Cyber Security News (15th March 2018)

 

  1. Air India’s Twitter Account Hacked by Suspected Turkish Group

The official Twitter account of Indian carrier Air India was hacked by suspected Turkish hackers late midnight on Thursday, 15 March. After twitter hack the handle posted a series of tweets in Turkish and retweeted the handle – AyyıldızTim multiple times. The national carrier’s Twitter handle was also changed from @airindiain to @airindiaTR for some time. Last minute important announcement: All our flights have been cancelled. From now we will fly with Turkish Airlines,” read a tweet. The handle’s cover image was also changed to a photo of a Turkish Airlines plane. The tweets have been deleted immediately after attack.

Cyber Security Tips:  To prevent your account from being hacked you are strongly recommended that keep your account secure with strong password, use two way authentication, do not use same password for different accounts and beware of phishing messages/emails.

  1. Trojanized BitTorrent Software Update Hijacked 400,000 PCs Last Week

Recently nearly half a million computers infected  with cryptocurrency mining malware in just a few hours was caused by a backdoored version of popular BitTorrent client called MediaGet. Dubbed Dofoil (also known as Smoke Loader), the malware was found dropping a cryptocurrency miner program as payload on infected Windows computers that mine Electroneum digital coins for attackers using victims’ CPU cycles. Microsoft Windows Defender research department was discovered, Dofoil campaign that hit PCs in Russia, Turkey, and Ukraine on 6th March. Researcher said that update.exe used to lauch attack on users system which is similar to CCleaner hack that infected over 2.3 million users with the backdoored version of the software in September 2017. Once updated, the malicious BitTorrent software with additional backdoor functionality randomly connects to one (out of four) of its command-and-control (C&C) servers hosted on decentralized Namecoin network infrastructure and listens for new commands.

Cyber Security Tips: Users and administrators are strongly recommended that never update your system with such exe files, notification or using any links. Keep using reputed antivirus and always download software’s from trusted sources.

  1. HotSpot Shield, PureVPN & ZenMate found leaking users real IP addressee

A virtual private network (VPN) extends a private network across a public network, and enables users to send and receive data across shared or public networks. Users use VPN to hide an identity. According to VPN Mentor, a privacy advocate firm which reviews virtual private networks (VPN), after an in-depth research, it has been discovered that three VPN service providers with millions of customers worldwide are leaking sensitive data such as users’ IP addresses – These VPNs include HotSpot Shield, PureVPN, and Zenmate. According to the findings, AnchorFree’s HotSpot Shield was filled with three vulnerabilities. The first vulnerability (CVE-2018-7879) allowed remote attackers to cause a reload of the affected system or to remotely execute code. The second and third vulnerabilities (CVE-2018-7878 & CVE-2018-7880) leaked IP and DNS addresses which as discussed above poses a privacy threat to users since hackers can track user location and the ISP.

Cyber Security Tips:  Users and administrators are strongly recommended that install latest update released by HotSpot Shield and other two VPN users are recommended to contact with company for security patches and keep monitoring your network

  1. Android malware HenBox hits Xiaomi devices & minority group in China

The IT security researchers at Palo Alto Networks’ Unit 42 have identified an Android malware that has been dubbed as HenBox. This malware is distributed with different types of legitimate Android apps such as Virtual Private Network (VPN) or other Android system-related apps. The malware is suspected to target those with association with terrorist groups. In a blog post published on March 13th, Palo Alto Networks revealed that HenBox’s primary targets are users in China particularly the Uyghurs, which is a minority, Turkic ethnic Muslim group. The malware is discovered to be containing information that is of interest to the Uyghurs according to the news published by Hackread. The malware can also access microphone and camera of a device and attempts to steal private data as well as device information by using device sources of information like social media apps and mainstream chat.

Cyber Security Tips:  Users are strongly recommended that do not download apps from unknown sources, avoid downloading such VPN apps, do not download unknown apps, keep installing  antivirus in your device and check the permission of apps while installing.

 

 

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Create a free website or blog at WordPress.com.

Up ↑

%d bloggers like this: