Cyber Security News

Ayushman Bharat, the government run health insurance programme, on Saturday confirmed that there had been an attempted security breach. “There have been attempts to get illegal access to large medical data including sensitive personal information,’’ said Dr. Indu Bhushan, CEO Ayushman Bharat - Pradhan Mantri Jan Arogya Yojana. Alerted about the intrusion 48 hours ago, the National Health Authority — which administers the programme — has now written to all State Governments alerting them about the threat and warning that no sensitive data be shared. Describing the nature of the attempted breach, Dr. Bhushan said contact had been made with Ayushman Bharat employees urging them to leak sensitive information on the available health profiles of those covered by the scheme. With more than 3 crore e-cards issued countrywide to individuals covered under the scheme and over 21 lakh hospital admissions, worth ₹2,820 crore, having been approved, the scheme is one of the world’s largest st...

Firefox, a web browser made by the non-profit Mozilla Foundation, was born as “Phoenix”. It rose from the ashes of Netscape Navigator, slain by Microsoft’s Internet Explorer. In 2012 Mozilla created Firefox os, to rival Apple’s ios and Google’s Android mobile operating systems. Unable to compete with the duopoly, Mozilla killed the project. Another phoenix has arisen from it. Kaios, an operating system conjured from the defunct software, powered 30m devices in 2017 and another 50m in 2018. Most were simple flip-phones sold in the West for about $80 apiece, or even simpler ones which Indians and Indonesians can have for as little as $20 or $7, respectively. Smartphones start at about $100. The company behind the software, also called Kaios and based in Hong Kong, designed it for smart-ish phones—with an old-fashioned number pad and long battery life, plus 4g connectivity, popular apps such as Facebook and modern features like contactless payments, but not snazzy touchscreens. With...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: India Times In a bid to bolster its capabilities to tackle threats emanating from hackers, mostly from China and Pakistan, India is all set to have Defence Cyber Agency (DCA) by next month. This agency will be headquartered in the capital. Senior Navy officer Rear Admiral Mohit Gupta will be the first head of this agency — DCA. “We are working to raise the Defence Cyber Agency in May itself. The work has almost been completed. A new building has been hired in the national capital which will act as the headquarters of the formation,” sources in the Defence Ministry said. Agreed upon by the Defence Ministry and the three services, it was decided that the cyber agency would be headed by Rear Admiral Gupta. The Navy is expected to announce his formal appointment anytime, sources said. DCA is one of the ...

Stanislav Kuznetsov, the Deputy Chairman of Sberbank, said that now there are three main trends in the field of cybercrime. The first trend is DDoS attacks, the number of which continues to increase. The second trend is data leakage. "The whole market is developing in this direction," Kuznetsov added. According to the representative of Sberbank, the third trend called fraud associated with the methods of social engineering. Kuznetsov explained that criminals often play on the trust of citizens. "Russia is a unique country, the level of public confidence is very high in everything that is done by state institutions, corporations. This is good, but the scammers use this uniqueness of the Russian population, especially the elderly," says Kuznetsov. For example, a serious threat is phishing (theft of confidential data through e-mail on behalf of financial and government agencies). According to the Deputy Chairman, about 27-30% of office workers in Russia in differ...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register A Chinese software developer who previously expressed suicidal thoughts has been jailed after putting one of drone company DJI’s AES private keys onto Github in plain text. That key, as we revealed at the time in January 2018, allowed world+dog to decrypt DJI’s encrypted flight control firmware, paving the way for the curious and the malicious alike to bypass geofencing and other performance restrictions on their DJI drones. Also disclosed in plain text was a wildcard SSL key for *.dji.com, giving anyone with the right skills the ability to spoof DJI’s website and decrypt encrypted comms between DJI drones and the company’s own servers in China. Local Chinese-language reports indicated that the Shenzhen Municipal People’s Procuratorate – the local version of the Crown...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register Roundup  Here’s your quick-fire summary of recent computer security news. Docker:  Someone broke into a database holding Docker Hub account information, and managed to siphon off non-financial records on 190,000 users before the exfiltration was, presumably, detected and stopped. The intrusion happened on Thursday, April 25, though Docker emailed people late on Friday alerting them to the security breach. Less than five per cent of Hub users were affected, according to the biz. The swiped information included “usernames and hashed passwords for a small percentage of these users, as well as GitHub and Bitbucket tokens for Docker autobuilds,” we’re told. Hub account passwords should be changed, and snatched tokens have been revoked. Crucially, no hosted Dockerfiles were...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register That’s not an opinion, incidentally, it’s a fact, at least according to the Mueller Report, finally published earlier this month. However, that dossier makes it plain that federal prosecutors ultimately decided not to press charges against Don Junior, and that decision has become the subject of debate by law professors this week. Before you get ready to rage-tweet or fury-comment, though, you may find the debate is disappointingly reasonable since it is built around how badly written tech law has ended up giving prosecutors too much leeway in deciding when to bring cases and when to let them drop: a situation that everyone should be able to agree is not a great thing. But before the reasonableness, let’s get some digs in. The president’s son is such a weapons-grad...

Institute For Ethical Hacking Course  and  Ethical Hacking Training in Pune – India Extreme Hacking  |  Sadik Shaikh  |  Cyber Suraksha Abhiyan Credits: The Register CyberUK 2019  If your hair isn’t already grey enough, GCHQ staff have revealed a handful of infosec incidents that, in their words, “surprised us”. During a talk at CyberUK 2019, the annual shindig of the spy agency’s public-facing offshoot, the National Cyber Security Centre (NCSC), a bespectacled and bearded chap who was introduced only as “Toby L” told an enthralled audience one of his “favourite war stories”. The NCSC is part of GCHQ’s drive since 2013 to rebuild public trust and convince industry that the government is also interested in their economic wellbeing. As part of that, NCSC occasionally gets called in to help with particularly pernickety problems involving malware infections on corporate networks. “This specific instance of Gandcrab was not the mo...

Apple has recently cracked down on some screen time apps from on the App Store. As confirmed by the tech Apple Removed Parental Control Apps Claiming They Threaten Users’ Privacy on Latest Hacking News . from Latest Hacking News http://bit.ly/2GSAXLR

A Data breach incident at the University of Alaska  has compromised the personal information of students and other individuals. The university allegedly faced online data breach to its database which exposed several sensitive informations including personal information of teachers and other officials. The news came out in public after university disclosed the incident notice on their website. In February 2018, some of the users of University’s website reported change of passwords and unauthorised access to their accounts, the University of Alaska started the investigation and later found out that their have been several incidences of data breach, exposing various personal informations of users. According to an university investigating official “On or around March 28, 2018, the investigation determined that an unauthorized user also may have accessed certain email accounts between January 31, 2018, and February 15, 2018.”, he further added, “It may include an individual’s na...

It seems the aftermath of Cambridge Analytica continues As Facebook announces new changes. The changes should come as good news Facebook Bans Personality Quizzes Alongside Other Notable Changes For Users’ Privacy on Latest Hacking News . from Latest Hacking News http://bit.ly/2UPDnyK

One of the largest repositories for Docker container images has now become the latest victim of a security breach. As Docker Hub Data Breach Exposed Sensitive Information From 190,000 Accounts on Latest Hacking News . from Latest Hacking News http://bit.ly/2XSH0G3

Once again, a security breach has threatened the online security of students and other individuals. This time, the incident has University Of Alaska Data Breach Exposed Personal Information Of UAOnline Students on Latest Hacking News . from Latest Hacking News http://bit.ly/2vupSKK

Shopping online has never been easier. A quick Google search of almost anything brings hundreds of results. Placing an order How to Protect Your Credit Card Data During Online Shopping on Latest Hacking News . from Latest Hacking News http://bit.ly/2PAjvP3

ttyd is a simple command-line tool for sharing terminal over the web, inspired by GoTTY. Features Built on top of Libwebsockets with C for speed Fully-featured terminal based on Xterm.js with CJK and IME support Graphical ZMODEM integration with lrzsz support SSL support based on OpenSSL Run any custom command with options Basic authentication support and many other custom options Cross platform: macOS, Linux, FreeBSD/OpenBSD, OpenWrt/LEDE, Windows Installation Install on macOS Install with homebrew: brew install ttyd Install on Linux Binary version download from the releases page. Build from source (debian/ubuntu): sudo apt-get install cmake g++ pkg-config git vim-common libwebsockets-dev libjson-c-dev libssl-dev git clone http://bit.ly/2UEYl34 cd ttyd && mkdir build && cd build cmake .. make && make install You may also need to compile/install libwebsockets from source if the libwebsockets-dev package is outdated. Install...

Adding to the trail of data exposure incidents from unsecured databases, now joins a startup firm. Reportedly, the contract and Contract Management Company Evisort Accidentally Exposed Sensitive Documents Publicly on Latest Hacking News . from Latest Hacking News http://bit.ly/2ZMl6pV

Interview with Karl Sigler, Threat Intelligence Manager At Trustwave Spider Labs  Discussing Trustwave’s Latest Global Intelligence Report Today’s Agenda is Latest Hacking News Podcast #271 on Latest Hacking News . from Latest Hacking News http://bit.ly/2Lc1TdW

Qualcomm technology which was manufactured to safely store private cryptographic keys has been found to be plagued with a security bug. The bug has been found in Qualcomm chipsets and is said to be paving way for Android malware which can potentially steal access to victims' online accounts. The implemention of the technology should be such that even if the Android's OS has been exploited, the Qualcomm Secure Execution Environment, also known as QSEE should be beyond the reach of exploit and hence, unassailable. However, due to some imperfections in the implementation, such is not the case. One can go about manipulating the system and leaking the private stored keys into the QSEE, as per a researcher with cybersecurity firm NCC Group, Keegan Ryan. Ryan documented the vulnerability and came out with a conclusion that the flaw could bave been used by a hacker to exploit the way mobile apps let users sign in on smartphones. After entering the password, a cryptographic ke...

An unauthorized access to a database was discovered by the Docker Hub that exposed sensitive data of more than 190,000 account holders.  The exposed informations include username, hashed passwords, tokens for GitHub and Bitbucket repositories. The company started emailing its customers about the security breach soon after the breach took place. However, it is unclear how hackers got a hold over a single database. "On Thursday, April 25th, 2019, we discovered unauthorized access to a single Hub database storing a subset of non-financial user data," said Kent Lamb, Director of Docker Support. Docker is recommending all  its users to change their password. All the impacted accounts GitHub tokens and access keys, so the user’s with auto builds are impacted. Docker hub is the cloud repository of images created by users, and it could be downloaded by other users or images created by other communities. “We are enhancing our overall security processes and reviewing o...

In Canada, McDonalds is losing out on thousands of dollars because of a notorious hacking act. The unidentified  person is hacking into McDonalds app of strangers to rack up thousands of dollars worth food purchase. The recent victim was Patrick O’Rourke, who is  the managing editor of the tech news site MobileSyrup.He said that he didn’t realise till recently that someone has hacked into his Mcdonald's app and has ordered almost 100 meals between April 12 and April 18 According to the CBC report ,there were mass purchases of Big Macs and McFlurries. O’Rourke doubts whether a single person could have eaten all the food. He told CBC,”It could be one guy who was able to hack my account and he shared it with a bunch of his friends across Montreal, and they all just went on a food spree,” There have been other incidences of similar nature across Canada recently, where McDonalds app was hacked and a huge amount of bill was raised through the illegal buying of food. Ther...

                                                                      An unauthorized person gained access to a Docker Hub database that exposed sensitive information for approximately 190,000 users. Docker says the hacker had access to this database only for a short moment and the data accessed is only five percent of Docker Hub's entire userbase. This information included some usernames and hashed passwords, as well as tokens for GitHub and Bitbucket repositories used for Docker autobuilds. GitHub and Bitbucket access tokens stored in Docker Hub allow developers to modify their project's code and have it automatically build, or autobuild, the image on Docker Hub. If a third-party gains access to these tokens, though, it would allow them to gain access to a private repositories code and possibly modify it de...

Recently, the WiFi Finder app, one of many hotspot searching applications went offline after a security incident. The app left WiFi Finder App Goes Down After Leaking 2 Million WiFi-Network Passwords on Latest Hacking News . from Latest Hacking News http://bit.ly/2L8rVP3

Online scams no more remain confined to fake websites. Rather the scammers have even exploited legit websites to execute their GoDaddy Shut Down 15K Scam Subdomains From Hacked Websites on Latest Hacking News . from Latest Hacking News http://bit.ly/2ZI2Uxi

The court of the Saratov region found guilty a local resident who hacked and gained access to the website of the Omsk company collecting utility payments. A 19-year-old hacker was accused under the article "unauthorized access to computer information." Employees of the Federal Security Service of Russia in the Omsk region found and detained him. Omsk investigators found that in the autumn of 2017 the defendant hacked into the payment system using special software from his home computer. The system was intended to make online payment of utilities. As a result, the hacker was able to gain access to user personal accounts. After copying all the information, he contacted representatives of the Service and offered for a fee to provide information about the way to fix the vulnerability in the security system. The court found him guilty and sentenced him to twelve months for unauthorized access to computer information. At the same time in Krasnoyarsk, it turned out th...

A hacker who is notoriously believed to be involved in several plane hacking revealed that he hacked the famous U.S space agency NASA just because he was bored. During Digital Age Summit in Istanbul, Roberts spoke to  Anadolu Agency (AA) and said he enjoyed exploiting the vulnerabilities in  cyber securities from big institutes like NASA. He said, "We have found that the communication security between the satellite and land systems is not well encrypted. We were able to access the system by passing NASA's International Space Station access control measures," . Roberts Stressed that there are no unbreakable systems, and the transport companies should take serious steps to protect their networks from being hacked as suggested by “Good hackers”. There was an investigation on Roberts by  Federal Bureau of Investigations (FBI) in 2015 for the suspected hacking of an airplane’s computer system via in-flight wireless Internet In a search warrant provided by Federa...

The Madurai Bench of the Madras High Court removed the interim ban on TikTok on April 24, three weeks after it had asked the government to prohibit further downloads of the popular Chinese short-video application. TikTok allows users to create and share short videos with special effects and is one of the world’s most popular apps. On April 3, the app was prohibited in the country because of concern it exposed children to pornography and other disturbing content. The Chinese parent company had appealed to the apex court against the high court's order. Beijing Bytedance Technology Co. said ban led to financial losses of up to US$500,000 a day and had put more than 250 jobs at risk. Amicus Curiae Arvind Datar, appointed by the court to examine the implications of the app, argued on Wednesday that banning an application is not the solution, and rights of legitimate users must be protected. The Supreme Court had on Monday asked the Madras High Court to decide in its hearing ...