Data Security News Headlines 8th December 2017

  1. Largest Crypto-Mining Exchange Hacked; Over $70 Million in Bitcoin Stolen

Bitcoin is breaking every record, Bitcoin price just crossed the $15, 000 in less than 24 hours, and there can be no better reason for hackers to put all of their efforts to steal skyrocketing cryptocurrency. NiceHash, the largest Bitcoin mining marketplace, has been hacked, which resulted in the theft of more than 4,700 Bitcoins worth over $57 million (at the time of breach). NiceHash is a cloud-based crypto-mining marketplace that connects people from all over the world to rent out their spare computing power to other in order to create new coins. NiceHash users were reported that their BTC wallets had been emptied, which was later confirmed by NiceHash after its service went offline claiming to be undergoing maintenance. The company did not provide any further details about the security incident, but it did say that NiceHash has paused its operations for next 24 hours while it figures out exactly how many numbers of BTC were swiped from its website and how it was taken.

Cyber Security Tips:  Customers to change their passwords both on NiceHash and other services if they are using the same credentials and keep using a strong password.

  1. Process Doppelgänging: New Malware Evasion Technique Works On All Windows Versions

A team of security researchers Tal Liberman and Eugene Kogan has discovered a new malware evasion technique that could help malware authors defeat most of the modern antivirus solutions and forensic tools. According to the news published by hackernews Process Doppelgänging, the new fileless code injection technique takes advantage of a built-in Windows function and an undocumented implementation of Windows process loader.  Process Doppelgänging attack works on all modern versions of Microsoft Windows operating system, starting from Windows Vista to the latest version of Windows 10. In Hollowing attack, hackers replace the memory of a legitimate process with a malicious code so that the second code runs instead of the original, tricking process monitoring tools and antivirus into believing that the original process is running.

Cyber Security Tips:  Users are strongly recommended that, check processes running on your windows systems, keep your systems up-to-date, and keep your antivirus software up-to-date.

  1. Security Flaw Left Major Banking Apps Vulnerable to MiTM Attacks Over SSL

Mobile banking is being popular today, billions of users are using different banking application to transfer and receive money.  A team of security researchers has discovered a critical implementation flaw in major mobile banking applications that left banking credentials of millions of users vulnerable to hackers. According to the latest report,, the vulnerability was discovered by researchers of the Security and Privacy Group at the University of Birmingham, who tested hundreds of different banking apps—both iOS and Android and found that several of them were affected by a common issue, leaving their users vulnerable to man-in-the-middle attacks. A man-in-the-middle attack (MITM; also Janus attack) is an attack where the attacker secretly relays and possibly alters the communication between two parties who believe they are directly communicating with each other. The affected banking apps include HSBC, NatWest, Co-op, Santander, and Allied Irish bank. SSL pinning is a security feature that prevents man-in-the-middle (MITM) attacks by enabling an additional layer of trust between the listed hosts and devices. Researchers found that due to lack of hostname verification, several banking applications were not checking if they connected to a trusted source.

Cyber Security Tips: HSBC, NatWest, Co-op, Santander, and Allied Irish banking users are strongly recommended that update application as soon as possible.

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: