Data Security News Headlines 18th November, 2016

  1. PDS website in Kerala hacked, affected over 34 million people

An Indian hacker living in Tokyo hacked the Public Distribution System’s website of the Indian state of Kerala and published them on Facebook. The breach has affected over 34 million people of the state and confidential data of all of Kerala’s 8,022,360 published. Hacked database contains names, addresses, birth dates, gender, monthly incomes, electoral card details, consumer numbers of power and cooking gas connections. According to the cyber security expert in Dubai, “The data could be used to duplicate SIM cards or reset net banking passwords. It’s very serious.” It is happened due to vulnerability present in website.

Cyber Security Tips: Public Distribution System’s need to immediately patch vulnerability, also need to check another if present, and users has strictly recommended to check their password, use strong password, keep monitoring on your banking account and mobile, and avoid to click on any notification.

  1. Don’t open this link for WhatsApp video calling

New Delhi: WhatsApp has recently launched video calling service on its app. This feature allow users for video calling. The new video services have given chance to hackers and spammers. Hackers are sending specially crafted links containing invitation for video calling. The link is like “You’re invited to try WhatsApp Video Calling feature. Only people with the invitation can enable this feature”. Once you verify yourself, it asks you to invite your friends through the same link. It allow attacker to hack your smartphone.

Cyber Security Tips: To prevent from such hack update your WhatsApp through google play, avoid to click and forward such links.

  1. New hack: It can bypass iPhone passcode to access photos and message

Apple has discovered new security flaw in iO 8 and also 10.2 beta 3, this allow attacker to  bypass iPhone passcode and can gain access to personal information using the benevolent nature of Apple’s personal assistant Siri. All an attacker need is to find out the phone number of the target’s iPhone and access to the phone for a few minutes. The security glitch has been discovered by EverythingApplePro and iDeviceHelps and now that they have gone public with a video demonstration, you can expect Apple to fix this issue in the next iOS beta version. But attacker need to find out phone no of target.

Cyber Security Tips:  To prevent from hack disable siri, Settings → Touch ID & Passcode and Disable Siri on the Lockscreen and also you can just remove Photos access from Siri. To do so, just go to Settings → Privacy → Photos and then prevent Siri from accessing pictures.

  1. 1/3 of Websites still Using SHA-1 Certificates

Venafi reveals researchers revealed that new collision attacks have significantly lowered the cost of breaking the two decade-old SHA-1 algorithm that became an Internet security standard. This prompted an industry-wide move away from the insecure crypto function and toward the much more secure SHA-2 or SHA-3, after researchers have been urging this change for years. Digital certificates aren’t used only to verify that the website the user connects to is legitimate, but also to determine what can and can’t be trusted during online transactions. This is of critical importance when sensitive data is transmitted, and weak certificates such as those using the SHA-1 encryption algorithm can be manipulated, researchers say. Attack on SHA-1 certificates allow cybercriminals to perform man-in-the-middle attacks on TLS connections, and the more secure SHA-2 algorithm solves these problems.

Cyber Security Tips:  Immediately upgrade your certificate to SHA-2

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: