Data Security News Headlines 29th July, 2016

  1. Cyber Crime Branch crack down on inter-state email spoofing gang

Mumbai: The Cyber Crime Branch of Mumbai Police has formed different teams to crack down inter-state gang of email spoofing whose four members were arrested recently from City Mall in Andheri. The accused, including Jigar Shah (36), Chintan Shah (34), Chetan Kanaujia (29) and Vishal Jaiswal (30) were arrested for siphoning off Rs. 34 lakh by spoofing the corporate email of an NGO, run by the wife of UTV Software Communications MD Ronnie Screwvala. All the four accused are in police custody till July 30. The Cyber Cells of different states has already contacted Mumbai Crime Branch for their custody. Early this month, the accused had sent an email from an ID bearing the name of the MD to the Chief Financial Officer (CFO) of Screwvala’s firm, asking him to make transfers worth Rs. 34 lakh in two different nationalized bank accounts in Mumbai and Delhi. Though the debit of Rs. 20 lakh was freezed after the intervention of the Cyber Cell, Rs. 14 lakh was successfully siphoned off.

At least 155 debit cards, stamp papers, etc were recovered from their possession during the arrest. “One accused is having at least five accounts with different identity in one bank and there are at least 30-40 such banks including private and nationalized where one accused holds bank accounts with different identity,” said DCP Patil. Police are investigating how the accused procured fake documents to open fake bank accounts.

Cyber Security Tips:  Secure your emails with strong passwords, using two way authentication, keep eye on your bank statements, make sure before transferring amount.

  1. Cost of data breach in India goes up by Rs 9.3 million: Study

BENGALURU: The cost of data breach for companies has gone up from Rs 88 million to Rs 97.3 million in 2016 in India and if they do not opt for top-of-the-line protection now, the companies will bear significant losses in the near future, a new study has revealed. Software giant IBM and US-based Ponemon Institute conducted the study to quantify the losses suffered by enterprises and clients due to cyber-attacks and hacks. The study that examined both direct and indirect costs to companies in dealing with a single data breach incident, found that companies lose up to Rs 3,704 per compromised record and breaches in financial institutions had a per capita cost of Rs 5,544. “Third party involvement in the cause of the data breach increased the average cost to as much as Rs 4, 622,” the study noted.  “While breaches that were identified in less than 100 days cost companies an average of Rs 89.4 million, breaches that were found after the 100 day mark the average cost rose significantly to Rs 105.6 million,” the report added.

Cyber Security Tips: Prevention methods for data breach are protect your information, avoid use of same password for different accounts, reduce transfer of data, scan downloaded files, protect share files, secure transfer, strong password, monitor data leakage, security awareness.

  1. Techie loses Rs 18 lakh in crypto currency

Hyderabad: Cyber-crime sleuths of the Cyberabad police have arrested a Bengaluru-based fraudster for duping a city-based software professional to the tune of Rs 18 lakh by luring him to invest in fake online crypto currency multilevel marketing scheme. On July 11, the victim lodged a complaint with police alleging that he was duped by the agents of ‘3gcoin cryptocurrency’ company, specializing in virtual mining, by making him invest Rs 18 lakh in the company. The company has a website with URL: http://www.3gcoin.eu and the agents told the complainant that if he purchased a ‘3G Coin’ (virtual currency) on the website by investing 30 euros, he would get returns of 180 times in a span of two years. The victim was also told by the agents that if he introduced any new investor, 20% of the investment amount would be given as commission.  The victim was made to pay equivalent amount of 30 euros in Indian currency for registration on the website and then they could purchase as many 3G Coins (each worth 30 euros) as they want. The amount had to be deposited in two bank accounts of ICICI and Axis opened in the name of the dead person, K Nagarajan. “Jagadeesha has been operating both the accounts from Bengaluru and he has about 500 persons working as agents for him. So far, he collected Rs 2.89 crore from victims and he gave most of the amount to agents as commission,” Cyber Crime inspector Md Riyazuddin said.

Cyber Security tips:  To prevent from such a fraud do not trust on scheme, study those product before making deal with party

  1. Using VPN in the UAE? You’ll be fined up to $545,000 if get caught!

If you get caught using a VPN (Virtual Private Network) in Abu Dhabi, Dubai and the broader of United Arab Emirates (UAE), you could face temporary imprisonment and fines of up to $545,000 (~Dhs2 Million). VPNs and proxy servers are being used by many digital activists and protesters, who are living under the most oppressive regimes, to protect their online activity from prying eyes. The UAE President Sheikh Khalifa bin Zayed Al Nahyan has issued new sovereign laws for combating cyber-crimes, which includes a regulation that prohibits anyone, even travelers, in the UAE from using VPNs to secure their web traffic from prying eyes. According to the laws, anyone using a VPN or proxy server can be imprisoned and fined between $136,000 and $545,000 (Dhs500, 000 and Dhs2 Million).

  1. QRLJacking- hacking technique to hijack QA code system based quick login

SQRL, or Secure Quick Response Login, a QR-code-based authentication system that allows users to quickly sign into a website without having to memorize or type in any username or password. QR codes are two-dimensional barcodes that contain a significant amount of information such as a shared key or session cookie. A website that implements QR-code-based authentication system would display a QR code on a computer screen and anyone who wants to log-in would scan that code with a mobile phone app. Once scanned, the site would log the user in without typing in any username or password. Since passwords can be stolen using a key logger, a man-in-the-middle (MitM) attack, or even brute force attack, QR codes have been considered secure as it randomly generates a secret code, which is never revealed to anybody else.

Cyber Security Tips: Protect your browsers cookies with encryption, use app security.

  1. LastPass lets hacker steal all your password

A critical zero-day flaw has been discovered in the popular cloud password manager LastPass that could allow any remote attacker to compromise your account completely. LastPass is a password manager that also available as a browser extension that automatically fills credentials for you. All you need is to remember one master password to unlock all other passwords of your different online accounts, making it much easier for you to use unique passwords for different sites. Google Project Zero Hacker Tavis Ormandy discovered several security issues in the software that allowed him to steal passwords stored with LastPass. Once compromise a victim’s LastPass account, hackers would be able to access a treasure trove of passwords for victim’s other online services. Since LastPass is working on a fix to the zero-day vulnerability, technical details about the issues have not been disclosed by the researcher.

Cyber Security Tips: Immediately update your LastPass, Avoid to use LastPass browser extension

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: