Data Security News Headlines 17th November, 2016

  1. Microsoft joins the Linux foundation

Microsoft announced that the company is joining the Linux Foundation as a Platinum member the highest level of membership, which costs $500,000 annually. Microsoft also announced that tech giant Google has also joined on with the independent .NET Foundation. Linux Foundation is a nonprofit organization that oversees the development of the very popular free operating system Linux, alongside advances open technology development as well as commercial adoption. Linux Foundation Platinum members include Cisco, Huawei, IBM, Intel, Oracle, Qualcomm, Samsung, Fujitsu, HPE, and NEC. While Gold sponsors include Google, Facebook and lots of open source users.

  1. This $5 device can hack your password protected computer in just a minute

Well-known hardware hacker Samy Kamkar has once again devised a cheap exploit tool, this time that takes just 30 seconds to install a privacy-invading backdoor into your computer, even if it is locked with a strong password. oisonTap, the new exploit tool runs freely available software on a tiny $5/£4 Raspberry Pi Zero microcomputer, which is attached to a USB adapter. It need to connect as usb device, once it connected to computer, PoisonTap intercepts all unencrypted all Web traffic and steals any HTTP authentication cookies used to log into private accounts as well as sessions for the Alexa top 1 Million sites from the victim’s browser. This tool also allows an attacker to install persistent web-based backdoors in HTTP cache and also allow to remotely control your system

Cyber Security Tips: setting your computer to hibernate, sleep, close your browsers when you walk away, regularly clean browsers cache, and disable usb port

  1. Hack Linux root shell just by pressing ‘ENTER’ for 70 seconds

Now can bypass the authentication procedures on some Linux systems just by holding down the Enter key for around 70 seconds. The act grants the hacker a shell with root privileges, which allows them to gain complete remote control over encrypted Linux machine. It is happening due to a vulnerability (CVE-2016-4484) in the implementation of the Cryptsetup utility used for encrypting hard drives via Linux Unified Key Setup (LUKS), which is the standard implementation of disk encryption on a Linux-based operating system. Once gained access root shell on a target Linux machine, you can copy, modify, or destroy the hard disk, or use the network.

Cyber Security Tips: Users are strongly recommended that immediately update your Linux system.

  1. Pre-installed backdoors on 700 million android phones sending user’s data to china

Security researchers from Kryptowire discovered the alleged backdoor hidden in the firmware of many budget Android smartphones sold in the United States, which covertly gathers data on phone owners and sends it to a Chinese server without users knowing. The backdoor has been discovered in two system applications – com.adups.fota.sysoper and com.adups.fota – neither of which can be disabled or removed by the user. First reported on by the New York Times on Tuesday, the backdoored firmware software is developed by China-based Company Shanghai AdUps Technology, which claims that its software runs updates for more than 700 Million devices worldwide. Collected data includes text messages, call logs, IMSI and IMEI identifier, geological location, list of app installed, it is also able to update and install apps.

Cyber Security Tips: Users are not able to remove backdoor yet, until solution is found keep your system secure with antivirus, keep backup of your data.

  1. CryptoLuck Ransomware is the new attack

Proofpoint security researcher and exploit kit expert Kafeine have discovered a new ransomware known as CryptoLuck which is being discovered by the RIG-E exploit kit. This ransomware is distributed through visiting of adult sites. Ransomware is what appears to be the most dangerous virus due to the low chance of recovery. CryptoLuck infects the victim’s system through the legitimate and code signed program from Google called GoogleUpdate.exe executable and DLL hijacking. Once infected, all valuable user data will be locked with. (Victim’s ID)_luck extension and a ransom note will appear reading asking for ransom.

Cyber Security Tips: To prevent from ransomware avoid to visits such adult sites, keep backup of your data, keep your system up to date, use updated antivirus, antimalware.

  1. Mark Zuckerberg’s Pinterest account hacked

OurMine targeted Zuckerberg’s Pinterest account once again on Tuesday, which was defaced with a new tagline and the group’s web address. Zuckerberg’s Pinterest bio temporarily said, “Don’t worry, we are just testing your security.” The group had also claimed responsibility for hacking Pokemon Go servers in July, Twitter account of John Hanke, the CEO of US-based software company Niantic that created the popular GPS-based augmented reality game with Japanese company Nintendo.

Cyber Security Tips: To prevent from such attack keep your account secure with strong password, keep changing your password

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: