Security researcher hacks BSNL intranet; leaks details of 47,000 employees
On Sunday, March 4, Elliot Alderson, a security researcher in a series of tweets shared how he hacked BSNL’s (Bharat Sanchar Nigam Limited) website and got hold of details of 47,000 plus employees. It allowed the attacker to dump all the database of the BSNL intranet, which contains details about more than 47000 BSNL employees’ including senior official’s information, administrator’s information and information regarding retired employees. ” The whole incident came into light when the French security researcher, Elliot Alderson gained access to BSNL’s intranet website, by injecting an SQL (a process used to attack data-driven applications, when an attacker injects a code, inserting nefarious SQL statements into an entry field for execution. ” Elliot (twitter handle @fs0c131y) also tweeted that the BSNL Intranet site was also attacked by a ransomware but it went unnoticed. The security researcher then tweeted saying, “First thing first, I want to thank @BSNLCorporate for their cooperation and their reactivity. Two years back Kothapalli in a series of tweets, emails and calls had tried informing the senior officials of BSNL; but he never got a response from any of them. He tweeted, “Tweeted this 2 years ago after all the deliberate attempts I made to contact BSNL. The researcher tweeted that the issue was first spotted by an IITian and gave credit to a Twitter profile named @kmskrishna. Now as you can see, @fs0c131y used the same vulnerability to hack BSNL. After the glitch was made public, BSNL acknowledged and fixed the issue.
A critical flaw in Pivotal’s Spring Data REST allows hacking any machine that runs an application built on its components
Pivotal’s Spring Data REST project is affected by a critical vulnerability, tracked as CVE-2017-8046, that was discovered by security researchers at Semmle/lgtm. The experts urge to apply the fix because it allows remote attackers to execute arbitrary comma1nds on any machine that runs an application built using Spring Data REST. The components included in the Spring Data REST are used by developers to build Java applications that offer RESTful APIs to underlying Spring Data repositories. The lack of validation of the user input allows the attacker to execute arbitrary commands on any machine that runs an application built using Spring Data REST. “The vulnerability allows attackers to execute arbitrary commands on any machine that runs an application built using Spring Data REST. Spring Data REST builds on top of Spring Data repositories, it allows to expose hypermedia-driven HTTP resources (collection, item, and association resources) representing your model) for aggregates contained in the model. com has worked closely with Pivotal to solve the issue and publicly disclose the issue, the intent was to give Spring Data REST users sufficient time to update their apps. “Malicious PATCH requests submitted to spring-data-rest servers can use specially crafted JSON data to run arbitrary Java code. Pivotal’s Spring Framework a platform is widely used by development teams for building web applications. “Virtually every modern web application will contain components that communicate through REST interfaces, ranging from online travel booking systems, mobile applications and internet banking services,” continues the advisory.
Equifax confirmed additional 2.4 Million identifies affected by the security breach
A couple of weeks ago, experts argued the Equifax hack is worse than previously thought, according to documents provided by Equifax to the US Senate Banking Committee the attackers also stole taxpayer identification numbers, phone numbers, email addresses, and credit card expiry dates belonging to some Equifax customers. “It’s about sifting through the previously identified stolen data, analyzing other information in our databases that was not taken by the attackers, and making connections that enabled us to identify additional individuals. Compromised records include names, social security numbers, birth dates, home addresses, credit-score dispute forms, and for some users also the credit card numbers and driver license numbers. 4 Million identifies affected by security breach The massive Equifax hack made the headlines again, new revelations about the security breach emerge in the last hours. ” The US company still hasn’t notified the newly identified consumers because their social security numbers were not exposed in the hack, hackers only accessed their partial driver’s license information. Equifax announced it would notify the newly identified consumers and will offer them identity theft protection and credit file monitoring services. In 2017 Equifax confirmed it has suffered a massive data breach, cybercriminals stole sensitive personal records of 145 million belonging to US citizens and hundreds of thousands Canada and in the UK. “This is not about newly discovered stolen data,” explained Paulino do Rego Barros, ad interim chief executive at Equifax. The credit bureau company announced this week it identified an additional 2. Attackers exploited the CVE-2017-5638 Apache Struts vulnerability.
NIS America hacked: Customer payment card data stole, $5 off next purchase offered as an apology gift
Japanese gaming developer Nippon Ichi Software has revealed its American arm, NIS America, has suffered a major data breach compromising the personal and financial data of online customers. NIS America said its store pages were immediately taken offline line to prevent any further breaches and scanned all its processes to determine “the exact point of entry as well as determine when this change occurred on our online stores. The company noted that it does not store payment card information of customers who have user accounts on one of its stores. In an email sent out to affected customers last week, the company said the breach took place sometime between 23 January and 26 February on its online stores including the store. Hackers managed to access customers’ payment card details and address information for any new orders placed and paid via credit card during this time frame. However, customers who placed orders using PayPal were not affected by the breach. Customers have been advised to change their user account passwords, monitor their bank or credit card statements for any suspicious activity and watch out for fraudulent emails, texts, phone calls or dubious websites that request personal information. At this time, we can say that we have identified the issue, removed it from our website, and taken steps to prevent this issue from recurring, as well as added new security to our online stores. Afterwards, the malicious process would return the customer to the NIS America store page to complete their transaction. This process was being used as far back as January 23rd, 2018 to skim personal information provided by our customers during checkout after they placed an order at our store
What is Triada? Data-stealing malware infects 40 Android models’ firmware while manufacturing
Data-stealing malware infects over 40 Android models’ firmware while manufacturing A data-stealing Android malware has been found infecting various Android models over the past few months. According to security researchers at Doctor Web, a Russia-based security firm, the malware infects an important component of the Android operating system called Zygote, which is used to launch all applications. Currently, over 40 Android models have been affected, though security researchers suspect that the actual number of infected models may be much higher than this. Doctor Web researchers said that they alerted the Android devices’ manufacturers who were producing infected phones. Below is the list of all known Android models affected by the Triada malware. The complexity of the Triada Trojan’s functionality proves the fact that very professional cybercriminals, with a deep understanding of the targeted mobile platform, are behind this malware,” Kaspersky Lab researchers said in a previous report. Researchers say that those affected by the malware can get rid of it by rooting the device and deleting the malware manually. According to a previous report by Kaspersky Lab, the Triada malware is highly advanced and stealthy, performing various malicious activities without alerting the targeted users. The malware has been designed to penetrate a device’s firmware while manufacturing. Since mid-2017, the malware has steadily kept at it, infecting more and more devices.
For the second time in two weeks, CDOT shut down computers after a ransomware infection
For the second time in a few days, a variant of the dreaded SamSam ransomware paralyzed the CDOT. ” Approximately 20% of the machines infected by the first wave of attacks had been restored when a variation of the original Samsam ransomware hit the Colorado Department of Transportation for the second time. Exactly two weeks ago, the SamSam ransomware made the headlines because it infected over 2,000 computers at the Colorado Department of Transportation (DOT. “Eight days into a ransomware attack, state information technology officials detected more malicious activity on the Colorado Department of Transportation computer systems Thursday. The investigation on the first wave of infections revealed that the infected systems were running Windows OS and McAfee anti-virus software. The attack forced CDOT employees to stop using computers and input data using pen and paper. At the time of writing, it is still impossible to evaluate the impact of the attack. The Colorado National Guard and the FBI are working to restore normal operations. The network has been disconnected from the internet for now, and many employees are working on a pen and paper system. According to CDOT spokeswoman Amy Ford, the ransomware attack did not affect construction projects, signs, variable message boards and “critical traffic operations,”.
Marine Forces data leak: Highly sensitive info of over 21,000 Marines, sailors and civilians exposed
The US Marine Corps Force Reserve has suffered a major data leak this week that saw the personal and sensitive information of thousands of Marines, sailors and civilians accidentally exposed in an unencrypted email. The Marine Corps takes the protection of individual Marines’ private information and personal data very seriously, and we have steps in place to prevent the accidental or intentional release of such information. On Monday (26 February), the Defense Department’s Defense Travel System (DTS) sent an email with an attachment that contained highly sensitive and personal information to the wrong email distribution list, Marine Corps Times reported. In 2015, the Office of Personnel Management revealed it suffered two separate but related data breaches that exposed the sensitive information of at least 22. The attached roster listed the personal and financial details of about 21,426 people including truncated Social Security numbers, credit card information, bank routing numbers, electronic funds transfer details, residential and mailing addresses, as well as emergency contact information. In January, the US Department of Homeland Security said it suffered a breach exposing the sensitive, personally identifiable information of more than 240,000 former and current employees. The Marine Corps said it is currently investigating the extent of the breach and plans to implement changes to better safeguard personal data and avoid any similar incidents in the future. This isn’t the first time US federal government has suffered a major data breach affecting military and defence personnel in recent years. It was very quickly noticed and email recall procedures were implemented to reduce the number of accounts that received it,” Major Andrew Aranda, spokesman for Marine Forces Reserve, said in a release. It is not immediately clear how many people mistakenly received the email.
Cyber attack of mammoth scale: Over 22,000 Indian websites hacked between April 2017 – January 2018
The minister said 301 security alerts regarding potential vulnerabilities and threats to multiple systems and applications were issued by CERT-In during April 2017-January 2018. “As per information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total of 22,207 Indian websites including 114 government websites were hacked during April 2017 to January 2018. In response to a separate query, Alphons said all the new government websites and applications are to be audited with respect to cybersecurity prior to their hosting along with audit on a regular basis after hosting. Reuters) Over 22,000 Indian websites, including 114 government portals were hacked between April 2017 and January 2018, Parliament was informed today. The minister said 301 security alerts regarding potential vulnerabilities and threats to multiple systems and applications were issued by CERT-In during April 2017-January 2018. Besides, as per the information reported to and tracked by National Informatics Centre (NIC), a total number of 74 and six government websites hosted on NICNET were hacked during 2017 and 2018 (till February), respectively, he added. Alphons, in response to another question, said in order to work towards strategic interventions to promote artificial intelligence applications, the government has set up four committees of experts from academia, industry and government. To a question on whether fake news had pervaded all spheres of life and had led to serious repercussions, Alphons said the government does not maintain specific information on people booked in isolated incidents for circulation of fake news on messaging and social media platforms. The servers not configured properly and having vulnerable software are prone to hacking and could be misused by cybercriminals,” he said. “Organisations use servers to host websites and applications for the dissemination of information and providing services to users.
Hardcoded password and Java deserialization flaws found in Cisco products
A local attacker just has to connect to the affected system via Secure Shell (SSH) using the hardcoded password, the “A vulnerability in Cisco Prime Collaboration Provisioning (PCP) Software could allow an unauthenticated, local attacker to log in to the underlying Linux operating system. “ The hardcoded password can grant to a local attacker the access to a low-privileged user account, but chaining the vulnerability with other issues there is the risk that the attacker would elevate privileges to root. The second critical vulnerability, tracked as CVE-2018-0147, is a Java deserialization flaw that affects Cisco Access Control System (ACS) that can be exploited by an unauthenticated, remote attacker to execute arbitrary commands with root privileges on an affected device. “A vulnerability in Java deserialization used by Cisco Secure Access Control System (ACS) could allow an unauthenticated, remote attacker to execute arbitrary commands on an affected device. An attacker could exploit this vulnerability by connecting to the affected system via Secure Shell (SSH) using the hard-coded credentials. The first issue is a hardcoded password, tracked as CVE-2018-0141, that affects Cisco’s Prime Collaboration Provisioning (PCP) and that can be exploited by local attackers to gain full control over a vulnerable equipment. An exploit could allow the attacker to execute arbitrary commands on the device with root privileges. Hardcoded password and Java deserialization flaws found in Cisco products The lasters set of security updates released by Cisco also includes two advisories for critical vulnerabilities. “Although this vulnerability has a Common Vulnerability Scoring System (CVSS) Base score of 5. The vulnerability has received a Common Vulnerability Scoring System (CVSS) Base score of 5.
Cortana Can Expose Enterprises to Attacks, Researchers Warn
Independent researchers Amichai Shulman, former CTO and co-founder of Imperva, and Tal Be’ery, former VP of research at Microsoft-acquired security firm Aorato, have found a way to conduct an evil maid attack that abuses the Cortana voice assistant to install malware onto a locked computer. a hacker who has physical access to the targeted machine) can install malware on a locked device by telling Cortana to access a website, intercepting traffic to that site using a device attached to the PC, and injecting malicious code into the connection. The attacker gets network access to the next victim computer (the equivalent of the network cable USB network card) through a known network attack (e. The attacker then instructs Cortana to access a privileged website that does not use a secure HTTPS connection (e. If the attacker already had access to a system, they could have conducted a remote attack where a piece of malware played an audio file that instructed Cortana to navigate to an arbitrary website. In Windows 10, if default settings are not changed, any user can interact with Cortana by saying “Hey Cortana,” and it works even if the device is locked. Microsoft made some server-side changes in August 2017 in order to prevent abuse, but Shulman and Be’ery believe there could be other Cortana commands that can be leveraged for similar attacks and noted that the research can be extended to other voice assistants, such as Apple’s Siri. ” If the user tells Cortana to access any site, Windows launches a browser process and sends a query for the domain name to Bing. Since the connection is not protected, the hacker’s network card can be used to conduct a man-in-the-middle (MitM) attack and replace normal traffic with malicious code, such as a web browser exploit designed to deliver a piece of malware. The malware then provides a remote backdoor to the compromised system.