have launched an attack on Pakistani sites and have brought down several government and online sites of Pakistan. We are also defacing websites of some prominent actors and we will continue to do this till Pakistani hackers do not stop such attack on Indian cyber space,” said a hacker of Indian Cyber Security Force, which claims to be an NGO.
  4. Cayman under cyber-attack, says ICTA. From Cayman News Service.  As local telecommunications provider Flow issued another alert about phishing scams impacting its customers, the managing director of the Information & Communications Technology Authority warned that Cayman is being targeted by cyber criminals. Earlier this week Flow warned customers about an email purporting to be from LIME, its previous brand, regarding spam security issues which asked them to click on a link. But this is just one of many problems email users are experiencing. Although the ICTA could not be certain of a connection,

  5. Ransomware Seen as Growing Cyber Threat. From CFO.com.  Miscellaneous errors accounted for the largest number of data security breaches last year, while ransomware is becoming a more common form of cyber attack, according to Verizon. The telecom company said in its 2016 Data Breach Investigations Report that miscellaneous errors were at fault for 17.7% of breaches, followed by insider and privilege misuse (16.3%) and physical theft and loss (15.1%).

Top Cybersecurity News For 24th April 2016

  1. 70 customers duped in cyber hacking of bank. From Times Of India. An internal inquiry by Bank of Baroda (BoB), has found that at least 70 customers from various parts of the Uttar Pradesh state were duped in March. So far, 373 fraudulent transactions adding up to about Rs 10.67 lakh (USD 18,000) have been detected in what could be the biggest cyber heist in India.

  2. Hacking Risks Found in US Army’s $12 Billion Mobile Network. From NewsMax. A $12 billion mobile Internet network that the U.S. Army is using in Iraq, Afghanistan, and Africa has significant cyber-security vulnerabilities that were found in combat testing.
  3. Number of DDoS Bots That Can Bypass Mitigation Tools Rises to 36 Percent. From Softpedia. During the first three months of the year, DDoS protection firm Imperva observed a series of interesting trends regarding the DDoS landscape. According to the company’s latest quarterly report, both network layer and application layer attacks grew in size and sophistication.
  4. Massive Philippines data breach now searchable online. From Wired. A website called wehaveyourdata.com that claims to contain the full database of hacked Filipino voter data has appeared online. The hacking of the Philippines’s voter registration system and database is believed to be the biggest data breach in government history, with more than 55 million people affected.
  5. Facebook bug hunter stumbles on backdoor left by… another bug hunter. From ITWorld. When Orange Tsai set out to participate in Facebook’s bug bounty program in February, he successfully managed to gain access to one of Facebook’s corporate servers. But once in, he realized other hackers had beaten him to it.The backdoor script stole Facebook employee credentials from a corporate server.

Top Cybersecurity News For 18th April 2016

  1. Detailed account of the Hacking Team data breach by FinFisher. From Softpedia. Hacking Team is a Milan-based IT company that sells offensive intrusion and surveillance capabilities to governments, law enforcement agencies and corporations. On July 5, 2015, the Twitter account of the company was compromised by an unknown individual who leaked links to over 400 gigabytes of data, including alleged internal e-mails, invoices, and source code. This article explains how that breach was conducted.
  2. Dump Adobe QuickTime, Department Of Homeland Security tells Windows users. From Krebs On Security. Apple is deprecating QuickTime for Microsoft Windows. They will no longer be issuing security updates for the product on the Windows Platform and recommend users uninstall it. Furthermore, there are two new, unpatched vulnerabilities which could be used to remotely compromise Windows computers.
  3. More US commandos, choppers and bases are hacking ISIS. From Daily Beast. Three U.S. officials told The Daily Beast that US cyber operations against ISIS have moved beyond mere disruption and are entering a new, more aggressive phase that is targeted at individuals and is gleaning intelligence that could help capture and kill more ISIS fighters.
  4. The National Institute of Standards and Technology is poised to deliver new cybersecurity guidance, according to NIST fellow Ronald Ross. From HealthcareITNews. “We can build and deploy systems that we can trust, too, in a hospital environment, so the systems can better withstand cyberattacks, are more penetration-resistant, and limit the damage an adversary can do if an attack comes through the perimeter,” Ross said.
  5. Indian political party accused of hacking Facebook. From Economic Times. An internal email communique allegedly from the AIADMK IT Wing president to his team informing that they have hacked Facebook for making posts about their party “go viral” has leaked and the mail itself has gone viral.