Cakewalk for French tech-wiz, Aadhaar and Telangana portal easy hack
The important application programming interface key (API key) of the portal and data tables of various beneficiary schemes like NREGA and SSP were breached thereby opening access to all the data of beneficiaries, including Aadhaar numbers. The researcher, Baptiste Robert with Twitter handle ‘Elliot Alderson’, who has been highlighting data insecurity of the Aadhaar database posted on his Twitter as to how the site is vulnerable to basic SQL (structured query language) injection, a common web hacking technique. Cakewalk for French tech-wiz, Aadhaar and Telangana portal easy hack A French security researcher on Monday breached the Telangana government benefit disbursement portal ‘TSPost’ and lay bare its vulnerabilities. The portal has account details including Aadhaar numbers of 56 lakh beneficiaries of NREGA (National Rural Employment Guarantee scheme) and 40 lakh beneficiaries of social security pensions (SSP. in is vulnerable to a basic SQL injection that allows an attacker to access the database of the website. We have taken off the site from the web, and we hope by Tuesday evening we will be able to set it right,” Satish, COO of TSPost, said, “Our technical team is working on it. In this technique, researchers used SQL code for attacking back-end database of Telangana disbursement portal to access confidential information. To be clear, all the data on this website can be a dump. For this website, they have to hire decent web developers to protect it from attacks. ” The researcher tweeted in the evening,” I don’t know if I have to laugh or cry.
GitHub was hit by a massive 1.35 Tbps DDoS attack – the most powerful ever recorded
Between 17:21 and 17:30 UTC on February 28, we identified and mitigated a significant volumetric DDoS attack,” GitHub said in a blog, which was posted after the attack was mitigated. 35 Tbps DDoS attack – the most powerful ever recorded GitHub, one of the most popular code repositories, was hit by a massive DDoS attack on Wednesday, 28 February. The attack on GitHub surpassed even the 2016 massive DDoS attack against Dyn, which peaked at 1. Despite the unprecedented power wielded by such an attack, it can still be mitigated, according to Akamai researchers, who say that setting up a rate limit on port 11211 – the default port used by memcached – is the way to go about it. Because of its ability to create such massive attacks, it is likely that attackers will adopt memcached reflection as a favourite tool rapidly. The site was able to survive the attack thanks to Akamai’s DDoS mitigation service, which took over within minutes of being alerted about the attack, rerouting the barrage of traffic from GitHub to its scrubbing centres, WIRED reported. However, according to Akamai, the attack on GitHub could likely be eclipsed by threat actors leveraging vulnerable memcached servers. Because of memcached reflection capabilities, it is highly likely that this record attack will not be the biggest for long,” Akamai said in a blog. Instead of relying on bots, the threat actors exploited memcached servers and employed an amplification attack. It was an amplification attack using the memcached-based approach described above that peaked at 1.
What is Tempting Cedar? Hackers using fake Facebook profiles to spread Android spyware
Hackers using fake Facebook profiles to spread Android spyware A new campaign involving suspected Lebanese hackers has been uncovered, which involves cybercriminals creating fake Facebook profiles and using social engineering to lure potential victims into downloading an Android spyware. According to security researchers at Avast, who uncovered the new attacks, the hackers spread the spyware, dubbed Tempting Cedar, via fake Facebook profiles that engaged with potential victims. To stay safe from such attacks, researchers recommended that social media users always use antivirus software and not download files from unknown or untrusted sources. The targets were persuaded by the hackers operating the fake profiles to download the spyware, which was disguised as the Kik Messenger app. The spyware’s infection vector involves social engineering using attractive, but fictitious Facebook profiles. The targeted Tempting Cedar campaign has been running under the radar since as far back as 2015, targeting people in Middle Eastern countries. However, pieces of information point to the cybercriminals behind this campaign being Lebanese,” Avast researchers wrote in a blog. The Tempting Cedar spyware can also harvest a victim’s geolocation via the infected device to track their location, as well as record surrounding sounds. Despite unsophisticated techniques and the level of operational security is used, the attack managed to remain undetected for several years,” the Avast researchers said. The spyware steals victims’ photos, contacts, call logs and can also spy on conversations when the infected device is within range.
RedDrop: New sophisticated Android malware spies on you, steals data and racks up a huge phone bill
A new strain of malware has been found spying on users, stealing data and charging users in the process iStock Security researchers have discovered a nasty strain of Android malware designed to secretly spy on users, steal sensitive data from infected devices including full audio recordings and rack up a huge phone bill in the process. Some of the dubious apps found distributing the RedDrop malware Wandera RedDrop also comes with an array of spyware tools to harvest a trove of encrypted and unencrypted personal user data such as photos, contacts, images, device-related details such as IMEI and IMSI, the SIM’s mobile country code and mobile network code, app data and nearby Wi-Fi networks. According to UK-based mobile security and data management firm Wandera, the malicious spyware dubbed RedDrop has been lurking in at least 53 new mobile applications masquerading as useful tools such as image editors, calculators to language learning apps. It’s likely that RedDrop will continue to be employed by attackers even after these apps are flagged as malicious,” the researchers noted. The researchers said this is just one of more than 4,000 domains used by the RedDrop creators to distribute these apps and spread the malware. The malicious actor cleverly uses a seemingly helpful app to front an incredibly complex operation with malicious intent. Once collected, the data is then sent to the attackers’ personal DropBox or Drive folders to be used in future extortion schemes or cyber attacks. Wandera’s machine learning detections first uncovered one of the RedDrop apps when a user clicked on an ad displaying on popular Chinese search engine Baidu. “Not only does the attacker utilise a wide range of functioning malicious applications to entice the victim, they’ve also perfected every tiny detail to ensure their actions are difficult to trace,” the researchers said. “The group that built this malware have planned it exceedingly well.”
Hackers using fake Swift emails to deploy Adwind RAT, steal bank credentials in a new phishing scam
As we see, cybercriminals more and more often use finance-related topics as a bait to make users download malware and infect an enterprise’s network,” Fatih Orhan, head of Comodo Threat Research Lab head Fatih Orhan said. Hackers using fake Swift emails to deploy Adwind RAT, steal bank credentials in new phishing scam Hackers are using malicious emails disguised as important Swift messages to spread the cross-platform remote access trojan (RAT) Adwind. Comodo researchers note that using phony Swift emails is particularly effective given that money and bank account affairs often trigger an emotional response from people. According to Comodo Group’s Threat Research Lab, the spam messages claim to contain important information regarding a “wire bank transfer to your designated bank account” from the Swift network, the global banking industry’s payments messaging system. Having the precise information about the enterprise, these cyberattackers can even create malware specifically adjusted to the target environment to bypass all defensive mechanisms of the enterprise and hit the heart of the target,” the researchers said. The threat actors behind the phishing scam are likely using this attack to spy on users, collect data from the targeted enterprise network and endpoints and “prepare for the second phase of the cyber attack” with additional malicious software. When it comes to an enterprise’s financial accounts, the emotions rise even more,” the researchers explained in a blog post published Wednesday (21 February. The malware also tries to disable the Windows restore option and turns off the User Account Control feature, which prevents installing a program without the actual user being aware. Additionally, the malware checks for the presence of forensic, monitoring or anti-adware tools, then drops these malicious executable files and makes a connection with a domain in the hidden Tor network,” researchers said. The phishing email prompts users to review an attached document to check the details and make sure there are no discrepancies regarding the transfer.
1Password: How to check if your password has been compromised and leaked
Click on the “Check Password” button that pops up next to your password to check the integrity of your credentials “For now the Check Password feature is limited to the 1Password web client, and is not yet in the 1Password apps,” AgileBits CEO Jeffery Shiner wrote in a comment on their blog post. Hunt announced the new Pwned Passwords service on Thursday, (22 February) which features a database of over 500 million passwords that have been leaked in previous data breaches. Popular password management service 1Password has unveiled a cool new feature that allows users to check whether their password has been compromised in a data breach and leaked online. The proof-of-concept feature released this week is an integration of security expert Troy Hunt’s new Pwned Passwords service that lets users check if their passwords have already been stolen. Users with a 1Password membership can already check out the tool (as seen in the video below) to see if their password has been leaked so far: Sign in to your 1Password account Click on Open Vault and select one of your credentials For Mac users, press and hold Shift-Control-Option-C. Hunt has made the Pwned Passwords database and API freely available for download via his “Have I been pwned. AgileBits notes that using the feature to check your password is safe and secure. The company hashes passwords using the SHA-1 hashing algorithm and sends the first five characters of the 40-character hash to Hunt’s service. Checking your own passwords against this list is immensely valuable,” AgileBits, the company behind 1Passwrod, said within a day of Hunt’s announcement. So there is a fair chance that the instance of the password that ended up on the list isn’t from your use of it.
