Indian online music streaming service Gaana website hacked by Pakistani hackers

Indian online music streaming service Gaana website has been hacked by Mak Man, Lahore, Pakistan, based hackers. Hacked database contains more than 12.5 million registered users.

The hackers posted a searchable  link of the database on his Facebook account. After once  entering  a user’s email address, the database opens containing their full name, email address, MD5-hashed password, date of birth Facebook and Twitter profiles and more.

Company issued a guidelines to their users  advised them to deactivate their account until the issue is resolved, and change their email, Facebook and Twitter passwords if they’re the same as on Gaana right away, because changing password of Gaana website won‘t help, as it gets updated in database.

Times Internet CEO Satyan Gajwani tweeted that only login credentials were accessed and no financial or sensitive personal data was leaked.

The hackers has removed the exposed database on Gajwani’s request, and  all Gaana users’ passwords have been reset.

Vancity urges its customer to change their debit cards

Hundreds of customers of Vancouver City Savings Credit Union, popularly known as Vancity which is one of the largest community credit unions in Canada, have been requested to change their debit cards and get a new one after their debit card numbers were stolen while making purchases in Metro Vancouver.

The Vancity on May 23 confirmed that account of more than 1,000 of its customers have been affected and other bank customers may also have been affected by the serious banking breach at two local retailers.

According to a report published on CTV Vancouver, Darwin Sauer, spokesperson at the Vanicity, said that they found out on May 23 from Central One, their card provider that two Vancouver-area retailers had their card machines compromised as a result of a skimming operation, under which stealing of customer’s account information like PIN numbers is done.

“This could mean any customer who used those card machines or had their card go through those machines could have had their card compromised,” Sauer told to CTV Vancouver.

According to the company, a total of 1,200 its customers used their debit cards at the unnamed locations and only two people have notified the credit union about questionable transactions.

In order to protect its customers, the Vancity has placed limits on the 1,200 cards that may have been compromised and contacted the customers who will need to get new cards.

Sauer said people can protect their accounts from such fraud by changing their PIN regularly and shielding their PIN when entering it.

Top secret Saudi documents hacked and released to public

A group of hackers from Yemen have put out a message saying that they have hacked the servers of Saudi Arabia's Interior, Defense and Foreign and gained access to thousands of top secret documents.

"We have gained access to the Saudi Ministry of Foreign Affairs (MOFA) network and have full control over more than 3000 computers and servers, and thousands of users. We also have access to the emails, personal and secret information of hundreds of thousands of their staff and diplomats in different missions around the world," the Yemen Cyber Army (the hackers) said in a statement which has been published on many hacking related websites.

The group has published some of the documents online and have threatened the Saudi government that they would inflict greater damage on them by releasing more documents, archived since the 1980s.

The group has said that it will wipe the servers of the Foreign Ministry of Saudi Arabia at midnight on Wednesday.

The Yemen Cyber Army has been previously known for hacking

Emerson fixes SQL injection bug in AMS Device Manager

Emerson Process Management has released a patch for SQL Injection vulnerability in its AMS Device Manager application.

Emerson AMS Device Manager is a software used worldwide primarily in the oil and gas and chemical industries.

The Advisory (ICSA-15-111-01) released on the ICS-CERT website quoted that the vulnerability is not exploitable remotely and cannot be exploited without user interaction. It also stated that an attacker’s access to the vulnerability is of medium difficulty level.

"Successful attack results in administrative access to the application and its data files but not to the underlying computer system." The advisory reads.

The vulnerability affects AMS Device Manager, V12.5 and earlier.

Emerson advises the users of this application to take some steps to avoid exploitation to this vulnerability.

For AMS Device Manager application v12.5; it suggests the users to apply a patch, upgrade to v13, or apply the workaround below. For the earlier versions, the software can be configured by adding another user with full administrative privileges and making the default administrative user have read-only privileges.

ICS-CERT also recommends the users to limit user privileges on ICS running software machines, reduce network exposure for all control system device, locate control system networks and remote devices behind firewalls, and isolate them from the business network.

Will Cyber Security Companies shift their Headquarters out of US?

Until now nuclear, radiological, chemical and biological weapons considered to be a Weapon of Mass Destruction(WMD).

The Bureau of Industry and Security (BIS), an agency of the United States Department of Commerce that deals with issues involving national security and high technology, is proposing to classify cyber security tools as weapons of War in an attempt to control the distribution.

The tools used for extraction of data or information, from a computer or network-capable device, or the modification of system or user data, will come under this law and is being classified as Intrusion software. Also, the tools designed to avoid detection by 'monitoring tools'( Antivirus, IDS/IPS,End point security products) will be considered as a weapon.

Any penetration testing products designed to identify security Vulnerabilities of computers and network-capable devices fall under this category.

"The proposal is not beneficial. Most vulnerability scanners and penetration testing products come under it. The proposal means tools from US companies which have been used to do assessments and audits in corporate will need to go through the clearance. It could also lead to corporate getting tracked" says J.Prasanna, founder of Cyber Security and Privacy Foundation(CSPF).

Most of these Cyber Security firms either should convince their world wide clients to go through the process or shift their head quarter out of USA.

Prasanna pointed out that US government tried to stop the export of cryptography in the past. But, Russian, European and Israeli companies got advantage by the cryptography restriction.

He said that the new proposal is a bad news for the cyber security researchers. If it becomes a law, it will force them to find a new way to beat the Cyber Criminals.

"Hackers are already may steps ahead of us. Some tools like canvas and Metasploit Pro are important tool for penetration testing" said Prasanna.

Thomas Dullien, Google Researcher, said "addition of exploits to the Wassenaar arrangement is an egregious mistake for anyone that cares about a more secure and less surveilled Internet" in his personal blog.

Rapid7, a Boston-based cybersecurity firm, well known for its Metasploit Pentesting framework, said that they are investigating implications of Wassenaar for Metasploit and security research, and working on comments for the consultation.

According to the proposal, the governments of Australia, Canada, New Zealand or the UK will get favorable treatment for license applications, as they have partnered with the US on Cyber Security Policy and issues.

The BIS is seeking comments before 20th July 2015 on the proposed rule. You can submit the comments here.

Beware of emails with subject titles like ‘Internship’ ‘My Resume’

Beware of emails with a subject like: ‘Any Jobs?’, ‘Any openings’, ‘Internship’, ‘Internship questions’, ‘Job questions’ and ‘My Resume’ as researchers have discovered a new strain of point-of-sale (POS) malware being used in a spam campaign.

The attachment, which said to be a ‘protected document’, looks like a resume but is actually a Word document with an embedded malicious macro, the researchers said.

The researchers FireEye Inc, a U.S. based security company which provides automated threat forensics and dynamic malware protection against advanced cyber threats, such as advanced persistent threats and spear phishing, said that the crooks have launched an attack campaign using emails with such subject titles. The campaign is believed to have started in May 20.

The new malware is called NitlovePoS which can capture and exfiltrate both track one and track two data from payment cards by scanning the running processes of the compromised machine.

“It is just one of several pieces of POS malware that have appeared so far in 2015, which has seen the emergence of malware such as Punkey and FighterPOS,” the researchers wrote in the blog.

They said that the criminals behind the operation have been updating the payload.

The FireEye has observed that the two payloads beacon to the same server from which they are downloaded. They then receive instructions to download additional malware hosted on the server.

"We focused on the “pos.exe” malware and suspected that it may be targeted Point of Sale machines," the researchers wrote in a blog.

“We speculate that once the attackers have identified a potentially interesting host form among their victims, they can then instruct the victim to download the POS malware. While we have observed many downloads of the various EXE’s [hosted] on that server, we have only observed three downloads of “pos.exe,” researchers added.

“NitlovePOS expects to be run with the “-” sign as argument; otherwise it won’t perform any malicious actions,””This technique can help bypass some methods of detection, particularly those that leverage automation.”

When anyone clicks on the email, he/she can see an attachment named “CV_[4 numbers].doc” or “My_Resume_[4 numbers].doc”. If they open the attachment and enabled macro, the malicious macro will download and execute a malicious executable from

The researchers said that there are some solutions, which can protect from point-of-sale malware, like NGFW (next-generation firewalls).

“The main advantage that NGFW (next-generation firewalls) provides for network segmentation is application servers and data can be designated in different segments based on their risk factors and security classifications, with access to them tightly controlled," said Monolina Sen, ABI Research’s senior analyst in digital security,” researchers said in the blog.

Security and Privacy flaw in UC Browser leaks personally identifiable information

A visual summary of privacy and security issues presented by UC Browser. PC: Citizen Lab
A report has shown that a security and privacy flaw in a popular mobile web browser in India and China - Transmits users' personal and other information without encryption.

The report titled “A Chatty Squirrel: An Analysis of Privacy and Security Issues with UC Browser” has revealed that Chinese and English-language versions of UC Browser for Android, a mobile web browser which is owned by a China-based company, allows any network operator or in-path actor on the network to get the user’s personally identifiable information like location, search details and mobile subscriber and device ids.

The application is using symmetric AES/CBC encryption for sending device IDs,location data, Wi-Fi Mac Address, SSID and other information rather than encryption. The key 'autonavi_amaploc' used for the encryption is Hard-coded in the application.

"The use of symmetric encryption with a hard-coded key means that anyone who knows the key can decrypt UC Browser (Chinese) traffic in transit. Moreover, key holders can also retroactively decrypt any historical data that they have collected or obtained." The report reads.

Personal identifiers like IMEI, IMSI, android id, build serial number is being transferred to Umeng (a mobile analytics service) in an unecrypted form.

The transmission of unencrypted search engine queries enables third parties to monitor searches. Sensitive personal information can be inferred from search results including health conditions like pregnancy, disease, mental and psychological conditions, marital relations, and medical information. Third parties can use it to develop, use, and sell user profiles and by corporate or government agents to modify or prevent access to certain search results.

“We informed our findings to Alibab on April 15, 2015 and we would publish this report on or after April 29, 2015. The company responded on April 19, 2015, indicating that Alibaba security engineers were investigating the issue. We followed up on April 23, 2015 to reiterate our intention to publish this report on or after April 29, 2015,” the report said.

The report added that on May 19, 2015 they tested version 10.4.1-576 of the Chinese language version of UC Browser, which was downloaded from the website. However, the version does not appear to send location data insecurely to AMAP.

Information of 4,000 students shared in accidental data breach

The personal information of 4,000 students who use the bus transportation system was put at risk by CPS, after they mistakenly sent out their personal information to five vendors who were seeking to do business with the district.

The 4,000 students who have been affected are a subset of 22,500 students who use the bus transportation system.

After learning of the data breach, the authorities have quickly taken measures to avoid a problem and have written confirmations from all vendors that all the sensitive information has been successfully dispose off.

The affected students and parents have also ben notified of the breach. Also, the employees of CPS have been instructed in handling personal information of people in a more sensitive and private manner.

The breach happened in March, when CPS accidentally gave the information to five vendors.

Bettys Tea Rooms firm’s website hacked

The Bettys Tea Rooms  firm’s website was hacked on Wednesday, affecting more than 120,000 customers.

In a statement released by the company, they apologized, and blamed "industry-wide software weakness" for the data breach.

The hackers gained access to the firm’s website database, and stole the personal details of the customers which includes their names, email addresses, postal addresses, encrypted passwords and telephone numbers.

"We would like to stress that your credit or debit card details have not been copied as this information is stored on a completely separate system managed by a certified third party. Bettys takes customer confidentiality extremely seriously and, whilst customer passwords were encrypted, it is important that you change your password as soon as possible by clicking this link or entering into your browser," Bettys said.

They also advised their customers to not to respond to any of the phone or email communication regarding their personal and financial information.

"To be clear, Bettys will never contact you and ask you to share any personal financial information," the tea shop chain said.

Gang of old ladies named 'Northern N00bz' is suspected to be behind the data breach. To take revenge for some disservice, they acquired  some coding skills. A full investigation is going on.

Astoria - Researchers develop a new Tor client which aims to beat NSA

With an aim to beat powerful intelligence: like NSA, researchers have developed Astoria, a new Tor client which is said to be capable of protecting user’s privacy, even from such powerful intelligence agencies.

A cyber security researcher team from America and Israel come up with a new Tor client which is designed to make spying more difficult for the world's most capable intelligence agencies.

According to the research paper, people have used Tor, a popular anonymity system for users who wish to access the Internet anonymously or circumvent censorship, to prevent their activity from being tracked as Internet anonymity becoming difficult to establish.

However, Tor is not as safe as it was supposed to be, from the powerful intelligence agencies.

As a result the researchers have developed Astoria, which particularly focuses on defeating autonomous systems that has set up to intrude into Tor’s anonymity.

“In our experiments, we find that 58% of all circuits created by Tor are vulnerable to attacks by timing correlation and colluding sibling ASes. We find that in some regions (notably, China) there exist a number of cases where it is not possible for Tor to construct a circuit that is safe from these correlation attacks,” said in the research paper.

It added, “To mitigate the threat of such attacks, we build Astoria, an AS-aware Tor client. Astoria uses leverages recent developments in network measurement to perform pathprediction and intelligent relay selection. It not only reduces the number of vulnerable circuits to 5.8%, but also considers how circuits should be created when there are no safe possibilities. It performs load balancing across the Tor network, so as to not overload low capacity relays. Moreover, it provides reasonable performance even in its most secure configuration.”

The Astoria is aimed to do a list of things:
• Deal with asymmetric attackers.
• Deal with the possibility of colluding attackers.
• Consider the worst case possibility.
• Minimize performance impact.