Game of Thrones Hotstar leak: Indian police arrest 4 people for leaking unaired episode 4 of season 7:
The hacker group recently released unaired episodes from 10 HBO shows and has previously also leaked unaired Game of Thrones episodes from the show’s latest season. The arrests, however, do not relate to the recent HBO hack, which involved a hacker group going by the pseudonym Mr. Indian police have reportedly arrested 4 people suspected of having leaked an unaired episode of HBO’s immensely popular show Game of Thrones. The hackers also recently leaked emails from HBO, allegedly detailing the network’s attempt to pay off the hackers with $250,000 (£192,827), disguised as a bug bounty program. However, the arrests reveal that the leak was caused by insiders at HBO’s distribution partner Star India. The 4 arrested include 3 current and 1 former employee of a Mumbai-based company Prime Focus, which legally handles the storage and processing of the show for the Indian steaming website Hotstar, BBC reported. The episode in question, titled “The Spoils of War,” was leaked on 4 August by a Reddit user, just a day before it was scheduled to air globally. Meanwhile, the HBO hackers, Mr. We investigated the case and have arrested four individuals for unauthorised publication of the fourth episode from season seven,” Deputy Commissioner of Police Akbar Pathan told AFP. The 4 individuals have reportedly been accused of criminal breach of trust and computer-related offences and will be detained till 21 August.
Several websites of Pakistan govt hacked on Independence Day
Several websites of the Pakistan government were defaced on Monday allegedly by hackers from India. The hackers attacked websites of some key ministries on the day the country celebrated its 70th Independence Day. The sites hacked included Ministry of Defence, Ministry of Climate Change, Ministry of Inter-provincial coordination, Ministry of Water and Power, Ministry of Information Technology and others. An official of the Ministry of Information Technology said the attack was carried out by a group calling themselves “LuluSec India”. The hackers posted pro-India material on the web pages of hacked websites. Several websites are still not functional. There was no formal reaction by the government so far. It is not the first incident of cyber-attack by hackers targeting the Pakistani government websites. Such attacks have occurred in the past also.
Over 1,000 spyware apps that can silently track almost everything found on Android app stores:
The actors behind this family have shown that they’re capable of getting their spyware into the official app store and as it’s actively being developed, and its build process is automated, it’s likely that SonicSpy will surface again in the future,” said Michael Flossman, security research services tech lead at Lookout. Although Google has already removed the three malicious apps from Google Play, the apps had already been downloaded by users before they were removed. Although Google has removed SonicSpy from Google Play, researchers warn that it could make a comeback. The spyware samples belong to the SonicSpy malware family, which security experts say, was developed by hacker(s) in Iraq. According to security experts at Lookout, SonicSpy was detected after three samples, disguised as messaging services called soniac, hulk messenger and troy chat, were uncovered by the researchers on Google Play. It is still unclear if the hackers are going after specific targets or are merely looking to gain data from the many victims who downloaded the spyware infected apps. Researchers also said that numerous other versions of the spyware continue to be available on various third-party Android apps. Security experts say that hackers have been “aggressively” pushing SonicSpy samples since February 2017. Over 1,000 spyware apps, that can monitor almost everything, have been found on various Android app stores, including Google Play. Lookout researchers believe that SonicSpy and SpyNote, which share similar code, may have been created by the same Iraqi hackers.
Fresh spike in ‘Emotet’ malware could leave your banking details exposed to hackers:
All in all, it means that users running Windows, and especially enterprises using the popular operating system (OS), need to be more careful than ever before about the threats caused by worm-like malware. Its purpose is simple: to drop banking malware onto a target’s computer and use crafty techniques to steal usernames and passwords relating to bank accounts. The ‘Emotet’malware has been infecting computers for years, but one security firm is warning that it is currently on the rise and your banking credentials could be at risk. “The primary distinction is that a Trojan requires some degree of social engineering to trick a human into enabling the spread of the infection whereas a worm can spread to other systems without the aid of a user. Emotet was first highlighted as a banking Trojan threat by security firm Trend Micro back in 2014. The firm described the malware as a type of “worm that takes advantage of weak administrator passwords to spread across a network. One month later, June 2017, Fidelis Cybersecurity said the authors of Emotet would have paid close attention to the malware pandemic. Cybersecurity expert Joie Salvio wrote at the time: “What makes this malware, detected as Emotet, highly notable is that it ‘sniffs’ network activity to steal information.Since then, of course, the world has encountered WannaCry which showed just how much damage a computer worm can cause if allowed to spread. The cybersecurity firm also remained vague about the scope of the attacks, failing to provide concrete statistics on the number of victims.
Fancy Bear hackers now using NSA’s EternalBlue exploit to go after hotels in Europe and Middle East:
“No guest credentials were observed being stolen at the compromised hotels; however, in a separate incident that occurred in Fall 2016, APT28 gained initial access to a victim’s network via credentials likely stolen from a hotel Wi-Fi network,” FireEye researchers said. The responder tool used in the attacks allows Fancy Bear hackers to steal victims’ usernames and hashed passwords, which researchers say boosts” escalation of privileges in the victim network. The group is leveraging less secure hotel Wi-Fi networks to steal credentials,” FireEye researchers said, adding that Fancy Bear hackers’ “already wide-ranging capabilities and tactics are continuing to grow and refine as the group expands its infection vectors. The researchers said that they had “moderate confidence” that the attacks are the work of Fancy Bear hackers, as the campaign also involves sending out phishing emails that drop the group’s signature Gamefish malware. The hackers have targeted at least 7 European and 1 Middle Eastern hotel, according to FireEye researchers. The hackers’ new campaign, which involves sending out phishing emails, targets hotels’ systems that control guest and internal Wi-Fi networks. “FireEye experts said that travellers, especially those from government and corporate sectors might be Fancy Bears’ likely targets. Fancy Bear, also known as APT 28, is now using the NSA’s EternalBlue exploit, which was leaked in April by the mysterious hacker group Shadow Brokers. The Kremlin-linked hacker group that has been deemed responsible for the DNC hack, as well as various other related cyber espionage attacks, has launched a new campaign targeting the hospitality industry. The Fancy Bear hackers are back and going after targets in Europe and the Middle East.
LinkedIn can’t stop data-hungry companies from gorging on your stealthy job searches
In the case, LinkedIn’s legal team said the company faced “significant harm” because hiQ Labs’ data collection threatened the privacy of its userbase – because even members who had chosen to make their profiles public were still invested in how their data was used. LinkedIn, the social media platform for grown-ups, has been ordered by a US district judge to stop blocking a third-party data company’s access to data on its users’ public profiles – a ruling that backs up the long-held belief that nothing is truly free on the internet. On 14 August, Judge Edward Chen ruled that LinkedIn had 24 hours to disable any software that was being used to prevent San Francisco startup hiQ Labs – which uses social networking data to help analyse the “flight risk” of employees – from scraping public information.”LinkedIn’s attempt to wall-off this public information – viewable by anyone with a web browser – is not just a danger to hiQ, but to any company that uses public sources,” he added. “LinkedIn posits that when a user updates his profile, that action may signal to his employer that he is looking for a new position,” the filing stated. “I run a company whose very existence is tied to the notion of public data really being equally accessible to all members of the public.HiQ Labs sells its clients information about a selection of workforces but, according to the BBC, a representative claimed that it does not currently sell a service that alerts bosses to profile changes, nor can the company monitor every individual profile account. On 23 May 2017, court filings show, LinkedIn issued its first cease and desist letter against hiQ Labs. Founded in 2002, LinkedIn is a social media website focused on professional networking.
WikiLeaks dumps 71,800 hacked emails linked to French president Emmanuel Macron
Whistleblowing website WikiLeaks has released an archive of 21,075 “verified” emails linked to the election campaign of French president Emmanuel Macron, previously leaked by unknown hackers on 5 May earlier this year, 48 hours before citizens went to the polls. The emails range from 20 March 2009 to 24 April 2017, WikiLeaks said in a statement sent via email on Monday 31 July. WikiLeaks said it had managed to verify 21,075 emails but said that “based on statistical sampling the overwheling (sic) majority of the rest of the emails” were authentic. A statement read: “Intervening in the last hour of the official campaign, this operation is obviously a democratic destabilization, as has already been seen in the United States during the last presidential campaign. In March 2017, Japanese cybersecurity firm Trend Micro claimed that Macron’s campaign had been targeted by a Russia-linked hacking unit called APT28, also known as Fancy Bear. On Friday 5 May, two days before Macron’s landslide victory in the election, hackers leaked roughly 9GB of material allegedly stolen from campaign staffers. On 1 June, the French government said that, upon analysis, it had found no links to Russian hackers. The same group was linked to the hack at the US Democratic National Committee (DNC) and the leaking of documents from the fake Twitter persona, Guccifer 2. Declassified US intelligence – the assessment of the NSA, FBI and CIA – warned in January 2017 that Moscow-linked hackers would continue to conduct “influence efforts worldwide” in the future following a slew of successful cyberattacks across the US, France and Germany. “The website’s founder, Julian Assange, has long-denied receiving leaks of sensitive material via the Kremlin or any “state actors.
This Amazon Echo ‘hack’ can turn your friendly home assistant into a covert wiretap
The rooting of the Amazon Echo device in itself was trivial; however, it raises a number of important questions for manufacturers of internet enabled or ‘smart home’ devices,” said Mark Barnes, security consultant at MWR Info-Security, in a statement. Research published on Tuesday 1 August by MWR Info-Security detailed how its experts found the Amazon Echo to be susceptible to a physical attack, allowing a hacker to gain control over the device and install malware, listen in on conversations and steal private data. “What this research highlights is the need for manufacturers to think about both the physical and digital security risks that the devices may be subjected too and mitigate them at the design and development stage,” MWR InfoSecurity’s Barnes continued. Vulnerabilities in older editions of the Amazon Echo can let hackers transform the digital assistant into a covert listening device, researchers have claimed. By removing a rubber base at the bottom of the Amazon Echo, the research team could access the 18 debug pads and directly boot into the firmware of the device, via an external SD card, installing malware without leaving any physical evidence of tampering. “Whilst Amazon has done a considerable amount to minimize the potential attack surface, these two hardware design choices – unprotected debug pads and hardware configuration setting that allows the device to boot via an external SD card – could expose consumers to an unnecessary risk. “But it shouldn’t be taken for granted that consumers won’t expose the devices to uncontrolled environments that places their security and privacy at risk. “The security firm said there are a number of methods to reduce the harm from such a hack, including taking advantage of the built-in mute button, constantly monitoring home networks for any sign of unusual activity and ensuring devices are only purchased
Shadow Brokers have allegedly already made nearly $90,000 from their monthly hacking tool dumps
The Shadow Brokers, the mysterious hacker group that leaked troves of NSA hacking tools, has reportedly made nearly $90,000 (£69,200) from their monthly data dumps. In late May, shortly after the Shadow Brokers announced their monthly subscription service, some security experts attempted to crowdfund money to buy some of the Shadow Brokers’ wares – NSA exploits. Motherboard reported that the security researcher identified the email addresses of five people subscribing to the Shadow Brokers’ monthly dumps. A security researcher going by the pseudonym wh1sks claimed to have identified several of the Shadow Brokers’ clients, Motherboard reported. As the Shadow Brokers continue posting new messages every month, advertising their cyberweapons sale, US authorities are allegedly looking to hunt down a former, disgruntled NSA agent, who they believe may have ties to the hacker group. “TheShadowBrokers ripped me off,” fsyourmoms wrote, adding that the exploit received was “a tool, not even an exploit,” and appeared to be old. One of the subscribers, going by the pseudonym fsyourmoms, complained about the quality of the exploits received from the Shadow Brokers in a blog post. “However, the researcher also noted that it’s “plausible” that the Shadow Brokers “just sent themselves” some Monero “to make it appear as if they’re getting sales. The researcher wrote in a blog that despite Shadow Brokers having “gone dark” on Twitter and Steemit, “it looks like people are still paying them for NSA malware. The hackers reportedly made around $88,000 between July and August in Monero.
