Infowars Hit With Card Skimming Malware




As indicated by ZDNet and Dutch security researcher, Willem de Groot, the malware capable of furtively recording payment card details was removed on the 14th of November from the Infowars online store after ZDNet contacted the company's staff.

The site was a recent victim of an especially awful Magecart infection, which hoovered up the details of around 1,600 clients.

Magecart is a strain of malware that objectives online retail stages. Working by quietly recording the payment card details put together by the clients, and after that sending them to a remote server, where they can be utilized for Visa misrepresentation (credit card fraud) , or sold on to various other offenders on the black market.

The malware was covered inside a block of Google Analytics code, and was live for only 24 hours before it was removed says de Groot.

The malware, present on each Infowars store page, just activated itself on the site's checkout pages. As indicated by ZDNet, the code scratched all substance found inside the checkout forms each 1.5 seconds, not before transmitting it to a remote server situated in Lithuania.

As per Jones, Infowars is cautioning clients to be watchful about unapproved installments on their cards. The company additionally trusts that the genuine number of influenced clients might be lower than 1,600, because of a few people re-requesting things amid a similar time period.

An announcement given to ZDNet by Alex Jones considered the hack a " act of industrial and political sabotage," and said that it was "probably carried out by leftist stay behind networks (sic) hiding inside US intelligence agencies.”
The full Alex Jones statement is available below:

This criminal hack is an act of industrial and political sabotage. The corporate press is claiming that a Magento plugin to the shopping cart was the point of entry, but that is not true. Infowarsstore.com has never installed that plugin. We use some of the top internet security companies in the nation and they have reported to us that this is a zero-day hack probably carried out by leftist stay behind networks hiding inside US intelligence agencies.

Magento's top security people have done a site-wide scan and found no security vulnerabilities. And we believe security features we will not mention, appear to have blocked them from getting anyone's credit card numbers.

The hack took place less than 24 hours ago; it is undoubtedly the hacker or hacker group that then reported this to the establishment corporate press in an attempt to scare business away from Infowarstore.com.

Only 1600 customers may have been affected. Most of those were re-orders so their information would not be accessible. Nevertheless, our customer-supporter base is being contacted so they can watch for any unusual charges to their account and rectify them.


Cyberattacks and volatile weather top risks for Indian corporate: Study

Marsh, a global leader in insurance broking, and RIMS, the risk management society, collaborated on a study which revealed that large-scale cyber-attacks and extreme weather are the top risks for India Inc. In the study conducted across 19 industries, risk professionals, C-suites executives and others identified cyber-attacks as the topmost risk at 88%, data fraud or theft at 85%, volatile weather at 84%, severe energy price shock at 81% and major financial failure at 81%.

Titled ‘Marsh RIMS - State of Risk Management in India’, the report sheds light on the maturity of risk management functions in corporate India. It addresses areas such as the top risks Indian corporates face, the maturity level of risk management in organisations, the key areas of risk management that require improvement, the risks of adopting emerging technologies, and key recommendations for risk executives.

‘Excellence in Risk Management’ series is published by Marsh annually in several geographies. This report on Indian scenario was launched at the recent RIMS’ first risk management forum in India.

A little over a third (37%) respondents believed cyber-attacks are highly prevalent now due to India’s growing dependency on data and digitisation efforts. In May 2018, the Indian Computer Emergency Response Team (CERT-In) found that over 22,000 Indian websites, including 114 government portals, were hacked between April 2017 and January 2018.

Shedding light on the maturity of risk management functions in corporate India, this elaborate survey observed three separate time frames to assess the said risks; an already significant concern; will be a significant concern in one to three years; and a significant concern after three years.

A few other identified risks that are foreseen are financial crises in key economies, which stands at 80%, water crises and shortfall of critical infrastructure at 76%, and failure of urban planning and failure of national governance at 72%.

Huntsville Hospital job applicants’ information could be at risk after data breach

Huntsville Hospital in Alabama is reporting the information of job applicants who applied to the facility may be at risk after a breach at a recruiting firm it uses. The breach could affect thousands across the country, but if you've applied to the hospital it could impact you too.

The hospital’s online application vendor Jobscience is a cloud computing firm that helps to staff and recruiting organizations.

The hospital sent the following release Thursday afternoon: “Regrettably, we’ve learned that Jobscience, Inc., the vendor which we’ve used for online employment application services since 2006, had a data breach which may have involved information from individuals who applied for jobs at Huntsville Hospital. Because of this, notification letters are being sent to the affected persons.”

“Although we have no indication that any information has been misused in any way, out of an abundance of caution, we are offering identity theft protection to those job applicants whose Social Security Number may have been compromised. The hospital no longer uses the services of Jobscience," the hospital said in the release.

Huntsville Hospital sent out letters to employees and applicants letting them know that their information could have been breached and identity protection services are offered to anyone who may have been compromised by the incident.

Burr Ingram, a spokesperson for Huntsville Hospital, says there is no indication that any information has been misused in any way but there is a possibility.

Jobscience has not commented on this matter so far.

Authentication Flaw in DJI Drone Web App Let Attackers Gain Control


Researchers have found a critical authentication flaw in the DJI drone web app which poses a serious threat to the security of business giants and to the solo clan as well. Once exploited, the vulnerabilities discovered were reported to trigger remote hacks gaining access to DJI's web store, synced cloud server data, and FlightHub
Security Vulnerability Found in the DJI Drone Web App

As discovered by the researchers at Check Point Research, a critical authentication flaw has existed in the DJI drone web app which when exploited allowed attackers to access targeted user’s DJI account without any alarm going off.

The security vulnerability was nestled in the authentication process of DJI which allowed the attacker to sneak around protections and get access to the victim’s account in the manner as follows – referenced from Check Point Reports
DJI uses a cookie that the attacker can obtain to identify a user and create tokens, or tickets, to access their platforms. Through the use of this cookie, an attacker is able to simply hijack any user's account and take complete control over any of the user's DJI Mobile Apps, Web Account or DJI FlightHub account."
How the exploit unfolds?

To set the execution of the attack in motion is far from a complex mechanism, simply clicking on an infectious link that the attacker publishes on the DJI forum will have your account held hostage. 

The attack type is known to be a cross-site scripting attack which provides unethical access to the victim’s account from where the attackers can sneak sensitive data such as multimedia captured by the drone, its flight logs, camera view, profile information, and live map.


DJI’s take on the security crisis

A DJI which has battled with security issues lately, this time welcomed the findings by the researchers with open arms as DJI's Mario Rebello, vice president, and the country manager was recorded saying, "We applaud the expertise Check Point researchers demonstrated through the responsible disclosure of a potentially critical vulnerability,” in a statement. He said, “This is exactly the reason DJI established our bug bounty program in the first place."
Appropriately responding to the findings by the Check Point Reports, DJI acknowledged the escalated risk factor of the bug but also attributed low probability to the flaw easing the concerns of the users. Alongside, they also confirmed that the flaw remained unexploited. 



Anonymous use of messengers in Russia is prohibited


After 180 days, all messengers will be required to identify their users by phone numbers of operators. Prime Minister Dmitry Medvedev signed a government resolution approving the relevant rules last week. He believes that this is necessary for the safety and convenience of users.

The administrators of the messenger will check the information about the correctness of the number. The mobile operator is given 20 minutes to process the request from the Service.

Services will be available only to persons to whom the phone number is issued. In addition, mobile operators will enter information into their databases about which applications their customers are using.

According to the Head of Roskomnadzor Alexander Zharov, anonymous use of messengers prevents to investigate crimes. "The possibility of anonymous communication in messengers complicates the activities of Law Enforcement Agencies in the investigation of crimes."

In turn, the experts were skeptical about the initiative. Thus, the Director of the Association of professional users of social networks and messengers Vladimir Zykov believes that foreigners may face problems with SIM-cards of their countries. In addition, illegal sale of SIM cards of foreign operators may begin.

According to citizens, the legalization of relations between messengers and operators will only lead to negative consequences: the increase in the price of tariffs, the disappearance of anonymity in messengers, the growth of hacker attacks.

In General, the Russians do not believe that these rules will work at all. As we remember, Roskomnadzor's attempt to destroy Telegram led to the blocking of thousands of IP addresses and serious financial losses of innocent companies. And the messenger continued to work.