Hackers Can Intercept What’s Being Typed Just By The Sound Of It?




Hack Alert! Hackers could listen to the sound of typing on a person’s phone via a nearby smartphone and intercept what’s being typed.

Possibly, the acoustic signals or sound waves produced when a message is typed on a computer or a keyboard could be picked up by a smartphone.

The sound could later be processed leading an expert hacker to easily decode which keys were hit and ultimately what was it that was typed.
 
Allegedly, this trick could work in a busy hall filled with people chattering and typing as well, because researchers tried it out.

Sources mention that the researchers could intercept what’s being typed with a “41% word accuracy rate”. It might take only a couple of seconds to know what’s being typed.

The results of the research sure are disconcerting and privacy and security levels of the smartphones and their sensors have got to be taken to a higher level.

From detecting if a phone is still or in a pocket, to detecting if it’s on the move; with the enhanced technology, sensors too have come a long way.



Some sensors need permission whereas most of them are set to function as a default. Per sources, the researchers had in their analysis used the later.

All they did was develop an application that could intercept the sound of typing and detect which key exactly is hit.

According to researchers the material of the table at which the keyboard is placed, plays a crucial role in the entire process as the keys sound different on different materials.


Well Known and Widely Used 4G Routers Compromised?



Security researchers revealed the various vulnerabilities and flaws that the latest 4G routers have got leading to information leaks and command execution attacks.

In the DEF CON hacking conference the researchers came across a lot of flaws in the “existing 4G modems and routers”.

Per sources, a selection of all the products was made and then tested which resulted in detection of “critical remotely exploitable flaws”.

The part that happens to be a real point of concern is that quite a large number of flaws were found in a very limited stock of devices.

From consumer-grade routers and dongles to super expensive devices that are designed to be used on mass level all of them were tested with flaws.

The vendors were immediately informed about the security defects and mostly they were fixed well before the Pen Test Partners report got published.



Netgear 4G Routers

Security issues also existed in the case of 4G routers fabricated by TP-Link and Netgear with four of them being assigned CVEs.

The Netgear Nighthawk M1 Mobile router got tracked as CVE-2019-14526 and a post-authentication command injection (CVE-2019-14527) which could lead to arbitrary code execution.

The attacker could exploit the above vulnerabilities by tricking the users into visiting a maliciously designed page.

Some insight into the SCRF protection bypass flaw of the Netgear routers and breaking the encrypted firmware was also given by the researchers.

 TP-LINK 4G Routers

The mobile wireless routers by TP-Link were also found to be compromised and with their very own CVE issues.
The M7350 4G LTE is the model that was vulnerable with mainly, CVE-2019-12103 (Pre-Authentication Command Execution) and CVE-2019-12104 (Post-Authentication Command Execution).


ZTE 4G Routers

ZTE was a vendor that got immediately in the limelight during the research as it had avoided security issues in its MF910 and MF65+. The website they were listed on was out of support.

Per sources the MF920 shared the same codebase with another router that the researchers checked and ZTE decided to take things seriously and fix the reported flaws.

Sources mentioned the following issues were discovered MF910 and MF65 that aren’t going to be patched:
·       A Cross-Site Scripting point in an unused “test” page.
·       In the pre-authentication process the administration password could be leaked.
·       One of the debug endpoints during post authentication is vulnerable to command injection.

If these issues were to amalgamate, arbitrary code execution on the router becomes all the easier and could be triggered by the user’s visiting a malicious web-page.

Two other vulnerabilities that were discovered in the ZTE 4G routers were:
·       CVE-2019-3411 (Information leak, 7.5 high severity CVSS v3.0 base score)
·       CVE-2019-3412 (Arbitrary Command Execution with a critical severity of 9.8 CVSS v3.0 base score)


If the degraded condition of the already existing 3G and 4G routers is not to get better the 5G routers to come wouldn’t attract as many consumers.

The market condition is so that the users are majorly dependent- and if they aren’t they’re soon to be- on cellular connections for full-time internet.


Apps Generating Untraceable International Phone Numbers ?






Applications that generate international phone numbers that are super difficult to track are being employed by cyber criminals to rip people off.

A recent victim that had called the cyber-crime branch complained that they received a call from two spate numbers one with 001 and the other with 0063 as the country codes.

Per sources the app stores happen to contain 40 to 60 such apps through which cyber-cons could easily get these numbers.

Sources mentioned that allegedly “Dingtone” is an app via which a user can easily sift through a variety of country codes which are absolutely untraceable.

These cases according to the cyber-crime branch aren’t categorized separately but these are surely being registered and deliberated upon.



According to the cyber-security researchers a minimum of 500 cases come into existence per day in India alone with 40 cases pinning on major cities.

The police lack the technological efficiency as well as resources to possibly track the users of such applications. There is also a matter of jurisdiction.

Mostly, the above-mentioned apps are ‘not’ developed by Indian initiators but ironically originated from countries that have strict laws on removal of apps.

Information of the caller could seemingly be obtained by requesting the telecom service providers as such services are always linked together.

However, requesting the details of the callers from a telecom service provider abroad is extremely time-consuming. Besides, the CBI would require Mutual Legal Assistance Treaty with that very country.

As of now, such treaties exist with only 39 countries. In addition some countries could also demand a court order and furthermore the procedure in itself takes six to eighteen months.


Cyber-Crime On Rise; One of A Kind Ransomware Hits Cloud Computing Giant iNSYNQ!







iNSYNQ, the cloud hosting giant recently was targeted by a ransomware attack which led to the company’s servers being shut down to confine the damage.

The Microsoft, Sage, and Intuit host provides customers with cloud-based virtual desktops aimed at hosting business applications.

The attack was executed by an unknown party and affected the iNSYNQ clients making the data inaccessible, as was mentioned in a citing from the sources.

The servers of the infected organization were immediately shut down and the next step was to safeguard the clients’ data and backup.

Cyber-security experts have been hired by the organization to help restore the infected data and eradicate any further possibility of such attacks.

The backups aren’t yet available to the customers despite repeated requests for them. The company’s doing everything in their control to mitigate the situation.


The clients’ data backups were on the unaffected servers but on the same network nevertheless.

The problem is not related with stolen data it is actually about the data being encrypted and hence being inaccessible.

On a mysterious note, the twitter account of iNSYNQ seems to have disappeared and is no longer accessible.

The data will take a good amount of time to reach the clients’ because after it’s retrieved it will be needed to be checked for any residual traces of the malware.

The company though, did not forget to mention that the kind of malware that hit them was of a new kind and had never been detected before.

Due to security reasons the organization can’t reveal much about the complexities of the attack and the entire situation because it might lead to the customers’ data being in danger.

With the help of leading experts the process of backing the data up is on full speed and the organization’s trying their hardest to get their clients’ data back to them.


Vulnerability in Chrome Allows To Virtually Take Over Any Android-Based Device



A critical vulnerability in Chrome for Android apparently exploited and displayed in a quite popular hacking contest is now being known to empower anybody with specialized technical expertise to remotely take control for all intents and purposes any Android-based device. 
Found by PacSec speaker Guang Gong from Qihoo 360 at Pwn2Own the vulnerability in Google's JavaScript v8 is said to purportedly influence all renditions of Android running the latest version of Chrome. 
What makes this specific vulnerability stand out amongst the remaining of the already established hazardous and risky ones is that being a 'one shot exploit', just one is sufficient to remotely hack the device. 
At first, the user is tricked into visiting a vindictive website on Chrome and once there, an attacker effectively installs an arbitrary application into the device thusly gaining full privileges. 
"As soon as the phone accessed the website the JavaScript v8 vulnerability in Chrome was used to install an arbitrary application (in this case a BMX Bike game) without any user interaction to demonstrate complete control of the phone," it was reported.
Despite the fact that android fixed 33 vulnerabilities, in which, 9 vulnerabilities were categorized under critical severity and rest of the 24 were fixed under "high" severity.
Until now no more insights regarding the exploits have been unveiled. Google, on the other hand has purportedly been made mindful of the Chrome vulnerability, regardless of whether it has been fixed is yet to be affirmed.