Amber Rudd falls for hoax email prankster who also fooled Trump administration officials
A Home Office official reportedly confirmed that the exchange had occurred but denied that Rudd used her private email. The prankster contacted Rudd on her parliamentary email address and Rudd responded from a separate private email account. The prankster reportedly posed as a senior Downing Street official to trick Rudd into responding to emails. UK home secretary Amber Rudd is reportedly the latest victim of the email prankster who goes by the pseudonym Sinon Reborn. Reborn told the Guardian that he also sent hoax emails to foreign secretary Boris Johnson and chancellor Phillip Hammond, but only Rudd responded.”Reborn is the same prankster who successfully tricked high profile White House officials, including former White House chief communications head Anthony Scaramucci, Eric Trump and others into communicating via email. The email hoaxer who previously duped Trump administration officials, as well as the governor of Bank of England, has tricked yet another high profile individual into engaging in an email exchange. The prankster reportedly used the free email service GMX to pose as newly appointed communications chief Robbie Gibb. Rudd reportedly disclosed that she was working on a series of upcoming announcements with her special adviser Mohammed Hussein, before realising that she was communicating with a hoaxer. After Rudd realised that the email was not from Gibb, she said in another email, “Well, as you can imagine a few things on the agenda but getting tough on people impersonating others is definitely up there.
Mamba ransomware that crippled San Francisco’s transit system reappears in Brazil, Saudi Arabia
Unfortunately there is no way to decrypt data that has been encrypted with the DiskCryptor utility, because this legitimate utility uses strong encryption algorithms. The malware uses a legitimate Windows disk encryption utility called DiskCryptor to ensnare victim’s hard drives. “It is important to mention that for each machine in a victim’s network, the threat actor generates a password for the DiskCryptor utility. Regarding the new slew of Mamba ransomware attacks spotted in Brazil and Saudi Arabia, researchers explain that the threat actors first gain access to a targeted organization’s network and then use the PSEXEC utility to execute the malicious code. Once the malware encrypts a Windows machine, it overwrites the existing Master Boot Record with a custom MBR and encrypts the targeted hard driver using DiskCryptor. This password is passed via command line arguments to the ransomware dropper,” Kaspersky Lab said. After encrypting the files, the system is rebooted and a victim is met with a ransom note on the screen. Instead, it claims that the victim’s hard drive has been encrypted and provides two email addresses along with a unique ID number to recover the encryption key. Late last year, Mamba infected roughly 900 computers used by the SFMTA with hackers demanding a ransom of 100 bitcoins ($337,000, £259,658. Following the cyberattack, San Francisco Municipal Railway (Muni) passengers were allowed to ride for free while it mitigated the threat, according to local reports.
HBO hackers leak script of upcoming Game Of Thrones episode and top bosses’ emails
The unknown hacker(s) behind the recent HBO data breach have reportedly leaked the summary of the script of an upcoming Game Of Thrones episode, as well as a month’s worth of emails from HBO’s top executives. The newly leaked files apparently contain extensive information on Game Of Thrones including castings, script summaries, including a detailed summary of the episode that is slated to air on Sunday (13 August. The newly leaked cache of files is also said to include marketing material and media plans for Game Of Thrones. It is still unknown whether the hackers also leaked the files on any Game Of Thrones fan sites and/or provided them to other media outlets. HBO was one of our difficult targets to deal with but we succeeded (it took about 6 months),” the message read, according to files the hackers provided to the Hollywood Reporter. The hackers also are said to have sent a video message to HBO CEO Richard Plepler, demanding an undisclosed amount of money as ransom. While it has been reported that a number of emails have been made public, the review to date has not given us a reason to believe that our e-mail system as a whole has been compromised,” an HBO spokesperson said. “HBO believed that further leaks might emerge from this cyber incident when we confirmed it last week. The leaked documents also allegedly contained files labelled “Confidential” and “Script GOT7. The attackers allegedly claimed that HBO was their 17th target and one of the most challenging ones to breach.
Red Cross Blood Service data breach that affected 550,000 donors caused by ‘one-off human error
The massive data breach that hit the Australian Red Cross Blood Service last year was caused by a “one-off human error”, the Office of the Australian Information Commissioner said on Monday (7 August. Janine Wilson, the executive director of donor services for the Red Cross Blood Services, said in May: “We were a business that thought it was managing data pretty well, but what’s very clear to me now having gone through that is your actual IT security systems can be water tight, but there are people who operate them every day. 74GB MySQL database backup included a copy of the Blood Service’s website as well as customer data entered by individuals via an online donor application form on the website. Hunt dubbed the data breach “Australia’s largest ever leak of personal data” from a local service. “Data breaches can still happen in the best organisations – and I think Australians can be assured by how the Red Cross Blood Service responded to this event,” Pilgrim said in a statement. Regulators concluded their investigation into the data breach that affected over half a million blood donors in Australia saying it was caused by a “one-off human error” by a third-party provider. Australian Information and Privacy Commissioner Timothy Pilgrim said the Blood Service did not meet all the requirements of the Privacy Act. In September 2016, a backup copy of a database from the Australian Red Cross that contained the personal details of about 550,000 prospective blood donors was accidentally saved to a public-facing web server by an employee of a third-party provider, rather than the intended secure location. Customer data exposed in the breach included sensitive personal details such as names, gender, email and physical addresses, phone numbers, dates of birth, country of birth, blood type and other donation-related data.
Forget banking heists, payday-hungry hackers now holding ‘critical’ factories to ransom
I think the emerging threat you’re going to see in the future now is really custom ransomware that’s going to be targeted more toward individual companies,” said Neil Hershfield, the acting director of the DHS team that handles emergency response to cyberattacks on industrial control systems. Last August at the 2,200-worker Durham transmission factory, the computer virus coursed through the plant’s network, flooding machines with data and stopping production for about four hours, Peterson said. But attackers also are increasingly injecting ways to remotely control the robots and other automated systems that control production inside targeted factories. AW North Carolina stood to lose $270,000 (£207,000, €230,000) in revenue, plus wages for idled employees, for every hour the factory wasn’t shipping its crucial auto parts to nine Toyota car and truck plants across North America, said John Peterson, the plant’s information technology manager. The virus was contained before affecting production, and no ransom was paid to either group, he said. The malware entered the North Carolina transmission plant’s computer network via email last August, just as the criminals wanted, spreading like a virus and threatening to lock up the production line until the company paid a ransom. Data on some laptops was lost, but the malware was blocked by a firewall when it tried to exit the plant’s network and put the hackers’ lock on the plant’s computer network. “Top targets globally. Manufacturers, government and financial firms are now the top targets globally for illicit intrusions by criminals, foreign espionage agencies and others up to no good, according to a report this spring by NTT Security. Global infections are growing. While manufacturers are increasingly prey to these cyber-stickups, it may just be because criminals are playing the odds and striking as many enterprises of all types as they can across a targeted region.
Locky ransomware makes a comeback in new Diablo6 avatar, demanding $1,600 as ransom payment
Similar to other traditional ransomware variants, once the new variant of Locky has been downloaded and executed on the victims’ systems, it scans for files and encrypts them. Bleeping Computer reports that at present, there is no way to decrypt files that have been encrypted by Locky’s Diablo6 variant. The emails also contain a ZIP file attachment with a malicious script that downloads the Locky ransomware onto the victims’s systems. The proliferate Locky ransomware is reportedly resurging in a new variant dubbed Diablo6. Once files have been encrypted, Locky then removes the downloaded executable and displays a ransom note, which also comes with instructions on how to go about making payments. However, according to a report by Bleeping Computer, the spam campaign pushing the new Locky variant is strong and is targeting a wide range of victims. In April, researchers at Cisco Talos said that they observed a significant resurgence of Locky, with over 35 thousand emails sent to victims in just a few hours. The cybercriminals operating the new Locky variant are reportedly demanding a ransom payment of $1,600 (£1,200. A recent study by Google said that victims of ransomware have paid nearly $25m in ransoms over the past two years, indicating that this is one of the most profitable tools by which cybercriminals make money. The emails’ body just reads “Files attached.