Indian Organisations Being Re-Targeted with Cyber-Attacks: FireEye
According to a recent security report by Trustwave, the Indian retail industry encountered the maximum number of security breaches (16. According to director of APAC threat intelligence Tim Wellsmore at FireEye, India faces a difficult situation, as there are attacks again and again on organisations, while skill deficiencies make organisations/governments weakly equipped for dealing with sophisticated assaults. FireEye’s investigation into the incident indicates the most recent trend as 49% consumers within India as well as APAC suffering a single high priority hack, if not more, fell victim to successful attacks once more during an annum. In his opinion, energy companies frequently segregate cybersecurity among departments, while inadequate communication inside such companies can result in vulnerabilities. Thus, human actions pose the biggest obstacle to company cybersecurity, while social engineering fraud namely “CEO fraud” encourage executives in allowing spurious money transactions that keep on increasing. APAC region has the greatest susceptibility to breaches while it has a twofold possibility of encountering more than one incident from more than one hacker in comparison with North America. Re-targeting that as well means repeat data hacks occurs with the attacker invading one PC once returns with another. Holding the post of director of Center for Cyber Security and Protection, Robert Eckman belongs to the Cleveland Marshall College of Law. Personalized web assaults getting more prevalent, are even more advanced, with plentiful hacks suggesting cyber-criminals carefully pre-plan them and look for unprotected tools/packages for exploitation. Hence, organisations require having security experts who have deft knowledge.
Nude pictures posted on Shekhar Suman’s Facebook account, actor claims account was ‘hacked’
After stars like Abhishek Bachchan, Boman Irani among others had fallen in the traps of social media hacking, Bollywood and TV personality Shekhar Suman’s Facebook account was hacked on Friday and ‘nude pictures and objectionable content’ was reportedly shared from it. Claiming that he has been ‘highly disappointed’ after the incident, Shekhar revealed to a leading news agency, “I am highly disappointed about the whole episode of my Facebook account hacking. Though I am not too active on Facebook, in the evening, I started getting calls from some friends mentioning how someone must have hacked my account and posting some nude pictures and objectionable material on my wall.” He further said that he will be reporting to the cyber crime cell about the said incident. Upset by the hacking incident, Shekhar said that he planning to go offline from the social media. “Earlier also I thought about it, but my friends and fans told me not to do so because it is a nice way to stay connected with my fans. But after this incident I think I might just do that because it is about my reputation,” he said. Meanwhile, on the work front, the actor was last seen in Sanjay Dutt’s Bhoomi and is also prepping up for the digital comeback of his famous TV show Dekh Bhai Dekh.
Booby-trapped Office docs build with ThreadKit trigger CVE-2018-4878 flaw
At the end of March, security experts at Proofpoint discovered a Microsoft Office document exploit builder kit dubbed ThreadKit that has been used to spread a variety of malware, including banking Trojans and RATs (i. Proofpoint experts reported that in the last weeks, the exploit kit included new exploits targeting vulnerabilities such as the CVE-2018-4878 Adobe Flash zero-day and several Microsoft office vulnerabilities (i. Now threat actors are using the ThreadKit builder kit to target the recently patched CVE-2018-4878 Flash vulnerability, experts started observing exploit code samples in the wild a few days ago. The vulnerability could be exploited by an attack by tricking victims into opening a document, web page or email containing a specially crafted Flash file. The ThreadKit builder kit shows similarities to Microsoft Word Intruder (MWI), it was initially being advertised in a forum post as a builder for weaponized decoy documents. The security expert Claes Splett has published a video that shows how to build a CVE-2018-478 exploit in ThreadKit. The attackers exploited the zero-day vulnerability in attacks aimed at South Korean individuals involved in research activity on North Korea. According to the researcher, Simon Choi the Flash Player flaw has been exploited by North Korea since mid-November 2017. Now the exploit was included in the ThreadKit builder, based on Virus Total hashes posted to Pastebin. Just after its appearance, documents created with the ThreadKit builder kit have been observed in several campaigns.
YouTube channels hacked, most played video Despacito deleted
YouTube has seemingly fallen prey to hackers even as a number of high-profile music videos have been defaced, some deleted, including Luis Fonsi and Daddy Yankee’s Despacito. Despacito, in case you’ve been living under a rock, is the most-viewed YouTube video of all time. Earlier in the day, the video’s thumb image was altered and replaced with a masked gang holding guns, the Verge reports. The description of the video was changed as well, and as of writing this report, Despacito — at least the official video — is untraceable, the report adds. At the heart of it all lie hackers calling themselves Prosox and Kuroi’sh, and they’ve apparently hacked the video sharing platform “just for fun.” Despacito isn’t the only video that has apparently been affected. Lots of other popular music videos have also been defaced. But it appears as if videos posted by Vevo accounts are the worst affected. The list includes videos from Chris Brown to DJ Snake, from Shakira to Selena Gomez, from Katy Perry to Taylor Swift, so on and so forth. Some of this affected video, are in fact, still online.
Andhra University website hacked
The official website of Andhra University was allegedly hacked by the persons belongs to terrorist outfit. The AU authorities found it on Monday night and sorted out the problem within hours. But the site was not properly visible for the visitors. According to sources, Pakistani Hacker Muhammad Bilal hacked the Andhra University official website andhrauniversity.edu.in. He had previously allegedly defaced many Indian government sites reminding Indians about Kashmir conflict. Andhra University website hacked on April 5 of 2014 by Pakistan cyber experts. It was hacked on August 4 of 2016 and even the city police website for traffic cops was also hacked by a group of hackers under the name of Team Pakistan Cyber Attackers on December 2 in 2015. Andhra University Vice Chancellor Prof. G Nageswara Rao told TOI that the authorities concerned found it and sorted out the problems. He said the authorities to inform the police immediately. When contacted the city cyber crime police station circle inspector Gopinath, he said they have not received any complaint from the AU authorities till the hour.
Reputational Damage from Fake News & Cyber Attacks Raise UK Business Risk
Fake news threatens U.K. businesses with reputational damage as well as falling sales and share prices, adding to the growing risk from cyber attacks facing companies from local Indian restaurants to multinationals.That’s the warning from the National Cyber Security Centre and the National Crime Agency in a report Tuesday. In one case believed to set a legal precedent, lawyers for a U.K. businessman issued an injunction against “persons unknown” after false and doctored stories were shared on social media, the NCSC said. Among the fastest-growing areas of fraud is the tactic of impersonating a company’s chief executive officer or senior official to coerce an employee, customer or vendor into transferring funds or sensitive information, according to the report. More sophisticated technology and cheaper costs make the strategy more effective than traditional ransomware. Meanwhile, newer techniques for mining cryptocurrencies are also on the rise, led by so-called cryptojacking, which exploits visitors to a website to mine the currencies without their consent, the center said. Security of data stored in the cloud “will become a tempting target for a range of cyber criminals,” the NCSC said, as currently, only 40 percent of data stored there is access-secured. Too much faith is placed in cloud providers by customers who don’t stipulate how data should be stored, the report found. Separately, the Recruitment and Employment Confederation reported a shortage of workers in cyber security in the month to the end of April.
Personal information data breach looms large in India: Verizon report
It said that one security breach can have multiple attackers and the study by the company found that 72 per cent of attacks were perpetrated by outsiders, 27 per cent involved internal actors, 2 per cent involved partners and 2 per cent feature, multiple partners. It is the most common type of malware, found in 39 percent of malware-related data breaches double that of last year’s DBIR, and accounts for over 700 incidents – India is no exception to this trend according to our investigation caseloads,” Thapar said. Specifically, with respect to India, the threat of PII (personally identifiable information also called sensitive personal information) data breaches looms large due to lack of a strong data protection and privacy legislation,” Verizon Enterprise Solutions, Managing Principal for APJ, Ashish Thapar said. It further said that while on average 78 percent of people did not fail a phishing (misleading e-mails, website links etc) test last year, 4 percent of people do for any given phishing campaign. Companies are nearly three times more likely to get breached by social attacks than via actual vulnerabilities, emphasizing the need for ongoing employee cybersecurity education,” the report said. Lack of strong data protection and privacy legislation makes India highly vulnerable to data breaches related to personal information, according to digital network solution firm Verizon. Financial pretexting and phishing represent 98 per cent of social incidents and 93 percent of all breaches investigated with email continuing to be the main entry point (96 per cent of cases. According to the report, human factor continues to be the weak link in cybersecurity breaches with employees of companies still falling victim to social attacks. The company today released data breach investigations report (DBIR) which found that social engineering targeting personal information in education segment is high, which is then used for identity fraud.
Sodexo Filmology data breach – Users need to cancel their credit cards
“We would advise all employees who have used the site between 19th March-3rd April to cancel their payment cards and check their payment card statements,” reads the data breach notification issued by Sodexo Filmology. “After speaking to Filmology to ask exactly what had happened, I was informed that my bank details were stolen from the payment page and that the incident has been reported to the ICO. “These incidents have been caused by a targeted attack on the system we use to host our Cinema Benefits platform, despite having put in place a number of preventative measures with CREST-approved security specialists. Sodexo Filmology reported the incident to the Information Commissioner’s Office and hired a specialist forensic investigation team. Sodexo food services and facilities management company notified a number of customers that it was the victim of a targeted attack on its cinema vouchers platform, Filmology and it is urging them to cancel their credit cards. The service rewards UK employee via discounted cinema tickets, the website was taken down in response to the incident “to eliminate any further potential risk” to consumers and to protect their data. ” Making a rapid search online, we can verify that the attack has been going on for several months, several employees reported fraudulent activities on the Money Saving Expert forum in February. ” wrote the user Chris. The hack on the payment page was carried out over 2 months and involved many accounts. ” “We sincerely apologise for any inconvenience this has caused you and are doing all that we can to provide access to your benefits via alternative means.
CVE-2018-0950 flaw in Microsoft Outlook could be exploited to steal Windows Passwords
The flaw in Microsoft Outlook ties the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) an email is previewed and automatically initiates SMB connections. ” Microsoft Outlook automatically renders OLE content, this means that it will initiate an automatic authentication with the attacker’s controlled remote server over SMB protocol using single sign-on (SSO. The CVE-2018-0950 flaw could be exploited by attackers to steal sensitive data such as Windows login credentials by tricking victims into preview an email with Microsoft Outlook, “Outlook blocks remote web content due to the privacy risk of web bugs. The attack scenario sees a remote attacker exploiting the vulnerability by sending an RTF email to the victim, the malicious message contains an image file (OLE object) that is loaded from a remote SMB server under the control of the attackers. The vulnerability, discovered by Will Dormann of the CERT Coordination Center (CERT/CC), resides in the way Microsoft Outlook renders remotely-hosted OLE content when an RTF (Rich Text Format) email message is previewed and automatically initiates SMB connections. “Microsoft Outlook will automatically retrieve remote OLE content when an RTF email is previewed. Microsoft attempted to address the flaw in the last security updates, but it only successfully fixed automatically SMB connections when it previews RTF emails, any other SMB attack is still feasible. Almost 18 months ago, the security researcher Will Dormann of the CERT Coordination Center (CERT/CC) has found a severe vulnerability in Microsoft Outlook (CVE-2018-0950), time is passed but Microsoft partially addressed it with the last Patch Tuesday updates. Let’s look at the traffic in Wireshark to see what exactly is being leaked as the result of this automatic remote object loading. When remote OLE content is hosted on a SMB/CIFS server, the Windows client system will attempt to authenticate with the server using single sign-on (SSO).” states the CERT. “This may leak the user’s IP address, domain name, user name, host name, and password hash. If the user’s password is not complex enough, then an attacker may be able to crack the password in a short amount of time.”
3 Million stolen from the main Coinsecure Bitcoin wallet
Cryptocurrency exchange Coinsecure, India’s second exchange, announced that it has suffered a severe issue, 438 bitcoin, $3,3 million worth of bitcoin, have been transferred from the main wallet to an account that is not under their control. Amitabh Saxena, was extracting BTG and he claims that funds have been lost in the process during the extraction of the private keys,” Coinsecure added. Amitabh Saxena was extracting BTG and he claims that the funds have been lost in the process during the extraction of the private keys. Saxena denied any involvement in the case and informed Coinsecure that the funds “were stolen from company’s Bitcoin wallet due to some attack. “Our system itself has never been compromised or hacked, and the current issue points towards losses caused during an exercise to extract BTG [Bitcoin Gold] to distribute to our customers, ” the Coinsecure team wrote in its statement. According to the CEO of Coinsecure, the CSO is responsible for the transfer, the company posted two imaged on the websites containing company statement signed by the Coinsecure team and a scanned copy of a police complaint filed by Coinsecure CEO Mohit Kalra. Amitabh Saxena had private keys to the exchange’s main wallet. “The current issue points towards losses caused during an exercise to extract BTG to distribute to our customers. The Coinsecure CEO excluded the transfer was the result of a hack and accused the CSO, reads the statement published by Coinsecure.