Cybersecurity

Tech Giants Still Rely on Flawed Software Used by Equifax

Tech Giants Still Rely on Flawed Software Used by Equifax

It was reported this week that at least seven large tech companies are still using vulnerable versions of Apache Struts, a web server software used to provide web applications in Java. The flaw in the software was exploited by hackers to steal sensitive information such as names, addresses, social security numbers from credit reporting firm Equifax. Patches for the bug had already been issued, but it was recently revealed by open-source automation firm Sonatype that least 10,800 companies and over half of the Fortune Global 100 are still using vulnerable versions of the software. However, even after the widely publicized […]

German Hacker Gets Off with Light Sentence

German Hacker Gets Off with Light Sentence

A 24-year old German hacker Maik D., also known as ZZboot, was reportedly given a light sentence last month of one year and ten months of probation for launching DDoS attacks on various German and UK firms including eBay.de, DHL.de, billiger.de, hood.de, rakuten.de, DPD.de, EIS.de, ESL.eu. A security consultant in real life, Maik would regularly criticize the poor security practices of companies via Twitter and claim that he launches the attacks to hunt for vulnerabilities. However, he was also caught extorting these companies, promising to stop the attacks in exchange for Bitcoin. Maik was also found to be connected to […]

Twitter Warns Users to Change Passwords Immediately

Twitter Warns Users to Change Passwords Immediately

In a blog post this week, Twitter admitted that a bug had compromised user passwords by storing them in plaintext and advised all user to immediately change their login details. The passwords had reportedly been exposed for several months, affecting a substantial number of users. However, the company assured that they are using a technology that masks the passwords created by users and no one in the company can see it. The company also said that they have fixed the issue and there seems to be no evidence of breach or misuse. Source: ZDNet

Security Patches Overwhelm Singapore Firms

Security Patches Overwhelm Singapore Firms

A recent global survey conducted by the Ponemon Institute showed that Singaporean companies are currently struggling with the influx of security patches, with as much as 78% admitting to the lack adequate resources to keep pace and 74% saying that they are unable to take critical systems offline for patching. In the study which polled around 3000 respondents, with 165 from Singapore, it was revealed that the companies spend on the average around 154 hours a week just to roll out patches. Additionally, 79% said that they did not have enough personnel to apply the patches in a timely manner. […]

GDPR-themed Phishing Emails Seek Password, Credit Card Details

GDPR-themed Phishing Emails Seek Password, Credit Card Details

According to researchers at cybersecurity firm Redscan, criminals have been circulating GDPR-related phishing emails to obtain sensitive information from their victims. The scammers reportedly send emails, with some claiming to be from AirBnb, which ask their victims to click a link to accept a new privacy policy and enter information such as account credentials and payment information to comply with the European Union’s new General Data Protection Regulation (GDPR) which is set to take effect on May 25. The researchers noted that while Airbnb is indeed sending messages to users about GDPR, they contain far more detail and do not […]

Attackers Use Google Maps URL-Sharing to Push Shady Sites

Attackers Use Google Maps URL-Sharing to Push Shady Sites

The Sophos security team recently reported that scammers are using the Google Maps URL-sharing feature to send their victims to phishing websites or those that contain malware. Sophos says that the scam messages they discovered used both the Maps feature and goo.gl URL shortener to redirect users to a Russian diet-pill scam website. The attackers are able to do this by exploiting an open redirection vulnerability affecting the maps.app.goo.gl service. Sophos researcher Mark Stockley says that a good way to avoid questionable links would be to check if a URL in the link parameter is not a link to Google […]

Hacking Tool Gives Users Access to Feeds from Various DVR Brands

Hacking Tool Gives Users Access to Feeds from Various DVR Brands

Last Wednesday, an Argentinian security researcher published a tool that can extract plaintext credentials for various DVR brands which attackers can use to gain access to those systems their video feeds. Ezequiel Fernandez says that his getDVR_Credentials tool is a “proof-of-concept” for the CVE-2018-9995 vulnerability that affects DVR devices manufactured by TBK. However, Fernandez expanded his list to include other brands, with some selling rebranded TBK DVR4104 and 4216 models. Using Shodan, a search engine used to find vulnerable devices, Fernandez showed that at least a few tens of thousands are affected by the issue around the world. Source: Bleeping […]

Canadian Organizations Hit by New Ransomware Campaign

Canadian Organizations Hit by New Ransomware Campaign

Researchers from Fortinet revealed this week that a new email ransomware campaign has hit a number of Canadian organizations, as well as some in the US and the UK. The researchers said that since it was a spam effort, the messages were not targeted. Most of the emails had bore the subject line “Document number…” Your order number” or “Ticket number.” Meanwhile, McAfee had also reported that other organizations in Canada had been victimized by a group called Hidden Cobra, which is believed to be backed by North Korea. The attackers had apparently planted surveillance software on the companies’ systems […]

EU-led Operation Strikes IS Web Media

EU-led Operation Strikes IS Web Media

Europol reported earlier this week that an international operation led by the EU had dealt a major blow to the Islamic State’s internet propaganda. The attack was carried out by cyber experts from various European countries, Canada and the US who conducted a “simultaneous multinational takedown” of IS media where digital evidence and servers had been seized. Europol head Rob Wainwright said that the operation had punched a big hole IS’ propaganda and radicalization efforts, and the data they retrieved will be used by the police to identify the administrators behind IS media outlets and other radicalised individuals. Source: BBC

Hackers Now Able to Create Master Key for Millions of Hotel Rooms

Hackers Now Able to Create Master Key for Millions of Hotel Rooms

Security researchers from F-Secure recently proved in a study that it is possible for hackers to create a “master key” that can open potentially millions of hotel rooms using the Vision by VingCard electronic lock system. Manufactured by a Swedish company called Assa Abloy, the system is not only used in millions of hotels in 166 countries, but on private properties as well. However, researchers Tomi Tuominen and Timo Hirvonen say that they were able to build a handheld device running a custom software that can swipe data off any keycard to produce an access token with the highest privilege. […]