Data Security News Headlines 28th February 2017

  1. 126 vBulletin forums hacked; 819,977 accounts leaked on hacking forums

vBulletin (vB) is a proprietary Internet forum software package developed by vBulletin Solutions, Inc., a division of Internet Brands. It is written in PHP and uses a MySQL database server. If you are user of VBulletin then there is bad news for you. There has been a critical vulnerability in the software’s old versions, successful exploitation of vulnerability could allowing hackers to breach any forum who hasn’t been updated to the latest version. According to report published in HackRead. The hack was conducted between January and February 2017 in which 819,977 user accounts were stolen from the vulnerable forums. The stolen data includes email addresses, hashed passwords, and 1681 unique IP addresses while the email count based on domains is Gmail: 219,324 accounts, Outlook: 11,070 accounts, Yahoo: 108,777 accounts and Hotmail: 121,507 accounts. Company has released latest version to patch these vulnerability.

Cyber Security Tips: Users are strictly recommended that avoid to use outdated version, if you are using an outdated version of vBulletin it is highly recommended to update your forum to the latest version.

  1. New Phishing Scam Targets Digital Payment and Online Banking Users

Recently, security researchers at Cyren discovered a phishing scam targeting banking and digital payment customers worldwide. The targeted platforms according to researchers include online banking customers of Capital One, Chase, Fargo, Wells and online money transfer giant PayPal and Venmo.  The attackers are targeting banking customers for accessing bank accounts, hackers are using the old method of phishing i.e. sending link with attachment, but this time attackers are attaching html files with malicious data URLs. Mainly attackers are sending links through mails, once attacker click on it then its start working.

Cyber Security Tips: Now phishing is one of the good way for hackers to send malicious links, users are strictly recommended that avoid to click on such html files, avoid to filling banking details online, keep updated antivirus.

  1. Evolved Version of MongoDB Ransomware Caught Targeting MySQL Databases

In January, we heard about MongoDB ransomware that erased data from not hundreds but thousands of computers and forced the victims to pay ransom money. Now same MongoDB ransomware is back but this time, it is even more powerful and the campaign is also quite sophisticated in design. In the recent attack spree, hundreds of MySQL databases have been targeted and attackers are demanding 0.2 bitcoin (approx. $234) from each victim. It was also noticed by GuardiCore that the attack started with cyber-criminals brute-forcing the root password of the MySQL database and after logging in the tables from the database were extracted. Two different versions of these attacks have been identified; in the first version, the attackers add a new table by the name WARNING to the already existing database. This new table contains information about the demanded ransom, email address of the attackers and Bitcoin payment address. The second version is different as in this one a new table bearing the name PLEASE_READ is added to a newly created database and afterward, the attacker deletes the pre-existing databases on the server and simply disconnects. The investigator found that the targeted IP address is from Netherland.

Cyber Security Tips:   Users are strictly recommended that it is important to secure MySQL servers by augmenting its protection level so as to ensure that such attacks do not occur in the future, also keep using strong password for SQL server and Keep using ransomware protections.

  1. Your personal data is selling over an  internet in less than rupees

BENGALURU/NEW DELHI: Your personal data be it your residential address, your phone number, email id, details of what you bought online, age, marital status, income and profession is all up for sale. This time cost of your personal data is selling in less than a rupee per person the cost of a chewing gum. The company name called data brokers who hawk their services on online listings and sell personal information posing as a prospective buyer. For anywhere between Rs 10,000 and Rs 15,000, we were offered personal data of up to 1 lakh people in Bengaluru, Hyderabad and Delhi. One data broker said he could get lists of high net worth individuals, salaried people, credit card holders, car owners and retired women in any given vicinity.

Cyber Security Tips:  Selling of personal data is increasing day to day, users are strictly recommended that keep your data secured, keep changing login credentials. If you are victim of any fraudulent activity then immediately contact with cyber sell.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: