Data Security News Headlines 31st May 2017

  1. Chrome Allows Sites to Secretly Record Audio/Video Without Indication

A UX design flaw in the Google’s Chrome browser could allow malicious websites to record audio or video without giving any visual indications to the user. According to the reports, web browser based audio-video communication relies on WebRTC (Web Real-Time Communications) protocol a collection of communication protocols that is being supported by most the modern web browsers to enable real-time communication over peer-to-peer connections without the use of plugins. Web browser first requests users to explicitly allow websites to use WebRTC and access device camera/microphone and once the permission is granted, the website will have access to your camera and microphone forever until you manually revoke WebRTC permission. The security researchers discovered that if any unauthorized website pop-ups a headless window using a JavaScript code, it can start recording audio and video secretly, without the red dot icon, giving no indications in the browser that the streaming is happening. According to the reports, Google does not consider it as a security vulnerability. Researchers also said that the flaw not only affects Google Chrome, but it might also the affect other web browsers.

Cyber Security Tips:  Users are strongly recommended to disable WebRTC if don’t need it. But if you require the feature, allow only trusted websites to use WebRTC.

  1. Man Hacks Chinese Video Giant; Steals Millions of Dollars

A couple of weeks ago a Dark Web seller was selling 100 million user accounts stolen from Chinese video service giant Youku Tudou. Now, according to the new report, someone else was taking advantage of the hack or at least the vulnerability present in Youku’s server. The 21-year-old Mr. Hu from Qianxi county in Guizhou discovered a vulnerability in Youku’s payment system allowing him to make refunds which did not belong to him. Using this vulnerability Hu stole 13 million yuans (US$1.9 million) from the website. It is unclear as to what vulnerability Hu discovered to make the payment, Mr.Hu was found guilty and Beijing city of China sentenced him to 15years of imprisonment.

Cyber Security Tips: To prevent from such hacking you are recommended to keep your servers secure, keep your servers up-to-date, installed security patches regularly, do vulnerability assessment and penetration testing (VAPT) to know weaknesses in your infrastructure, to get excellent VAPT service visit http://www.anacyber.com/.

  1. Plastic surgery clinics hacked; 25,000 photos, data online

Hackers are targeting healthcare Centre to steal medical record. According to the latest report, a plastic surgery clinic was hacked and 25,000 private photos and personal data including nude pictures — were made public. Police said a hacking group called Tsar Team broke into the servers of Grozio Chirurgija clinic and demanded ransoms from the clinic’s clients in Germany, Denmark, Britain, Norway and other EU countries. According to the investigation it is unclear as to how many patients have been affected, but the police said dozens have come forward to report being blackmailed. The hacker locked the system with ransomware and demanded that the clinic pay 3, 44,000 euros ($385,000) said the spokesman.

Cyber Security Tips: To prevent yourself from ransomware users are strongly recommended to keep your systems up-to-date, Keep your Antivirus software up-to-date, Backup Regularly and be aware of phishing.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: