- FBI Hacked, Again!
A hacker, using Twitter handle CyberZeist, has hacked the FBI’s website (fbi.gov) and leaked personal account information of several FBI agents publically. CyberZeist had initially exposed the flaw on 22 December, giving the FBI time to patch the vulnerability but FBI fail to patch it. The hackers took advantage of zero-day vulnerability in the Plone CMS, an Open Source Content Management software used by FBI to host its website, and leaked personal data of 155 FBI officials to Pastebin, including their names, passwords, and email accounts. CyberZeist also tweeted multiple screenshots as proof of his claims, showing his unauthorized access to server and database files using a zero-day local file inclusion type vulnerability affecting its python plugins as per news published in hacker news. The hacker has found that FBI’s website is hosted on a virtual machine running a customized older version of the open-source FreeBSD operating system. The hackers also warned various other websites and the exploit is for sell on dark web said by hacker.
Cyber Security Tips: Hackers are targeting vulnerable website , to protect from such attack make sure that your website running updated version of CMS, doing Vulnerability assessment and penetration testing, keep monitoring your website.
- Tech Support Scammers Targeting Mac Users with DoS attacks
New kind of malware are targeting Apple‘s Mac users that hijacks its Mail App and Safari browser to conduct denial of service (DOS) attacks. According to news published in hackread the attackers direct these apps to continually draft emails till the machine runs out of RAM and crashes eventually. The report also points out that the attack can only be blocked with latest Sierra update. The malware keeps drafting emails only but never actually sends these emails. The malware used in this campaign resembles the Windows tech support scam that compels owners to make a call to a bogus tech support number or to accept a call made from a fake number. The emails are being used for this are:email@example.com and firstname.lastname@example.org as per report.
Cyber Security Tips: Keep your MAC up to date and avoid to open mails which are come from above mentioned emails.
- Latest WhatsApp Scam Infects Users with Banking Malware
WhatsApp is good platform for hacker today, the new technique has started by hacker to get banking details of users. Hackers are distributing the malware through 2 files namely “NDA-ranked-8th-toughest-College-in-the-world-to-get-into.xls” and “NIA-selection-order-.xls” Respectively. These files are being circulated via WhatsApp in the form of authentic word files obtaining sensitive information from users which include online banking credentials, PIN codes and similar details. According to IBTimes, Android users in India are the key targets of this new WhatsApp scam. These files are in Excel format mainly but versions of these files in Word and PDF formats have also been identified. Hacking scenario is attacker first sent you these two mentioned files, once you open the files it start accessing your bank details.
Cyber Security Tips: To protect from this attack avoid to open any link or any file on your WhatsApp without verifying and keep antivirus in your mobile.