Data Security News Headlines 2nd December, 2016

  1. Congress Twitter hacking: Server traced to Bengaluru, IP address in Scandinavia

NEW DELHI: Delhi police registered two complaint that the Twitter handles of Congress and its vice-president Rahul Gandhi were hacked. Police said a case under Section 66 of the IT Act was registered and a probe has been initiated. Investigation said that Sources that the server from where the hackers had logged in was based in Bengaluru. However, the IP address they used was found to be in Norway or Sweden. Police said that Rahul Gandhi’s account might have been accessed from a device that did not have an updated anti-virus software or from a compromised IP address. They said that the hackers might have logged in from multiple IP addresses to make tracking difficult. The suspected person is not arrested yet and investigation is going on said by DCP Anyesh Roy.

Cyber Security Tips: To prevent from such hack secure your network with updated antivirus, keep firewall to filtered request.

  1. Critical zero day vulnerability! Update Firefox and Tor

Mozilla and Tor Project has patched the vulnerability that allows attackers to remotely execute malicious code on Windows operating system via memory corruption vulnerability in Firefox web browser. The vulnerability, assigned CVE-2016-9079 and rated critical, also affects Mozilla’s Thunderbird e-mail application and the Firefox Extended Support Release (ESR) version used by the Tor Browser. The patch is release by company and posted on blog an updated version of Firefox that patched the underlying vulnerability.  Successful exploitation could allow attacker took advantage of a bug in Firefox to allow the attacker to execute arbitrary code on the targeted system by having the victim load a web page containing malicious JavaScript and SVG code,” said Mozilla security official Daniel Veditz once attack successful collect the IP and MAC address of the targeted system and report them back to a central server but payloads works only on windows system.

Cyber Security Tips:  Users are strictly recommended that immediately update their Tor and Mozilla browse.

  1. Computer Systems at Carleton University Shut Down due to Ransomware

Carleton University (Canada, Ottawa, Ontario) university are infected with ransomware. The malware uses encryption to lock the files on the system and ask for ransom. According to the report on Tuesday morning, the IT department of the university issued a notification to staff and faculty members citing network issues as the main cause of interrupted accessibility of computer systems and all the systems that are Windows based and accessible from their main network could be compromised mentioned in report. According to the computing and communications services department of the school, it is believed that all the systems that are Windows based and accessible from their main network could be compromised. Few systems are infected with ransomware said by university.

Cyber Security Tips: To protect from ransomware attack keep your network and systems secured with updated antivirus, always keep backup of your data, avoid to opening spam mails and avoid to visit malicious websites.

  1. Bug Allows Activation Lock Bypass on iPhone, iPad

Researchers have found a bug that can be used to bypass Apple’s Activation Lock feature and gain access to the home screen of locked iPhones and iPads running the latest version of iOS. The Find My iPhone service allows users to activate Lost Mode on their iPhone, iPad or iPod if the device is lost or stolen. When Lost Mode is used, it automatically enables Activation Lock, a feature that prevents reactivation of the device without the legitimate owner’s permission. When a locked device is started, users are prompted to connect to a Wi-Fi network. If the “Other Network” option is selected, the user must enter the name of the network and choose a security protocol (e.g. WEP, WPA2, etc.). Depending on which protocol is selected, a username and/or a password must also be entered. There is no limitation on the number of characters that can be entered into the name, username and password fields. By entering very long strings into these fields, an attacker can trigger a crash that exposes the device’s home screen.

Cyber Security Tips:  Apple not yet comment on it, users need to keep watch on Apple update, temporary mitigation is avoid use Activation Lock feature until the issue fix.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: