Data Security News Headlines 4th January, 2017

  1. Mail hacked, fake complaint sent to NMMC website

NAVI MUMBAI: City-based RTI activist, Anarjit Chauhan, on Monday discovered that a forged and frivolous complaint was sent on his name and from his account to the NMMC online citizens’ redressal website about a civic issue. On inquiring with civic officials from the information technology section, Chauhan found that the hacker procured passwords of his email and his account on the NMMC citizens’ redressal site said to Times of India. Chauhan regularly uses NMMC’s online website to make inquiries or complain about certain civic issues. The official added that if citizens want use the NMMC online redressal system, they will have to login using their personal email. Then a one-time password is sent to their mobile phone for them to securely log into the site. It is happened due to his password compromised by hacker.

Cyber Security Tips: To prevent from such hacking careful about your passwords which must be a strong combination of alphabets, numbers and symbols, use two factor authentication if available.

  1. Woman loses Rs 3.98 lakh to conman on matrimony site

Vadodara: A resident of Pratapnagar, Jayashri Srivastava, was duped of Rs 3.98 lakh by an unidentified person who contacted her through a matrimonial website. Srivastava told police that a man named Ravi Kumar contacted her in June last year. He told her that he is a US resident but works as a doctor in Afghanistan said by Times of India. After they had come in relationship and start communication. On June 18, the accused messaged her and said that he would be sending a parcel containing some medical equipment and his family treasure. Srivastava had asked him to not send the parcel but he said that he has already sent it. He mailed her the next day and told her that she will have to pay Rs 98,500 to get the parcel from the courier firm. Srivastava later got a call from some person who identified himself as Sachin Sharma. He gave her a bank account number and asked her to deposit the money for getting the parcel. After she deposited the money, she got another call from Sharma who said that the parcel contains a cheque of US $ 1.2 million and medical equipment worth $ 3.2 million. He told her that she will have to pay Rs 3 lakh towards tax. He told her that she will have to click on a link to get the cheque of $ 1.2 million dollars in her account. When Srivastava clicked on the link it asked for a code and the conman identifying himself as RBI head told her that she will have to deposit another Rs 10.50 lakh if she wanted the code. Srivastava then got suspicious and contacted the cyber-crime cell as per report published in Times of India.

Cyber Security Tips: To protect yourself from such fraud avoid to share your personal details with unknown person, avoid to click on links without verifying it.

  1. Critical Updates — RCE Flaws Found in SwiftMailer, PhpMailer and ZendMail

Polish security researcher Dawid Golunski of Legal Hackers, recently reported a critical vulnerability in one of the most popular open source PHP libraries used to send emails. The vulnerability allowed a remote attacker to execute arbitrary code in the context of the web server and compromise a web application. Golunski managed to bypass the patched version of PHPMailer that was given a new CVE (CVE-2016-10045), which once again put millions of websites and popular open source web apps, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla, at risk of remote code execution attack. PHPMailer eventually fixed the issue with an update, version 5.2.20 said by company. The vulnerability (CVE-2016-10074) in SwiftMailer can be exploited in the same manner as the PHPMailer vulnerability by targeting web site components that use SwiftMailer class. ZendMail is a component of a very popular PHP programming framework Zend Framework with more than 95 Million installations. The critical vulnerability (CVE-2016-10034) in ZendMail can also be exploited in the same manner as one discovered in PHPMailer and SwiftMailer by targeting web site components.

Cyber Security Tips: Users and administrator are strictly recommended that immediately installed the update.

  1. Lone Hacker Defaces Google Brazil Domain

A hacker going by the online handle of “Kuroi’SH” hacked and defaced the official Google Brazil domain earlier Tuesday afternoon. The hacker left a deface page along with a message on the targeted Google domain greetings his friends for the successful attack on such a high-profile domain. The deface page uploaded by Kuroi’SH remained on the domain for more than 30 minutes as per report published in hackread news, page displayed message “It is a great moment to die. Hacked by Kuroi’SH! Two Google at once, I don’t even care; f**k the jealous hates such as Nofawkx. Two Google at once world record idgaf: D. Greets to my friends Prosox & Shinobi h4xor.” It might be happened due to DNS server security breach and redirecting to other sites. Now the targeted Google domain was restored and available online said report.

Cyber Security Tips:  Recently two domain hacked by hackers, google team need to check for security issues and improve domain server security.

  1. Philippine Military Website Hacked and Defaced

A hacker going by the online handle of Shin0bi H4x0r hacked and defaced the official website of the Philippine Military on 30th Dec 2016. The hacker left a deface page along with a message on the hacked military website bashing the site’s admins for not implementing proper measures on such a high profile platform according to news publish in hackread. During visiting the website, users were welcomed with a deface page displaying messages like “Surprise! Philippine Army you get owned. I was bored so I thought of testing my skills on the US Army website Oh well, wrong target. I hacked Philippines Military and Army. Fix your security or I will be back. | Just a friendly defacement, your website security was good, but not good enough. Security is just an illusion, hacking is a talent, defacement is art. it is unclear what flaw was used to deface the website and investigation is going on.

Cyber Security Tips: To prevent from website hacking use secure code review method, regularly back up your data, do vulnerability assessment and penetration testing from expert team. To get excellent VAPT service visit http://www.anacyber.com/

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: