Data Security News Headlines 8th December, 2016

  1. Rahul Gandhi Twitter hacking: IP addresses from five countries used

Mr. Gandhi’s Twitter account was hacked on November 30 and some remarks full of expletives were posted. On December 1, his email account was also hacked, the party had claimed. The IP were operated from five countries, including the US, Delhi Police today said. The Twitter handle logs show both the accounts were operated from five countries – Sweden, Romania, the US, Canada and Thailand and police also requested to ISP to send details of IPs. Analysis of the data shows that the accounts were accessed from these countries on November 30 from 9.15 pm to 9.30 pm and from 10:30 am on December 1, the officer said.

Cyber Security Tips: To protect yourself from such hacking keep your twitter account secure with strong password.

  1. Hacker who stole celebrity Emails, sex tapes, movies scripts gets 5 years in prison

A hacker who was arrested last year for hacking into celebrities’ email to steal the unreleased movie and television scripts, their private messages, and sex tapes to sell them has finally been sentenced five years in prison. Alonzo Knowles, a 24-year-old Bahamian man, was convicted by U.S. District Judge Paul A. Engelmayer in Manhattan on Tuesday. He hacked into 130 celebrities email and found guilty.  The police team seized his laptop for investigation and they found a folder which containing data such as Social Security numbers for actors and professional athletes, Private, explicit images, Scripts for unreleased TV shows and movies and even contract documents, Emails and phone numbers of at least 130 celebrities, Sex tapes of celebrities. Hacker was arrested after flying to New York from the Bahamas to sell 15 movie and TV shows scripts and the Social Security Numbers (SSNs) of a movie actress and two athletes to an undercover U.S. Department of Homeland Security agent for $80,000.

Cyber Security Tips: To protect yourself from such kind of hacking keep your email secure, use two-way authentication, use strong password, avoid to use your important email on social media and avoid to use same password for different account.

  1. Hacking millions with just an image-recipe: Pixels, ads and exploitation kits.

If you have visited any popular mainstream website over the past two months, your computer may have been infected. Researcher have covered an exploit kit, dubbed Stegano, hiding malicious code in the pixels of banner advertisements. Stegano derived from the word Steganography, which is a technique of hiding messages and content inside a digital graphic image, making the content impossible to spot with the naked eye. Attacker used this technique to hide malicious code inside the images and posted it on websites. Once you visit and download the image, code execute and collect product information and also collect outdated software’s, then attacker exploit these outdated vulnerability to get access in attacker system.

Cyber Security Tips:  To protect yourself against any malvertising campaign, make sure you are running updated software and apps. Also use reputed antivirus software that can detect such threats before they infect your system.

  1. Hackers Can Exploit Roundcube Flaw by Sending an Email

Researchers discovered that the open source webmail software Roundcube is affected by a critical vulnerability that can be used to execute arbitrary commands on the system simply by sending an email. According to researcher vulnerability is related to the PHP function mail(), which is used for sending email. When this function is invoked, PHP executes the command-line email program sendmail. The mail() function, allowing an attacker to pass arbitrary arguments therefore mail() function can be exploited this way for remote code execution.  Attacker can create a malicious PHP file in the system’s web root directory by executing sendmail with the -X option, which is used to log all mail traffic in a specified file and execute command. This allow attacker to perform cross-site scripting (XSS), file manipulation, path traversal, SQL injection, and PHP object injections attack.

Cyber Security Tips:  To prevent yourself from such kind of attack immediately update your roundcube software.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: