- Over 1 Billion mobile app accounts are vulnerable because of a simple hack
Most of the popular mobile apps that support single sign-on (SSO) service have insecurely implemented OAuth 2.0. OAuth 2.0 is an open standard for authorization that allows users to sign in for other third-party services by verifying existing identity of their Google, Facebook, or Chinese firm Sina accounts. When a user logs into a third party app via OAuth, the app checks with the ID provider that it has correct authentication details. If it does, OAuth will have an ‘Access Token’ which is then issued to the server of that mobile app. So instead of verifying OAuth information (Access Token) attached to the user’s authentication information to validate if the user and ID provider are linked, the app server would only check for user ID retrieved from the ID provider. This allows remote hackers to download the vulnerable app, log in with their own information and then change their username to the individual they want to target by setting up a server to modify the data sent from ID providers.
Cyber Security Tips: To prevent from this attack secure your devices with good antivirus, when using single sign on keep password as strong as possible.
- Tesco Bank Hacked!
Tesco Bank fell victim to an online hacking attack with some customers having money stolen from their accounts. The bank was forced to block some customers’ cards after suspicious activity was detected in its fraud prevention system.The bank is working with authorities and regulators to address the circumstances surrounding the security breach. Who is behind this attack is yet to be discovered.
Cyber Security Tips- bank need to check security breach and need to patch it, user must keep eye on their account, immediately change your password, Keep strong passwords and it is advisable to keep changing your password in every 3 months.
- Guccifer 2.0 strikes again, this time it is Clinton Foundation
The Romanian native hacker Guccifer 2.0 disclosed that he has hacked the server of the Clinton Foundation and downloaded hundreds of thousands of docs and donors’ databases. He has denied that he has any association with the Russian government and has claimed that he has the entire database of donors associated with the Clinton Foundation. He even posted the list of master donors on his website. The foundation’s president Donna Shalala rejected the claim of the hacker and stated clearly that there has not been any hack attack and the folders do not belong to the organization. Whether it is real or not, this time will only tell. But if any of this real then this can be one of the biggest attacks of the year.
Cyber security Tips: Clinton Foundation need to improve their cyber security, use security devices to monitor security incident