Flaw in Westermo Industrial Switches puts customer devices at risk

U.S Department of Homeland Security Industrial Control Systems Cyber Emergency Response Team (ICS-CERT)revealed last week that Westermo Ethernet industrial switches uses secure sockets layer (SSL)private keys which are hardcoded and shared across devices.

The Sweden-based company, Westermo is a supplier of high quality data communications equipment designed for harsh industrial applications. The firm’s solutions are used across the world in sectors such as transport, water, energy supplies, mining and petrochemical.

ICS-CERT discovered that using same SSL keys can be used by malicious actors to intercept and decrypt communications via a man-in-the-middle (MitM) attack and leverage the information to gain unauthorized access to a vulnerable device.

Even an attacker with low skill can exploit this flaw if they manage to launch a successful MitM attack on devices running versions 4.18 and earlier of WeOS, the operating system that powers Westermo’s hardware platforms.

The attack can affect Falcon, Wolverine, Lynx, Viper and RedFox.

The company is working on fixing the flaw by including the automate function of changing the key which will be included in WeOS 4.19 but for now the vendor has released an update that will allow users to change the problematic certificate in the web interface of the affected devices.

Meanwhile, users have been advised to update WeOS to the latest version and upload a custom certificate by following the instructions.

The affected company has also warned its customers to avoid self-signed certificates and either completely disable web access to the devices or limit access to secure networks.

FireEye Patches Critical Flaw Found by Google Researchers

FireEye has rushed to patch a serious vulnerability identified in its products by researchers at Google’s Project Zero.

Project Zero researchers Tavis Ormandy and Natalie Silvanovich announced on Friday evening that they had developed a reliable exploit for a remote code execution (RCE) vulnerability affecting FireEye’s Malware Protection System (MPS). The experts haven’t provided any technical details, but Ormandy noted on Twitter that the bug likely affected “every version ever shipped.”

FireEye told SecurityWeek that the RCE vulnerability affected the company’s Network Security (NX), Email Security (EX), Malware Analysis (AX), and File Content Security (FX) products.

“FireEye had been engaged with and was supporting the Google Project Zero team prior to this discovery around the testing of our products. Due to the severity of the vulnerability discovered, we released an automated remediation to customers just 6 hours after notification, mitigating any customer exposure by Saturday morning,” FireEye spokesman Kyrksen Storer said in an emailed statement.

“We are thankful for the opportunity to support the Google team in this process, will continue to support their efforts, and fully support the broader security research community’s efforts to test and improve our products,” Storer added.

This was not the first time researchers reported finding vulnerabilities in FireEye products. In September, FireEye patched several vulnerabilities discovered by Kristian Erik Hermansen and Ron Perris. Hermansen disclosed the details of a flaw before the security firm could release a fix, claiming that he had reported the issue 18 months prior to its public disclosure.

In September, FireEye also resolved five vulnerabilities reported by German security firm ERNW. The issues – which included command injection, code execution, privilege escalation and memory corruption vulnerabilities – affected NX, EX, AX, FX, HX (Endpoint Security) and CM (Central Management) products.

FireEye’s support site currently lists nearly a dozen advisories describing vulnerabilities affecting the company’s products. The list does not include an advisory for the latest flaw reported by Ormandy.

FireEye is not the only security company whose products have been analyzed by the Google researcher. In September, Ormandy reported serious vulnerabilities in products from Kaspersky Lab.

source: Security Week

Data hacked at UK pub chain JD Wetherspoon

The latest firm to be hit by a cyber attack is UK pub chain JD Wetherspoon. One of Britain’s biggest pub companies, JD Wetherspoon’s website has been hacked, leading to the data breach of their customers’ personal details.

The cyber attack leaked the names, email addresses and birthdates of 650000 customers as well as the card details of 100 others.

The company statement said: “These credit or debit card details cannot be used on their own for fraudulent purposes, because the first 12 digits and the security number on the reverse of the card were not stored on the database.

Wetherspoon, however, said that the breach occurred in June but has just been discovered.
The company has alerted customers by email and informed the information commissioner’s office in the UK.

In a letter to its customers, Chief Executive John Hutson said that the company has taken all the necessary measures to make the website again. A forensic investigation is continuing in the breach.

The customers have been recommended to remain vigilant for any unexpected emails asking for their personal information as well as messages requesting them to click on links or download files.

Hutson added, "We apologize wholeheartedly to customers and staff who have been affected. Unfortunately, hacking is becoming more and more sophisticated and widespread. We are determined to respond to this by increasing our efforts and investment in security and will be doing everything possible to prevent a recurrence.”


Vtech hacked, customers’ information accessed by intruders

Whether hackers find it is easy to hack kid’s toy or they like such toys so much that they have been targeting those things now and then.

Recently, VTech, a Hong Kong global supplier of electronic learning products from infancy to preschool and the world's largest manufacturer of cordless phones, app store database hacked by “unauthorized access”.

The customers can download games, e-books and other content on to their Vtech devices from that app stores.

The company made it public on November 27 via a post that the names, home and email addresses, security questions and answers and other information of millions of families had been breached from a top toymaker's database on 14 November.

“An unauthorized party accessed VTech customer data housed on our Learning Lodge app store database on November 14, 2015 HKT. Learning Lodge allows our customers to download apps, learning games, e-books and other educational content to their VTech products,” the firm wrote in the post.

However, the firm has not provided exact number of victims of the hack.

After discovering the unauthorized access, the company started an investigation, which involved a comprehensive check of the affected site and implementation of measures to defend against further attacks.

“Our customer database contains general user profile information including name, email address, encrypted password, secret question and answer for password retrieval, IP address, mailing address and download history,” it added.

The company has clarified that the database does not contain any credit card information of the customers.

“VTech does not process nor store any customer credit card data on the Learning Lodge website. To complete the payment or check-out process of any downloads made on the Learning Lodge website, our customers are directed to a secure, third party payment gateway,” the post read.

Furthermore, the customer database does not contain any personal identification data (such as ID card numbers, Social Security numbers or driving license numbers).


The investigation is still going on. The firm is looking for additional ways to strengthen Learning Lodge database security. 

Mr.Grey back again: Theft of 1.2 billion log-in credentials



Mr. Grey, not again! A Reuter report has confirmed that the famous hacker Mr. Grey’s involvement in stealing 1.2 billion internet credentials.

Mr. Grey, who had got the access to user account information for websites like Facebook (FB.O) and Twitter (TWTR.N), now linked by the FBI through a Russian email address to the theft of a record 1.2 billion Internet credentials.

According to the documents, which were made public by a federal court in Milwaukee Wisconsin, the hacker was associated with a cybsecurity firm that announced in August 2014 that it had determined an alleged Russian crime ring was responsible for stealing information from more than 420,000 websites.

The investigation started last year when Milwaukee-based cybersecurity firm obtained information that a Russian hacker group it dubbed CyberVor had stolen the 1.2 billion credentials and more than 500 million email addresses.

After that the FBI subsequently found lists of domain names and utilities that investigators believe were used to send spam.

It also discovered an email address registered in 2010 contained in the spam utilities for a "mistergrey".

Further, it found out posts of 2011 by the hacker stating that if anyone wanted account information for users of Facebook, Twitter and Russian-based social network VK, he could locate the records.


Alex Holden, Hold Security's chief information security officer, told Reuters this message indicated mr.grey likely operated or had access to a database that amassed stolen data from computers via malware and viruses.

Bug in MetroPCS website allowed hackers to steal 10 million subscribers’ data

Eric Taylor and Blake Welsh, security researchers from Cinde, have shared via Motherboard about a bug presented in MetroPCS, a prepaid wireless service that provides nationwide talk, text, and data depending on the plan services using T-Mobile US' GSM, HSPA, HSPA+ and 4G LTE networks, website that could have allowed hackers to get information of more than its 10 million subscribers.

As per many news reports and security experts, with a little programming knowledge, the hackers could have just run an automated script and harvested the personal data of many, if not all, MetroPCS customers. And for this, they would not even need someone's phone number.

The hackers could get a person's home address, phone serial number and more.

However, the flaw has been fixed.

A spokesperson for T-Mobile, which owns MetroPCS, told Motherboard the flaw had been fixed, so the data was not exposed anymore.

The researchers found the bug in mid October and once the Motherboard verified the flaw, it notified T-Mobile on October 22.

“We held the story until the bug was fixed to protect MetroPCS’ customers’ data,” the Motherboard wrote in a blog post.

“I needed to find out her data was use a Firefox plugin to send an HTTP request to MetroPCS’ website using her phone number. Once I did that, I saw her full name, home address, the model and serial number of her phone, as well as how much she was paying a month for her subscription. My friend confirmed that the data was accurate, and I tested this with the number of a Twitter follower who also agreed to be part of the experiment,” the blog post added.

Taylor told Motherboard that by using social engineering, a malicious hacker could have used this information to carry out other attacks “that would all end up in a terrible situation for the customer.”


Till now, there is no evidence that anyone found the flaw on MetroPCS’ website and stole customers’ personal information. And now, nobody will be able to abuse the bug for such nefarious purposes.

Cyber Caliphates hack Twitter accounts of heads of Security Agencies of America

A group called ‘cyber caliphates’ setup by British ISIS fighter Junaid Hussain hacked about 54,000 Twitter accounts and posted personal details of heads of America’s security agencies on November 01.

The personal details posted online included passwords and phone numbers of CIA, FBI and NSA heads.

The attack was initiated in retaliation for the drone attack that killed Hussain in August.

Hussain led IS's computer hacking division and was killed by a US drone in a joint operation with the UK. His widow, mother-of-two Sally Jones who is popularly known as 'Mrs Terror' is on a Government list of the most dangerous British recruiters for IS.

Since their leader’s death, Cyber Caliphate, which briefly took control of a Pentagon-owned Twitter account in January, has kept a low online profile.

Experts described it as a worrying escalation of the global cyber war.

The group also tweeted that they had details of members of the Saudi royal family, although this could not be verified.

Having spent several months apparently harvesting sensitive data, the details of the hot shots of security agencies were posted at 9 pm (GMT 1530 hours) on Sunday and till 11 pm (GMT 1730 hours) when Twitter was contacted by a security agency, it had suspended Cyber Caliphate’s account.

Among those affected are mostly believed to have Saudi Arabia orgins but some are feared to be British nationals as well.

It was not immediately clear how the hacked accounts were used. Victims were also unaware they had been hacked.

The incident came after the Government announced that the internet activity of everyone in Britain will have to be stored for a year under new surveillance laws.

 Cyber Caliphate is a group of hackers which is directly linked to ISIS.

In May, the hackers linked to the group who were involved in hijacking of social media accounts belonging to the US CENTCOM published a video threatening crippling cyber attacks against Europe, United States, Europe and Australia. The terrorists claimed to have the necessary cyber capabilities to spy on Western communications.


Another cyber attack, Fin5 hacking group steals 150000 credit cards !

An un-named casino has lost 150,000 credit cards in a cyber attack. The group responsible behind it- Fin5, a new hacking group that hacked the payment systems of the casino. 

 Researchers Emmanuel Jean-Georges and Barry Vengerik of Mandiant and FireEye uncovered the group.

The casino that had no security, even lacked the basic firewall around its payment platforms. It also didn’t had a proper logging.

(pc-google images)
Fin5  is linked to numerous payment card breaches including Goodwill. According to Emmanuel Jean-Georges, Fin5 has caused a breach in 12 firms. It is expected that even 6 more firms would have been affected by this group. “It was a very flat network, single domain, with very limited access controls for access to payment systems,” Emmanuel told the Cyber Defence Summit in Washington, DC.

Barry Vengerik  explained that the attackers have targeted at least two payment systems and the un-named casino is one of them.

In the specific attack against the Casino, the experts discovered that the Fin5 gang used a backdoor codenamed Tornhull and a VPN dubbed Flipside to maintain the control over the compromised system. 
Fin5 also has a tool called GET2 Penetrator, which is a scanning tool that searches for remote login and hard-coded credentials, and a free tool called EssentialNet that is used to scan the target network.

Hackers target 'Internet of Things' to launch various attacks


Today, most of the insecure embedded devices connected to the Internet like CCTV cameras, routers and often called as Internet of Things (IoT) are being targeted or hacked in any cyber attacks.

Imperiva Incapsula, a security firm, has revealed about a DDoS (distributed denial of service) attack. The attack was a traditional HTTP flood aimed at overloading a resource on a cloud service, but the malicious requests came from surveillance cameras or closed-circuit television (CCTV) cameras protecting businesses around the world instead of a typical computer botnet.

The researchers from the security firm posted in its blog informing about the attack which peaked at 20,000 requests per second and originated from around 900 CCTV cameras running embedded versions of Linux and the BusyBox toolkit.

All compromised devices were running embedded Linux with BusyBox—a package of striped-down common Unix utilities bundled into a small executable, designed for systems with limited resources.
“Further investigation of the offending IPs showed that they belonged to CCTV cameras, all accessible via their default login credentials. And that's not all. Looking through the camera lens we also spotted a familiar sight—a storefront in a mall located not five minutes away from our offices,” they said in the blog post.

The researchers said that they were able to meet with the store owners, showed them how their CCTV cameras were abused to attack our clients and help them clean the malware from the infected camera's hard drive.

They claim in the blog post that among the 245 million professionally installed surveillance cameras operating around the world. However, there are more than million that were installed by unqualified professionals, with even fewer security precautions.

“Even as we write this article, we are mitigating another IoT DDoS attack, this time from an NAS-based botnet. And yes, you guessed it, those were also compromised by brute-force dictionary attacks,” they added.

So, whether it is a router, a Wi-Fi access point or a CCTV camera, default factory credentials are there only to be changed upon installation. 

31-year-old hacker arrested for stealing data from a Polish bank

A news report broadcast and published in Radio Poland confirms that a 31-year-old hacker has been arrested who ‘stole’ data from the servers of an unnamed bank in Poland.

According to Katarzyna Balcer, spokesperson of police, the hacker, named as Tomasz G. under Polish privacy laws, had received several charges relating to computer fraud and money laundering. He would face up to 10 years imprisonment.

 The investigation has been led by the District Prosecutor's Office in the Praga district of Warsaw.
The ongoing investigation has shown that many hackers were collaborated in order to broke into the bank.

"The suspect worked with dozens of individuals and entities. The hackers have led to losses of more than PLN four million. We were able to prevent the theft of another PLN 3.5 million," Balcer added.

It was found out that the chap allegedly went by the online handle ‘Razor4’.

According to a news report published in The Register, in June Polish tech security news website Zaufana Trzecia Strona was contacted by a person using the email address razor4@t.pl, who claimed he had exploited an unspecified vulnerability to access the bank's public-facing servers "for a few weeks."

At that time, the hacker was able to snatch credit card, steal bank account information, make unauthorized transactions, and access the personally identifiable information belonging to the bank's customers, including account histories.

The person claimed that he stole 1m PLN, however, the bank apparently did not notice for several weeks.

Later, Zaufana Trzecia Strona (ZTS), a security firm, notified the bank about the data breach. After informing the bank, the ZTS got an anonymous threat suggesting that a "contract could be taken out on the author of the article if it were published."

The bank responded only in February when Razor4 had stolen 180,000 PLN in a single transaction. After that only the bank warned its customers to be aware of cash-stealing malware on their PCs.
The news report said, Razor4 demanded a ransom from the bank in order to not publish the data he had stolen and JavaScript code to the bank's web-pages that redirected customer transactions through his own systems. He modified the account numbers so they would match that of accounts under his control.


However, it was published in ZTS’s article that Razor4 registered a web domain name that differed by one letter from the bank's domain name, and assigned the dodgy domain name to his own servers through which transaction were redirected.

FBI disrupts a malware designed to steal banking credentials


The United States Department of Homeland Security (DHS), in collaboration with the Federal Bureau of Investigation (FBI) and the Department of Justice (DOJ), has disrupted a malware, which was designed to steal banking and other credentials from infected computers-botnet, dubbed Dridex, a peer-to-peer (P2P) that uses a decentralized network infrastructure of compromised personal computers and web servers to execute command-and-control (C2).

Similarly, charges have been filed in the Western District of Pennsylvania against the alleged Moldovan administrator of the botnet known as “Bugat,” “Cridex” or “Dridex.”

Andrey Ghinkul, aka Andrei Ghincul and Smilex, 30, of Moldova, was charged in a nine-count indictment unsealed in the Western District of Pennsylvania with criminal conspiracy, unauthorized computer access with intent to defraud, damaging a computer, wire fraud and bank fraud.

Ghinkul was arrested on Aug. 28, 2015 in Cyprus.

On February 13 the FBI released a technical alert to provide further information about the Dridex botnet cripple.

The FBI estimates the U.S. businesses have lost $10m to Dridex and has accused Ghinkul and fellow gang members of transferring over $3.5m during two transactions in 2012 from Penneco Oil's US bank account to a bank account in Russia.

“Dridex is a multifunctional malware package that leverages obfuscated macros in Microsoft Office and extensible markup language (XML) files to infect systems. It aims to infect computers, steal credentials, and obtain money from victims’ bank accounts,” the FBI officials said in the announcement.

The malware had infected some 27 nations, including the US, Canada, UK, Ireland, France, Switzerland, Germany, Norway, Austria, Netherlands, Italy, Belgium, Croatia, Bulgaria, and Romania, United Arab Emirates, Qatar, Israel, Indonesia, Singapore, Malaysia, Hong Kong, China, India, Vietnam, Australia, and New Zealand.

“Operating primarily as a banking Trojan, Dridex is generally distributed through phishing email messages. The emails appear legitimate and are carefully crafted to entice the victim to click on a hyperlink or to open a malicious attached file. Once a computer has been infected, Dridex is capable of stealing user credentials through the use of surreptitious keystroke logging and web injects,” they added.

It is said that a computer which has been infected with Dridex, may be employed to send spam, participate in distributed denial-of-service (DDoS) attacks, and harvest users' credentials for online services, including banking services.

In a bid to to remediate Dridex infections, the users are suggested to use and maintain anti-virus software, change their passwords, keep your operating system and application software up-to-date and use anti-malware tools.

E-Trade notifies its 31,000 customers that their contact information may have been compromised


A report published in Washington Post confirmed that E-Trade, a U.S. based financial corporation which provides financial services, informed its 31,000 customers that hackers might have accessed their email and other addresses during a cyber-attack in late 2013.  

However, the company claimed via email that the hackers did not get any sensitive customer account information, including passwords, Social Security numbers, or financial information.

As per the email sent by the company, it got to know about the attack when officials of federal law enforcement alerted to the evidence that customer contact information may have been breached.

The company has announced that it will provide one year of free identity protection services, which includes credit monitoring to those whose information had been compromised.

According to the news report, a person familiar with the investigation who spoke on the condition of anonymity informed that soon after the attack, it launched an internal investigation while it worked with law enforcement.

However, during that time the company did not believe customer information had been compromised, the person added.


"Security is a top priority, and we focus significant time and energy to help keep E-Trade customer data and information safe and secure," a company spokesperson said in a statement. "We take these matters extremely seriously, and in all instances we continuously assess and improve upon E-Trade’s capabilities. We have also contacted any customers we believe may have been impacted."

Phones on Drones all set to Hack Wireless Printers


If you think, your office is secured because it’s on the top floor of a skyscraper building, then you may need to rethink as in this day and age, pretty much nothing is unhackable—not even office printers locked at the top floor.

Yes! A group of security researchers from Singapore has built a drone that along with a smartphone and custom applications can be used to automatically steal documents from printers with open Wi-Fi connections. The technology was developed by researchers from iTrust, a cyber security research center at the Singapore University of Technology and Design.

The researchers used a standard drone from a Chinese firm, DJI and used it to transport a Samsung Smartphone to an area where a wireless network with wireless printer was located. 

