Data Security News Headlines 24th February 2017

  1. Probe against 3 firms for illegal use of Aadhaar biometrics

NEW DELHI: Three firms are being probed for attempting unauthorized authentication and impersonation by using stored Aadhaar biometrics. UIDAI has lodged a criminal complaint with the cyber cell of Delhi Police. The entities under the scanner are Axis Bank, Mumbai-based Suvidhaa Infoserve and Bengaluru-based eMudhra and they have been served a “notice for action” under Aadhaar regulations. UIDAI officials noticed that one individual performed 397 biometric transactions between July 14, 2016 and February 19, 2017. Out of this, 194 transactions were performed through Axis Bank, 112 through eMudhra and 91 through Suvidhaa Infoserve. Suvidhaa Infoserve CEO Paresh Rajde told TOI, “While testing the application, the developer had sent four transactions concurrently which is not allowed. There was no financial loss. It was a test transaction.” He said his company was a business correspondent of Axis Bank and distributed Aadhaar-linked products on behalf of the bank and they were testing the application for the Axis Suvidhaa pre-paid card. Axis Bank’s spokesperson said, “We have received a query from UIDAI. This pertains to testing done by Suvidhaa, one of our business correspondent, on some of their clients on the UIDAI server according to news published in ETCIO.

Cyber Security Tips: Before performing such transactions, firms need to know about UIDAI and regulations, to know more visit https://uidai.gov.in/new/legal-framework/acts/regulations.html

  1. Hacker Who Knocked Million Routers Offline Using MIRAI Arrested at London Airport

The news published in Late last year, someone knocked down more than 900,000 broadband routers belonging to Deutsche Telekom users in Germany, which affected the telephony, television, and internet service in the country. According to German police the last year’s attack was especially severe and was carried out to compromise the home routers to enroll them in a network of hijacked machines popularly known as Botnet, and then offer the DDoS services for sale on dark web markets. According to investigation the hacker launched DDOS attack through hacked system using Mirai Botnet malware. Mirai botnet is a type of malicious program which scans for insecure routers, cameras, DVRs, and other IoT devices and enslaves them into a botnet network – was used to create service disruption. Once the system is compromised it starts working and launches DDOS attack to stop service.

Cyber Security Tips: To protect from such attack never use system without antivirus, never configure your networking devices with default credentials, avoid to click on malicious links, and avoid to use outdated software and antivirus

  1. BitTorrent distribution sites dropping crypto-ransomware on macOS

From last few years cybercriminal are targeting windows system for spreading ransomware to lock the systems. But now cyber-criminal are targeting MAC operating systems using crypto-ransomware.  The new ransomware is written in Swift and is called Patcher; it is being distributed through BitTorrent distribution sites. ESET researchers identified two fake application Patchers one of which is for Adobe Premiere Pro and the other is for Mac system’s Microsoft Office.

Hacking Scenario:  The Torrent has just one ZIP file, which is actually an application pack with bundle identifier NULL.prova. The encryption process begins and a file called README!.txt is copied everywhere around the directories of the system including Documents and Photos directories. The ransomware then creates a random 25-character string, which serves as a key for completing the file encryption process. The victim receives the instruction from the README!.txt file, which is hard coded within the Filecoder. It actually represents the Bitcoin address and email address remains the same for every victim and both the samples utilize the same message and contact details, according to news published in HackRead.

Cyber Security Tips: Mac users are strictly recommended that avoid to use BitTorrent distribution sites.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: