Data Security News Headlines 8th July, 2016

  1. Nine arrested for leak of Great Grand Masti.

After online leak of Bollywood movie Udta Punjab, another upcoming film Great Grand Masti was found to be leaked online in the national capital on Wednesday. In a major crackdown, crime branch unit of Delhi police conducted raids at various markets across Delhi and arrested nine shopkeepers for the illegal trade. A total of 355 pirated DVDs of the movie, eight computers and laptops contained copies of some recently leaked movies, pornographic movies and clips, and other incriminating materials were seized from them.Interrogation of the arrested persons revealed that they had been uploading unreleased movies from certain websites and copying them in their computers and laptops. Further, they used to sell pirated copies of such films to their customers through CDs and pen drives in lieu of money, ranging between Rs 10 to Rs 50 for each copy, said a senior police office

  1. Code reuse exposes over 120 D-Link devices models to hacking.

Vulnerability in a service shared by many D-Link products allows attackers to take over cameras, routers and other devices. A recently discovered vulnerability in a D-Link network camera that allows attackers to remotely take over the device also exists in more than 120 other D-Link products The flaw, a stack overflow, is located in a firmware service called DCP which listens to commands on port 5978. Attackers can trigger the overflow by sending specifically crafted commands and then can execute rogue code on the system. The senior researchers used the flaw to silently change the administrator password for the Web-based management interface, but it could also be used to install malware on the device.

Cyber security tips: To d-link are secure code review, vulnerability assessment, disable unnecessary services, Input validation, and use web application firewall, for the user use the firewall, antivirus.

  1. Flaw allows attacker to remotely temper with BMW’s In-Car infotainment system.

Recently, security researcher Benjamin Kunz Mejri have disclosed zero-day vulnerabilities that reside the official BMW web domain and Connected Drive portal and the worst part: the vulnerabilities remain unpatched and open for hacked. Benjamin from Vulnerability-Labs has discovered both the vulnerabilities, first vulnerability is Vehicle Identification Number session vulnerability which resides in the official BMW Connected Drive online service web-application and another is Client side cross-site scripting vulnerability that resides in the official BMW online service web-application in the password reset the token system.Successful exploitation of the security flaw allows a remote attacker to inject malicious script codes into the affected module, potentially resulting in session hijacking, phishing attacks, redirecting users to malicious source, and manipulation of affected or connected application modules.

Cyber security tips: immediately path the vulnerabilities, scan for more vulnerabilities, and use web application firewall to detect web application attacks, check for input, and secure code review.

  1. Bulgarian Parliament has passes law that mandates government software must be open source

Bulgarian Parliament has passed legislative amendments to its Electronic Governance Act that requires all software written for the country’s government to be fully open-sourced and developed in the public repository. This means that source code of software developed for the Bulgarian government would be accessible to everyone and provided free for use without limitations.However, criminal mind people could also use the flaws for malicious purpose rather than reporting it to the government. With the new amendments, Bulgaria becomes the first country to make a law out of open source governance, and we hope that other nations follow this suit.

  1. New hacking software poses threat to bank accounts.

The police’s Cyber Crime Unit has issued a warning against malicious software that hacks bank account passwords and codes. The software is reportedly tailored to mobile devices such as smartphones, tablets etc. and functions using the so-called SMS phishing system – whereby data is stolen when unsuspecting victims click on a URL link they receive in an SMS the software has already been reported in countries across Europe.

Cyber security tips: To prevent your account avoid payments from any untrusted apps, use antivirus in your mobile, check for sms and notification while accessing, make sure while sharing any details related to your bank account.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: