Aadhaar data leak: More than 200 Indian government websites expose citizens’ key personal details
More than 200 central and state government websites have leaked the personal details of users of India’s controversial national ID system – Aadhaar. In response to a Right to Information (RTI) inquiry, the Aadhaar-issuing body, called the Unique Identification Authority of India (UIDAI), said 210 websites of central and state government departments – including educational institutes – had publicly exposed data of some users, including their names, addresses, Aadhaar numbers and other details. Under the country’s Aadhaar system, every Indian citizen receives a unique 12-digit number – similar to Social Security Numbers in the US – and has his/her biometric and personally identifiable information collected and stored by the government. The Indian government has made it mandatory for every Indian citizen to get their Aadhaar ID to avail of various social welfare schemes and government services. The government also wants all its citizens to link their Aadhaar IDs to their bank accounts, mobile numbers, insurance policies, PAN (Permanent Account Number) and other services. UIDAI has a well-designed, multi-layer approach, robust security system in place and the same is being constantly upgraded to maintain the highest level of data security and integrity,” UIDAI said in response to the RTI inquiry, the Press Trust of India (PTI) reported. Aadhaar is currently the world’s largest biometric database and has already collected the iris scans and fingerprints of more than a billion Indians. The agency also did not specify how many citizens’ data was compromised in the data leak. However, many security experts have voiced serious security and privacy concerns over the system, especially due to the fact that it holds billions of users’ sensitive and confidential details. Various policies and procedures have been defined, these are reviewed and updated continually,thereby appropriately controlling and monitoring any movement of people, material and data in and out of UIDAI premises, particularly the data centres.”
ABC data leak: Massive trove of sensitive data including emails, passwords left exposed online
According to security experts at Kromtech Security, who uncovered the data breach earlier in the week, the information publicly exposed also included data regarding stock files and production services. Here’s a list of all the data exposed via ABC’s daily backups of its MySQL database:- Several thousands emails, logins, hashed passwords for ABC Commercial users to access the ABC content (these include users who are well known members of the media) Requests for licensed content as sent by TV and media producers from all over the world to use ABC’s content and pay royalties. It seems like every few days there is yet another data breach, ransomware threat or a new security flaw and companies or organisations must do more to be proactive in how they store sensitive data online,” the security researcher noted. Secret access key and login details for another repository, with advance video content 1,800 daily MySQL database backups from 2015 to present He added that Kromtech, with the help of Australian security researcher Troy Hunt, alerted ABC and all the exposed S3 buckets were secured “within minutes. The publicly accessible Amazon S3 buckets were indexed by Censys (a public search engine that enables researchers to ask questions about the hosts and networks that compose the Internet) and identified during a regular security audit of misconfigured S3 environment on November 14th. This kind of sensitive information “should not have been publicly available online,” Kromtech security researcher Bob Diachenko wrote in a blog. It is unclear who else may have had access to ABC’s data or content. A massive trove of sensitive data was left freely exposed online by the Australian Broadcasting Corporation (ABC. A majority of what would be considered sensitive or identifiable data came from the daily backups of ABC Commercial’s MySQL database,” Diachenko added. The company said that it was notified about the breach on Thursday (16 November), two days after Kromtech uncovered the data leak.
Chinese hackers break into Indian Government’s high profile video chat
In a high profile cyber security threat, Chinese hackers reportedly broke into a top secret video meeting conducted by the Indian government and held it hostage for about 4-5 minutes. It is also being said that the digital platforms and e-services offered by the state and the central government are at high risk of being subjected to cybersecurity threat. Whereas government has taken several steps to address security concerns emanating from cyberspace, sources of threats to Indian cyberspace have become varied and unrelenting. A senior government officer said over 8,000 portals and websites of Central ministries and state governments are at high risk of being exposed to attackers. The Intelligence Bureau, India’s domestic spy agency, which has warned the government against increasing instances of cyber espionage, in a note, reportedly said, “There is no let-up in targeting of a large number of Indian computers for data pilferage. According to a report by the Indian Express, it could be neutralised only after a counter-offensive was launched by the Indian cyber security systems. Inside sources, speaking to Express, said, “The message from the hackers was clear: they could turn the tap anytime they want due to our lax cyber security apparatus. It is, however, yet to be determined whether the cyber insurgence was conducted by state forces or international cyber criminals were involved in this. According to inside sources, post this threat, around seven ministries- Law, Labour, HRD, MEA, Heavy Industries and Public enterprises- will be conducting a mock drill to test the security net on their assets. The link was traced by an Indian cyber patrolling team.
