Data Security News Headlines 3rd August, 2016

  1. Hacker selling 200 million yahoo accounts on dark web

Hardly a day goes without headlines about any significant data breach. In the past few months, over 1 Billion account credentials from popular social network sites, including LinkedIn, Tumblr, Myspace and VK.com were exposed on the Internet. Now, the same hacker who was responsible for selling data dumps for LinkedIn, MySpace, Tumblr and VK.com is now selling what is said to be the login information of 200 Million Yahoo! users on the Dark Web. The hacker, who goes by the pseudonym “Peace” or “peace_of_mind,” has uploaded 200 Million Yahoo! credentials up for sale on an underground marketplace called The Real Deal for 3 Bitcoins (US$1,824). Yahoo! admitted the company was “aware” of the potential leak, but did not confirm the authenticity of the data. The leaked database includes usernames, MD5-hashed passwords and date of births from 200 Million Yahoo! Users. In some cases, there is also the backup email addresses used for the account, country of origin, as well as the ZIP codes for United States users.

Cyber Security Tips: Immediately change your yahoo password, use strong password, use two way authentication.

  1. Beware! Advertisers are tracking you via phone’s battery status

Two security researchers, Steve Engelhard and Arvind Narayanan, from Princeton University, have published a paper describing how phone’s battery status has already been used to track users across different websites. The issue is due to the Battery Status API. The battery status API was first introduced in HTML5 and had already shipped in browsers including Firefox, Chrome, and Opera by August last year. The API is intended to allow site owners to see the percentage of battery life left on a laptop, tablet, or smartphone in an effort to deliver an energy-efficient version of their sites. The researchers found that a combination of battery life loss in seconds and battery life as a percentage offers 14 Million different combinations, potentially providing a pseudo-unique identifier for each device that can be used to pinpoint specific devices between sites they visit.

Cyber Security Tips: Avoid to use third party battery app, use good antivirus, and avoid to click on any advertise

  1. Android will alert you when a new device logs in your google account

Google has rolled out a new feature for Android users to keep its users account more secure: Native Android Push Notification when a new device accesses your Google account. Google has already been offering email notification for newly added devices, but since people usually ignore emails, the tech giant will now send a push notification to your device screen, giving you a chance to change your password immediately before an intruder gets in. So, from now on, when a new device is added to your Google account, or, in other words, when a new device accesses your account, you will receive a push notification on your current Android device, asking: “Did you just sign in?” If yes, you can just ignore the notification. But if the activity appears suspicious, you just have to tap the “Review account activity” button to know about the details of the new device. You can immediately change your password and add two-factor authorization (2FA) if you are worried someone else has accessed your account.

  1. Telegram messaging accounts compromised by Iranian hackers – researchers

Iranian hackers have compromised more than a dozen accounts on the Telegram instant messaging service and identified the phone numbers of 15 million Iranian users, the largest known breach of the encrypted communications system, cyber researchers told Reuters. The attacks, which took place this year and have not been previously reported, jeopardized the communications of activists, journalists and other people in sensitive positions in Iran, where Telegram is used by some 20 million people, said independent cyber researcher Collin Anderson and Amnesty International technologist Claudio Guarnieri, who have been studying Iranian hacking groups for three years. Telegram’s vulnerability, according to Anderson and Guarnieri, lies in its use of SMS text messages to activate new devices. When users want to log on to Telegram from a new phone, the company sends them authorization codes via SMS, which can be intercepted by the phone company and shared with the hackers, the researchers said.

Cyber Security Tips: Secure your telegram account with strong passwords.

  1. Delhi HC orders blocking of 73 ‘rogue websites

NEW DELHI: The Delhi High Court has ordered blocking of 73 “rogue websites” which indulged in “rank piracy”, saying mere blocking of the uniform resource locator (URL) was not sufficient as it could be easily changed. A bench of justices Pradeep Nandrajog and A K Pathak also said that to “block the website as a whole is justified” as these were illegally streaming “pirated” videos. “The respondent (Star India Pvt Ltd) has placed enough material in the suit to show that the rogue websites are indulging in rank piracy and, thus prima-facie the stringent measure to block the website as a whole is justified because blocking a URL may not suffice due to the ease with which a URL can be changed, and as noted above, the number of URLs of the rogue websites range between 2 to 2026 and cumulatively would be approximately 20,000.”On the issue of whether the appellant could be directed to ensure compliance with the blocking order directed against the service providers, it is suffice to state that it is the duty of the government, its instrumentalities and agencies to assist in the enforcement of orders passed by the courts,” the bench added.

  1. Hacker group targets billionaire Czech minister’s company websites

PRAGUE: The Anonymous hackers’ group briefly shut down company websites of billionaire Czech Finance Minister Andrej Babis’s food and Agriculture Empire in protest at a law giving the state the power to close illegal gambling sites. Babis, the country’s second-richest man, founded a political movement that stormed to power in 2013. But his businesses have left him exposed to criticism of potential conflicts of interest, and hackers have now also taken aim at his companies. Lupa.cz, a private news agency, reported that Czech hackers from Anonymous shut down the websites of Babis’s holding company Agrofert and bakery group Penam for a short period on Monday evening. “On the issue of whether the appellant could be directed to ensure compliance with the blocking order directed against the service providers, it is suffice to state that it is the duty of the government, its instrumentalities and agencies to assist in the enforcement of orders passed by the courts,” the bench added.

Cyber Security Tips: Secure website with secure code review, monitor website, Check vulnerability assessment.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: