Data Security News Headlines 25th September 2017

  1. Passwords For 540,000 Car Tracking Devices Leaked Online

Recently, Viacom was found exposing the keys to its kingdom on an unsecured Amazon S3 server. New day new data breach, according to the latest news, Login credentials of more than half a million records belonging to vehicle tracking device company SVR Tracking have leaked online, potentially exposing the personal data and vehicle details of drivers and businesses using its service. The Kromtech Security Center was first to discover a wide-open, public-facing misconfigured Amazon Web Server (AWS) S3 cloud storage bucket containing a cache belonging to SVR that was left publicly accessible for an unknown period. SVR Tracking service allows its customers to track their vehicles in real time by attaching a physical tracking device to vehicles in a discreet location so their customers can monitor and recover them in case their vehicles are stolen. According to the report, leaked data contained details of roughly 540,000 SVR accounts, including email addresses and passwords, as well as users’ vehicle data, like VIN (vehicle identification number), IMEI numbers of GPS devices. The leaked password was stored using SHA-1, a 20-years-old weak cryptography. It is happened due to misconfigured AWS S3 cloud storage bucket. It is unclear whether the publically accessible data was possibly accessed by hackers or not.

Cyber Security Tips:  users are strongly recommended that reset their password, use a strong password. The company must reconfigure their server with strong cryptography. And regularly monitor your servers.

  1. New ransomware scam asks for nude pics to unlock files

Ransomware is a malicious program which infects your system and locks the files to get money. But what happens if it asks to send your nude picture to get your file back? Yes! According to the latest report, the news ransomware called as nRansomware, the ransomware was identified by a security researcher MalwareHunterTeam who shared the screenshot of the ransom note asking users for their private pictures. The note also displayed a brief message explaining how a victim can send their pictures to the cybercriminal behind this scam. Your computer has been locked. You can only unlock it with the special unlock code,” says the message. It further goes on to tell victims that they need to make a new email address on ProtonMail, an anti-NSA encrypted email service and send at least 10 explicit images of themselves. “Go to Protonmail.com and create an account. Send an email to 1_kill_yourself_1@protonmail.com. We will not respond immediately. After we reply, you must send at least 10 nude pictures of you.” it informs victims that their pictures will be verified to ascertain if they belonged to them or not. Once it is done; they will sell their pictures on the Deep Web.

Cyber Security Tips:  To prevent yourself from such malware you are strongly recommended that, avoid opening any spam emails, never click on ads, avoid visiting malicious sites, pay attention when you are online, keep using reputed and updated antivirus and infected users are strongly recommended that never share your nude picture, because there is no guarantee to get your data back.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: