Aadhaar data base hacked by CIA? How UIDAI reacted to claims of leaks
UIDAI, while dismissing the allegations said, stated that the Aadhaar biometric capture system, which has been developed in India, has adequate and robust security features to prevent the possibility of unauthorised capture and transmission of information linked to any biometric device being used, according to newswire agency PTI. As ‘cross match’ is one of the devices used in biometric devices used in the Aadhaar ecosystem, the biometrics captured by Aadhaar is allegedly unauthorisedly accessed by others”. The UIDAI has made the clarification after reports emerged that Wiki Leaks hinted that the American intelligence agency, Central Intelligence Agency (CIA) had allegedly accessed the sensitive biometric data from the Aadhaar database. The Unique Identification Authority of India (UIDAI) has clarified that stringent security features have been implemented in the Aadhaar system in order to prevent any unauthorised capture of data or transmission of data. The statement also mentioned that till date there hasn’t been a single case of theft of identity, leak of biometric data or financial loss to any Aadhaar card holder due to the card, as per the PTI report. The statement released by the UIDAI stated ”Some vested interests are spreading misinformation. UIDAI has stated that the misinformation has been spread by entities which have vested interests. The Unique Identification Authority of India also stated that the biometric identifier has been issued to more than 117 crore people and that close to 4 crore authentications take place every day. The government body has also said that the Aadhaar system has been extensively tested internally and externally and has been certified by Standardised Testing Quality Certification (STQC), as per the report. UIDAI has reiterated that data has not been compromised.
A hacker leaked the decryption key for Apple’s Secure Enclave, severely affecting iOS security
“There are a lot of layers of security involved in the SEP, and access to firmware in no way provides access to data protection class information,” the Apple staffer said. According to Apple, SEP was incorporated into iOS security in Apple S2, Apple A7, and later A-series processors and provides “all cryptographic operations” for data protection. A hacker going by the pseudonym xerub has claimed to have leaked the decryption key for Apple’s Secure Enclave Processor (SEP) firmware, which could be a massive blow to iOS security. Essentially, the decryption key allows third-party entities to decrypt and access Touch ID data, as well as other kinds of data processed via SEP. However, with the decryption key that protects the SEP now publicly available, it may just be open season for hackers looking to target Apple products. “Decrypting the firmware itself does not equate to decrypting user data,” Xerub added. The leak, reportedly confirmed by an anonymous Apple staffer, is key to iOS security. ‘”An anonymous Apple employee told TechRepublic the leak doesn’t directly compromise user data. Bleeping Computer reported that the key could also allow hackers as well as surveillance firms to hunt for bugs in iOS devices, which were previously inaccessible to third parties. “I think public scrutiny will add to the security of SEP in the long run.
At least 500 Android apps with 100 million total downloads found hosting malware
Applications containing the suspicious SDK included games targeted at teenage users (one with 50m-100m downloads), weather applications (one with 1m-5m downloads) and internet radio streaming services (one with between 500,000 and 1m downloads. Researchers from Lookout Security Intelligence discovered that the suspicious code – from a software development kit (SDK) called “Igexin” – could be used to snoop on infected devices via downloaded malicious plugins, the firm said in a blog post this week (21 August. “It is likely many app developers were not aware of the personal information that could be exfiltrated from their customers’ devices as a result of embedding Igexin’s ad SDK,” wrote Lookout researchers Adam Bauer and Christoph Hebeisen in the blog. “It is becoming increasingly common for innovative malware authors to attempt to evade detection by submitting innocuous apps to trusted app stores, then at a later time, downloading malicious code from a remote server,” the Lookout blog post read. “Igexin is somewhat unique because the app developers themselves are not creating the malicious functionality – nor are they in control or even aware of the malicious payload that may subsequently execute. “Advertising SDKs are used to help developers deliver targeted ads to customers. In an e-mail to Ars Technica, a Google spokesman said: “We’ve taken action on these apps in Play, and automatically secured previously downloaded versions of them as well. The apps had been downloaded more than 100 million times. However, experts said that Igexin – a Chinese firm – could have introduced the ability at any time. Google has removed more than 500 Android applications from its official Play Store after a mobile security company revealed they had been built upon suspicious advertising code which could be used to spy on victims.
What is Pulse Wave? Hackers devise new DDoS attack technique aimed at boosting scale of assaults
New DDoS attack method called BlackNurse lets hackers take down firewalls and servers from a single laptopTraditional DDoS attacks involve a continuous barrage of assaults against a targeted network, while pulse wave involves short bursts of attacks that have a “highly repetitive pattern, consisting of one or more pulses every 10 minutes. Dubbed “Pulse Wave”, the new attack technique allows hackers to shut down targeted organisations’ networks for prolonged periods while simultaneously conducting attacks on multiple targets. The Imperva researchers said the emergence of pulse wave DDoS attacks indicates a significant shift in the attack landscape. The researchers said they believe that the pulse wave technique was “purposefully designed” by “skilled bad actors” to boost hackers’ attack scale and output by taking advantage of “soft spots in hybrid ‘appliance first, cloud second’ mitigation solutions. Hackers have begun launching a new kind of DDoS attack designed to boost the scale of attacks by targeting soft spots in traditional DDoS mitigation tactics. “Comprised of a series of short-lived pulses occurring in clockwork-like succession, pulse wave assaults accounted for some of the most ferocious DDoS attacks we mitigated in the second quarter of 2017,” Imperva researchers said in a report. Pulse wave takes advantage of appliance-first hybrid mitigation solutions by preying on the “Achilles’ heel of appliance-first mitigation solutions”, – the devices’ incapability of dealing with sudden powerful attack traffic surges. The most distinguishable aspect of pulse wave assaults is the absence of a ramp-up period — all attack resources are committed at once, resulting in an event that, within the first few seconds, reaches a peak capacity that is maintained over its duration,” the Imperva researchers said. Some of the pulse wave DDoS attacks detected lasted for days and “scaled as high as 350 Gbps”, according to security researchers at Imperva.
New ShadowPad backdoor found lurking in software used by over 100 banks and businesses for 17 days
Given the opportunities for reach and data collection it gives to the attackers, most likely it will be reproduced again and again with some other widely used software component,” Kaspersky Lab security expert Igor Soumenkov said in a statement. It still remains unclear as to who created the backdoor and how NetSarang was compromised for the attacker to hide ShadowPad into the firm’s software. However Kaspersky Lab researchers are now urging firms using NetSarang’s software to update their software. “Given the opportunities for covert data collection, attackers are likely to pursue this type of attack again and again with other widely used software components. A new powerful backdoor, dubbed ShadowPad was found lurking in software used by “hundreds” of global banks, energy firms and pharmaceutical companies for 17 days. “Given that the NetSarang programs are used in hundreds of critical networks around the world, on servers and workstations belonging to system administrators, it is strongly recommended that companies take immediate action to identify and contain the compromised software,” Kaspersky Lab researchers said in a blog. “The fact that malicious groups and entities are utilizing commercial and legitimate software for illicit gain is an ever-growing concern and one that NetSarang, as well as others in the computer software industry, is taking very seriously. The backdoor was found hidden in digitally signed software sold by the software developer NetSarang. Soumenkov added that NetSarang was “fast to react” in issuing out a patch for ShadowPad, “most likely preventing hundreds of data-stealing attacks against its clients. The ShadowPad backdoor has already been activated by hackers against an unspecified firm in Hong Kong.
Day in the life of a modern spam kingpin: Why hackers work similar hours to everyone else
It is found that 83% of all spam was sent during weekdays, with “significant drops on weekends across the different geographies where spam messages originated. Of course, there are exceptions, but research published this week (Monday 21 August) from the cybersecurity division of IBM, called “X-Force Kassel”, has provided interesting statistical analysis into the weekly workload some of the biggest spam operators in the world. Over the six month period of the study, the most spam was sent on a Tuesday, followed by Wednesday and Thursday. It studied the main countries where spam originated by tracking senders’ IP addresses and, ultimately, was trying to map out a full working week of a cybercriminal. “In the past, we’ve found that spammers are an organised bunch, and they plan their workdays around business hours. The top originator of spam in terms of region – at least in the past six months – was India, followed by China and South America. The Monday to Friday routine changed when looking at Russia, where most spam was sent between Thursday and Saturday – a change in the status quo. Based on the fresh dataset, the researchers noted that “spammers like to get their sleep at night” even though malicious software and hacking technology – botnets, specifically – can now be used to ensure that the majority of operations continue for 24 hours a day without fault. This backed up prior research which suggested that spammers track the business hours of targets. “Are spam statistics disconnected from human operators who send spam.
Hackers use leaked NSA exploit to stealthily spread cryptocurrency mining malware
A notorious computer exploit allegedly leaked from the US National Security Agency (NSA) is being used to boost the spread of a new cryptocurrency-generating malware dubbed “CoinMiner”, according to experts at Japanese security firm Trend Micro. “The combination of fileless WMI scripts and EternalBlue makes this threat extremely stealthy and persistent,” wrote Trend Micro researcher Buddy Tancio in a blog post this week (21 August. “In this case, WMI subscriptions have been used by this cryptocurrency-mining malware as its fileless persistence mechanism. First, the hackers deploy the EternalBlue exploit to infect the machine, before using the backdoor to install malicious scripts. The threat exploits a component in PCs known as “Windows Management Instrumentation” (WMI) and enters computers with an alleged NSA tool called EternalBlue – previously used by hackers to help spread the “WannaCry” ransomware across the world earlier this year. A patch for the bug that EternalBlue exploits has been available since March 2017, but many users have been slow to update. He added: “Threat actors are increasingly using attack methods that work directly from memory and use legitimate tools or services. On 15 May this year, experts from cybersecurity firm Proofpoint revealed evidence that two alleged NSA exploits – “EternalBlue” and “DoublePulsar” – were aiding the spread of “Adylkuzz”, a new variant of malware that was mining Monero, another popular form of digital money. “Fileless attacks are becoming more common,” Tancio warned in the Trend Micro blog. But in the hands of a cybercriminal, Trend Micro warned, it can be used for malicious purposes.
Accuweather’s iOS app caught sending users’ location data to third-party firm without permission
A security researcher has discovered AccuWeather’s popular iOS app has been relaying users’ geolocation information to a third-party monetisation firm, even when the user opted out of location sharing within the app. “In a joint statement on the issue, AccuWeather and Reveal Mobile said: “Despite stories to the contrary from sources not connected to the actual information, if a user opts out of location tracking on AccuWeather, no GPS coordinates are collected or passed without further opt-in permission from the user. Even after turning off location data for AccuWeather, the researcher discovered that the app still relayed user data over to Reveal Mobile. “Other data, such as Wi-Fi network information that is not user information, was for a short period available on the Reveal SDK, but was unused by AccuWeather. “According to Reveal Mobile’s website, the data firm “turns the location coming out of those apps into meaningful audience data.”If you do not grant AccuWeather access to your GPS information, it will still send your Wi-Fi router name and BSSID, providing RevealMobile access to less precise location information regarding your device’s whereabouts. In a blog post, Reveal Mobile said it has “been and continue to be transparent about this, what data we collect, why we collect it, and how our customers use the data. If someone chooses to disable location permissions to an app using our technology, we collect no location information from that device. “To avoid “any further misinterpretation”, the companies said Reveal will be updating its SDK while AccuWeather will disable the Reveal SDK from its iOS app “until it is fully compliant with appropriate requirements.
What is CovertBand? New attack may allow hackers to spy on you, even guess when you’re having sex
Researchers have come up with a new sonar-based attack technique that could allow hackers to hijack your smart devices, such as smart refrigerators, smart TVs and other such devices, to track body movement, essentially turning your own devices into tools that can spy on you. The attack, dubbed CovertBand, could allow hackers to track movements to guess what a target may be doing, including inferring when a target may be engaged in sexual activity. The attack also involves hackers tricking victims into downloading a malicious Android app, which once installed, plays music embedded with repetitive sonar pulses that track a victim’s location, body movements and activities, near the device as well as through walls. In particular, we show through multiple scenarios that an attacker can use active sonar to glean information about victims through walls, even when the attacker cannot see the victim nor hear any movements, and that such an attack is feasible using many common, off-the-shelf devices. The sonar-based attack relies on devices’ in-built microphones and speakers to function as a data receiver, picking up sound waves and tracking the movements of a target. They added that the attack could also likely be honed to allow hackers to track even more minute movements such as movements of the hands or even just the fingers. CovertBand was developed by researchers at the University of Washington’s Paul G Allen School of Computer Science & Engineering and is powerful enough to spy on targets, recording a target’s activities, even through a wall. The researchers also figured out a way by which to conceal the attacks by mixing sonar pulses with music.The researchers warned that CovertBand could be used by a variety of threat actors, including covert government spies. The researchers hope that the awareness of the possibility of such attacks would likely prompt security experts to come up with practical countermeasures that can help the public stay safe from such intrusions.
Does your resume contain malware? LinkedIn bug could have allowed hackers to spread malicious code
The vulnerabilities could have allowed hackers to create a Windows registry file containing a malicious Power Shell script and disguised as a PDF file, a malicious XLSM file, disguised as an XLSX file and a malicious DOCX file. The vulnerabilities uncovered by Checkpoint researchers could have allowed hackers to “bypass the security restrictions and attach a malicious file to the LinkedIn messaging service. “The vulnerability itself provides an attacker with the means to make malicious files available to the potential victim – but that hardly calls this vulnerability out as being particularly unique or special,” John Smith, principal solution architect at Veracode, told SC Magazine. Hackers are known to always be on the lookout for new ways to scale up their attacks, and so go after businesses and organisations that may help them exploit vulnerabilities to infect a wider network of targets. Users have been told for years not to open attachments or click on links that they receive from sources that they do not trust, but communication on LinkedIn carries with it an implied trust based on our network which would likely increase the success rate for the attacker. They said the flaws could have been exploited by hackers to upload a seemingly normal-looking file that passed LinkedIn’s security checks. “However, the file is only masquerading as a legitimate file, in reality, it is a form of malware that contains malicious content, able to infect the recipient’s network. Essentially, the flaw could have potentially allowed hackers to upload fake resumes containing malicious code, which when clicked on, could infect the victim’s system and networks. A flaw in LinkedIn Messenger, could have allowed hackers to upload malware-laced files and potentially infect users. A LinkedIn bug, recently uncovered by security experts, could have provided cybercriminals with just such an avenue of attacks.