The researchers used two applications that they developed:

▬The first app establishes a bogus access point once the open wireless printer is detected.  The access point mimics the printer and tricks computers in the internal wireless network to send sensitive documents to it.

▬The second app is Cyber security Patrol, which is designed to scan the air searching for open Wi-Fi printers and automatically notify the organization’s IT department. This app has been designed to improve the security of the target organization. It looks for unsecured printers in the target organization accessible via the drone, but rather launching the attack, it took photos of the compromised printers and reports it to the internal staff.

Once a document is intercepted, the app can send it to an attacker’s Dropbox account using the phone’s 3G or 4G connection, and also send it on to the real printer so a victim wouldn’t notice the hack.



The attack zone is limited to 26 meters in radius. But with dedicated hardware, an attacker could generate a stronger signal which can extend that range further. Any computer inside the attack zone will opt to connect to the fake printer over the real one, even if the real printer is closer in proximity to the rogue one.

A drone hovering outside an office building would be obviously spotted, but the goal of the project intended to help companies so that they could be taught how easily accessible Wi-fi printers can be which can be stolen by hackers to steal data or get into their networks.

The project was part of a government-sponsored cyber security defense project.

Student researchers Jinghui Toh and Hatib Muhammad developed the method under the guidance of Professor Yuval Elovici of Department of Information Systems Engineering at Ben-Gurion University of the Negev.

The system targets wireless printers because wireless printers are supplied with the Wi-Fi connection open by default, and many companies forget to close this hole when they add the device to their Wi-Fi networks. This open connection potentially provides an access point for outsiders to connect to a network and steal a company’s sensitive data.

The researchers also demonstrated that the attack could also be carried out by hiding a cellphone inside an autonomous vaccum cleaner, after which the device will continuously scan for organisation’s networks for printers with unsecured connections.

The project conducted by the researchers demonstrated once again the close link between physical and logical security. 

Any person can simply install the Cybersecurity Patrol app on a smartphone and attach it to a drone to and send it upwards. Though the same method can be used by organizations to check for unsecured printers and other wireless devices.

It’s true that every invention and development comes with both pros and cons but if the cons have greater risk, then it’s time to approach physical security in a different way.

Negligence of Experian puts T mobile’s 15 million records at stake

Third biggest mobile company in U.S, T mobile’s CEO, John Legere is angry again and for a very obvious reason as this time highly personal records of some 15 million users have been leaked through one of the largest credit agency data brokers in the world, Experian.

The information exposed names, addresses, and social security, driver’s license and passport numbers of the customers. The license and passport numbers were in an encrypted field, but Experian said that encryption may also have been compromised.

The massive security breach was first discovered on September 15, 2015 which impacted customers who registered for T mobile between September 01, 2013 and September 16, 2015.

Legere broke the sad news in a post on the company's website which displayed his frustration over the incident.

The post read as below:
“Obviously I am incredibly angry about this data breach and we will institute a thorough review of our relationship with Experian."

Experian took immediate action upon finding the breach. It secured the server, initiated a comprehensive investigation and notified U.S. and international law enforcement.

In the most obvious manner in which the companies react on their security being breached; Experian too is offering those impacted by the break-in two years of free credit monitoring and identity theft resolution services.

There have been a series of high-profile hacks of businesses and other organisations in recent years impacting millions and sometimes tens of millions of records, including adultery website Ashley Madison, Sony Pictures, and retailers such as Home Depot, Target, and eBay.

Theft of personnel records from the U.S. government this year, a 2014 breach on JPMorgan Chase and a 2013 attack on Target Corp's cash register systems were also some of them.

The irony is that a company which handles the personal information of many Americans had not been able to protect the information of customers who applied for T mobile services.
It is the second massive breach linked to Experian.

An attack on the company's subsidiary happened in 2012 which exposed the Social Security numbers of 200 million Americans and prompted an investigation by at least four states, including Connecticut.
Though the security breach will adversely affect both the companies but T Mobile is trying to put all the blame on Experian.
In one o it’s FAQ , it read-

“Experian has taken full responsibility for the theft of data from its server.”
Both the companies had made it clear that no credit card or banking data was exposed. Yet, the hoard of T-Mobile customer data can still be used for assembling profiles for identity theft.

If consumers can’t pressure data aggregators like Experian into securing their secrets, perhaps the consumer-facing companies who collect that information can.

It’s an Indo-Pak Cyberspace WAR!

On Sunday morning, India’s southern Kerala state woke up to the news of the state government’s official website (www.Keralagov.in) being hacked by Pakistani hackers, who posted image of a burning Indian flag.
The hackers had left messages such as "Pakistan Zindabad", "We are Team Pak Cyber Attacker" and "Security is just an illusion". The page also carried the identity of the hacker; “hacked” by Faisal 1337”. The Home Page also contained the website address www(dot)Faisal1337(dot)com.

However, preliminary reports suggested the hackers were could not get past the home page and into the server hosting this website.

This news spread like fire over social media and the issue instead of being a government website being hacked turned into being an attack on India by the neighbouring country. But few expected that within a span of few hours an Indian hacking group with the name of “The Mallu Cyber Soldiers” will payback the favour.
The Indian hacking group had hacked over 100 official websites of Pakistani government and posted message on their websites- “Better stay away from Indian Cyber Space”.

They also posted a message on their facebook page.

" !!Message to Script Kiddies of Pakistan ....Do not touch Indian Websites !!! Now your 46 Pakistan government websites got crashed and 4 educational websites got defaced This is a small payback for hacking kerala.gov.in "

They also posted a list of websites which were crashed. Few included Pakistan’s government website Pakistan.gov.pk, president.gov.pk and cabinet.gov.pk.

But the war did not cyber war did not there. In the same message, the group ‘Hell Shield Hackers’ stated that the motive behind this attack was to retaliate against the attack on the Kerala government’s website.
Often gunfire exchanges across the border seem to take place. During the cricket matches also between the two countries, the rivalry of the two nations are frequently seen but now a full-blown hacking and defacement war seems to have simultaneously erupted in cyber space.

This is not the first time that the hacking has taken place between the two nations.

In October 2014, a Malayali actor and producer, Mohanlal Viswanathan Nair’s  website was hacked by a group known as Cyber Warriors, who had posted several "Free Kashmir slogans" and warned Indian Army about their activities in the Kashmir valley.

The Government from both the nations have nothing to do with it.

Hacking the government sites exposes the vulnerability of official websites.

Though it was just a defacement and officials told that the server of Kerala Government’s website is safe. Yet, the incident calls for a better cyber security mechanism.

The Indian public sees this retaliation as ‘revenge’. However, it’s an issue much more than patriotism.
 Hackers mostly target large organisations, government or community websites which store personal information of thousands or millions of users.

While the Modi government talks about digitizing India, incidents like these highlight the importance for improved cyber security which comes foremost and is a much important issue before the digitization of the country.

While the USA and China are entering into a cyber security agreement, the Indo Pak cyber hack games continue unabated which exposes the weak cyber security of both the nations.

Apple cleaning up iOS App Store after first major attack

A news report published in Reuters confirmed that after several cyber security firms reported a malicious iPhone and iPad program that attack on the popular mobile software outlet and was embedded in hundreds of legitimate apps, Apple Inc APPL.O on Sunday said it was cleaning up its iOS App Store to remove the malicious program dubbed XcodeGhost.

According to cyber security firm Palo Alto Networks Inc (PANW.N), it is the first reported case of large numbers of malicious software programs making their way past Apple's stringent app review process. Prior to this attack, only five malicious apps had ever been found in the App Store.

Then, the malicious code was embedded in the apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode.

Researchers said infected apps included Tencent Holdings Ltd's (0700.HK) popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.

Tencent said on its official WeChat blog that the security flaw affects WeChat 6.2.5, an old version of its popular chatting app, and that newer versions were unaffected. A preliminary investigation showed there had been no data theft or leakage of user information, the company said.

Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost.

"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."
However, it was not clear that what steps iPhone and iPad users could take to determine whether their devices were infected.

Ryan Olson, director of threat intelligence at Palo Alto Networks, told Reuters that the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.

ReverbNation data breached

ReverbNation, an online platform for musician, has just informed their customer about the data breach. The incident had happened in January 2014, but law enforcement has informed them  recently.

According to the law enforcement, an individual had illegally gained unauthorized access to ReverbNation’s vendor’s computer systems and accessed user’s information in database.

In an email to customers, ReverbNation explained that, “While no credit card data was accessed, some user information included in the database such as e-mail addresses and encrypted passwords, and possibly other user information users provided to us, such as names, addresses, phone numbers, and/or dates of birth may have been accessed.”


Although passwords are encrypted but for precautionary measure they suggested customers to change their ReverbNation password as well as password of any other account or website which share your same ReverbNation password. They also recommended password management tools like 1Password and LastPass.

Lizard Squad disrupt National Crime Agency website

The website of National Crime Agency (NCA), a national law enforcement agency in the United Kingdom which replaced the Serious Organised Crime Agency, was temporarily down on Tuesday morning by attackers.

According to a news report published in The Guardian, the attackers did this as a revenge for arrests made last week. Four days ago before the attack, six teenagers were released on bail on suspicion of using hacking group Lizard Squad’s cyber-attack tool to target websites and services.

They arrests were in an operation codenamed Vivarium, coordinated by the NCA and involving 
officers from several police forces.

Those who were arrested: an 18-year-old from Huddersfield; an 18-year-old from Manchester; a 16-year-old from Northampton; and a 15-year-old from Stockport, were arrested last week, while two other suspects, both 17, were arrested earlier this year, one from Cardiff and another from Northolt, north-west London.

However, all of them have been bailed, while a further two 18-year-olds – one from Manchester and one from Milton Keynes – were interviewed under caution.

“The six suspects are accused of using Lizard Stresser, a tool that bombards websites and services with bogus traffic, to attack a national newspaper, a school, gaming companies and a number of online retailers,” the report reads.

The NCA spokesperson told The Guardian that the NCA website is an attractive target. Attacks on it are a fact of life. DDoS is a blunt form of attack which takes volume and not skill. It isn’t a security breach, and it doesn’t affect our operational capability.

“At worst it is a temporary inconvenience to users of our website. We have a duty to balance the value of keeping our website accessible with the cost of doing so, especially in the face of a threat which can scale up endlessly. The measures we have in place at present mean that our site is generally up and running again within 30 minutes, though occasionally it can take longer. We think that’s proportionate,” he added.


$376,000 for Informer in Ashley Madison hacking case

Avid Life Media (ALM), parent company of Ashely Madison,  is offering a $500,000 (Canadian dollars) as a prize money for any information related to the “identification, arrest and prosecution” of those hackers,who all were responsible in recent hack of the website.

Avid Life Media confirmed that the data Impact Life stole is legit.

The legal investigation has been started. With the help of Toronto police department and “white hat “hackers, they are hoping to find the perpetrators.

During press conference, acting superintendent Bryce Evans said that hackers have "certain techniques to help us and assist us.” He also said that they would lean on its “good working relationship” with the US Security agency FBI and Homeland Security.

The Toronto police and AML motivated to find the hackers responsible for data breach, Evans  referred to  two suicides that appears to be reason related to the Ashley Madison breach, "spin-off crimes and further victimization" from people accessing the hacked data.

$500,000 canadian dollar accounts for $376,000 US dollars.

"Cyber of Emotion" hacks saudi websites

(PC- google images)
Many Saudi websites were hacked by a group that gave warnings that they would be making the attacks.The group known as “Cyber of Emotion” hacked more than 24 government websites over a period of two hours.

As reported by Al-Riyadh newspaper, the visitors to the website were directed to a page that read- “We do not want to harm the site. Had it been hacked by enemies, your personal information, emails and registration data would have been compromised."

The hackers said that their team had already warned their administrators that the websites are not properly secured and they should do something about it, but, the warnings were ignored, they claim.

The newspaper reported that the websites hacked included that of government hospitals, municipalities, education departments, social development offices and health departments.

The websites, however, started working properly a few hours after the attack.

Last year, the twitter account of Ministry of Justice was hacked by the same group.