Hacker gathers bank details of Pharma firm, steals Rs 5.27 L
A 38-year-old businessman from Andheri filed a complaint against an unidentified hacker for allegedly syphoning Rs 5,27,814 after collecting details on Real Time Gross Installment (RTGS) by hacking the e-mail id. Police have sent the details to the cyber crime cell for collecting details of the Internet Protocol. According to police, Jeetendra Sawant, 38, a resident of Vikhroli West told Powai police that the official e-mail id of Hritik Chemicals Private Limited was allegedly hacked and RTGS information was collected from another agency trading with the chemical and pharmaceutical firm. “The offence was committed between March 5 and March 12. The official account of the complainant’s firm was hacked and was assessed by an unauthorised person to collect the bank details of the firm,” said an Amboli police officer. “The bank had contacted the complainant to seek a confirmation, after which the incident came to light,” said the officer. Bharat Gaikwad, Senior Inspector, Amboli police station, said, “We have registered a case under section 420 (cheating) of the Indian Penal Code and under relevant sections of the Information Technology Act. “The cyber crime cell will collect information about the accused; further investigations are underway,” said Gaikwad.
Apple macOS issues reveal passwords for APFS encrypted volumes in plaintext
A vulnerability in APFS file system for macOS High Sierra operating system has been discovered by forensic analyst Sarah Edwards. The password for an encrypted APFS volume can be retrieved by running e executing the following ‘newfs_apfs’ command in the terminal: Edwards updated his post to highlight that he has discovered similar log entries in another system log that is more persistent. The flaw leaves encryption password for a newly created APFS volume in the unified logs in plaintext, it also allows encrypting previously created but unencrypted volumes. Apple File System (APFS) is a proprietary file system for macOS High Sierra and later, iOS 10. “It may not be noticeable at first (apart from the highlighting I’ve added of course), but the text “frogger13” is the password I used on a newly created APFS formatted FileVault Encrypted USB drive with the volume name “SEKRET”. The expert highlighted that you would not find the password in the plaintext when converting a non-APFS drive to APFS and then encrypt the drive. “In an update to my previously updated blog article, I have found another instance where the plaintext password was written to system logs. In the past months, other two issues were discovered in the APFS, in February the Apple expert Mike Bombich discovered an APFS Filesystem vulnerability that could lead macOS losing data under certain conditions. ” This means that anyone with access to the machine can see passwords stored in plaintext, the experts also warned that a malware could be used to collect log files to gather passphrase. 13 that addressed also a flaw in Apple file system that exposes encrypted drive’s password in the hint box.
Panera Bread left millions of customer records exposed online for months
It is not clear yet exactly how many Panera customer records may have been exposed by the company’s leaky Web site, but incremental customer numbers indexed by the site suggest that number may be higher than seven million. The company also exposed customer’s Panera loyalty card number, which could be used by scammers to spend prepaid accounts or to steal value from Panera customer loyalty accounts. Panera Bread left millions of customer records exposed online for months The company has more than 2,100 retail locations in the United States and Canada, its customers could order food online for pickup in stores or for delivery. On Monday, the popular security expert Brian Krebs reported a bug affecting the Panera’s website that left millions of customer records exposed in plain text. com, the Web site for the American chain of bakery-cafe fast-casual restaurants by the same name, leaked millions of customer records — including names, email and physical addresses, birthdays and the last four digits of the customer’s credit card number — for at least eight months before it was yanked offline earlier today, KrebsOnSecurity has learned. Only after Brian Krebs contacted Panera Bread, the company took the website offline. Panera Bread exposed the data at least for eight months after the company was first notified of the data leak. ” Panera told Fox Business that the data leak affected only about 10,000 records but experts at Hold Security estimated that the number of affected accounts is approximately 37 million. In a written statement, Panera declared it had fixed the problem within less than two hours of being notified by Brian Krebs, but the expert correctly asked why Panera did not explain why it has taken eight months to fix the issue after Houlihan reported it. The disconcerting aspect of the story is that the issue was first notified to Panera Bread by the security researcher Dylan Houlihan on August 2, 2017.
Under Armour data breach affected about 150 million MyFitnessPal users
“The affected data did not include government-issued identifiers (such as Social Security numbers and driver’s license numbers), which the company does not collect from users. Under Armour data breach affected about 150 million MyFitnessPal users Under Armour learned of the data breach on March 25, it promptly reported the hack to law enforcement and hired security consultants to investigate the incident. The company’s investigation is ongoing, but indicates that approximately 150 million user accounts were affected by this issue. “On March 25, the MyFitnessPal team became aware that an unauthorized party acquired data associated with MyFitnessPal user accounts in late February 2018. Attackers hacked the MyFitnessPal application that is used by its customers to track fitness activity and calorie consumption. The company quickly took steps to determine the nature and scope of the issue and to alert the MyFitnessPal community of the incident. Payment card data was also not affected because it is collected and processed separately. payment card data) or social security numbers and drivers licenses. According to the firm, an unauthorized party obtained access to user data, including usernames, email addresses, and “hashed” passwords. ” The company notified de data breach by email and in-app messaging to update settings to protect account information.
ATMJackpot, a new strain of ATM Malware discovered by experts
ATM Malware propagates via physical access to the ATM using USB, and also via the network by downloading the malware on to already-compromised ATM machines using sophisticated techniques. The number of ATM jackpot attacks is increasing in recent years, in January US Secret Service warned of cybercriminals are targeting ATM machines in the US forcing them to spit out hundreds of dollars with ‘jackpotting‘ attacks. Compared with previously-discovered malware, this malware has a smaller system footprint,” The malware has a smaller system footprint, it has a simple graphical user interface that displays a limited number of information, including the hostname, the service provider information such as cash dispenser, PIN pad, and card reader information. At the time, it is not clear that attack vector for the ATMJackpot malware, usually this kind of malware are manually installed via USB on ATMs, or downloaded from a compromised network. The malware opens a session with the service providers and registers to monitor events, then it opens a session with the cash dispenser, the card reader, and the PIN pad service providers. ATMJackpot, a new strain of ATM Malware discovered by experts The malware is still under development and appears to have originated in Hong Kong, it has a smaller system footprint compared with similar threats. In May 2017, Europol arrested 27 for jackpotting attacks on ATM across Europe, in September 2017 Europol warned that ATM attacks were increasing. ATMJackpot malware first registers the windows class name ‘Win’ with a procedure for the malware activity, then the malicious code creates the window, populates the options on the window, and initiates the connection with the XFS manager. “Netskope Threat Research Labs has discovered a new ATM malware, “ATMJackpot. “The malware being used has evolved significantly and the scope and scale of the attacks have grown proportionately,” said Steven Wilson, head of Europol’s EC3 cybercrime centre.
Fin7 hackers stole 5 Million payment card data from Saks Fifth Avenue and Lord & Taylor Stores
As of Sunday, only a small portion of compromised records have been offered for sale, crooks offered roughly 35,000 records for Saks Fifth Avenue and 90,000 records for Lord & Taylor. According to the parent company Hudson’s Bay Company (HBC), the security breach exposed customer payment card data, customer payment card data at certain Saks Fifth Avenue, the discount store brand Saks Off 5TH and Lord & Taylor stores in North America are impacted. Fin7 hackers stole 5 Million payment card data from Saks Fifth Avenue and Lord & Taylor Stores A new data breach made the headlines, the victim is Saks Fifth Avenue and Lord & Taylor stores. Several large financial institutions have confirmed that all tested records had been used before at Saks Fifth Avenue, Saks Fifth Avenue OFF 5TH, a discounted offset brand of luxury Saks Fifth Avenue stores, as well as Lord & Taylor stores. “We recently became aware of a data security issue involving customer payment card data at certain Saks Fifth Avenue, Saks OFF 5TH, and Lord & Taylor stores in North America. “Based on the analysis of records that are currently available, it appears that all Lord & Taylor and 83 US-based Saks Fifth Avenue locations have been compromised. “While the investigation is ongoing, there is no indication that this affects our e-commerce or other digital platforms,” The hackers did not compromise the HBC’s e-commerce or other digital platforms, the company promptly informed authorities and hired security investigators to “We are working rapidly with leading data security investigators to get our customers the information they they need, and our investigation is ongoing. We also are coordinating with law enforcement authorities and the payment card companies.
Games like Candy Crush can be used for data harvesting, warn experts
Free mobile and Facebook apps, as well as games such as Candy Crush, Ludo and Chess, can be potential tools for data harvesting, say cybersecurity experts, warning internet users in India against the seemingly innocuous everyday pastimes. Several apps on mobile phones and Facebook use data harvesting techniques and take users’ consent in terms and conditions to access their data, including name, age, ‘likes’, friends and messages, posing a threat to privacy, cautioned Jain. “There are a lot users who play games like Candy Crush, Chess, Ludo, or other war games like Mini Militia. “Data harvesting” is the process of extracting a large amount of data for analytics by “consent” of the user, sometimes even by tricking them, Jain said. Data harvesting, Jain elaborated, is mostly by some sort of consent, while data theft is largely by unauthorised access or hacking into a user’s profile or device. Users may use private browsing or browsers with add-ons to block monitoring using cookies,” he said. The warning comes as debates on data privacy intensify following social media giant Facebook’s reported data breach by UK-based analytics firm Cambridge Analytica to influence elections and market campaigns. Read privacy policies of websites and understand how they may use or share their personal information in the future, Singh said in his “advisory”. “Make sure that all of them have adequate awareness, knowledge and skill to leverage the power of these technologies and platforms (analytics and social media) but also stay safe, both from the security perspective and privacy,” she said. It is imperative that data subjects become vigilant about their privacy while visiting a website, added Jaspreet Singh, Partner – Cyber Security, Ernst & Young.
Auth0 authentication bypass issue exposed enterprises to hack
The experts exploited this issue to bypass login authentication using a cross-site request forgery (CSRF/XSRF) attack triggering the CVE-2018-6874 flaw against applications implementing Auth0 authentication. Auth0, one of the biggest identity-as-a-service platform is affected by a critical authentication bypass vulnerability that could be exploited by attackers to access any portal or application which are using it for authentication. ” Below a video PoC of the attack to demonstrate how to obtain the victim’s user id and bypass password authentication when logging into Auth0’s Management Dashboard by forging an authentication token. Security firm Cinta Infinita reported the vulnerability to the company in October 2017 and Auth0 solved the issue in a few hours but it spent several months to reach each customers using the vulnerable SDK and supported libraries of Auth0. Authentication for applications that use an email address or an incremental integer for user identification would be trivially bypassed. The unique information needed by attackers is the victim’s user ID or email address, that could be easily obtained with social engineering attacks. “So, now we had the ability to forge a valid signed JWT with the “email” and “user_id” of the victim. Auth0 implements a token-based authentication model for a large number of platforms, it managed 42 million logins every day and billions of login per month for over 2000 enterprise customers. The experts exploited the CSRF vulnerability to reuse a valid signed JWT generated for a separate account to access the targeted victim’s account. In September 2017, researchers from security firm Cinta Infinita discovered a flaw in Auth0’s Legacy Lock API while they were pen-testing an unnamed application that used service for the authentication.
130,000 Finnish user data exposed in third largest data breach ever happened in the country
The New Business Center in Helsinki added that detailed information about its users was not exposed because they were stored on a different system, which was not affected by the data breach. The data breach affected a website maintained by the New Business Center in Helsinki (“Helsingin Uusyrityskeskus”), that is the company that provides business advice to entrepreneurs. After the discovery of the data breach on 3rd April, the new business centre in Helsinki has taken down the affected website. Once the website will be online again, users are recommended to change their passwords immediately, I also suggest changing the passwords on any other service online for which the customers used the same credentials. “Data batches have overwritten username and password for over 130,000 users. The Finnish Communications Regulatory Authority (FICORA) is warning users of a massive data breach. Due to the number of user accounts exposed, this is Finland’s third largest data breach. The bad news for the Finnish citizens is that the password stored on the website were in plain text. We have filed an offence report, and the parties do not need to report to the police separately,” said Jarmo Hyökyvaara, Chairman of the Board of the New Business Center of Helsinki. The violation occurred on an open website for business ideas (liiketoimintasuunnitelma.com).” reported the local media Svenska.
Iran data hubs hacked
Hackers have attacked networks in a number of countries including data centres in Iran where they left the image of a US flag on screens along with a warning, “Don’t mess with our elections”, the Iranian IT ministry said on Saturday. “The attack apparently affected 200,000 router switches across the world in a widespread attack, including 3,500 switches in our country,” the communication and information technology ministry said in a statement carried by Irna. The statement said the attack, which hit Internet service providers and cut off web access for subscribers, was made possible by a vulnerability in routers from Cisco which had earlier issued a warning and provided a patch that some firms had failed to instal over the Iranian new year holiday. Cisco did not immediately respond to requests for comment. A blog published on Thursday by Nick Biasini, a threat researcher at Cisco’s Talos Security Intelligence and Research Group, said: “Several incidents in multiple countries, including some specifically targeting critical infrastructure, have involved the misuse of the Smart Install protocol… “As a result, we are taking an active stance, and are urging customers, again, of the elevated risk and available remediation paths.” Iran’s IT minister Mohammad Javad Azari-Jahromi posted a picture of a computer screen on Twitter with the image of the US flag and the hackers’ message. He said it was not yet clear who had carried out the attack. Azari-Jahromi said the attack mainly affected Europe, India and the US, state television reported.