Indian Army issues this advisory to people about Chinese hackers WhatsApp security risk
The Additional Directorate General of Public Information of the Indian Army has released a video on Twitter alerting people of Chinese hackers. India’s nodal agency for cybersecurity CERT-In which brings out monthly bulletins, annual reports, highlights threats, attacks and trends in cybersecurity. India’s National Security Council report suggests that China has more than a lakh cyber security experts making it one of the most strong combatants in cyber warfare. It also said, “Destroy the SIM card if you change your number and delete your WhatsApp on that number”, to ensure that Chinese do not mine personal data through hacking. Though Indian Computer Emergency Response Team (CERT-In) is the only national agency in charge of cybersecurity mandated under IT Amendment Act 2008, it is actually the collective efforts of Ministry of Home Affairs, Ministry of Defence, and the office of NSA that ensures cybersecurity of the nation. The Indian Army also advised people about updating WhatsApp once they have changed their numbers. Though the Government of India intends to hold extensive talks in the coming month with the Chinese, threats continue to loom over not just India’s border, but also over India’s information systems. There has been no paradigm shift at any legal or executive level that marks to resolve the issues of cyber security in India. As per a report by Statista, an online statistics portal, India stands second behind China in the world to have the most number of internet users. The new Information Warfare (IW) faculty of the PLA is working towards combined employment of network warfare tools and electronic warfare weapons against its enemies, says Deepak Sharma in his IDSA focus report on China’s Cyber Warfare Capability and India’s Concerns.
In the eye of Facebook ‘data breach’ storm, Cambridge Analytica in talks with Cong, BJP for 2019
A data analytics firm in the eye of an international storm for allegedly harvesting personal data without the consent of Facebook users will continue its outreach in South Asia in the run-up to key elections in India, Sri Lanka and Bangladesh, according to two people familiar with the matter. The firm, Cambridge Analytica (CA), and its India partner, Oveleno Business Intelligence (OBI) Private Limited, have spoken to both the Congress and the BJP for a possible collaboration for their 2019 Lok Sabha election campaigns, said one of the people quoted above. OBI primarily does booth-level work for parties, looking at demographics and caste to bolster a party’s prospects on the ground, said Tyagi, who also worked on the Trump campaign’s outreach to the Indian-American community. The recent allegations will not deter the firm and its India partner from continuing their collaboration till CA is found to “violate Indian law”, OBI’s CEO Amrish Tyagi said on Sunday. Tyagi, who is the son of the senior JD(U) leader and former Rajya Sabha MP KC Tyagi, worked for the JD(U)-BJP alliance in Bihar in 2010 through OBI. According to a person familiar with the firm, it has had talks with the Congress and the BJP, with former Sri Lankan president Mahinda Rajapaksa, who is making a bid to get re-elected in 2020, and with the Awami League, the ruling party in Bangladesh, which is seeking re-election in 2019. “Through OBI, I have worked with individual candidates, including in the UP assembly elections of 2017. ” On its website, CA says it was contracted for an in-depth electorate analysis for the Bihar assembly elections in 2010. Nothing has been established yet,” Tyagi said. The firm denied it had violated Facebook’s rules. A statement by CA said its “robust data protection policies complied with US, international, EU and national regulations”.
Health data security: Ultrasound, MRI reports highly vulnerable to cyber crimes
We advise healthcare organizations to be careful when sharing images on open directories for research purposes and to at least scrape the personally identifiable information (PII) data from the images that could potentially identify a specific individual,” the researchers in the report said. “Because much of the imaging equipment in use by medical facilities do not align with security best practices, acquisition gateways are placed in the network to enable the digital exchange of the images. The Labs Threats Report March 2018 by McAfee, an independent cybersecurity company revealed that in 2017 the healthcare sector saw a 210% increase in publicly disclosed security incidents over 2016. Health-related electronic images such as ultrasounds, mammograms and MRIs are highly vulnerable to cybercrime, new research shows, even as the government prepares policies to secure health data of patients. “Cybercriminals often seek to maliciously introduce malware that will either use a victim’s computing power to mine for coins or simply locate and steal the user’s cryptocurrency,” the report said. McAfee Advanced Threat Research experts said that many of the incidents were caused by failure to comply with security best practices or to address vulnerabilities in medical software. Apart from cyber crimes in the healthcare sector, Cryptocurrency mining and ransomware have also been identified as the growing areas of cyber crimes in 2017. Most hospitals or medical research facilities use PACS for picture archiving and communication system so that images such as ultrasounds, mammograms, MRIs, etc. Think not only about internal security but also about the use of the virtual private network (VPNs) and two-factor authentication when connecting with external systems,” the report recommended. The report has also recommended that organizations using PACS should ask their vendors about its security features.
Unsecured AWS S3 bucket managed by Walmart jewellery partner exposes data of 1.3M customers
“At first glance, the data appeared to belong to Walmart as the storage bucket was named ‘walmartsql’, but upon further investigation by Kromtech researchers, it was discovered that the MSSQL database backup inside actually belonged to MBM Company Inc. Experts at Kromtech Security discovered in February an Amazon S3 bucket named “walmartsql” containing an MSSQL database backup, name MBMWEB_backup_2018_01_13_003008_2864410. This one contained a MSSQL database backup, which was found to hold the personal information, including names, addresses, zip codes, phone numbers, e-mail addresses, ip addresses, and, most shockingly, plain text passwords, for shopping accounts of over 1. Kromtech experts notified Walmart of the public Amazon S3 bucket, the company promptly secured the storage bucket but was unable to comment on MBM Company Inc. ” This is another case of poor security, the IT staff that was managing the archive left the backup exposed online through an unsecured Amazon S3 bucket, and they did not adopt any further measure to protect information stored in the database. The archive contained names, addresses, zip codes, phone numbers, e-mail addresses, IP addresses, and, most also plain text passwords of MBM Company. Unsecured AWS S3 bucket managed by Walmart jewellery partner exposes data of 1. “On February 6th, 2018 researchers at Kromtech security came across another publicly accessible Amazon s3 bucket. 3M customers A new case of an Amazon S3 bucket left open online, this time personal data belonging to 1.3m customers of a jewellery company based in Chicago, IL, which operates mainly under the name Limogés Jewelry.
VMware addresses a DoS flaw in Workstation and Fusion products
The affected VMware solutions can be attacked by opening a large number of VNC sessions. “Thus, as long as the attacker can initiate a bunch of TCP connection to the VNC server (each successful connection increments it twice), without even sending any other datagrams, an attacker can eventually shut down the connected virtual machine. Experts at Cisco Talos confirmed that an attacker can trigger the flaw on a targeted server and cause the virtual machine to shut down by opening a large number of VNC sessions. “Since the VMware VNC server is naturally multi-threaded, there are locks and semaphores and mutexes to deal with shared variables. ” Talos published the Proof-of-Concept exploit code: # There are obviously better ways to do this for x in `seq 0 $(( 0xffffff/2 ))`; do echo “doop” | ncat ; done “Regardless, the important thing to note here is that the incrementing instruction (lock xadd cs:MxLockCounter, eax? is the only cross-reference to the MxLockCounter global variable, meaning it never gets decremented. The DoS vulnerability was discovered by Lilith Wyatt of Cisco Talos, the flaw could be exploited on Workstation and Fusion only if the VNC has been manually enabled. “VMware Workstation and Fusion contain a denial-of-service vulnerability which can be triggered by opening a large number of VNC sessions. While VMware has classified the vulnerability as “important,” Cisco Talos has ranked it as a “high severity” flaw and assigned it a CVSS score of 7. VMware also shared details about a workaround for Workstation 12. ” reads the advisory published by Talos.
Hackers can elevate privileges by hacking into popular text editors
Most of the modern text editors allow users to extend their functionalities by using third-party plugins, in this way they are enlarging their attack surface. “Technical users will occasionally need to edit root-owned files, and for that purpose they will open their editor with elevated privileges, using ‘sudo. ” The vulnerability ties the way these text editors load plugins because they don’t properly separate regular and elevated modes when loading plugins. Of course, users should avoid loading 3rd-party plugins when the editor is elevated and also deny write permissions for non-elevated users. Our research shows how these text editors with third-party plugins can be used as another way to gain privilege escalation on a machine. Attackers with regular user permissions can access the folder permissions to elevate their privileges and execute arbitrary code on the user’s machine. Dor Azouri, a researcher at SafeBreach, has analyzed several popular extensible text editors for both Unix and Linux systems discovered that except for pico/nano all of them are affected by a critical privilege escalation flaw. Azouri suggests Unix users use an open-source host-based intrusion detection system called OSSEC. ’ There are many valid reasons to elevate the privileges of an editor. “This method succeeds regardless of the file being opened in the editor, so even limitations commonly applied on sudo commands might not protect from it,” reads the paper published by the company.
Hackers claim to breach Rajya Sabha website, access Amit Shah’s member account
A group of hackers has claimed to have accessed a section of the Rajya Sabha website that only members of the Upper House and administrators of the website are supposed to have entry to. ” This could be the first reported instance of the Rajya Sabha website being hacked, but there are more than 700 instances of government websites being hacked between 2013 and 2017, the government had told the Lok Sabha in 2017. The members’ logins, which are only meant to be accessed by the Rajya Sabha members themselves, are secured by usernames and passwords that the hackers claimed to have bypassed. The images uploaded by the hackers show that they could have gained access to details including Shah’s email inbox on the Rajya Sabha domain, text messages that can be sent by the public to the Rajya Sabha members on their official numbers, bulletins, details on debates, business in the Parliament, telephone bills, electricity and water bills, bills pertaining to travel allowance, and money transfers to official bank accounts. To substantiate their claims, the group, which calls itself Lulzsec India, posted screenshots on Twitter on Sunday night, purportedly after logging into the account of Bharatiya Janata Party President Amit Shah, who is also a Rajya Sabha member. The Rajya Sabha website comes under the domain of the National Informatics Centre, which through its information and communication technology network provides institutional linkages among all ministries and departments of the central government, several channels of state governments and union territories and as many as 688 district administrations. This particular hackers’ group was in news earlier in August 2017, when it claimed it had breached 30 government websites in Pakistan.“This incident has once again exposed the weak security infrastructure of websites under the NIC domain,” said Kislay Chaudhary, a cybersecurity expert and consultant to several government agencies.
Expedia-owned travel website Orbitz says 880,000 payment cards hit in data breach
“Anyone who is notified is encouraged to carefully review and monitor their payment card account statements and contact their financial institution or call the number on the back of their card if they suspect that their payment card may have been misused,” Customers can contact the firm by calling 1-855-828-3959 (toll-free in the U. Additionally, we are providing partners with complimentary customer notice support for partners to inform their customers, if necessary,” reads the statement issued by the company. This is the last incident in order of time that affected the travel sector, other companies that suffered security breaches are the hotel chain InterContinental Hotels Group Plc and Hyatt Hotels Corp in 2017. The exposed data includes full name, date of birth, gender, phone number, email address, physical and billing address, and payment card data. According to Orbitz, the security breach affected roughly 880,000 payment cards. “We are working quickly to notify impacted customers and partners. According to the investigators, the hackers may have accessed personal information of customers that made certain purchases between January 1 and June 22, 2016. Attackers may have obtained information on Orbitz partners who made purchases between January 1, 2016, and December 22, 2017. Orbitz confirmed that attackers gained access to a legacy platform between October 1 and December 22, 2017, and stole personal and financial data belonging to consumers and business partners. com website is affected, passport and travel itinerary information were not exposed in the incident.
How To Change Your Facebook Settings To Opt Out of Platform API Sharing
In addition to raising questions about Facebook’s role in the 2016 presidential election, this news is a reminder of the inevitable privacy risks that users face when their personal information is captured, analyzed, indefinitely stored, and shared by a constellation of data brokers, marketers, and social media companies. By default, other people who can see your info can bring it with them when they use apps, and your info becomes available to those apps. Tech companies can and should do more to protect users, including giving users far more control over what data is collected and how that data is used. Keep in mind that this disables ALL platform apps (like Farmville, Twitter, or Instagram) and you will not be able to log into sites using your Facebook login. Log into Facebook and visit the App Settings page (or go there manually via the Settings Menu > Apps.From there, click the “Edit” button under “Apps, Websites and Plugins.” Click “Disable Platform.” If disabling platform entirely is too much, there is another setting that can help: limiting the personal information accessible by apps that others use. Over the weekend, it became clear that Cambridge Analytica, a data analytics company, got access to more than 50 million Facebook users’ data in 2014. Then uncheck the types of information that you don’t want others’ apps to be able to access. For now, if you’d like keep your data from going through Facebook’s API, you can take control of your privacy settings. Finally, users need to be able to leave when a platform isn’t serving them — and take their data with them when they do.
Windows Remote Assistance flaw could be exploited to steal sensitive files
A critical vulnerability in Microsoft’s Windows Remote Assistance (Quick Assist) feature affects all versions of Windows to date, including Windows 10, 8. This means that an attacker can send a specially crafted Remote Assistance invitation file containing a malicious code to the victim that instructs the target computer to submit the content of specific files from known locations to a remote server controlled by the attackers. The CVE-2018-0878 vulnerability affects Microsoft Windows Server 2016, Windows Server 2012 and R2, Windows Server 2008 SP2 and R2 SP1, Windows 10 (both 32- and 64-bit), Windows 8. “To exploit this condition, an attacker would need to send a specially crafted Remote Assistance invitation file to a user. Microsoft fixed the vulnerability this month with the patch Tuesday, the issue resides in the way Windows Remote Assistance processes XML External Entities (XXE. The attacker offers the victim access to his computer via Windows Remote Assistance. To set up a Windows Remote Assistance connection the attacker can: Invite someone to help him; Respond to someone who needs help. The Windows Remote Assistance feature relies on the Remote Desktop Protocol (RDP) to establish a secure connection with the person in need. Trend Micro Zero Day Initiative researchers Nabeel Ahmed discovered an information disclosure vulnerability in Windows Remote Assistance tracked as CVE-2018-0878. The attacker can use the “Out-of-Band Data Retrieval” attack technique to exploit this vulnerability that resides in MSXML3 parser.