Data Security News Headlines 23rd August 2017

  1. Online fraudster arrested

Hyderabad: The Marketing Intelligence Team of Cyber Crimes, Central Crime Station (CCS) has arrested an online fraudster, who had cheated people by publishing fake government tender notice in a leading newspapers and websites. According to police investigation, the accused Amjed Sohail Ahmed (44), businessman and resident of New Delhi would post tender notices on online through websites tender247.com and tendersinfo.com on the pretext of Central government tender notices. On noticing the above tenders, if anyone contacts regarding the tenders, the accused communicates with them over phone and asks them to transfer the money as EMD (Earnest Money Deposit) to bank accounts and through RTGS (online transactions).

Cyber Security Tips: To prevent yourself from such a fraud you are strongly recommended to purchase any tenders only from trustworthy persons, avoid transferring money without verification and if any incident happenes, immediately contact with cyber cell.

  1. Puri temple commission’s website hacked

Hackers are targeting Indian websites from couple of months. According to a latest report, Puri temple commission’s website was hacked by unknown hackers.  The commission was set up by state government last year to recommend reforms in Jagannath temple at Puri. When contacted, the commission chairman justice B P Das said he did not know how the website suddenly became inactive. According to the report published by Times of India, the website, which was hosted on the server of state-run Odisha computer application centre (OCAC), has been shut for public viewing. The commission authorities did not confirm whether or not the official data on the website was stolen. OCAC officials were immediately not available for comment. “Our personnel are on the job of locating the IP address using which the website was hacked,” special director general of police (Crime) Bijay Kumar Sharma told TOI. Prima facie, Sharma ruled out possibility of WannaCry cyberattack.

Cyber Security Tips: To prevent your website being hacked you are strongly recommended to keep your web server secure, keep server up-to-date, keep using web application firewall, monitor your web server for malicious activities and do vulnerability assessment and penetration testing to know vulnerabilities of your website.

  1. New Fileless Cryptocurrency Miner Hits Windows Using EternalBlue Flaw

Cyber security firm Trend Micro’s research team has identified that the latest breed of cryptocurrency miner which operates as a fileless malware, which means the malware exists in the memory of the infected system only. The target of this fileless malware is most of the windows system. It uses the EternalBlue exploit to gain access to the system. The Eternalblue vulnerability is the same that was used in the WannaCry ransomware back in May and in a mass ransomware campaign known as Petya, NotPetya, and GoldenEye which targeted European regions in June. According to the report, the malware utilized a core component of Windows OS called the Windows Management Instrumentation (WMI). It is used for performing daily management tasks. The infection enters a system via EternalBlue vulnerability, as a backdoor on Windows OS and they install numerous WMI scripts. These scripts are then linked with the attacker’s C&C server to receive further instructions and download the cryptocurrency miner malware.

Cyber Security Tips: Users are strongly recommended to disable WMI to prevent the malware from infecting the system, installed the patches release by Microsoft, scan your system for malicious files, keep your system up-to date, use reputed antivirus in your system and keep regular backup of your data.

  1. Enigma Marketplace Hacked; $500,000 in Ethereum Stolen

On August 20th, Enigma, a decentralized marketplace and cryptocurrency investment platform was hacked by an unknown hacker. As a result, $500,000 in Ethereum was stole. The data-driven crypto investment platform. Powered by the Enigma data marketplace. According to the report, the hack attack occurred when the company was gearing up for crypto token sale. The hacker took over Enigma’s website, admin passwords, email newsletter and Slack account. The hacker then managed to develop and upload a fake pre-sale page linked with a phony ETH address and tricked users into sending money. Then hacker sent newsletter to users as well as Slack accounts. The spokesman said that company is working on the issue and notification has been sent to users.

Cyber Security Tips:  Users are strongly recommended to avoid transferring any fund to any address and wait until company solve the issue.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: