National Bank of Canada data leak: Website glitch exposes personal data of hundreds of customers
The Canadian bank said in a statement that the glitch was related to an electronic form on its website that allowed a customer filling out an online form to set up a branch appointment to potentially see the data entered by a previous user, Reuters reports. National Bank of Canada said a technical glitch may have inadvertently exposed the personal information of roughly 400 customers earlier this week. CBC Toronto reported that it was alerted by a bank customer who said he was contacted by another individual who was able to view his data online. He was reportedly told that the electronic form’s fields were already filled out with his information when the second customer tried to book an appointment with the bank. Nearly 400 customers potentially affected by the data leak are currently being notified by the bank and have been offered free credit monitoring. The latest incident comes amid a spate of data leaks and breaches often caused due to human errors, particularly in cloud-related incidents. “We were notified earlier this week of an issue related to an electronic form used on our website. The issue lasted for several days and affected “close to 400” customers, it said. The National Bank said it was notified of the error earlier this week and was resolved immediately. The bank also also advised customers to be vigilant against any potential identity theft or phishing attempts for additional information.
Deloitte hack: Secret client data hijacked in cyberattack that went ‘unnoticed for months
In response to a cyber incident, Deloitte implemented its comprehensive security protocol and began an intensive and thorough review, including mobilising a team of cybersecurity and confidentiality experts inside and outside of Deloitte. The statement added: “We remain deeply committed to ensuring that our cybersecurity defences are best in class, to investing heavily in protecting confidential information and to continually reviewing and enhancing cybersecurity. According to The Guardian, which first reported news of the incident, at least six Deloitte clients have been informed that their data was compromised. The staffer’s compromised account had only one password and did not use two factor authentication, the newspaper reported, adding that usernames, passwords, email attachments and internal infrastructure data of its clients were all vulnerable to hijacking. A major cyberattack at consultancy giant Deloitte reportedly went undiscovered for months, with investigators now deep into a probe to uncover exactly what was stolen. The intrusion, which was seemingly gained through an administrator’s weakly-protected account, has potentially exposed vast amounts of sensitive data from clients, who include some of the world’s largest financial institutions, companies and government agencies. The news comes after a massive cyberattack was disclosed from US credit-monitoring company Equifax, which exposed millions of records, including 400,000 from British customers. “As part of the review, Deloitte has been in contact with the very few clients impacted and notified governmental authorities and regulators. In terms of scope, a Deloitte spokesperson said stolen material was “a fraction” of the total five million emails stored in the targeted Microsoft Azure cloud server. The Guardian reported that Deloitte uncovered a breach of its “global email server” in March this year, but experts believe hackers may have been inside as far back as October 2016.
Verizon leak: ‘Confidential data’ exposed after employee left database unprotected online
On 20 September 2017, experts from Kromtech – a security division of software company MacKeeper – found a publicly accessible Amazon Web Services (AWS) database (also known as an S3 bucket) that contained roughly 100MB of Verizon Wireless files and folders. Bob Diachenko, Kromtech’s chief security officer, said following the fresh disclosure: “Our primary goal is to notify and secure the data, not dispute if [Verizon] is being honest or not. Kromtech researchers said that the database – which has now been removed – was “self-owned” by a Verizon Wireless engineer and not managed by the company. The employee responsible for the database was not named by the cybersecurity firm, and it remains unclear how long the data was publicly accessible. Back in July 2017, a security firm called UpGuard found that a third-party company had left the personal details of “up to 14 million” Verizon customers exposed on a cloud server. Kromtech said in its report – published Friday (22 September) – that two of the files were named “VZ Confidential” and “Verizon Confidential. A database containing sensitive – and potentially confidential – internal information linked to US communications giant Verizon Wireless was recently found on the web without adequate password protection, a team of US cybersecurity researchers has revealed. “We believe that companies have an obligation to not only take the proper security measures but also protect the data their employees collect and store. “To prevent S3 data loss [and] unexpected charges on your AWS bill, you need to grant access only to trusted entities by implementing the appropriate access policies,” he added. This is not the first time Verizon data has been exposed in this manner.
Notorious Android malware that will drain your bank account discovered on Google app store
After this pre-set delay, the new BankBot Trojan demanded the victim accept a screen prompt to enable a mysterious function called “Google Service” – only escapable by clicking OK. Now, the evolved strain is able to abuse Google’s legitimate “Accessibility Services” and better hide in smartphones and tablets. Experts from Eset, a Slovakian security company, said this week (25 September) that the Trojan – which aims to steal credit card details – had been spotted using a number of “new tricks” that move away from posing as banking apps in favour of targeting Google Play itself. This time, however, it targeted Google Play by overlaying the real app with a form which asked unwitting users to enter financial details to continue using the service. An notorious Android Trojan known as “BankBot” was recently discovered posing as a gaming application on the Google Play Store. Users who downloaded the gaming app would indeed get a functioning product, but after 20 minutes (a method of evading Google’s anti-malware scans) it would turn nasty. Prior BankBot versions found in the wild would mirror popular banking applications in the hope that victims wouldn’t realise, and enter their account passwords. They would then be able to install other apps, launch the Trojan and intercept messages. If the user activated the malicious service, which was not affiliated with Google, the hacker would essentially be granted access to a slew of invasive permissions. Before being booted from the marketplace by Google, the Trojan had been downloaded up to 5,000 times.
Madhya Pradesh Cricket Association website hacked
As India and Australia square-off in the third ODI at Indore, the website of the Madhya Pradesh Cricket Association (MPCA) has been reportedly hacked. According to the PTI, the website http://www.mpcaonline.com after being hacked read, “Nobody can give you freedom, nobody can give you equality or justice, if you are a man, you take it.” The hacker even revealed his identity and wrote a message on the wall, “Hello Admin, your website is zero percent secure, patch it or I will be back there. Don’t hate me, hate your security.” On Saturday when the indianexpress.com checked the website a message popped up saying, “Hacked By Mr.Bumblebee . **** You Admin .” However, on Saturday when the indianexpress.com checked the website a message popped up saying, “Hacked by Mr.Bumblebee. **** You Admin. While police are yet to receive any complaint and lodge a subsequent investigation, Chief Executive Officer of MPCA denied any reports of hacking. It may be recalled here that this is not the first time that a website of a sports organisation is being hacked. A few months back the website of The All India Football Federation (AIFF) was hacked by a group called “Zero Cool”. The hackers also commented on the issue of Kulbhushan Jadhav’s release and deemed it as a payback.
Websites of Ryan International School Hacked
A hacker group, calling themselves as the Kerala Cyber Warriors, says that the websites have been hacked for offering “tribute” to 7-year old child Pradyuman, who has been found dead having his throat slit in Ryan International School washroom of Bhondsi area, Sohna Road, Gurugram on 8th September. ” After this, the hackers also posted one message for Ryan International School management, saying that “citizens of India demands (sic) justice for the innocent soul Pradyuman Thakur, who lost his life due to your security negligence. Four websites were hacked by the group: ryaninternationalschools. On Wednesday, many websites connected to the Ryan International group were hacked. org (of Ryan International School), ryaninternational. intoday posted on September 13th, 2017, stating the hackers as saying that the Ryan school are also unsuccessful in checking their employees background. tv (website of Ryan TV) and ryanglobalschools. The group also posted one photograph of Pradyuman with one message stating “you may be gone but you will never be forgotten. in managed to collect screenshots of the homepage displaying the photo of 7-year-old Pradyuman along with a message to the management of Ryan. “The hackers started tribute by saying “You [Pradyuman] may be gone, but you will never be forgotten.
What’s causing so many data breaches and leaks? 7% of all Amazon S3 servers exposed online
In order to avoid falling victim to potential leaks and breaches, it is highly recommended that organisations using Amazon cloud servers ensure that their S3 buckets are properly secured. In fact, there have been several accidental data leaks in 2017 which has led thousands of users’ personal and sensitive data being exposed online. For instance, in 2017 alone, data belonging to Time Warner Cable, Wells Fargo, Viacom and others were leaked due to misconfigured Amazon servers. “It is when an employee of a big organisation or inaccurate subcontractor uses his own bucket to store a company’s data, just to ease the access to the important files from a remote environment, and forgets about publicly-configured storage. The past few years have seen an alarming rise in data breaches and leaks affecting numerous international organisations. “Apart from the threat of exposing customers’ data or backup server dumps with access credentials stored in the corporate cloud, there is another danger that we’ve seen with the latest incident reports,” Diachenko added. Researchers at Kromtech have compiled a simple guide to help organisations configure and protect S3 buckets. Recently, data of over 500,000 car tracking devices was also exposed by a firm, resulting in users’ sensitive information such as drivers licences exposed. When asked about what might be the likely causes of so many organisations not taking proper measures to secure their servers that store sensitive user data, Kromtech security researcher Bob Diachenko told IBTimes UK, “In most of the cases the reason is simple – sometimes you don’t have enough time to properly configure the devices and services you use. Some of the most severe data leaks this year were linked to misconfigured Amazon S3 servers, indicating that insecure or unprotected S3 buckets could be one of the causes of the increasing number of breaches.”
Equifax hack: 2.5 million more consumers may be affected by historic breach than initially believed
With regards to UK consumers impacted by the breach, the company said it is “continuing discussions with regulators in the United Kingdom regarding the scope of the company’s consumer notifications as the analysis of the completed forensic investigation is completed. “I was advised Sunday that the analysis of the number of consumers potentially impacted by the cybersecurity incident has been completed, and I directed that the results be promptly released,” newly appointed interim CEO, Paulino do Rego Barros, Jr said. The credit reporting firm revealed in September that hackers swiped a trove of valuable data of millions of consumers in July including names, social security numbers, dates of birth, addresses, credit card numbers and other information. “I want to apologise again to all impacted consumers,” Barros said. The company has also come under fire after it was revealed that three executives sold almost $2m worth of company stock just days after the company found out about the attack, but before it was publicly disclosed. Equifax also noted that while it initially disclosed that data of about 100,000 Canadians may have been compromised in the breach, it has now revised that number to about 8,000 potential Canadian victims. 5 million more US consumers were potentially impacted by the massive breach. Mandiant, a cybersecurity firm retained by Equifax to investigate the breach, found that 2. “Following the disclosure, Equifax has drawn fierce criticism from consumers and lawmakers. The company has since been slapped with a number of lawsuits and is facing probes from multiple US states, Congress and the Justice Department.
ZNIU Android malware is the first to use Dirty Cow Linux exploit and has infected over 5,000 users
Researchers say that ZNIU carrying malicious apps leveraging the Dirty Cow exploit help hackers override system restrictions to plant a backdoor and in turn provide attackers with the opportunity to remotely access infected devices in the future. ZNIU is now the first in-the-wild Android malware to use the Dirty Cow exploit, which comes with backdoor capabilities and allows hackers to root Android devices. In this stage of the attack, the malware harvests user information and communicates with the carrier via SMS to allow hackers to pose as the infected device’s owner. Once the transaction is complete, the malware deletes the SMS messages from the infected device, leaving no trace of the hackers’ efforts to steal money. “Since ZNIU attacks appear to be ongoing, it is important that users take steps to remain safe from the malware. Android users are now under threat of being infected by a malware which leverages a major Linux vulnerability that was first publicly disclosed last year. The malware’s second-stage attack is currently only targeting Android users subscribed to Chinese carriers. ZNIU is being spread via over 1,200 malicious Android apps, which have been disguised as gaming and porn apps. Users are recommended not to download and install apps from third-party sites, instead stick to apps already available on the official Google Play store. The malware has already infected over 5,000 users across the globe.
New era for ATM heists as hackers use malware to steal from machines remotely
“In the past, banks might have thought that network segregation was enough to keep their ATM networks safe from cyber crooks. A report released this week (26 August) by EU law enforcement agency Europol and cybersecurity firm Trend Micro analysed recent attacks against ATMs and concluded that criminals are now moving away from traditional heists in favour of network-focused hacks”The cat is out of the bag,” the report warned. In other cases, hackers can use phishing emails directed at bank employees to access the network, which can help them uncover private details about cash machines. Instead, hackers are infiltrating banks’ corporate networks using targeted email phishing to gain unprecedented access to customers’ money. Indeed, only last year, ATM hacks in Taiwan –allegedly the work of an Eastern European gang – netted a massive $2m. “We can gather that the use of ATM malware is becoming more commonplace, with cybercriminals constantly improving their attack methods in hopes of remaining undetected and unapprehended. Trend Micro noted that network infections require more technical skill than traditional attacks, but found that cybercriminals are learning quickly. Thailand’s Government Savings Bank (GSB) was forced to shut down half of its ATMs after hackers compromised roughly 12 million baht (£260,000, $350,000. Cybercriminals are increasingly using advanced hacking techniques to infiltrate cash machines around the world and steal millions, experts have warned. “ATM malware attacks in various parts of the world continue to make headlines and cause significant costs to the financial industry,” said Trend Micro researcher Martin Roesler.