Cyber Security News ( 23rd July 2018)

1. 25% ATMs of public sector banks may be vulnerable to fraud in India  

The government on Friday indicated that nearly a quarter of the automated teller machines (ATMs) run by public sector banks may be vulnerable to frauds as 74% of the cash dispensers are running on outdated software.

The statement on state-run banks came in response to a question in Parliament on ATMs running on software that was outdated or “unsupported”. These ATMs are prone to fraud and lack basic security features. The government, however, did not disclose details of such ATMs that were run by private sector lenders.

In recent months, consumers have been complaining of a spike in ATM-related frauds, which last month prompted the Reserve Bank of India to issue a fresh advisory, asking banks to upgrade software in a time-bound manner and closely monitor compliance.

Cyber Security Tips:  (For Using ATM)

  • Don’t write down your PIN number anywhere…at least not on your ATM card. Memorize it.
  • Do not use the ATM where the card reader appears to be tampered with, broken, scratched, damaged, sticky with glue, has extra wiring or loose parts around the slot, difficulty in inserting the card etc. These could be signs of skimming machine having been installed.
  • If there are people around, make sure that you shield your hand while entering your PIN.
  • Register yourself for SMS alert whenever your account is accessed.
  • Change your PIN numbers as often as convenient.

 

2. 157 GB of Sensitive Data From Top Manufacturer Including Ford, Toyota, GM, Tesla Exposed Online

Sensitive data of more than hundred equipment manufacturers companies exposed online. The exposed data belongs to the manufacturing giants that includes VW, Chrysler, Ford, Toyota, GM, Tesla, and ThyssenKrupp.

The data exposed as the companies failed to restrict the rsync server by IP or user and the data is available in public for any rsync client.

The exposed data contains Customer data contact details such as name, ID badges, VPN credentials and title of client employees. Employees data such as scans of passports, driver’s licenses, and other identification.

Also, it includes corporate data such as invoices, prices, scopes of work, customers, projects, and the common business documents.

 

3. DNS rebinding attack puts half a billion IoT devices at risk

Armis, an Internet of Things (IoT) security vendor and cyber-security firm, reports that about half a billion smart devices being used around the globe are vulnerable to a decade-old attack called DNS rebinding.

The company published its research findings on 20 July in which it was estimated that nearly 496million IoT devices are vulnerable to DNS rebinding attacks. A majority of these devices are used by enterprises.

In DNS rebinding attack, an attacker manages to expose a local private IP address and connects it to a public address. This way, the attacker can gain access to assets and resources that an organization does not allow public access to.

When an attacker manages to create a local, malicious DNS server and tricks a user into accessing that server, usually through a phishing attack, it is possible for the attacker to use the victim’s web browser as a proxy. This would also allow an attacker to connect to all the devices over a network. Simply by making protected devices accessible over a public internet, an attacker can gain access to other vulnerable assets and can easily compromise them.

Cyber Security Tips :

  • In order to limit the risk of such an attack, device manufacturers need to enable high-security measures on every single server that is accessible.
  • Another productive option is to use a DNS security proxy or third-party DNS service to prevent DNS rebinding attacks.

 

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

Up ↑

%d bloggers like this: