Data Security News Headlines 26th July, 2016

  1. Union Bank reports cyber breach on offshore account

NEW DELHI: State-owned Union Bank today said it has successfully averted an attempted cyber theft in its USD Nostro account and there has been no loss. “There was an attempted cyber incidence in USD Nostro account of the bank. The money trail was promptly traced and movement of funds blocked. Resultantly, there is no loss caused to the Bank,” the bank said in a regulatory filing. Union Bank further said a cyber-security forensic audit has been initiated to identify, plug any gaps and strengthen the system. “There is no impact on the bank’s operations. All authorities concerned have been kept informed,” it added.

Cyber Security Tips:  All employees need to aware about it, Avoid to open spam mails, and Union bank need to improve their security.

  1. Online portal directed to pay Rs 39,000 to man for deficiency in services

CHENNAI: Providing succor to a city resident who was taken for a ride by an online service provider rendering service of providing job resumes to people seeking employment, a consumer forum in Chennai has directed it to pay around Rs 39,000 for deficiency in services. According to H Ravikanth of Egmore, he received a call from the executive of Click 2 Resume Services Pvt Ltd of New Delhi/Noida saying he would receive several job openings after subscribing to their services—resume services, resume verification service, power service and power resume services (all services for job openings). So, he visited the online web portal of the company and paid an amount of Rs 31,768 through his debit card in the city on September 23, 2013. The same day the company asked Ravikanth to pay more money. So, he cancelled the subscription and asked the portal to refund the money. A bench of president B Ramalingam along with members, K Amala and T Paul Rajasekaran said the bank statement clearly showed Ravikanth had made payment to the online portal. But, as they demanded further payment, he cancelled the subscription. Despite assuring to refund the money within 21 days, the company reneged on its words.

Cyber Security Tips:   Avoid to trust on unknown for paying money, do not pay money until you got service.

  1. Clash of Kings forum hacked, 1.6 million users’ details leaked

NEW DELHI: Cybercriminals have reportedly hacked into the forum of the popular strategic mobile video game Clash of Kings, and stole account details of some 1.6 million users. The hacker has shared the database with data mining company Leaked Source. During the hack, which is said to have taken place on July 14, the attackers got access to users’ email addresses, IP addresses (which can reveal a user’s location), and even their Facebook information. The hacker reportedly claimed that he was able to easily break into the Clash of King’s official forum. The group also found a loophole in the forum’s software, as it was using an old version of vBulletin (dating back to 2013). The version is said to be vulnerable to several security breaches, something which hackers can easily use to their advantage. The ZDnet report cited one of the Leaked Source members saying that the hacker used a technique called “Google dorking” to find out websites running potentially vulnerable software. The “Clash of Kings” forum appeared in top results during the search. The company executives have so far not commented anything on the matter.

Cybersecurity Tips:  Clash of king need to patch vulnerability immediately, to prevent from DDos attack filter request.

  1. PornHub pays hackers $20,000 to find zero-day flaws in its website

PornHub launched its bug bounty program two months ago to encourage hackers and bug bounty hunters to find and responsibly report flaws in its services and get rewarded. PornHub has paid $20,000 bug bounty to a team of three researchers, who gained Remote Code Execution (RCE) capability on its servers using a zero-day vulnerability in PHP – the programming language that powers PornHub’s website. The team of three researchers, Dario Weißer (@haxonaut), cutz and Ruslan Habalov (@evonide), discovered two use-after-free vulnerabilities (CVE-2016-5771/CVE-2016-5773) in PHP’s garbage collection algorithm when it interacts with other PHP objects. One of those is PHP’s unserialize function on the website that handles data uploaded by users, like hot pictures, on multiple paths. This zero-day flaw let the researchers reveal the address of the server’s POST data, allowing them to craft a malicious payload and thereby executing rogue code on PornHub’s server. The hack was complicated and required a massive amount of work that granted a “nice view of Pornhub’s /etc/passwd file,” allowing the team to execute commands and make PHP run malicious syscalls.

The hack could have allowed the team to drop all PornHub data including user information, track its users and observe behavior, disclose all source code of co-hosted websites, pivot deeper into the network and gain root privileges.

Cyber Security Tips: To prevent from such vulnerability use secure coding, vulnerability assessment, input validation, access control mechanism, directory permission.

  1. Europol and IT security companies team up to combat Ransomware thread

The Dutch National law enforcement agency Europol has joined forces with police and cyber security companies to launch a worldwide initiative to combat and tackle together the exponential growth of Ransomware used by cyber criminals. Europol announced today the initiative, dubbed NO More Ransom, that has been backed by technology giant Intel, cyber security firm Kaspersky Lab and the Netherlands police, aiming at decreasing an “exponential” rise in Ransomware threat. This No More Ransom initiative informs the public about the dangers of Ransomware threat, how to avoid falling victim to it and how to recover data without paying money to cyber-criminals if a person or company falls for one. The new No More Ransom online portal provides users with downloadable tools that may help decrypt computers affected by Ransomware attacks.

Cyber Security Tips: keep your software up-to-date, use a reputed antivirus solution, and trust no one while opening any email or message attachments

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: