- Japanese hosting company Kagoya hacked; credit card data stolen
Kagoya, a famous hosting service provider in Japan has been hacked, due to security breach, in which personal and financial data of its customers has been stolen. According to report the customers who used their credit cards between April 1, 2015 to September 21 2016 are among the impacted ones. It is happened due to command injection vulnerability present in server. Hackers were able to exploit a vulnerability and conduct an OS command injection attack. A command injection attack takes place via a web interface in order to execute OS commands on a web server. The attacker supplies operating system commands through a web interface in order to execute OS commands. According to Alexa, Kagoya’s is among top 4,000 sites in Japan hinting at their big customer base. According to report total 48,685 customers are suffered from this hack. The data stolen by hackers includes Name (card holder name), Address, Phone number, E-mail address, Contract Account Name, Password, Credit card number and Expiration date.
Cyber Security Tips: Kagoya company need to patch this vulnerability as soon as possible, also check for vulnerability present, customers need to change their passwords, check bank statement and keep monitoring your accounts.
- Stop using this two easily hackable netgear router models- US CERT warns
Two popular Netgear routers are vulnerable to a critical security bug that could allow attackers to run malicious code with root privileges report said. According to report Netgear’s R7000 and R6400 routers, running current and latest versions of firmware, are vulnerable to arbitrary command injection attacks. Carnegie Mellon University’s public vulnerability database (CERT), security researchers said that all an attacker needs to do is trick a victim into visiting a website that contains specially crafted malicious code to exploit the flaw. Hackers are using this vulnerability to exploit your router, this vulnerability could allow attacker to execute malicious code.
Cyber Security tips: Users are strictly recommended that to stop using the routers until a patch is released and company need to patch this flaw immediately
- Uber now tracks your location even after your ride.
Uber recently updated its app to collect user location data in the background. Uber is now tracking you even when your ride is over, and, according to the ride-hailing company. If you are using updated app of Uber then your app’s location tracking permissions have changed, allowing the app to monitor your location before and five minutes after your trip ends, even if you have closed the app. A popup on the Uber app will ask you, “Allow ‘Uber’ to access our location even when you are not using the app?” You can click “Allow” or “Don’t Allow” in response to this request. If you don’t allow it, Uber won’t track you. This information helps not only drivers find riders without making phone calls, but also Uber monitor driver service, making sure riders are picked up and dropped off on the proper side of the street in order to enhance safety said by company.
Cyber Security Tips: If you want to stop tracking your location it, For Android Users: Settings → Apps → Uber → scroll to Permission→ toggle Location.