Your every keystroke is recorded by over 480 of the most popular websites in the world
Fortunately, users can block session replay scripts using the popular ad-blocking tool AdBlock Plus. According to the researchers, “session replay” scripts are commonly used by companies to help them understand how their customers are using the firms’ sites. The researchers studied seven of the most popular session replay firms – FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar, and the highly popular Russian search engine Yandex. However, instead of recording general statistics about users’ behaviour, the scripts record and can also replay entire individual browsing sessions. Some of the most popular and heavy-trafficked websites in the world were found running third-party scripts called “session replay” scripts, that can track users’ every letter typed and every click and more which in turn were sent to third-party servers across the globe. As a result of the revelations brought to light by the Princeton University researchers, AdBlock Plus issued an update to block all session replay scripts. In the first instalment of a series titled “No Boundaries”, researchers from Princeton’s Center for Information Technology Policy (CITP), said even in instances where users have visited a site to fill an online form, but left it incomplete and abandoned it, every single letter typed is recorded. Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third-party as part of the recording,” the researchers added. Motherboard reported that the researchers are concerned about companies using session scripts being vulnerable to targeted hacks, especially given how hackers would likely consider them high- value targets. These scripts record your keystrokes, mouse movements, and scrolling behavior, along with the entire contents of the pages you visit, and send them to third-party servers,” the researchers said in a blog.
How North Korean hackers may be playing hide and seek by operating from inside India
IBTimes UK has reached out to the Indian Ministry of Electronics and Information Technology as well as the recently established National Cyber Safety and Security Standards (NCSSS) to determine the extent of the Indian government’s knowledge on potential North Korean cyber activities coming from within the nation’s borders. Earlier this year, security researchers at Recorded Future, a US-based cybersecurity firm that has been studying North Korea’s activities in cyberspace, said in a report, that they had identified activities “to and from” India that indicated a possible “virtual and physical presence” of Pyongyang’s hackers. According to Rustici, in the event that North Korean hackers are operating out of India, their likely focus would be on generating money rather than espionage-related activities. This year alone, several high-profile cyberattacks such as the global WannaCry ransomware epidemic, international bank hacks and more came to light — all of which are believed to have been perpetrated by North Korean hackers. This allows the North Koreans to blend in with the noise, have relative security, and as long as they operate a modicum of operational security avoid any attribution, assuming that they only conduct their illicit money generating activity. Unlike other nations with extensive cyberespionage operations, North Korea is believed to have limited internet access. Actors operating from abroad are absorbed in their local environment and are likely to pick up new tactics or techniques that could help advance and obfuscate North Korean cyber operations,” Moriuchi added. India has a very large indigenous cybercrime community, and from a detection and enforcement perspective, the Indian police historically have had a low success rate in dealing with the activity. Priscilla Moriuchi, director of strategic threat development at Recorded Future told IBTimes UK, “North Korea has limited internet access and much of its IP space, internet access points, and activity are known to outside researchers and government. Operating outside of North Korea could give these actors access to better and faster internet connections.”
SMBs Need to Brace for RDP Ransomware Attacks
Malware-makers love SMBs, and RDP ransomware attacks are often a perfect match for low-motivation cybercriminals looking for an easy mark. Then it was just a matter of installing software to tweak antimalware applications and elevating privileges using known vulnerabilities before the cybercriminals deployed ransomware attacks and demanded one bitcoin in payment. However, SMBs are especially vulnerable to these attacks because their security staff are often juggling multiple jobs. Unless SMBs have remote workers using RDP connections daily, the insecurity of stock permissions on internet-facing ports puts companies at risk. According to eSecurity Planet, small and midsized businesses (SMBs) lost $75 billion to ransomware attacks last year. RDP attacks aren’t a new thing; enterprises have been enduring them for years. Consider the recent attacks: Cybercriminals needed zero finesse and barely any effort to crack stock-permission RDP access points and create persistent admin accounts. Make it harder for cyberattackers by changing passwords right now, monitoring admin accounts and being prepared to shut down RDP on demand. Rather than focusing purely on security, these teams tend to spend most of their time trying to keep IT up and running. RDP attacks remain a huge problem for companies — and SMBs in particular.
