Year after note ban, black money reborn as cyber-cash
In a 2017 appraisal, the US Department of Justice flagged cryptocurrencies as an “emerging money laundering threat”, noting that they enabled transnational criminal organisations to “easily transfer illicit proceeds internationally”. Indians appear to be following the global cryptocurrency boom in part because of the profits, but also because of the loss of faith in cash, as well as the flatlining of property and gold prices, precipitated by demonetisation. “It’s silly to ban cryptocurrency because it is being used for money laundering or some other criminal activity. India’s intelligence services, sources told The Indian Express, have warned the government that the kidnapping — India’s first for-cryptocurrency violent crime — could mark the birth of a new national security threat. “The ease with which cryptocurrency allows dirty money to be moved around raises hard questions our future ability to monitor funding for terrorism and organised crime,” says an intelligence officer familiar with the consultations. The technology allows users to gamble without the need to handing over bank or credit card details, lowers fees and allows for almost instant deposit times. ZebPay, India’s largest exchange, has reported its user-base has doubled in the last three months, while UnoCoin says its user-base has gone up from 100,000 to 500,000 this year. Cryptocurrency gives a much better return than anything else — and it’s a whole lot more safe from tax raids,” says a New Delhi-based garment exporter who now keeps significant bitcoin holdings. Law enforcement in India has had few encounters with cryptocurrency so far — and bitcoin trade is currently in a legal grey zone, with no clear regulations governing it.
Cyber threats will be a big form of terror for the world
Indian cyber security is just about “satisfactory”, but “needs to be good”, says former army man Lt Gen (retd) Sudhir Sharma. On the sidelines of the Horasis Asia Meeting, Sharma spoke to BusinessLine about the growing threats to India’s cyber security systems, the need to minimise such risks and how the country has been faring so far in this regard. I do not see countries like India, China, Korea, Russia or others coming together and compromising to deal with cyber security. When you create the architecture (for cyber defence), India and its people should be on top for creating that system. Cyber threats are going to become a big form of terror, to India and to the world. How do you see India’s cyber security preparation in today’s context. Is India ready to take the different security threats arising nowadays. But do you see the need to have a global cyber security law which has all nations on board. These are early days, but we have to be very cautious of the fact that cyber security will play a very dominant role in making our weapon systems. It is going to be difficult as countries are very protective about their cyber security laws.
Department of Social Services data leak: Thousands of employees’ personal, credit card data exposed
The compromised data included employees’ names, usernames, work phone numbers, work emails, system passwords, Australian government services number, credit card information, public service classification and organisation unit. Australia’s Department of Social Services has notified thousands of current and former employees that their personal and financial data has been breached and exposed for over a year. As a result, some historical information about DSS employees’ work expenses was “vulnerable to possible cyber-breach,” a spokeswoman said. The department sent emails earlier this month to 8,500 employees notifying them of a “data compromise relating to staff profiles within the department’s credit card management system prior to 2016,” the Guardian first reported. The data has now been secured,” Dilley wrote, adding there is currently “no evidence” to suggest that the data or the department’s credit cards were improperly used so far. The letter sent to employees from DSS chief financial officer Scott Diley reportedly said “the actions of the department’s third-party provider” were to blame for the breach. The data was managed by a third-party contractor called Business Information Services (BIS. She added that the compromised data included “partially anonymous work-related expenses” such as “cost centres, corporate credit cards without CCV and expiry dates, and passwords that were hashed and therefore not visible. BIS said the vulnerability was “secured within four hours” and said the data was no longer publicly accessible. The Australia Signals Directorate notified the DSS about the data leak on 3 October, the spokesman said.
Imgur hacked: Personal details of 1.7 million user accounts stolen in major data breach
Imgur said it suffered a major data breach in 2014 that compromised the email addresses and passwords of 1. The compromised account information included only email addresses and passwords,” Imgur’s chief operating officer, Roy Sehgal, said in a statement. The popular photo-sharing site was alerted by Troy Hunt, security expert and creator of the data breach notification website Have I Been Pwned, of the security breach on Thursday (23 November) which happened to be Thanksgiving – a US national holiday when most businesses are closed. We have always encrypted your password in our database, but it may have been cracked with brute force due to an older hashing algorithm (SHA-256) that was used at the time,” Imgur said. I want to recognise @imgur’s exemplary handling of this: that’s 25 hours and 10 mins from my initial email to a press address to them mobilising people over Thanksgiving, assessing the data, beginning password resets and making a public disclosure. We apologize that this breach occurred and the inconvenience it has caused you,” the company said. Imgur users have been asked to update their passwords and not use the same one across multiple sites and applications. Imgur has never asked for real names, addresses, phone numbers, or other personally-identifying information, so the information that was compromised did NOT include such PII. Disclosure of the breach comes as the latest in a series of security breaches that took place years ago that have only come to light in 2017. Imgur said they are still investigating how the data was compromised.
MacOS High Sierra ‘root’ security flaw: How to protect your Mac against the ‘hack’
A major security flaw was uncovered in Apple’s MacOS High Sierra, the tech giant’s latest software for Macs, which allows anyone to get admin access without any real hacking. The Verge reported that the flaw could allow anyone the ability to view all files and even reset users’ systems as well as their Apple ID usernames and passwords. While attempting to log in, all one has to do is type “root” as the username, leaving the password field blank and click on the “unlock” button twice to immediately gain complete access to the computer. Next, to enable the Root User (if you have not done that already), click on the menu bar within the Directory Utility window and then choose Change Root Password. Apple has reportedly confirmed the security flaw. You can do this by clicking on System Preferences on the Apple menu, then clicking on Users & Groups (or Accounts. According to Apple’s guidelines, the simplest way to avoid any potential attacks via the flaw is to set a root password. The flaw allows anyone admin access without a password. The flaw was publicly exposed by security researchers on Twitter, which will likely induce Apple to push out a quick fix. Once that is done, click on Open Directory Utility and enter a username and password.
Uber hack: 2.7 million UK customers and drivers affected by major 2016 data breach
This latest shocking development about Uber will alarm millions of Londoners whose personal data could have been stolen by criminals,” Khan said. The hack, which affected a total of 57 million users and drivers across the globe, only came to light last week after Bloomberg reported Uber paid hackers a ransom of $100,000 (£75,500) to delete the stolen data and keep the breach quiet. The UK’s data regulator, the Information Commissioner’s Office (ICO), said it expects Uber to notify all affected British customers and drivers as soon as possible. None of this should have happened,” Uber CEO Dara Khosrowshahi said after news of the data breach broke last week. 7 million people in the UK – more than half of its user base in the country – were affected by the massive 2016 data breach that the company covered up for more than a year. Uber needs to urgently confirm which of their customers are affected, what is being done to ensure these customers don’t suffer adversely, and what action is being taken to prevent this happening again in the future. The Transport of London cited concerns over Uber’s reporting of criminal offences, background checks and the use of its secret Greyball software in London, among other issues. The public will want to know how there could be this catastrophic breach of personal data security. As part of our investigation we are still waiting for technical reports which should give full confirmation of the figures and the type of personal data that has been compromised,” Deputy Commissioner James Dipple-Johnstone said in a statement. However, trip history, dates of birth, social security numbers, credit card and bank details were not affected by the breach, the ride-hailing giant said.
Google finds new Tizi Android spyware that can steal social media data, photos, contacts and more
Google said that it had notified users of all the known infected devices and suspended the developer’s account. ZDNet reported that the Twitter account promoting Tizi was actively spreading links even after Google removed the Tizi-infected apps from the Play Store. The spyware was “used in a targeted attack against devices in African countries, specifically: Kenya, Nigeria, and Tanzania,” Google said. Although the search giant has removed Tizi-infected apps from Play Store, the spyware has already affected around 1,300 devices. However, at the time of writing, the Twitter account (@MyTiziApp) appears to have been deleted and is no longer available. The individual who allegedly developed Tizi created a website and social media accounts to trick users into installing it from Google Play and third-party websites. Google said that the spyware was also capable of rooting devices with older vulnerabilities. The Android spyware can steal sensitive data from social media apps like Facebook, Twitter, WhatsApp, Viber, Skype, LinkedIn, and Telegram. Moreover, the spyware is also capable of recording audio and taking photos without displaying it on the screen, ensuring that the user is unaware of the photo captured. ZDNet reported that one of the Tizi-infected apps was targeting people interested in installing an app about a Kenyan political coalition called the National Super Alliance (NASA). ZDNet reported that the Twitter account promoting Tizi was actively spreading links even after Google removed the Tizi-infected apps from the Play Store. However, at the time of writing, the Twitter account (@MyTiziApp) appears to have been deleted and is no longer available.
MHA directs Armed Forces to remove Truecaller, WeChat, 40 other Chinese developed Apps; declares them spyware:
The Ministry of Home Affairs has directed all security personnel engaged in countering internal and external threats to delete at least 40 Apps run by Chinese companies from their mobile phones. The advisory given to the Indian Armed Force and Central Armed Police Personnel (CAPF) warns of a possible cyber attack through mobile Apps. This website is in possession of the directive issued by the intelligence agencies. The MHA issued the official communique on November 24 after the Intelligence Directorate General (DTE GEN) raised concern over the usage of Chinese Apps. The intelligence agencies have alerted MHA usage of Chinese Applications can lead to data breach. The directive reads, “As per reliable inputs a number of Android and IOS Apps developed by Chinese developers or having Chinese links are reportedly either spyware or other malicious ware.” The MHA directive further reads, “The use of these Apps by our force personnel can be detrimental to data security having implications on the force and national security.” The official communique further states, “All officers and men under your command may be advised not to use these Apps either in office or on on personal mobile phones.” The MHA has also asked the FMNS to uninstall the Apps if being used and format the mobile phones. Here are the lists of Chinese Apps considered to be a national threat:
WEIBO, WECHAT, SHAREIT, TRUECALLER, UC NEWS, UC Browser, BEAUTYPLUS, NEWSDOG, VIVA VIDEO -QU VIDEO INC, PARALLEL SPACE, APUS BWROWSER, PERFECT CORP, VIRUS CLEANER – HI SECURITY LAB, CM BROWSER, MI COMMUNITY, DU RECORDER, VAULT HIDE- NQ MOBILE SECURITY, YOUCAM MAKEUP, MI STORE, CACHECLEANER, DU APPS STUDIO, DU BATTERY SAVER ,DU CLEANER, DU PRIVACY, 360 SECURITY DU BROWSER, CLEAN MASTER – CHEETAH MOBILE, BAIDU TRANSLATE, BAIDU MAP, WONDER CAMP – BAIDU INC, ES FILE EXPLORER, PHOTO WONDER, QQ INTERNATIONAL, QQ MUSIC, QQ MAIL, QQ PLAYER, QQ NEWSFEED, WESYNC, QQ SECURITY CENTRE, SELFIE CITY, MAIL MASTER, MI VIDEO CALL – XIAOMI, QQ LAUNCHER
What is Cold Jewel Lines? Fake WhatsApp update found on Google Play promotes malware-laden game
The ad promotes a Play Store app called Cold Jewel Lines, a fully functional game similar to the popular Candy Crush. However, malware is executed immediately after a user starts the game that is capable of communicating with a C&C server, performing ad-auto clicking activities, exfiltrating sensitive information from the infected device, parsing and extracting information from received SMS texts, potentially executing other malicious payloads and exploits as well as executing shell commands to extract more data. Disguised to look like an official WhatsApp app, the malicious programme actually bombards users with a slew of dodgy ads. The dubious Android WhatsApp program called “Update WhatsApp Messenger” was first unearthed by Reddit users earlier in November and was later investigated by Zimperium’s zLabs research team. After the app is launched, the user is hit with a variety of advertisements prompting them to install other malicious apps. Security researchers have discovered a fake WhatsApp update on the Google Play Store that advertises a fully functional Candy Crush-like game that is riddled with malware. Once installed, the app is actually tough to find on the device since it can’t actually can’t be seen on the launcher. However, clicking on the “empty” icon at the end of the list of applications in the launcher will open up the programme. According to Favaro, the malware is capable of extracting sensitive information about the infected device including its version, manufacturer, root status, user agent, operator, IMEI (International Mobile Equipment Identity) number, IMSI (international mobile subscriber identity) number, Android UUIDs (Universally Unique Identifier), Wi-Fi network, fingerprint and more. The developer of the phoney WhatsApp program was named “WhatsApp Inc.
What is Cobalt malware? Hackers exploit 17-year-old Microsoft Office flaw to hijack PCs
Threat actors are always on the lookout for vulnerabilities to exploit and use them for malware campaigns like this,” the Fortinet researchers wrote. Researchers at Fortinet said threat actors have been using the CVE-2017-11882 exploit, a remote code execution vulnerability in Microsoft Office that has been active for nearly a decade, but was only recently disclosed and patched by the company earlier in November. As we have repeatedly seen, not long after its disclosure threat actors were quick to take advantage of this vulnerability to deliver a malware using a component from a well-known penetration testing tool, Cobalt Strike,” the researchers said. Security researchers have found hackers are exploiting a Microsoft Office vulnerability that existed for 17 years to distribute malicious malware capable of hijacking an infected system. Once the document is opened, the user is met with a plain document with the words “Enable Editing. We frequently see malware campaigns that exploit vulnerabilities that have been patched for months or even years. it’s possible that this is only to trick the user into thinking that securities are in place, which is something one would expect in an email from a widely used financial service. However, the email contains a password-protected RTF document with login credentials provided in the email to unlock it. This malware campaign targets Russian speakers with a spam email that claims to be a notification email from Visa regarding some rule changes for the payWave service in Russia. The vulnerability can be exploited by attackers to run arbitrary code and potentially take full control of the system to execute commands and extract files.