Yahoo confirms ‘state-sponsored’ hackers stole personal data from 500m accounts: Hackers stole the personal data associated with at least 500m Yahoo accounts, the company confirmed last week. Details including names, passwords, email addresses, phone numbers and security questions were taken from the company’s network in late 2014 by what was believed to be a state-sponsored hacking group. The company is investigating the breach with law enforcement but currently believes that credit card or bank details were not included in the stolen data. To avoid password reuse attack, avoid using the same password across all accounts. “Mega-Breaches” revealed in recent months, include LinkedIn, MySpace, VK.com, Tumblr, and Dropbox.
Hacker who helped ISIS to build ‘Hit List’ of US military personnel jailed for 20 years: A computer hacker who allegedly helped the terrorist organization ISIS by handing over data for 1,351 US government and military personnel has been sentenced to 20 years in a U.S. prison. The 21-year-old ISIS-linked hacker obtained the data by hacking into the US web hosting company’s servers in 2015. The stolen data contains personally identifiable information (PII), which includes names, email addresses, passwords, locations and phone numbers of US military service members and government workers.
Tesla car hacked by Chinese security firm from 19km away using ‘malicious’ wi-fi hotspot: A Chinese security team has hacked into a Tesla car driving on autopilot from a distance of 19km (12 Miles). The team was able to remotely control the vehicle’s brakes, dashboard computer, side mirrors and door locks in both “parking and driving mode”. In a video posted to YouTube, the hackers demonstrate the remote operation of the car in a carpark at low speeds “for safety”. Tesla has confirmed the hack and has already deployed an over-the-air software update that addresses the potential security issues. Last year, there was similar demo of the Jeep hack.
Beware — Someone is dropping Malware-infected USB Sticks into People’s Letterbox: Australia’s Victoria Police Force has issued a warning regarding unmarked USB flash drives containing harmful malware being dropped inside random people’s letterboxes in a Melbourne suburb. It seems to be one of the latest tactics of cyber criminals to target people by dropping malware-laden USB sticks into their mailboxes, in the hope unsuspecting users will plug the infected devices into their personal or home computers. So, next time when you find any USB drive or receive it in the post, show more caution and make sure you don’t plug it into your laptop or computer.
iPhone 7 and iOS 10 jailbreak is possible: It has only been a few days since the launch of Apple’s brand new iPhone 7 and iPhone 7 Plus, but it appears that the new iPhone has already been jailbroken. Jailbreaking a smartphone removes certain restrictions put on the device by its manufacturer, giving root access to the depths of the iOS system itself. This then allows the user to download and install apps, extensions and themes than are not typically available through the iOS App Store. Apple is already beta testing the patch to address this issue- in iOS 10.1.
Apple weakens iOS 10 backup encryption: Apple has downgraded the hashing algorithm for iOS 10, potentially allowing attackers to brute-force the password via a standard desktop computer processor. This weakness is centered around local password-protected iTunes backups. With iOS 10, it’s possible for an attacker to brute force the password for a user’s local backup 2,500 times faster than was possible on iOS 9, using a computer with an Intel Core i5 CPU. However, an obvious limitation to this attack is that it can’t be performed remotely.
Critical DoS flaw found in OpenSSL: OpenSSL is a widely used in several websites and other secure services, Over a dozen vulnerabilities in its cryptographic code library, including a high severity bug that can be exploited for denial-of-service (DoS) attacks, have been found. The vulnerabilities exist in OpenSSL versions 1.0.1, 1.0.2 and 1.1.0. The OpenSSL Foundation has patched all these vulnerabilities. If you are using these versions on your website – it is time to patch. In Issue 63, we discussed – “High-severity openSSL vulnerability allows hackers to decrypt HTTPS traffic.”
Probe of leaked U.S. NSA hacking tools examines operative’s ‘mistake’: In Issue 78, we discussed NSA’s hacking group getting hacked. Last week, A U.S. investigation has found that NSA itself was not directly hacked, but a former NSA employee carelessly left those hacking tools on a remote server three years ago after an operation and a group of hackers found them. The leaked hacking tools, which enable hackers to exploit vulnerabilities in systems from big vendors like Cisco Systems, Juniper, and Fortinet, were dumped publicly online. The vendors confirmed the authenticity of these exploits and patched them.
RBI says banks must report all cyber-attacks: The Reserve Bank of India has issued an ultimatum to Indian banks on cybercrimes, asking them to immediately report any breach of security so that the overall network is not compromised. The tough stance follows the reluctance of some banks to report such frauds in order to avoid negative publicity. The banking regulator has set a deadline of March 31, 2017, for banks to put in place a mechanism to report cyber-attacks immediately.
Hackers publish apparent scan of Michelle Obama’s passport: The White House says it is investigating a “cyber breach” after what appeared to be a scan of Michelle Obama’s passport, was published online. The scan appeared to have been taken from a Gmail account belonging to a White House employee, a spokesman said. Other confidential information was published online, including travel details, names, social security numbers and birth dates of members of staff. The White House said it had not yet verified the documents. DCLeaks[.]com, a hacker group which last week published personal emails from an account belonging to former US Secretary of State Colin Powell’s emails, claimed responsibility for the hack.