Uber concealed cyber attack that exposed data of 57 million users and 600,000 drivers
The company has faced scrutiny over allegations of sexual harassment made earlier this year by ex-Uber engineer Susan Fowler who detailed her experiences in a blog post titled “Reflecting on One Very, Very Strange Year at Uber. Uber now says they have a legal obligation to report the hack to regulators and to drivers whose license numbers were taken. The multi-billion dollar company said it believes the information was never used by the hackers and declined to disclose the identities of those who conducted the hack. Uber concealed a massive cyberattack that affected 57 million customers and drivers around the world after paying a ransom to hackers, the company has confirmed. While we have not seen evidence of fraud or misuse tied to the incident, we are monitoring the affected accounts and have flagged them for additional fraud protection,” Uber’s new chief executive Dara Khosrowshahi said according to the BBC. The company was also stripped of its licence to operate in London by the regulator Transport for London (TfL) after being deemed “not fit and proper” to hold a private hire operator licence. Spencer Platt/Getty Images Khosrowshahi, who joined Uber in September, added: “You may be asking why we are just talking about this now, a year later. Uber added in a statement: “At the time of the incident, we took immediate steps to secure the data and shut down further unauthorized access by the individuals. Bloomberg News, which first broke the story, said that the breach had compromised the names, email addresses and phone numbers of 50 million Uber riders around the world. The ride-hailing app confirmed that in October 2016, a breach was hidden by the company, which then paid hackers $100,000 (£75,000) to delete the data.
What is qkG ransomware? New self-replicating malware uses malicious macros to encrypt Word documents
The new self-replicating malware uses malicious macros to encrypt Word documents Security researchers have discovered a new file-encoding ransomware variant called qkG that targets Microsoft Word’s Normal template which all new, blank Word documents are usually based on. QkG filecoder stands out as the first ransomware to scramble one file (and file type), and one of the few file-encrypting malware written entirely in Visual Basic for Applications (VBA) macros,” researchers wrote in a blog post. qkG will, however, encrypt the file’s contents once the user closes the document. Researchers noted that the ransomware’s “unusual” use of malicious macros is similar to a technique employed by a. It’s also one of the few that uncommonly employs malicious macro codes, unlike the usual families that use macros mainly to download the ransomware. In both cases, the malicious macro is executed when the user closes the document,” researchers said. Researchers said the ransomware appears to work slightly differently than other similar malicious malware. While not particularly pervasive in terms of impact, qkG’s unique use of malicious macros is still notable. lukitus Locky’s macro codes retrieve and help execute the ransomware, which will then encrypt the targeted files stored on the infected machine. The encryption key is always the same, and is included in each encrypted document.
Don’t fall for this text scam posing as Barclays bank that could hijack your passwords
Fraudsters can use fake numbers that look like Barclays numbers to hide their true identity,” a spokesperson for the bank told The Sun in a statement Wednesday (22 November. Barclays bank has warned customers about a rise in text-based scams attempting to steal personal details, urging anyone who responded to the fraudsters to get in contact. But it warned the scam messages are using non-Barclays phone numbers. It warned the aim of text-based phishing – or smishing – scams is to dupe victims into handing over banking details or call premium-rate numbers they have created to rack up a large bill. Action Fraud, the UK’s online watchdog, tweeted a link to Barclays’ own number-checker system, which any concerned customers can use to ensure a banking alert is legitimate. If customers are unsure about a call or text they have received we would encourage they use our number checker to make sure it’s genuine and then enter the number manually on their phone. On its website, the bank offered tips to ensure its users stay safe online: Never give out your PINsentry codes, Mobile PINsentry codes, passcodes or passwords to anyone – even a caller claiming to be from the police or your bank. Barclays does send out text alerts to its customers asking them to confirm transactions using ‘Y’ or ‘N’ replies. On Facebook, the bank wrote: “If you have received any of these texts or similar – do not respond. Another added: “Called Barclays and this is a scam.
Uber Phishing scam hackers are capitalising on massive data breach to steal your passwords:
Just days after the massive Uber hack first came to light, cybercriminals have already reportedly begun targeting unsuspecting potential users of the ride-hailing firm in a new phishing scam. Hackers are now capitalising on the data breach and have reportedly begun sending potential Uber users phishing emails, specifically tailored to trick them into divulging their account passwords. However, several people have tweeted out claiming to have received what appear to be Uber phishing emails, indicating that hackers may indeed be racing to capitalise on the breach. Meredith clarified in another tweet that the screenshot of the phishing email is actually an add from KnowBe4, an anti-phishing service that created the Uber-themed email to caution people about such scams. Uber recently confirmed that in 2016 hackers stole personal information such as names, email addresses and phone numbers from over 57 million user accounts. According to The Daily Beast, some people have taken to Twitter to report having received emails purporting to be from Uber, asking them to “change their password. To an unsuspecting user, such an email may appear authentic, leading them to unknowingly hand over their passwords to hackers. Uber is yet to directly inform its customers about whether they have been affected by the breach, The Daily Beast reported. Please click below to confirm you’ve received this message and change your password,” reads an apparent phishing email, a screenshot of which was tweeted by IT trainer and consultant Dale Meredith. In the event that hackers are able to craft emails to look fairly authentic, they may be able to successfully steal from people.