OurMine leaks 3.12TB of Vevo files
OurMine announced today that it has leaked 3.12TB of Vevo files which people can access on the web. The files are available to be viewed via the OurMine website and can be downloaded too. The hacking group decided to leak the information after a Vevo employee supposedly told the group to “F**k off” after it informed the company it had the files. A Vevo spokesperson told IT Pro: “We can confirm that Vevo experienced a data breach as a result of a phishing scam via Linkedin. We have addressed the issue and are investigating the extent of exposure. According to Gizmodo, the hacked files include a number of office documents, videos and other promotional materials. Some of the material was sensitive, for example the code to disabling the alarm at Vevo’s UK office. The files are split into six different links and are have titles such as “Premieres”, “VEVO CC&P” and “VEVO UK”.Vevo is a music video and entertainment platform that has around 250,000 videos from artists like Katy Perry, P!nk and Taylor Swift. It is a joint venture between Sony, Warner Music and Universal Music and Alphabet is one of its shareholders. In August, OurMine took over HBO’s social media accounts and posted: “Hi, OurMine are here, we are just testing your security, HBO teams please contact us to upgrade the security – ourmine .org -> Contact”.The group also ‘hacked’ Wikileaks at the start of September where it changed the website’s homepage. It wrote: “Hi, it’s OurMine,” the message read. “Don’t worry we are just testing your… blablablab [sic], Oh wait, this is not a security test! Wikileaks, remember when you challenged us to hack you?”
Malicious WordPress plugin installed backdoor on thousands of websites
Hackers have used a WordPress plugin to install backdoors on up to 200,000 websites, allowng spam to be uploaded onto unsuspecting websites. “The authors of the plugin are actively maintaining their malicious code, switching between sources for spam and working to obfuscate (hide) the domain they are fetching spam from,” said Maunder. This code allowed the plugin author to post new content to any website running the plugin, to a URL of their choosing. In other words, site owners would not see the malicious content. The firm said that the last three releases of the plugin have contained code that allows the author to publish any content on an affected site. “The authors of this plugin have been using the backdoor to publish spam content to sites running their plugin. According to research carried out by IT security firm WordFence, the plugin, known as Display Widgets, should be removed immediately by website owners. He included a link to Google results that had indexed the spam and said the malicious code is in geolocation. David Law again contacted the plugin team and let them know that the plugin is logging visits to each website to an external server, which has privacy implications,” said Maunder. It was on 23 July when a user, by the name of Calvin Ngan opened a Trac ticket reporting that Display Widgets was injecting spammy content into his website.
ExpensiveWall malware running big bills for Android users
Google’s Chrome browser will start labelling insecure FTP sites
Google employee and Chrome security team member Mike West said that Google would label resources delivered over the FTP protocol as “Not secure”, beginning in Chrome 63 (sometime around December, 2017. As such, it would appear that branding FTP transfers as insecure will not have an enormous affect on the use of FTP, however, for companies still using the rather ancient technique, the labeling could serve as a means to promote them to upgrade and update thier IT infastructure and processes. In addition to not being a secure transport, it’s also additional attack surface, and it currently runs in the browser process,” said Chris Palmer, another member of the Chrome security team. Unencrypted FTP transfers will soon be labelled as insecure in Google Chrome, the search giant has announced. 0026% of top-level navigations over the last month, and the real risk to users presented by non-secure transport, labelling it as such seems appropriate,” he said. “Because FTP usage is so low, we’ve thrown around the idea of removing FTP support entirely over the years. According to a posting on the Chromium Google Groups forum, the move forms part of the firm’s “ongoing effort to accurately communicate the transport security status of a given page”. “We didn’t include FTP in our original plan, but unfortunately its security properties are actually marginally worse than HTTP (delivered in plaintext without the potential of an HSTS-like upgrade. It can be secured with SSL/TLS (this is FTPS), but many browsers do not support this. He encouraged developers to follow the example of the linux kernel archives by migrating public-facing downloads (especially executables) from FTP to HTTPS.
CCleaner software hacked to spread ‘backdoor’ malware to more than 2 million people
CCleaner is maintained by British company Piriform, which was purchased in July this year by security and technology company Avast. “Given the potential damage that could be caused by a network of infected computers even a tiny fraction of this size we decided to move quickly,” Talos researchers wrote in a blog post, revealing that they urgently informed Avast of its findings on 13 September. According to a cybersecurity division of Cisco known as Talos, the impact of an attack could have been severe “given the extremely high number of systems possibly affected. Researchers from Talos said Monday that until 12 September this year, when a new version was released, it was being packaged alongside a malicious copy. The booby-trapped version was signed using a valid security certificate that was issued to Piriform by Symantec, which researchers found was valid through to 10/10/2018. “By exploiting the trust relationship between software vendors and the users of their software, attackers can benefit from users’ inherent trust in the files. The Talos team wrote in an in-depth research analysis: “In reviewing the version history page on the CCleaner download site, it appears that the affected version (5. “CCleaner, marketed as the “number-one tool for cleaning your PC” boasted at least 2 billion downloads by November of 2016 with a growth rate of five million additional users per week. CCleaner, a piece of internet security software with more than two billion downloads, was recently hijacked to distribute backdoor malware to more than 2 million unsuspecting victims. The company’s press team said that, if infected, hackers could use the exploit to steal sensitive data and/or credentials which could be used for internet banking or other online activities.
Malicious WordPress plugin used to hijack more than 200,000 websites
“The authors of this plugin [Display Widgets] have been using the backdoor to publish spam content to sites running their plugin. As the malicious code did not allow any user who was logged in to see content, owners of sites infected with this update could not see what new content had been posted on their site, Maunder said. A WordPress plugin called Display Widgets has been found to contain a backdoor that could allow hackers to access what is posted on the site and modify content on infected pages. Security experts recommend that website owners who use the Display Widgets plugin uninstall it at the earliest. 3, was released by the plugin’s operators and a WordPress forum had picked up on this and created a report that Display Widgets had injected spam into their websites. Later in the month, a user complained that Display Widgets had been spamming his site. “The authors of the plugin are actively maintaining their malicious code, switching between sources for spam and working to obfuscate the domain they are fetching spam from,” said Maunder. This contained a malicious code that allowed authors of the plugin to post any content that they wanted on the host site to a URL of their choice. 0 was released by the new owners, which contained code that could download data from users’ servers, notes WordFence. Display Widgets was first created as an open-source plugin, but was reported to have been sold off to a third party in June this year.
The Pirate Bay caught hijacking your computer to secretly mine cryptocurrencies
Hackers are now using ‘rotating’ ransomware that could infect your computer twice
Between 4-5 September this year, Trend Micro was forced to block more than 290,000 spam emails that were being spewed out to dozens of countries including the US, China and Germany. In a report, published 18 September, researchers from Japanese security company Trend Micro said that recent campaigns have impacted up to 70 countries. “Since Locky and FakeGlobe are being pushed alternately, files can be re-encrypted with a different ransomware. A total of 185 different countries were involved in spreading these two samples, which gives us an idea of the distribution channel’s size,” Trend Micro said after analysing multiple malware samples, adding that evidence indicated both strains were sent from the same source. Hackers are packing new spam campaigns with “rotating” ransomware strains which could leave victims having to pay twice, security experts have warned. In one spam email campaign in early September, both strains were being distributed however the payload was intentionally programmed to change regularly. Two strains, known as Locky and FakeGlobe, are currently being doubled up to cause maximum damage. FakeGlobe surfaced in June this year and was posing in fake invoices. As a result, clicking on a booby-trapped link would deliver Locky one hour and then FakeGlobe the next. Upon analysis, Trend Micro concluded that this tactic made “re-infection” a very real possibility.
Rajnath reviews cyber security preparedness
Representatives from various agencies made presentations and apprised the Home Minister of the current trends in financial cyber-crimes in the country, and the steps being taken by their agencies to address this challenge, a Home Ministry spokesperson said. Home Minister Rajnath Singh reviewed the preparedness of agencies to check financial cyber-crimes. “It has been decided to expedite the implementation of cybercrime prevention initiatives in these agencies towards this end along with measures required to acquire critical cyber forensics equipment,” the official said. Concerned agencies and representatives of certain States highlighted the steps being taken to arrest the growing trend of cyber-crime in the financial sector. Capacity building of various stakeholders such as police officers, judicial officers, forensic scientists as well as officials in the banking sector has been identified as a key measure, the official added. As per the information reported to and tracked by Indian Computer Emergency Response Team (CERT-In), a total number of 44,679, 49,455 and 50,362 cyber security incidents were observed during 2014, 2015 and 2016. The issue came up at a high-level meeting where the strategies being adopted to check financial cyber-crimes were discussed in detail. The types of cyber security incidents included phishing, scanning/probing, website intrusions and defacements, virus/malicious code and denial of service attacks. As many as 1, 44,496 cyber security attacks were observed in the country in last three years. It was noted that both legal and technological steps need to be taken to address this situation.
India’s Transition To Digital Has Caused A Spike In Cyber Attacks, But They Can Be Fought
Recently, the Technology Development Board and Data Security Council of India (DSCI) jointly decided to promote cybersecurity startups in India. At an ASSOCHAM cyber security conference in New Delhi, India’s union minister for IT & electronics and law & justice Ravi Shankar Prasad said that the government has sought data security protocol details from several smartphone manufacturers – many of them Chinese – insisting that mobile manufacturing units be security-compliant. S and its aftermath has forced data-rich companies and startups in India to closely review their security protocols, scrutinize potential cyber threats closely and deploy methods that can mitigate growing risks. As consumer data drives India’s startups, data protection has assumed a key role. At the Interpol World 2017 conference in Singapore, Russian cyber security major Kaspersky indicated that India remains highly susceptible to cyberattacks, spurred by the country’s rapid migration to digital services. Why India Is A Hotbed For Cyber Attacks? Based on findings by App Annie, India surpassed the U. The Indian Computer Emergency Response Team (CERT-In) stated that until June 2017 alone, India witnessed more than 27,000 cyber security threats. Aseem Ahmed, senior product manager, cloud security, APAC, Akamai, says, “The sophistication of cyberattacks is increasing. The Indian government has also been aggressively addressing the rising prevalence of cyber threats. NASSCOM and DSCI Cybersecurity Task Force have also launched a roadmap to develop the cybersecurity ecosystem to $35 USD billion by 2025.