Data Security News Headlines 9th November, 2016

  1. Mobile banker hits 318,000 android users via vulnerability in a popular browser

NEW DELHI: Kaspersky Lab experts recently discovered a modification of the mobile banking Trojan Svpeng hiding in Google’s advertising network AdSense. Svpeng has been detected on the Android devices of around 318, 000 users, with the rate of infection peaking at 37,000 victims in a day. The attackers, intent on stealing bank card information and personal data such as contacts and call history, were exploiting a bug in Google Chrome for Android.

Cyber Security Tips: To prevent from such hack remove chrome or upgrade with latest version, also uninstall ad extensions, avoid to downloading from untrusted sources and also avoid to install app from unknown sources

  1. Card data breach on account of 3rd party processor: Banks

NEW DELHI: Several lenders, including ICICI Bank and HDFC Bank, told stock exchanges that debit card data security breach was on account of third-party payment processor and the amount involved was not material. Banks has given a statement on breach, there is no internal issue in payment system. It is happening due to 3rd party processor. Investigation is going on matter is not cleared yet.

Cyber Security Tips: Avoid to using your cards on untrusted payment systems.

  1. ‘Web of Trust’ browser add-on caught selling user’s data! Uninstall it now

German television channel NDR (Norddeutscher Rundfunk) has discovered a series of privacy breaches by Web of Trust (WOT) – one of the top privacy and security browser extensions used by more than 140 Million online users to help keep them safe online. Web of Trust service collects extensive data about netizens’ web browsing habits via its browser add-on and then sells them off to various third party companies.  The data includes  Account name, mailing address, Shopping habits, Travel plans, possible illnesses, Sexual preferences, Drug consumption, Confidential company information, Ongoing police investigations, Browser surfing activity including all sites visited.

Cyber Security Tips: If you are using the WOT extension, then it is strongly recommended to immediately uninstall the extension. WOT also has a mobile app that will not be immune to this data collection uninstalled it.

  1. DROWN attack risks millions of popular websites

An international team of researchers warned that more than 11 million websites and e-mail services protected by the transport layer security protocol are vulnerable to a new, low-cost attack that decrypts sensitive communications in few hours. The researchers said many popular sites – including ones belonging to Samsung, Yahoo and a leading Indian bank – appeared to be vulnerable. The DROWN attack works against TLS-protected communications that rely on the RSA cryptosystem when the key is exposed even indirectly through short for secure sockets layer version 2 (SSLv2). The vulnerability allows everyone on the internet to browse the web, use e-mail, shop online and send instant messages without third-parties being able to read the communication.  It allows attackers to break the encryption and read or steal sensitive communications, including passwords, credit card numbers, trade secrets, or financial data.

Cyber Security Tips:  To prevent from such vulnerability upgrade your openssl version and disable sslv2

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: