Data Security News Headlines 12th July, 2016

  1. Beware, hackers using Pokémon GO to hijack your smartphone.

Nintendo’s all-new augmented reality (AR) game Pokémon GO is a huge hit. So much so that it has crumbled developer Niantic’s servers. The game is officially available in US, Australia and New Zealand, while fans in other parts of the world have been downloading and installing apk files to play the game. As it turns out, some of the apk files are now reported to have been infected with malware, giving hackers backdoor entry into users’ smartphones. Some of the third-party apk file hosting websites are said to be packaging the Pokémon GO apk files with malware termed DroidJack or SandroRAT that gives hackers control of the smartphone, claims the Proofpoint researchers. Proofpoint researchers are said to have discovered the exploit.

Impact:-It able to access your contacts, picture, videos, location, modify or delete your SD card , find account on your device, view network access, access Bluetooth setting, read your bookmark and history.

Cyber security Tips: check the app permissions, Download apk from trusted websites, Use antivirus.

  1. Apple iOS 10 Beta 2 locks out users of their Apple IDs

Apple recently made its iOS 10 beta 2 available to general users. Now some users have complained on Reddit that they have been locked out of their Apple ID accounts. The bug is said to be faced by iOS beta 2 users whose Apple IDs are protected by two-step authentication security. Furthermore, after being locked out of their IDs, though users are able to access the option to unlock their accounts, they are not able to go through the process as they are shown “a server error.”Apple Support Twitter handle for help have been told that Apple would not reset their passwords as they are using the two-step verification security.

Cyber Security Tips: To switch off the two-factor authentication till the issue has been resolved, apple needs to check for the bug present in iOS Beta and resolve it.

  1. 105 Nabbed In Malaysia Credit Card Fraud

The Register reported that 105 suspects of credit card fraud were arrested in Asia and Europe after a cybercrime ring was busted by authorities. The investigation spanned two continents and targeted the fraud gang, which was led out of Malaysia and eventually reached 14 countries in Europe. The suspects are accused of using counterfeit credit cards to buy luxury goods, and house searches of the accused resulted in the discovery of 3,000 fraudulent payment cards. During the raid, authorities also found cash, jewelry, cameras and fake passports. The operation to take down the gang, which was overseen by the Romanian National Police and the Directorate for Investigating Organized Crimes and Terrorism (DIICOT), assisted by Europol and Eurojust.The criminals allegedly used a specific type of malware called Tyupkin, which was discovered by Kaspersky Lab and INTERPOL back in 2014. Tyupkin malware is used to infect ATMs and allows attackers to remove money via direct manipulation.

Methodology: The criminals work in two stages. First, they gain physical access to the ATMs and insert a bootable CD to install the Tyupkin malware. After they reboot the system, the infected ATM is now under their control and the malware runs in an infinite loop waiting for a command. To make the scam harder to spot, the Tyupkin malware only accepts commands at specific times on Sunday and Monday nights. During those hours, the attackers are able to steal money from the infected machine.

Cyber Security tips:  Use security in ATM’s, check for cameras, check for third party services and keep eye your bank account statements.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: