Your Profile Up For Sale Somewhere On The Dreadful Dark Web For Rs. 140/day?





After hacking feats, cyber cons have stooped to selling hacked profiles on the dreadful dark web for a minimal cost of Rs. 140/day.


What’s even more unsettling is the fact that organizations, market researchers and people looking for business related data could also be behind this profile marketing.

The corner of the “dreadful dark web” where these profiles are available is not accessible via regular browsers.

By way of tools like “Tor” which is an open source software that aids anonymous communication and access to a whole new world of stolen passwords, data and profiles.

According to researchers, other than cyber attackers the people tracking the consumer behavior are after free access to video streaming sites that have already been paid for by the victim.

It’s super disconcerting the way rival companies are buying profiles to get "Intel" on their competitors consumer base, sensitive data and even tracking key executives.

These hacking goons are working in groups where one sells encrypted data and the other quite conveniently decrypts all for dear money.

Then there’s a third group which stores a list of the decrypted passwords into a central server which provides data sets from these breaches.

WARNING! If you happen to use a single password or even passwords that are a teensy bit different for more than one log in sites and multiple websites you are in serious trouble.

Reportedly, the hackers have collected over 8000 databases from small websites singly. It’s only up to the imagination what kind would have been from major sites.

On the dark sites, the data is being sold in packages ranging from a minimal Rs.140 ($2) to a staggering Rs.4900 ($70).

Payment methods of Crypto-currencies like Bitcoin, Litecoin, Dash, Ripple, Zcash and Ethereum are all available to the users’ comfort.

If several passwords are bought from the website a profile could be fabricated within minutes, because quite foolishly users have the same passwords for multiple sites.

This makes the user’s behaviour extremely predictable and it becomes easy for the buyers to track the victim’s activities all over the internet.

The people who spend more time on the internet are more susceptible to such hazards because they are easier to track.

A normal user’s passwords are available for as little as a rupee but then the hot shot public figures like politicians’ or actors’ passwords’ cost ranges from Rs.500- Rs.2500/password.

QUICK TIP!
·       Try not to use common, mainstream passwords that are only easily hack-able and guess-able.

·       Especially after a company experiences a breach or a hacking feat they should make their security stronger.

·       The systems should be made more accountable than ever.

No company has faced any adversities as of yet due to this profile marketing freak-show.






Unistellar Attackers Delete Over 12,000 Unsecured MongoDB Databases




With around 12,000 unsecured MongoDB databases being deleted in the course of three weeks, attackers have solicited the owners from the databases to contact the said cyber-exotortionists to have the information restored with just a message left behind.

They search for the already exposed database servers utilizing BinaryEdge or Shodan search engines, delete them and demand a ransom for their 'restoration services' and these sorts of attacks focusing on the publicly available MongoDB databases have known to have occurred since atleast the early 2017 [1, 2, 3, 4].

While Mongo Lock attacks likewise target remotely open and unprotected MongoDB databases, the campaign does not appear to demand a particular ransom. Rather, an email contact is given, well on the way to arrange the terms of information recuperation.

Sanyam Jain, an independent security researcher and the person who found the wiped out databases, gave quite a sensible clarification to this, saying that "this person might be charging money in cryptocurrency according to the sensitiveness of the database."

The 12,564 unprotected MongoDB databases wiped out by Unistellar were found by the researchers utilizing BinaryEdge. Seeing that, right now, BinaryEdge indexes somewhat more than 63,000 publicly accessible MongoDB servers as per Jain, it appears as though the Unistellar attackers have dropped by approx 20% of the aggregate.




The cyber-extortionists leave behind notes asking their victims to connect with them if  they need to reestablish their data by sending an email to one of the accompanying two email addresses: unistellar@hotmail.com or unistellar@yandex.com.

Shockingly, there is no real way to follow if their victims have been paying for the databases to be reestablished on the grounds that Unistellar just gives an email to be reached and no cryptocurrency address is given.

These attacks can happen simply because the MongoDB databases are remotely open and access to them isn't appropriately verified. This implies that the database owners can without much of a stretch forestall such attacks by following genuinely basic steps intended to appropriately secure their database instances.

MongoDB gives details on the most proficient method on how to verify a MongoDB database by actualizing legitimate confirmation, access control, and encryption, and furthermore offers a security agenda for executives to pursue.

More to the point, significant measures will undoubtedly be taken which will additionally forestall the attacks by empowering authentication and to not enable the databases to be remotely accessible.


Nigerian BEC Fraudsters Resorting to RATs as the Tool to Amplify Attacks



The number of Business Email Compromise, also known as BEC fraud has risen up by an alarming rate; hackers have resorted to Remote Access Trojans (RAT) to amplify their attacks. 

The FBI’s Internet Crime Complaint Center, IC3 attempted to reduce the damage done by these attacks by formulating a Recovery Asset Team which took care of the consequences of  BEC scams. However, the number of scammers involved in these kinds of attacks is significantly more than ever before.

The attacks which witnessed an unprecedented upsurge are regarded as a global threat with Nigeria practicing it extensively; in the African country, money making via BEC scams have become the norm. After examining the cybercrime in Nigeria, Palo Alto Network’s Unit 42 recorded the country’s evolution into employing ransomware and malware to attain financial objectives.

In 2018, the number of groups involved in BEC scams reached up to 400 which were a hundred more than the previous year, the activities further multiplied by 54% in comparison to the year 2017.

With a monthly average of 28,227 attacks, the most affected sector was High-tech which recorded over 120,000 attacks in the previous year and the second most targeted was the wholesale industry which was subjected to around 80,000 attacks. Lastly, the third most affected sector was manufacturing, which fell prey to a total of 57,000 attacks.

Monitoring the attacks, Verizon says in a report, “Given the sheer number of incidents in this sector, you would think that the government incident responders must either be cape and tights wearing superheroes, or so stressed they’re barely hanging on by their fingernails.”

“Admittedly we do not have as much data as to what is happening beyond the deception and initial device compromise. The inclusion of keylogging malware is a good indicator that additional credential theft and reuse is a likely next step.”




New Malicious Campaign Discovered Attacking Public and Private Entities via DNS Hijacking




A new malicious campaign called "Sea Turtle," as of late discovered by researchers allegedly, is said to have been attacking public and private elements in different nations utilizing DNS hijacking as a mechanism.

Moreover the campaign is known to have compromised no less than 40 different organizations across over 13 different nations amid this vindictive campaign in the first quarter of 2019.

Since DNS hijacking is a sort of malevolent attack that redirects the users to the noxious site by altering the DNS name records when they visit the site by means of compromised routers or attackers affecting a server's settings.

The attackers helped out their work through very industrious strategies and propelled apparatuses in order to gain access to the sensitive systems and frameworks as smoothly as possible.

By focusing on two distinct groups of victims they are focusing on a third party that is known to provide services to the primary targets to effectively play out the DNS seizing. The main aim of the attackers behind "Sea Turtle" is to ultimately aim to steal the credentials so as to access the systems and frameworks in the following manner:
  1.        Via establishing a means to control the DNS records of the target.
  2.        To modifying DNS records in order to point legitimate users of the target to actor-controlled servers.
  3.        To capturing legitimate user credentials when users interacted with these actor-controlled servers.
Researchers said that they "assess” with probably high certainty that these hijacking attacks are being propelled by an advanced, state-sponsored actor hoping to get to the sensitive systems and frameworks.

To ensure against these DNS hijacking attacks, the organizations are currently attempting to execute a registry lock service, multifaceted verification (to access the DNS records), and obviously keeping up to date on the patches, particularly on the internet facing machines.



Broadcom WiFi Chipset Driver Defect Takes Its Toll On OSs, IoTs, Phones and Other Devices.




Reportedly, the flaws in the Broadcom WiFi chipset drivers are causing a lot of trouble for phones and operating systems that are exposed to it.


This means, attackers could be allowed to execute arbitrary code and initiate DOS. (Denial of Service)

As reported by an intern of a reputed lab, the Broadcom drivers and the open source “brcmfmac” driver possess several vulnerabilities.

As it turns out, the Broadcom drivers are susceptible to “two heap buffer overflows.” Whereas, the ‘brcmfmac’ drivers are susceptible to frame validation bypass as well as heap buffer overflow.

Per the Common Weakness Enumeration database, the heap buffer overflows could cause the software to run in an infinite loop, system crashes, along with execution of arbitrary code.


These above activities are evidently beyond the security policies and security services.

The aforementioned Broadcom WiFi chips are insidiously used by almost everyone without their knowing it. From a laptop through the IoT devices to the smart TVs all the devices have these chip drivers.


As these chips are enormously prevalent, they comprise of an even more enormous target range. Any simple vulnerability or flaw found in them could be a matter of serious risk.

The Broadcom WiFi chipset drivers could be easily exploited by the unauthenticated attackers by way of sending malicious “WiFi packets”.

These packets would later on help in initiating the arbitrary code execution. All the attacks would simply lead to Denial of Service.

In the list of the risks that stand to vulnerable devices, Denial of Service attacks and arbitrary code execution are on the top. These flaws were found also in Linux kernel and the firmware of Broadcom chips.

According to the source note, the four brcmfmac and Broadcom wl drivers vulnerability is of the sort, CVE-2019-8564, CVE-2019-9500, CVE-2019-9501, CVE-2019-9502, CVE-2019-9503.

·       CVE-2019-9503: When the driver receives the firmware event frame from the remote source, it gets discarded and isn’t processed. When the same is done from the host the appropriate handler is called. This validation could be bypassed if the bus used is a USB.

·       CVE-2019-9500: A malicious event frame could be constructed to trigger a heap buffer overflow.



·       CVE-2019-9501: The vendor is supplied with the information with data larger than 32 bytes and  a heap buffer overflow is triggered in “wlc_wpa_sup_eapol”

·       CVE-2019-9502: when the vendor information data length is larger than 164 bytes a heap buffer overflow is triggered in “wlc_wpa_plumb_gtk”

If the wl driver’s used with SoftMAC chipsets the vulnerabilities are triggered in the host’s kernel whereas, when used with FullMAC chipset, they are triggered in chipset’s firmware.

There are approximately over 160 vendors that stand vulnerable to Broadcom WiFi chipsets within their devices.

Two of Broadcom’s vulnerabilities were patched which were found in the open source brcmfmac Linux kernel.

CVE-2019-8564 vulnerability had been patched by Apple as a part of their security update, a day before the developer revealed the vulnerabilities.


Hackers in Ukraine are attacking Government websites


On the eve of the presidential elections in Ukraine, phishing attacks on Government Internet resources were activated.

According to the Head of the Computer Forensics Laboratory, the intensity of cyber attacks is increasing every year. It is a permanent process and is not necessarily associated with the elections. However, at the moment, the sites of the Central Election Commission, the Presidential Administration, the Cabinet of Ministers and infrastructure departments may be under attack.

In general, the situation with the cyber defense of Governments departments is now much better than a few years ago, since the cyber defense was improved by European financial assistance. Many different projects on quality protection have been funded.

At the same time, the sites of presidential candidates are in the risk zone of hacker attacks on the eve of the elections. It turned out that politicians can simulate the attack of hackers on their resources for the sake of PR to emphasize their importance.

Hackers used the Roskomnadzor registry for attacks on Yandex


 Yandex and several other major Russian resources a few days ago were subjected to a powerful DNS-attack. The attackers used vulnerabilities in the system of blocking sites.

"Any company and any website can suffer from such actions, " said a representative of the Press Service of Yandex.

The reason for the attack was a discovered vulnerability in the blocking system of Roskomnadzor websites. The criminals carried out the attack using DNS by changing the entries in the domain name system. They linked the addresses of new attacked sites with already blocked domains. So they managed to restrict access to the pages.

As a result, some user services were extremely slow. This was due to the fact that many operators carried out all traffic to these pages through a system of the Deep Packet Inspection — DPI.

The blocking of IP-addresses of the company Yandex was avoided, as the employees of the organization successfully repelled the attack for several days. The publication suggested that the hacker attack could be associated with the adoption of the law on the sustainability of the Runet: the problems were fixed during the rally.

The vulnerability exploited by the attackers has been known since 2017.

*Russian Federal Service for Supervision in the Sphere of Telecom, Information Technologies and Mass Communications (Roskomnadzor)

76 percent Indian companies were hit by cyber attacks in 2018





A survey conducted by a UK-based IT security provider Sophos has found out that over 76 percent Indian companies were hit by cyber attacks in 2018.

India stands at third spot of highest number of cyber attacks in 2018 after Mexico and France. Meanwhile, 68 percent organizations in the world admitted of being a victim of the cyber attacks last year.

Managing director sales at Sophos India & SAARC, Sunil Sharma  told Business Today,  "In India, most of the attacks are happening where the money is, which means the financial services, oil and gas and energy sectors. These are the places where cyber-criminal can make most of his money and they are hit most by them."

The survey was carried out in 12 countries which includes US, Canada, Mexico, Colombia, Brazil, the UK, France, Germany, Australia, Japan, India and South Africa, and there were about  3,000 IT decision-makers from mid-sized businesses.

"Server security stakes are at an all-time high with servers being used to store financial, employee, proprietary and other sensitive data. Today, IT managers need to focus on protecting business-critical servers to stop cyber criminals from getting on to the network," Sharma further added.

"They can't ignore endpoints because most cyber attacks start there, yet a higher than expected amount of IT managers still can't identify how threats are getting into the system and when."

The survey report reveals that in India, 39 percent of the cybercrimals are detected at the server, 35 percent are on the network, and 8 per cent are found on endpoints.

"It has been found that the visibility is not there. We don't know what kind of attack. We don't know how many modes it has actually traveled. We don't know how the attack is damaging, which are the endpoints, where it has actually made damage. All that visibility is not available and it is also not helping them to take right decisions," Sharma said.

According to the survey report,  97 per cent IT managers admitted that cyber security is the greatest challenge in India.


Asia Pacific is No 1 hunting ground for hackers

Global data from last year found that 64 per cent of all FireEye-managed detection and response customers were targeted again by the same or similarly motivated attack group -- up from 56 per cent in 2017 and Asia Pacific tops the list of malware report for 2019.

As organisations get better at detecting data breaches, hackers have become increasingly persistent, retargeting the firms they earlier broke into, US-based cybersecurity firm FireEye said on Monday.

A US-headquartered firm, Malwarebytes estimated an increase of 270% of malware detections amongst business in the Asia-Pacific region.

The financial services sector was seen to have the largest number of retargeted victims in 2018, particularly in the Asia-Pacific region, revealed the "FireEye 2019 Mandiant M-Trends Report". This trend is particularly relevant for the Indian market, given last year's cyber attack incidents at Cosmos Bank and State Bank of Mauritius.

Among the top ten countries that pose the biggest threat to malware, Asia Pacific tops the list with five countries.

Country                                          Biggest Threat

1. United States                              Information Theft
2. Indonesia                                    Backdoors
3. United Kingdom                         Information Theft
4. France                                         Information Theft
5. Malaysia                                     Backdoors
6. Thailand                                      Backdoors
7. Australia                                     Cryptomining
8. Germany                                     Information Theft
9. Brazil                                          Adware
10. Philippines                                Information Theft

"I encourage Indian firms to reassess their security posture and determine whether they can quickly detect and respond to intrusions," said Steve Ledzian, Vice President and APAC CTO, FireEye.

The Indian businesses must also determine whether "they know who is likely to attack them and how, and whether they have tested their security against human attackers in a red team scenario to try to spot weaknesses before their real world adversaries do," Ledzian said in a statement.

Singapore, a prized target

In Singapore alone, Malwarebytes saw a 180% increase in malware detections amongst the business sectors.

In the meantime, organisations appear to be getting better at discovering breaches internally, rather than being notified by an outside source such as law enforcement.

The Australian Parliament’s Anti –Encryption Law Opening Doors to Potential Cyber Attacks




The Australian Parliament recently gave a green light to an "anti-encryption" law i.e. the Assistance and Access Bill, broadly recognized by numerous U.S. tech giants, to give the nation's intelligence and law enforcement agencies access to end-to-end encrypted communications.

The bill passed, regardless of vocal opposition from cyber security and technology groups far and wide who cautioned that even secondary passages structured solely for law implementation will without a doubt is exploited by those keen to make way to potential cyber-attacks.

Portrayed as a "secondary passage" or "backdoor" the move is said to, in a general sense debilitate Australia's cyber security and perhaps the other users of these innovations as well.

There is additionally a "far reaching concern" that this law will eventually have a negative impact on the employment status from the Australian technology firms as the global network will never again trust these products.

Lawmakers, who in the present digital economy ought to work to close the "cyber exposure gap", not augment it are rather debilitating Australia's overall cyber security posture, with causing a major impact to the economic outcomes also.

There is no denying the fact that law implementation organizations around the world face reasonable difficulties, however laws that debilitate encryption are the wrong solution.

Therefore, as opposed to following Australia's hazardous point of reference, other nations must work to guarantee open wellbeing while likewise shutting the "cyber exposure gap" and reinforcing cyber security standards for all devices. The dangers related with Australia's activity ought not to be downplayed because cyber security is as much important as national security.


Hackers Hijacking Your Memories Threatening To Erase Them If You Don't Pay a Ransom


 There is no denying the way that progress in the field of neurotechnology have brought us closer to boosting and upgrading our memories, however more so because of this development, in a couple of decades we may even have the capacity to control, interpret and re-keep in touch with them effortlessly.

Brain implants which are rapidly turning into a common tool for neurosurgeons will later in the future course of action be tremendously upheld by these advancements in innovation.


Regardless of whether it is Parkinson's or Obsessive Compulsive Disorder (OCD) or even controlling diabetes and handling obesity these technological advances deliver Deep Brain Stimulation (DBS) to treat such a wide cluster of conditions.

Still in its beginning periods, and being examined for treating depression, dementia, Tourette's syndrome and other psychiatric conditions, researchers are investigating how to treat memory disorders especially those brought about by traumatic accidents.
Particularly to help restore the memory loss in soldiers influenced by traumatic brain injury as done by the US Defense Advance Research Projects Agency (DARPA).

Laurie Pycroft, a specialist with the Nuffield Department of Surgical Sciences at the University of Oxford says that “By the middle of the century, we may have even more extensive control, with the ability to manipulate memories. But the consequences of control falling into the wrong hands could be ‘very grave’…”

As a hacker could also compromise to 'erase' or overwrite somebody's memories if cash isn't paid to them, this could maybe be done through the dark web.

Cyber Security Company Kaspersky Lab and University of Oxford researchers have teamed up on a new project which outlines the potential dangers and methods for attack concerning these developing technologies. Their report pertaining to the matter says that,“Even at today's level of development - which is more advanced than many people realise - there is a clear tension between patient safety and patient security."


While Mr Dmitry Galov, a researcher at Kaspersky Lab believes that in the event that we acknowledge that this innovation will exist, we might change people’s behaviour, Carson Martinez, health policy fellow at the Future of Privacy Forum, says that "It is not unimaginable to think that memory-enhancing brain implants may become a reality in the future. Memory modification? That sounds more like speculation than fact."

 But she too admits to the fact that the idea of brain jacking "could chill patient trust in medical devices that are connected to a network...”
That is the reason Mr Galov has accentuated on the need of clinicians and patients to be instructed on the best way to play it safe, and prompts that setting solid passwords is necessary.

Despite the fact that Mr Pycroft says that later on, brain implants will be progressively intricate and all the more generally used to treat a more extensive scope of conditions. Be that as it may, he also gives an obvious cautioning as the juncture of these variables is probably going to make it simpler and progressively appealing for the attackers to try and meddle with people's implants.



Bank details of Bernard Matthews employees stolen

A suspected cyber-attack "potentially compromised" the bank account details of 200 workers at Bernard Matthews.

The turkey producer has made staff aware of the suspected hack.

The Norfolk-based company said it was alerted by its bank on 22 January, as first reported in the EDP.

A spokesman said: “After being first alerted by our bank, we reported the incident to the relevant authorities and put in place extra security measures, as well as offering additional security advice to those affected.” "We continue to monitor the situation but we are not aware colleagues have been affected any further," he added.

The person or group behind the hack is unknown.

Bernard Matthews employs 3,000 people across East Anglia. The company is a major employer in Norfolk and Suffolk, including at its plant at Holton, near Halesworth, and its headquarters at Great Witchingham.
The business has been through a difficult time in recent years, coming close to collapse in 2013.

Last year, it was one of two interested parties bidding to take over Banham Poultry, in Attleborough, which was eventually sold to Chesterfield Poultry.

In 2016 the Boparan Private Office, owned by food tycoon and 2 Sisters Food Group entrepreneur Ranjit Boparan, known as the “Chicken King”, bought the firm in a pre-pack deal in 2016 from Rutland Partners, saving 2,000 jobs after the firm posted pre-tax losses of £5.2m.

Altran Technologies, France; Smacked By A Cyber-Attack!




Reportedly, the France based Altran Technologies fell prey to a cyber-attack which attempted to smack down its operations in some of the European nations.



Last Thursday, a cyber-attack took the French engineering consultancy, Altran Technologies by storm.



This led to the organization’s closing down its It network and applications.



The firm instantly started working on a resurgence plan, making sure that it didn’t undergo much damage.



A large scale “Domain Name System” hijacking campaign is already being investigated and is subject to a lot of questioning.



This campaign is said to have wreaked havoc among a lot of government as well as commercial organizations, all across the world, cited the Britain’s National Cyber Security Center.


Cyber-attacks Apparently Can Cause Greater Destruction than Physical Terrorist Attacks


Top researchers from the Michigan State University recently conducted a study focusing on 'Terrorism and Political Violence' while publishing a journal on the same and found that Cyber terrorism has, with the evolution in time just as innovation, outpaced physical attacks.

Professor Thomas Holt, from the Michigan State University says that,”Little work has been done around the use of the internet as an attack space. These attacks are happening and they're been continuously overlooked. If we don't get a handle understanding them now, we won't fully understand the scope of the threats today and how to prevent larger mobilization efforts in the future."

Holt broke down the extension, development and the effect of ideological cyber terrorist incidents, so as to comprehend these attacks, from far-left groups, like the Animal Liberation Front, Earth Liberation Front and many similar ones.

Now while these groups would prefer fundamentally not to physically hurt people; rather, they are roused by animal and environmental activism and feel enthusiastic and passionate when it comes to attacking companies, organizations and government entities that go against their convictions.

 “While we can’t speculate as to why physical attacks have declined, we believe that the cyber component increased because these attacks generate an economic and emotional impact, draw attention to their cause from the public and may be less likely to lead to arrest”, he adds further.

As Holt's research additionally analysed the physical and cyber terror attacks thusly committed by these far-left groups in the US, UK and Canada somewhere between 2000 and 2015 he states that despite the fact that these groups may strike locally, their harm on the web can be 'widespread' and simultaneously a hazard for organizations and consumers alike.


Over 200 Million Chinese CVs Compromised On The Dark Web


Over 200 Million Chinese CVs Compromised Online







Recently, a database comprising of over 200 million Chinese CVs was discovered online in a compromised position where it was laid bare for the dark web to devour. Naturally, it spilled explicitly detailed information.



Having lacked, fundamentally basic security endeavors, the database exposed some really personal data of people.



The database encompassed their names, addresses, mobile phone numbers, email addresses, education details and other what-not.



The much detailed information on the base was developed by persistently scouring various Chinese job sites.



Reportedly, the director of the researching institution cited on the issue that at the outset, the data was thought to be gained from a huge classified advert site, namely, BJ.58.com.



Nevertheless, BJ.58.com, vehemently denied the citation and their relation with this accident.



They had thoroughly analysed and checked their databases and found nothing questionable, hence reassuring that they had no role to play in the data leakage.



They also mentioned that certainly some third-party CV website “Scraper” is to blame.



It was via twitter that the news about this data cache first floated among people, and soon after that, it was removed from Amazon cloud where it had been stored.



But, as it turned out while further analyzing, before it was deleted it had previously been copied around 12 times.



There has been a series of incidents where the Chinese have been cyber-affected, and this data loss is the latest of all.



From online rail bookings to allegedly stealing rail travelers personal data, the early days of January were quite bad for the Beijing people.



Reportedly, in August last year, the police of China were busy investigating a data breach of hotel records of over 500 million customers.



Personal data, including the booking details and accounts, registration details and other similar information were leaked.



Also, the Internet Society of China had released a report wherein the several phishing attacks and data breaches the country’s residents had faced were mentioned.


Over 30 Thousand Patient Records Exposed; Third-Party Breach To Blame




Cyber-cons recently targeted another health target. ‘Managed Health Services of Indiana Health Plan’ in recent times went public regarding the third-party data breach they had gotten imperiled by, which exposed 31,000 patients’ personal details out in the open. 


This breach was the result of one of the two security incidents that the institution had to face.



There are two major healthcare programs, namely, ‘Indiana’s Hoosier Healthwise’, and ‘Hooseir Care Connect Medicaid’ which this organization runs.


The MHS were informed about the breach by one of its vendors. The information was regarding someone having illegitimately gained access to their employees’ email accounts.


Disconcertingly, according to the reports, the unauthorized accessed had occurred between the month of July and September, last year.


During the investigation initiated by the MHS, it was found out that patients’ personal data including their names, insurance ID numbers, dates of birth, dates of services provided and their addresses were all potentially out in the open.


As the investigation unfolded, it was discovered that the incident was caused due to a phishing attack on the vendor’s system.


Rapid steps were taken by the vendor to counter the attack by the aid of a computer forensic company.


Some of the information in the email accounts that were affected was laid out pretty bare to be accessed. The email accounts “hacked” were the main source of information.


The easiest trick to harvesting personal data is performing a phishing attack. The phishing attack anywhere in the entire chain could affect all the people involved.


As a result of the overall effect on the chain, 31,ooo people got affected and had their data exposed and out in the open.


 Reportedly, this has been the 4th in the list of attacks made on the health plans, that too in the last month alone.


It gets evident after such an attack, that the health-care industry exceedingly requires better management and security cyber systems.

Cybercriminals disturbing air traffic




Travelling via air has always been the most preferred and fastest option available to us at any given time but have we ever given a thought whether it is the safest in every context technical and cyber?

Never mind the technical mishaps that happen when least expected the accidents that occur are rare but shocking and terrible but are we aware of the dangers related to flying in the light of cyber security?

As we probably are aware, cybercriminals are driven for the most part by their thirst for money and power—and disturbing the air traffic and airport regulation helps they satisfy it. While the dominant part of these cyber security occurrences result in data breaks, but: Attacks on this imperative framework could prompt significantly more inauspicious outcomes.

Associations like the ATO and EUROCONTROL deal with the air traffic across continents, connecting with business and military bodies to control the coordination and planning of air traffic in their assigned region. These associations work firmly together, as there are numerous intercontinental flights that move across from one area then onto the next they respond quite rapidly to such episodes.
These Aviation control organisations require immaculate correspondence to work legitimately, as they are essential to keeping up the normal stream of air traffic. 

Along these lines, their related frameworks are intensely computerized which makes them the primary targets for the said cyber-attacks.

However apart from Air Traffic there are a lot more factors as well that have a specific negative effect on the transportation service. Some of the major ones being terrorist attacks, ransomeware attacks, targeted cyber-attacks in addition to the budget concerns.

Terrorists have hijacked Aircrafts before, the most known incident being 9/11, where the terrorists infiltrated onto four different air crafts, disabled the pilots. Anyway these physical, in-person hijacks are the reason behind the broad safety measures that we all experience at each major air terminal.

Despite the fact that these hijackers don't need to be physically present to cause such immense harm. As exhibited before, air crafts can be hacked remotely and malware can contaminate computer frameworks in the air crafts as well.

What's more, similar to some other industry, we likewise find numerous ransomware victims in the avionics and air traffic sector. The most popular one being air and express freight carrier FedEx that surprisingly has been a ransomeware victim twice: once through their TNT division hit by NotPetya, and once in their own conveyance unit by WannaCry.

When turning towards targeted cyberattacks the most fitting precedent is that of the IT system of Boryspil International Airport, situated in the Ukraine, which purportedly incorporated the airport's air traffic regulation system. Because of rough relations among Ukraine and Russia, attribution immediately swerved to BlackEnergy, a Russian APT group considered responsible of numerous cyberattacks on the country.

Lastly, "Where budgets are concerned, cybersecurity is treated reactively instead of proactively.
In 2017, the Air Traffic Control Aviation (ATCA) published a white paper issuing this warning as in a 2016 report by the Ponemon Institute discovered that the associations did not budget for the technical, administrative, testing, and review activities that are important to appropriately operate a  secure framework.

Bearing these factors in mind while the physical security on airports have been increased fundamentally, it appears that the cyber security of this essential framework still needs a considerable amount of work and attention, particularly remembering the sheer number of cyber-attacks on the industry that have occurred over the most recent couple of years.

The excrement will undoubtedly hit the propeller if the air traffic and cargo enterprises yet again fail to incorporate cybersecurity in their financial plan and structure propositions for the coming year.


Medical Devices Now Vulnerable To Cyber Attacks




It is no denying the Fact that with the advancement in technology and evolution in time tons of changes have been made as well as acknowledged by millions of individuals all around the world, as these progressions have contributed in making their daily lives all the more simpler and comfortable.
One such essential change is the one made in the medicinal field, now medical gadgets of all kinds have the network and connectivity that enormously increases their effectiveness and usefulness, making it significantly less demanding for patients to be monitored.

However, with the way digital attacks are on the rise, a significant number of these attacks may often feel like life and demise circumstances. Be that as it may, with such huge numbers of crucial medical devices requiring network connectivity, some of them may really be targets of lethal attacks. 

Disavowal of administration i.e. service attacks and hackings are two of the most serious dangers confronting the medicinal device industry and the patients, that these propelled medical devices are intended to secure and protect.

The astounding dangers related associated with medical gadgets is very much delineated by the case of implantable cardioverter defibrillators, or ICDs, which are embedded so as to keep a person's pulse controlled and to convey a  life-saving shock in patients who are at high risk of heart failure. ICDs are potentially powerless to a type of digital attack that is firmly identified with DDoS attacks thus, rather than utilizing a system of Internet-connected devices to overpower a target, an assault on an ICD would require only one internet connection.

Vulnerability is that of Insulin over-load. The creators of an insulin pump, in October 2016, made the novel stride of informing clients of a potential security weakness. In the wake of getting data about the defenselessness, Johnson and Johnson and Animas cautioned clients that an attacker, even a remote one, could possibly trigger insulin infusions by mocking the meter remotely, with the risk of eventually causing a hypoglycaemic response in the patient which could be a serious health hazard for a diabetic patient.

Medical imaging gadgets are likewise in danger of cyber interference, the sort that could cause a patient serious harm. The researchers at the Ben-Gurion University of the Negev in Israel found that attackers could be able to expand the level of radiation discharged amid a scan to the point that it could cause ailment, damage or possibly even radiation overdose to a patient.

Nevertheless the message with regards to the medical devices is the same as that of any sort of devices with network or internet connectivity: security should be organized and prioritized better. The device makers should focus on creating devices that focus on playing out the tasks that they had been intended to perform.

This is reasonable, however with the intrinsic vulnerabilities of these gadgets and the hazardous disavowal of administration attacks and hackings that are conceivable as a result of them, security should be the essential need of the hour.


Careem hit by cyber attack, affects 14 million users

Careem, ride-hailing app and Uber’s main competitor in the Middle East, on Monday revealed that it was hit by a cyber attack causing data of over 14 million users to be compromised.

In a blog post, the company said that it became aware of the attack on 14th January, when it identified a cyber incident involving “unauthorised access to a system we use to store data,” in which customer and driver account data were stolen.

Information such as names, phone numbers, email addresses, and trip data were stolen, however, according to the company, no password or credit card information was compromised.

“Customers’ credit card information is kept on an external third-party PCP-compliant server. A PCP server uses highly secure protocols and is employed by international banks around the globe to protect financial information,” it stated.

“While we have seen no evidence of fraud or misuse related to this incident, it is our responsibility to be open and honest with you, and to reaffirm our commitment to protecting your privacy and data,” the post read, adding that customers and “captains” who have signed up after the attack have not been affected by the breach.

The ride-hailing service apologized to its users and said that, “Careem has learned from this experience and will come out of it a stronger and more resilient organisation.”

Aside from informing the users and assuring them that it is working with law enforcement agencies to look into the matter, Careem also advised its customers to use safeguards such as strong password management, cautiousness of unsolicited communications, links, or attachments in emails, and reviewing suspicious credit card or bank activity.

As to why it had taken so Careem so long to tell people, the company said that it “wanted to make sure we had the most accurate information before notifying people.”

150 million MyFitnessPal users affected in Under Armour data breach

Under Armour on Thursday announced that over 150 million customers using MyFitnessPal, its nutrition tracking app, were hit by a data breach in late February, earlier this year.

According to Under Armour, they discovered the breach earlier this week and said that an “unauthorised party” had acquired this data. Once they were aware of the breach, they took steps to alert the users using in-app messages as well as email.

They are currently working with data security firms and coordinating with law enforcement authorities to get to the bottom of the breach.

"The investigation indicates that the affected information included usernames, email addresses, and hashed passwords—the majority with the hashing function called bcrypt used to secure passwords," the company said in a statement.

Under Armour said that the attackers would not have been able to access information such as users' Social Security numbers and driver's license numbers, or payment information, in the breach but usernames, email addresses, and password data were taken.

The company is now urging MyFitnessPal users to change their passwords immediately, along with reviewing any suspicious activity in their account. It has also warned its users to be cautious of any emails or unsolicited messages in light of the breach, and to not give away personal data.

The app lets people track their calorie intake, diet, and exercise routines, and was acquired by Under Armour in 2015 for $475 million.