OceanLotus’ Ratsnif (A Remote Access Trojan)- Thinngs You Need To Know




OceanLoutus’ Ratsnif, an especially undetected remote access Trojan which mainly is used for cyber-espionage purposes has become better and is now capable of SSL hijacking and modifying web pages.

The very prominent malicious actor OceanLotus is quite fairly known for its espionage campaigns in the Vietnam. APT32, CobaltKitty, SeaLotus and APT-C-oo are few of its aliases in the infosec community.

The hackers behind this malicious threat actor usually combine “commercially available tools” such as Cobalt Strike with unique malware.

Four separate variants of the Ratsnif RAT family were analysed by prominent researchers only to find out that it evolved from a debug build to a release version.

It now comes filled with fresh features like DNS and MAC spoofing, SSL Hijacking, packet sniffing, HTTP redirection and injection, setting up remote shell access and ARP poisoning.

Per sources, the three early versions were found out to have a compilation date from 2016 whereas the most recent one was from August 2018.

The oldest variant of the Ratsnif, per the researchers, apparently was a debug build compiled in August 2016. The domain for its command and control (C2) server was activated the very day.

A newer version with no so gigantic changes was compiled the very next day. Both the samples were tested for detection against the anti-virus engines present on VirusTotal service at the same time.

A third version with September 2016 as its compilation date appeared with almost similar functioning and is believed by the researchers to be one of the earlier builds.

It wasn’t loaded with all the features but surely was capable of setting up a remote shell and serve for ARP poisoning, DNS spoofing and HTTP redirection.

In its early stages it collects information such as usernames, computer names, Windows system directory, and network adapter info and workstation configuration and sends it to C2.



The fourth Ratsnif sample was no longer accompanied by a list of C2 servers and delegated communication to a different malware used on the host victim.

It also, originally happened to introduce a configuration file and to extend the set of features to make it more effectual.

If one wishes to decrypt the traffic it could be done by using version 3.11 of the wolfSSL library which was earlier known as CyaSSL.

The configuration file happens to be unsecured and is simply a “text file encoded in Base64 with a parameter on its own line”.

Ratsnif could also cause a memory red violation owing it to a bug, when parsing a specific parameter (“dwn_ip’). Due to this the value’s passed as a string when it should be a pointer to a string.

According to the analyzers, the 2016 versions of Ratsnif contained all packets to a PCAP file but the 2018 version employs multiple sniffer classes for wresting sensitive information from packets.

This lowers the amount of data the attacker requires to collect, exfiltrate and process and also shows what information the attacker is after.

Ratsnif has done an essentially tremendous job at staying out of the limelight. Nonetheless it is not up to the standards of OceanLotus’ other malware endeavors.


Gamers’ Google and Facebook Credentials Unsafe; Android’s “Scary Granny ZOMBYE Mod: The Horror Game” To Blame!






A horror game from Android which has more than 50,000 downloads to its name. The Scary Granny ZOMBYE Mod: The Horror Game showed malicious behavior and is allegedly stealing users’ credentials after they log into their accounts.

The game is specifically designed to hoard downloads from the success of another Android game dubbed “Granny” with 100 million installs as of now.

After the researchers informed Google about the game’s phishing and siphoning abilities, the fully functional game was taken down from the Google Play Store.

A prominent research team realized that the game wouldn’t exhibit any malicious activity up to 2 days to steer clear of security checks.

It would turn in its data-stealing modules lest it were being used on older Android versions with users with new devices which run up to date.

Quite obviously it starts asking for permissions to launch itself on the smartphone or tablet and tries to gain the trust of the users.

Even after the Android users reboot their systems the game still shows full-screen phishing overlays.

Firstly it shows “a notification telling the user to update Google Security Services” and the moment they hit ‘update’ a fake Google Login page appears which looks almost legitimate except for the incorrectly spelled “Sign in”.


Scary Granny, after stealing the users’ credentials it will go on to try to harvest account information like recovery emails, phone numbers, verification codes, DOBs and cookies.

Obfuscated packages are other ways of mimicking official components of the Android apps. For example, com.googles.android.gmspackage attempts to pass itself as the original com.google.android.gms

The Scary Granny would also display some really legitimate looking ads from other prominent applications like Messenger, Pinterest, SnapChat, Zalo or TikTok.

The malicious horror game would make it appear that apps like Facebook and Amazon were actually open when actually they are only ads pretending to be actual applications.

In one of the cases the researchers tried out, the ad directed the user to a page which Google blocked flagging it as being deceptive which clearly implies that it hosts malware or a phishing attack.

After connecting with an ad network by way of com.coread.adsdkandroid2019 package, the ads would get distributed to the compromised Android devices.

At the end, to maximize the profit for its creators, the Scary Granny would try to wrest money form the users by asking them to pay for their playing privileges via a “pre-populated PayPal payment page”.


TP-Link Wi-Fi Extenders: Detected With Vulnerability Making Them Hacker Prone!




The popular router company left its users shocked when researchers discovered a crucial vulnerability with its Wi-Fi extenders.

The vulnerability immensely compromised the extender to the hacker and let them have entire control of the device.

Victim’s traffic could easily be redirected via the taking over of the extender and could lead them to malware, the researchers cited.

To enhance the range of the Wi-Fi signals these extenders are used to “extend” the range. They provide a significant boot in the signal’s strength.

Security cameras, doorbells and other security equipment could easily be connected via the extender to the router.


But quite like the routers they are prone to vulnerabilities and need to be maintained and patched from time to time to ensure a safe network.

Allegedly, the particular extenders that were affected were the RE365, the RE350, the RE650 and the RE500.

According to sources, the researchers who were behind the digging up of this glitch belong to IBM’s X-Force of researchers.

 Ever since then IBM collectively with TP-Link has released updates for the affected users.

The to-be attackers don’t necessarily need to be within the range of the Wi-Fi extender for him to exploit the weakness.

The attacks procedure begins with the hacker sending a malicious HTTP request to the Wi-Fi extender.

 The vulnerability in turn aids the attacker to execute such commands form the request which is not the case with proper extenders which have limited access.

The attacker would need to know the extender’s IP address to abuse the vulnerability. Thousands of exposed devices could be easily found on “Shodan” and similar search engines.

The misuse of the vulnerability is not only limited to malicious code execution or simple taking control of the extender.

More sophisticated malicious activity could also be followed through using shell commands on the device’s operating system, sources cited.

Also creating a botnet out of the extender and redirecting the users to malicious pages are other things on the list of probable attacks.

Houdini Worm’s WSH Remote Access Tool (RAT) for Phishing Tactic




A fresh modified version of Houdini Worm is out in the market which goes by the name of WSH Remote Access Tool (RAT) and has commercial banking customers on its radar.


The authors who created the malware released it earlier this June and the HWorm has things tremendously in common with the njRAT and njWorm. (existed in 2013)

WSH RAT uses the legitimate applications that are used to execute scripts on the Windows one of which is Legitimate Windows Script Host.

The malware is being distributed via phishing email campaigns per usual.

The malicious attachment is stuck with the MHT file which is used by the threat operators the very way they use HTML files.

The MTH files contain an “href” link which guides the user to download the malicious .zip archive which releases the original version of WSH RAT.


Researchers report that when WSH RAT’s executed on an endpoint it behaves like an HWorm to the very use of mangled Base64 encoded data.

The WSH RAT uses the very same configuration structure for the above process as HWorm.

It also seeds an exact copy of the HWorm’s configuration including the default variable and WSH RAT command and control server URL structure in similar to that of HWorm.


Firstly WSH Rat communicates with C2 server and then calls out the new URL that releases the three payloads with the .tar.gz extension.
But, it’s actually PE32 executable files and the three payloads act as follows:
·       A Key logger
·       A mail credential viewer
·       A browser credential viewer

These components are extracted from a third party and do not originate from the WSH RAT itself.

The underground price of the WSH RAT was around $50 USD a month with a plethora of features including many automatic startup tactics and remote access, evasion and stealing capabilities.

It’s becoming evident by the hour that by way of simple investment in cheap commands really threatening malware services could be developed and could put any company under jeopardy.




Massive HIV Data Leak; No Closure Yet!






Singapore: Finally the authorities have come up with some background details as to the circumstances that led to 14,200 people’s personal details along with their HIV status leakage.

The lingering questions, ever since the data was compromised have been intriguing. Such as, the reason behind not making it public in May 2016 when it was known that the information was in wrong hands?

According to a recent media briefing the Permanent Secretary of Health, cited that the ministry of health did wasn’t sure as to the whether the news’ being public was in the interest of the citizens.

They did mention though that they will take conservative measures and better approaches now that they know the persons in registry have concerns regarding a public announcement.


It’s disturbing that years after the incident took place no one knows why the data still remained with the unauthorized people.



According to sources, the Ministry of Health had lodged a police report in May 2016 after finding out that Mikhy Farrerra Brochez was in custody of the leaked information from the HIV registry.

After, the properties owned by Brochez and his partner Ler Teck Siang were searched by the police officials and all pertinent material found was seized.

Even after that Brochez managed to keep some information back and in turn leaked it later on. The Permanent Secretary of Health voiced that the police should have had a better search.

It was later in May 2018 when the people whose information as in the “unauthorized” hands were informed a\bout the entire leakage scenario.

In May 2018 the police found out that Brochez had managed to hold some records back which was a month after Brochez completed serving his jail sentence for other offenses and was deported from Singapore.

There is no way of knowing though, that how many people were informed that their persona details were in wrong hands.

MOH lodged a police report and had contacted the concerned individuals. The number of people was very small according to PSH Mr. Chan.


Where Brochez was deported to is still under wraps and the immigration department couldn’t share the details due to confidentiality concerns.

He is known to have arrived in the Kentucky state of the US. There’s no knowing if he’s being monitored, the sources said.

He had called at his mother’s house despite being warned to stay away and that’s when she informed the police about it.

After he refused to leave he was taken into custody and was charged. He has been asked to return to the district to face criminal trespass.

The Singapore police force is reportedly taking help of their foreign counterpart but didn’t mention which organizations or countries.

Brochez’s partner was charged with the Official Secrets Act for “failing to retain the possession of a thumb drive” containing data from the leak but was stood down and there is no answer as to why that happened.



According to Article 35(8) the AG gets a wide discretion as public prosecutor in the conduct of criminal proceedings. The prosecution “is not required to give reasons for why they decide to proceed with certain charges and not others”.

Another question that has yet to be addressed is how was the access to the confidential information disabled? We do know that the MOH had worked with “relevant parties” to disable the access.


Stolen information of such sorts is uploaded on various hack forums and file sharing sites such as “Pastebin” and “Mega” and is commonly hosted on web servers overseas.

If taking down a web domain. It could be done on a registrar level. Domain registrars are company people who create websites. But taking down a website can’t totally solve the problem.


Because once, data is on the dark web it’s almost irretrievable. As it could be copied or distributed across quite easily.


Absolutely different from the internet the commoners use, the Dark Web is “unregulated and decentralized and has no point of authority or disabling access to anything.


Millions of Peoples’ Data Exposed On The Dark Web Via an Unprotected Database; Hackers At Advantage

Quite recently, a badly secured database fell prey to hijacking by hackers. Millions of users’ data was exposed. It was discovered by “Shodan Search Engine” last month. An infamous hacking group is speculated to be the reason.


A gigantic database containing records of over 275 million Indian citizens was found unprotected and now in the hands of a hacking group.

The database which was exploited comes from a widely used name of “MongoDB”.

The data in it seems to have come from various job portals, in light of the fields that were found out to be of “Resume IDs”, “functional areas” and “industry”.

Along with some not so confidential information some really personal details like name, email ID, gender, date of birth, salary and mobile number were found.
Reportedly, a hacking group which goes by the name of “Unistellar group” happens to be behind the hijacking of this already unprotected database.

Immediately after the unsafe database was discovered the cyber-security expert had informed the Indian Computer Emergency Response Team but in vain.

The database was open and laid bare for anyone to advantage for at least two weeks.

The owner of the database is yet to be known and it seems that it’s owned by an anonymous person or organization.

The details of over 275 million people were out but as it turns out no Indian job portal holds information of members of such a large number. 


Amazon Hit by an “Extensive” Fraud; Reveals That Unidentified Hackers Were Able To Siphon Funds from Merchant Accounts




Amazon.com Inc. reveals that unidentified hackers were able to siphon assets from merchant’s accounts for over six months just the last year from the MNC.

The company believes that it was hit by quite an extensive fraud attack, this serious  attack which occurred between May 2018 and October 2018, had the attackers break into around 100 seller accounts and channel money from either loans or sales into their own respective bank accounts, as indicated by a U.K. legal document.

A redacted filing has been made by Amazon's legal advisors from November which was now made public.

While the MNC was still "investigating the compromised accounts" and trusted that hackers figured out how to change subtleties of the accounts on the Seller Central Platform to their very own at Barclays Plc and Prepay Technologies Ltd., which is mostly claimed by MasterCard Inc., as indicated by the filing. Amazon found that the accounts were likely undermined by phishing strategies that fooled the sellers into surrendering the confidential login data.

Since the attorneys for Amazon have asked a London judge to favour pursuits of account statements at Barclays and Prepay, which "have become innocently mixed up in the wrongdoing," the case is progressively being featured as the one where the world's greatest online retail platform is being abused and how troublesome it is for Amazon to locate the real culprits.

While Barclays declined to remark explicitly on the case and delegates for Prepay didn't return emails looking for their comments for the same. Amazon expressed its requirement for the documents “to investigate the fraud, identify and pursue the wrongdoers, locate the whereabouts of misappropriated funds, bring the fraud to an end and deter future wrongdoing," the company's legal counsellors said in the court filing.

The first fraudulent transfer is said to have been occurred on May 16, as indicated by the filing and Amazon said Tuesday that it issued more than $1 billion in loans to merchants in 2018.

Regardless it's unclear how much the hackers stole.


A Defensive Malware On The Cyber To-Do List of Japanese Government




Japanese government likes to stay ahead of disasters, be it natural or for that matter, cyber-crime related.

In the same spirit Japan’s Defense Ministry has decided to create and maintain cyber-weapons in the form of “Malware”.

The malware is all set to contain viruses and backdoors and would be the first ever cyber-weapon of Japan’s.

According to sources, it will be fabricated not by government employees but professional contractors tentatively by the end of this fiscal year.

The capabilities and the purpose or the way of usage hasn’t been out in the open yet.



Reports have it that the malware is just a precautionary measure against the attacker if in case the Japanese institutions are ever under attack.

As it turns out the malware is one of the endeavors of the Japanese government towards modernizing and countering China’s growing military threat.

The country also plans on widely expanding its reach into cyber battlefield (which is now an actual battle field) tactics.

Many major countries ambiguously have been using cyber weapons and now Japan’s next on the list.

The country’s government believes, being cyber ready and holding a major cyber-weapon in hand would keep countries that wish to attack at bay.

But as it turns out, this tactic hasn’t fared well with other countries as much as they’d like to believe.

This happens to be the second attempt at creating a cyber-weapon stash after 2012 which didn’t bear results like it should’ve.

Earlier this year the Japanese government passed a legislation allowing the National Institute of Information Communications Technology to hack into the citizens’ IoT devices using default or weak credentials during a survey of insecure Iot devices.

All this was planned to secure the Iot devices before the Tokyo 2020 Olympics to avoid Olympic Destroyer and attacks like VPNFilter.

So it turns out, that these efforts at strengthening the cyber game of Japan’s originate from the chief of Japan’s Cyber-security department who happens to not even OWN or USE a computer.

Justdial Smacked By a Subsequent Security Breach in Two Weeks; Poor OpSec To Blame!


Justdial is a renowned Indian hyper-local search engine which recently became prone to two security breaches in the span of two weeks.

Only a few weeks ago, the database of all the customers of Justdial was laid bare on the dark web and now the reviewers’ data got on the line.

The company that has beyond 134 million QUA can’t afford to make such reckless mistakes.

April 18th saw the private data including names, addresses, email IDs etc. of over 100 million users which was stored in the search engine’s database to be laid out in the open.

The organization owed the breach to an expired API which allowed anyone to access the data of users. Major percentage of the affected included the hotline number users.

Security researchers were the first to discover the breaches that so thrashed Justdial. They also cited that no specific actions against them were taken.

These claims were denied by Justdial mentioning that the data was stored in a double-encrypted format.

The same group of researchers again found out a lacuna in the API of Justdial on April 29th.

Herein the people who post reviews were harmed in the form of their data being exposed.

Reportedly, the API connected to Justdial’s reviewers’ database had been unprotected since the company’s foundation.

Hence, the reviewers’ names, mobile numbers, locations and all became easily accessible thanks to the loophole.

But this issue was immediately fixed, according to the reporters.

No matter what happened, the unprotected database and the loophole contributed largely to the data breaches.

Justdial employs a humongous database and hence has large number of data stored within it.

Weak API and poor “Operation Security” is majorly to blame for all the breaches Justdial saw in these couple of weeks.

According to security researchers, API handlers and managers should be employed. Also easily implemented software switch could help in protecting the access points.


Also the first breach should have been taken seriously and used as a means of learning to help secure the system from future attacks.

It is evident that the company needs to strengthen their operational security and up their game in terms of securing the present loopholes and possible lacunae.

Hacker hacking McDonald's App, ordering thousands of dollars of worth food



In Canada, McDonalds is losing out on thousands of dollars because of a notorious hacking act. The unidentified  person is hacking into McDonalds app of strangers to rack up thousands of dollars worth food purchase.

The recent victim was Patrick O’Rourke, who is  the managing editor of the tech news site MobileSyrup.He said that he didn’t realise till recently that someone has hacked into his Mcdonald's app and has ordered almost 100 meals between April 12 and April 18

According to the CBC report ,there were mass purchases of Big Macs and McFlurries. O’Rourke doubts whether a single person could have eaten all the food.

He told CBC,”It could be one guy who was able to hack my account and he shared it with a bunch of his friends across Montreal, and they all just went on a food spree,”

There have been other incidences of similar nature across Canada recently, where McDonalds app was hacked and a huge amount of bill was raised through the illegal buying of food. There have been four victims across Canadian provinces, all of them belongs to Quebec. So now Quebec Police is searching for the possible hacker in Quebec.

According to O’Rourke, McDonalds was not much to the help in the matter. He said “To me, it just seems like a little bit negligent… like they don’t really care, McDonald’s should at least be sending out a mass email to everyone that has the account [to say], ‘Hey, you should reset your password.’ ”

In Canada, McDonalds app has been hacked before.