1. Timehop breach hits 21 million users due to a lack of 2FA on cloud services
Timehop, a service that surfaces a user’s past social media content, has revealed a security breach that hit the company on July 4, and resulted in a database of 21 million users hit.Usernames, email addresses, and social media tokens for 21 million users breached, with 4.7 million phone numbers scooped up in the process. The breach occurred because an access credential to cloud computing environment was compromised. That cloud computing account had not been protected by multifactor authentication.
Cyber Security Tips:
– It is recommended to use multi factor Authentication for any online service used.
– Always take precautions by doing Security Audit at least once in every 6 Months of Period of Cloud Services.
2. Hackers Delivering Emotet Malware Via Microsoft Office Documents
A new malware campaign that delivers Emotet Malware Via Microsoft Office documents attachments with “Greeting Card” as the document name. It has the capabilities of stealing personal information such as username and Passwords.The document contains a tricky social-engineered message that asks users to enable content that allows the malicious macro to run in the background. Emotet is a widely distributed malware it is commonly distributed via malicious spam campaigns that contain office documents, every time it emerges with new capabilities.
It is a multi-component malware that is capable of stealing credentials through browsers and email, Man-in-the-Browser attack and email harvesting.
Cyber Security Tips:
– Change the settings of your browser so that if any new file gets downloaded automatically without your permission, it flashes a notification or ask for permission always.
– Update regularly Installed software to detect and avoid latest infections.
– Keep yourself away from any web-ads, browser notification programs and online offers which looks shady and obscure. Don’t click on anything which you are not sure about or from untrusted sources.
– Stay away from any web-addresses from which look tricky and suspicious and that could be potentially illegal and harmful.
– It is suggested not to open or download spam emails and to employ the services of a reliable security solution.
– If Bluetooth is not required then you should turn off immediately. If you are using, make sure that your device visibility is set to “Hidden” so that it cannot be scanned by other hackers or Bluetooth devices.
– Turn off and remove unnecessary or unrequired services from system.
– Implement a password policy: difficult and complex password make it difficult for hackers to crack files on compromised computer.
– Install an Authenticate Ad-blocker
3. Hackers Compromised the Gas Station Fuel Pump and Steal 600 Gallons of Gas using Remote Device
This incident occurred in Marathon gas station in Detroit. (Detroit is the largest city in the midwestern state of Michigan, US)
The vehicles pulled up for about 90 minutes to fill up since the gas freely flowed.
Police said the device the men had made it where the clerk could not control the pump, but the clerk did not realize the pump was out of his control. Massive gas guzzle took Almost 1.5 hours to completely take out and police believe that 10 vehicles were involved. The damage comes to about $1,800 worth of gas.
Similarly, Russian Authorities uncovered stealthy malware installed on dozens of gas stations that let customers into paying more than the Fuel pumped into their car tank.
Recent research revealed that Globally Gas Stations are Extremely Vulnerable to the Internet of Things (“IoT”) Cyber Attacks.