Indian state-owned gas agency leaked 6 million Aadhaar Numbers






An ethical French hacker claims to have found a vulnerability on the Indian state-owned gas agency's website, Indane, which has exposed nearly 6 million Aadhaar numbers of dealers, customers and distributors.

 Elliot Alderson wrote a blog post on 18 February, in which he detailed how he got alerted about a vulnerability on a web portal meant for local dealers through a  private message. The exposed data includes names, Aadhaar numbers and addresses of the customers.

The cyber security researcher looked at an Android app of the Indane, and there he found  “Locate Your Distributor” feature, and this option let you find the ids of the dealers of the corresponding “bgadistrict”. With the dichotomy method he was able to easily find out the ids of all the dealers in 714 bgadistrict.

"Great, time to code! We have everything we need to get the size of this leak. Thanks to the endpoint found in the Android app, we will obtain all the valid dealer ids and then we will scrape all the “Total records” in the local dealer portal," Alderson wrote.

He  wrote a python script, and then executed the script, which fetched him  11062 valid dealer ids.  "After more than 1 day, my script tested 9490 dealers and found that a total of 5,826,116 Indane customers are affected by this leak."

Unfortunately, Indane probably blocked my IP, so I didn’t test the remaining 1572 dealers. By doing some basic math we can estimate the final number of affected customers around 6,791,200," Alderson further added.


However, Indane has refused to acknowledge the data leak, meanwhile Anderson has snapped back with a meme at the gas agency. UIDAI did not respond to the data leak reports.

Hackers Delivering New Muncy Malware Worldwide through DHL Phishing Campaign



With malicious intentions of targeting the users across the globe, attackers are reported to be disseminating new dubbed Muncy malware in the form of EXE file through DHL phishing campaigns.

Resorting to malspam emails, DHL phishing is amongst the most far-reaching campaigns which distributed several sophisticated malware. They made it appear legitimate by exploiting the deplorable configuration of SMTP servers and by employing email spoofing techniques.

DHL is a company of global repute which specializes in providing express mail services, international couriers and parcels. The reputation of the well-established company took some hits by the cybercriminals as they abused it to distribute malware. 

They did so by configuring the malicious emails to appear to be coming from DHL express. The email comprised of an infected attachment in PDF format.

How the malware is executed?

As soon as the targeted user accesses the PDF attachment, Muncy Trojan file sneaks into the system. Then the packed malware is unpacked and once unpacked it scans the whole C:\ drive for the files containing sensitive data. 

Expert takes

Commenting on the matter, Pedro Tavares, Founder, and Pentester at CSIRT.UBI told the GBHackers, “The phishing campaign is trying to impersonate DHL shipment notification and the malware is attached in the email.”

“This malware is on the rise and is affecting user’s in-the-wild while stealing sensitive information from their devices.”





Google’s Nest Secure had a built-in microphone no one knew about


After the hacking fiasco a few weeks ago, Nest users have been more on edge about their security devices than ever before. The recent discovery of a built-in, hidden microphone on the Nest Guard, part of the Nest Secure security system, has only served to further exacerbate those concerns.

Alphabet Inc's Google said on February 20 it had made an "error" in not disclosing that its Nest Secure home security system had a built-in microphone in its devices.

Consumers might never have known the microphone existed had Google not announced support for Google Assistant on the Nest Secure. This sounds like a great addition, except for one little problem: users didn’t know their Nest Secure had a microphone. None of the product documentation disclosed the existence of the microphone, nor did any of the packaging.

Earlier this month, Google said Nest Secure would be getting an update and users could now enable its virtual assistant technology Google Assistant on Nest Guard.

A microphone built into its Nest Guard alarm/motion sensor/keypad wasn't supposed to be a secret, Google said after announcing Google Assistant support for the Nest Secure system but the revelation that Google Assistant could be used with its Nest home security and alarm system security was a surprise.

“The on-device microphone was never intended to be a secret and should have been listed in the tech specs. That was an error on our part. The microphone has never been on and is only activated when users specifically enable the option,” Google said.

Google’s updated product page now mentions the existence of the microphone.

If your first thought on hearing this news is that Google was spying on you or doing something equally sinister, you aren’t alone. Ray Walsh, a digital privacy expert at BestVPN.com, said “Nest’s failure to disclose the on-board microphone included in its secure home security system is a massive oversight. Nest’s parent company Google claims that the feature was only made available to consumers who activated the feature manually. Presumably, nobody did this; because the feature wasn’t advertised.

Scammers disguise themselves as divisions of the Central Bank of Russia


Cyber Criminals performed a large-scale attack on Russian banks in late 2018, they managed to steal $ 20 million.

The attackers disguised themselves as divisions of the Central Bank FinCERT and Alfacapital. It is known that the attacks were carried out by hacker groups Silence and Cobalt, who had previously organized cybercrime. Also along with them operated a new hacker group, which had not been seen before.

The scheme of crimes was the same: the scammers on behalf of the FinCERT division of the Central Bank sent out malicious documents with macros. In addition, a compromised account of an employee of the company Alfacapital was used.

Representatives of many banks confirm the frequent attacks. The criminals tried to penetrate the infrastructure of the financial organization for the withdrawal of money.

The IT-company Positive Technologies conducted their own statistics and found that over 201 million people suffered from such attacks in 2018.

Moreover, banking infrastructure was attacked in 78% of cases, web resources - 13 %, ATMs and POS-terminals - 9 %, personal data - 39% , credential theft , card information, trade secret - 5%, personal correspondence and other information - 8%.

In addition, on February 18, Kaspersky Lab recorded an increase in attacks by Buhtrap and RTM banking Trojans in Russia. At the end of last year, experts recorded an increase in the activity of the banking Trojan RTM 50 times, compared to 2017.

Indian hackers hack over 200 Pakistani websites


Just days after the dastardly attack on CRPF convoy in Pulwama, more than 200 Pakistani websites have reportedly been hacked by an Indian hacker group - 'Team I Crew', as a sign of protest.
On Saturday, the official website of Pakistan's Ministry of Foreign Affairs was also reportedly hacked.

Pakistan foreign ministry spokesperson Mohammad Faisal had said complaints were received about the site being inaccessible by users from several countries.

According to a report in Times Now, the Indian hacker group shared the list of hacked websites on various social media platforms. The hackers also claimed that this is one of biggest cyber attack launched by Indian hackers on Pakistan.

"Pakistan has faced its worst cyber attack in history, in last 72 hours," reads the message.
Messages like “We will never forget #14/02/2019,” "Dedicated to the martyrs sacrificed their lives in #PulwamaTerrorAttack,” appear on some of the websites along with a condolence note for the families of the CRPF jawans killed in the attack.

On February 14, an explosives-laden SUV rammed into a convoy carrying CRPF personnel in Pulwama. The attack killed 40 CRPF soldiers. The Pakistan-based terror group Jaish-e-Mohammad took responsibility of the attack.

The attack, which is being considered as one of the deadliest terrorist strikes on Indian force, has drawn criticism from various quarters with several countries coming out in support of India and condemning the barbaric attack. India also withdrew the Most Favoured Nation (MFN) status accorded to Pakistan following the terror strike.

The list of Pakistani websites hacked include:

https://sindhforests.gov.pk/op.html
https://mail.sindhforests.gov.pk/op.html
https://pkha.gov.pk/op.html
https://ebidding.pkha.gov.pk/op.html
http://kda.gkp.pk/op.html
http://blog.kda.gkp.pk/op.html
http://mail.kda.gkp.pk/op.html
https://kpsports.gov.pk/op.html
https://mail.kpsports.gov.pk/op.html
http://seismic.pmd.gov.pk/op.html
http://namc.pmd.gov.pk/op.html

http://rmcpunjab.pmd.gov.pk/FlightsChartFolder/op.html