Evrial: The Latest Malware That Steals Bitcoins Using the Clipboard
ElevenPaths has taken a deep technical dive into the malware itself, to show how it technically works, with a quite self-explanatory video. The malware performs this task in the background for different types of address including Bitcoin, Litecoin, Ethereum and Monero addresses as well as for Steam identifiers and Webmoney WMR and WMZ units. In this sense, the attacker waits until the user, trusting in the clipboard action, sends a new transaction to the copied cryptocurrency address, without knowing that the recipient’s address has been silently modified to one that belongs to the attacker. NET malware sample capable of stealing passwords from browsers, FTP clients, Pidgin and it could also modify the clipboard on the fly so as to change any copied cryptocurrency address to whatever address he wanted to. Using this information and some other analysed samples, it has been possible to identify users in different deep web forums under the name Qutra whose main objective: sell this malicious software. Evrial allows the attacker to control it all from a comfortable panel where the stolen data can be easily explored. By the end of 2017, CryptoShuffle was a malware sample capable of reading the clipboard and modifying cryptocurrency addresses found there. We are able to guess how much it is in every wallet. There are also evidences that CryptoSuffer malware was linked to the same threat actor after identifying a publication in Pastebin explaining the functionalities of this family and published under the same user. If ransomware wallets usually receive the same amount from its victims, here the range is wider because the legitimate payments that the victim wants to do are, of course, of different amounts.
JPMorgan Chase ‘glitch’ gave some customers access to others’ bank accounts, confidential data
I logged into the online banking system using my own account information and the Chase system instead logged me into an entirely different person’s account, a person I have no knowledge of, one Reddit user reported. JPMorgan Chase ‘glitch’ gave some customers access to others’ bank accounts, confidential data A number of JPMorgan Chase customers’ accounts were exposed after a “glitch” briefly gave some clients access to other people’s online accounts instead of their own. When I logged out of the account and logged in again using the same account info, I was then able to access my own account. Users said they were able to view a trove of confidential, financial information within other people’s accounts including their checking, savings and credit card account details, balances and other personal data. The issue was first reported by Fly & Dine after one of the writers’ fiancé tried logging into their online bank account but instead gained access to the account of random other clients in New Jersey. The problem affected “a pretty limited number of customers” attempting to log in between 6:30 pm and 9:00 pm EST on Wednesday before it was resolved, the company said. Multiple irked customers also took to Twitter and Reddit to complain about the glitch that seemed to affect users of both the Chase. She said the incident was caused by a technical glitch and was not the result of a hack. The bank is still trying to determine how many customers were affected by the glitch. Company spokeswoman Patricia Wexler said JPMorgan has not yet received any reports of malicious money transfers made as a result of the glitch so far but will work with customers if such a case does pop up.
LAPD hacked: Police force’s official Twitter account hijacked to post ‘white supremacist’ message
Hackers managed to hijack the official Twitter account of the Los Angeles Police Department on Monday (26 February) to assert that members of the police force are “white supremacists. Josh Rubenstein, the LAPD’s public information director, confirmed that the LAPD’s Twitter account had been hacked. Meanwhile, computer systems in Allentown, Pennsylvania was hit with a costly malware attack involving the Emotet trojan, forcing city officials to shut down multiple critical systems. Meanwhile, Twitter hacks are also becoming more common as threat actors look to take over high-profile accounts of government officials, notable personalities and celebrities. In 2016 and 2017, the infamous hacking outfit OurMine hacked the social media accounts of a number of high-profile figures, usually leaving behind their signature message about “testing your security” and asking the account holder to contact them directly. The department later tweeted: “We are aware that our #LAPD account was compromised and are taking the proper steps to resolve this issue. Looks like @LAPDHQ was hacked for a hot minute,” one Twitter user wrote while another asked: “Hey @LAPDHQ u ok. Officials said the tweet was not posted by staff at the LAPD. Earlier today the LAPD’s Headquarters Twitter account was compromised. In January, the verified Twitter accounts of India’s top diplomat to the United Nations Syed Akbaruddin, World Economic Forum president Borge Brende and editor-in-chief of German Magazine Der Spiegel Klaus Brinkbaumer were also hijacked.
Dozen vulnerabilities discovered in Trend Micro Linux-based Email Encryption Gateway
Security researchers at Core Security have discovered a dozen flaws in Trend Micro Linux-based Email Encryption Gateway, some of them have been rated as critical and high severity. “Encryption for Email Gateway  is a Linux-based software solution providing the ability to perform the encryption and decryption of email at the corporate gateway, regardless of the email client, and the platform from which it originated. The encryption and decryption of email on the TMEEG client are controlled by a Policy Manager that enables an administrator to configure policies based on various parameters, such as sender and recipient email addresses,” states Core Security. “Multiple vulnerabilities were found in the Trend Micro Email Encryption Gateway web console that would allow a remote unauthenticated attacker to gain command execution as root. Affected Packages are Trend Micro Email Encryption Gateway 5. 2017-06-05: Core Security sent an initial notification to Trend Micro, including a draft advisory. Administrators can configure the virtual appliance running Email Encryption Gateway during the deployment process upon deployment via a registration endpoint. Trend Micro confirmed that a medium severity CSRF issue and a low severity SQL injection vulnerability have not been patched due to the difficulties of implementing a fix. 00) and earlier, Trend Micro addressed ten of the vulnerabilities with the version 5. According to the report timeline, Trend Micro spent more than six months to issue the patches.