EA Origin Security Flaw Exposed over 300 Million Gamers to Account Takeovers



In the wake of the discovery of an EA based vulnerability, EA origin has been forced to re-examine its module for security and safety as the flaw could have potentially exposed millions of gamers to account takeovers.

As per the findings and research of specialists at Check Point and CyberInt, the vulnerability affected over 300 million gaming enthusiasts playing online games namely FIFA, Madden NFL, NBA Live and Battlefield.

The vulnerability relied on an alternate authentication method known as, Access Tokens which are like passwords; by stealing a Single Sign-On authorization token, the security flaw would have given complete authority into the hands of the hackers, who further would have been able to hijack player's accounts without needing the login or password.

Stealing 'Access Tokens' can be a bit more complex than stealing passwords, however, it still is possible. It's because users have been enlightened against providing passwords on dubious websites, hackers now resort to accessing access tokens rather than the passwords. Moreover, it can be carried out behind the scenes without needing any active participation from the user.

On Wednesday, commenting on the matter, Oded Vanunu, head of products vulnerability research for Check Point, told, "EA's Origin platform is hugely popular, and if left unpatched, these flaws would have enabled hackers to hijack and exploit millions of users' accounts,"

Referencing from the statements given by Alexander Peleg in an email in the regard, "We had the vulnerabilities under control so no other party could have exploited them during the period it took EA to fix," 

Millions of Peoples’ Data Exposed On The Dark Web Via an Unprotected Database; Hackers At Advantage

Quite recently, a badly secured database fell prey to hijacking by hackers. Millions of users’ data was exposed. It was discovered by “Shodan Search Engine” last month. An infamous hacking group is speculated to be the reason.


A gigantic database containing records of over 275 million Indian citizens was found unprotected and now in the hands of a hacking group.

The database which was exploited comes from a widely used name of “MongoDB”.

The data in it seems to have come from various job portals, in light of the fields that were found out to be of “Resume IDs”, “functional areas” and “industry”.

Along with some not so confidential information some really personal details like name, email ID, gender, date of birth, salary and mobile number were found.
Reportedly, a hacking group which goes by the name of “Unistellar group” happens to be behind the hijacking of this already unprotected database.

Immediately after the unsafe database was discovered the cyber-security expert had informed the Indian Computer Emergency Response Team but in vain.

The database was open and laid bare for anyone to advantage for at least two weeks.

The owner of the database is yet to be known and it seems that it’s owned by an anonymous person or organization.

The details of over 275 million people were out but as it turns out no Indian job portal holds information of members of such a large number. 


A Critical Vulnerability Assisting Attackers in Gaining Access to Live Video Streaming




Researchers discover a rather critical vulnerability in the D-Link cloud camera that enabled attackers to hijack and intercept the camera in order to gain access to the live video streaming as well as recorded videos by means of communicating over unencrypted channel between the camera and the cloud and between the cloud and the client-side viewer app.

The communication request between the application and the camera built up over a proxy server utilizing a TCP tunnel which is the only place the traffic is encrypted. This blemish enables an attacker to play out a Man-in-the-Middle attack and intercept the said connection with the intend to spy on the victims' video streams.


 Rest of the sensitive content, like the camera IP and MAC addresses, version information, video and audio streams, and the extensive camera information are going through the unencrypted tunnel.

The vulnerability dwells in D-Link customized open source boa web server source code file called request.c which is dealing with the HTTP solicitation to the camera. For this situation, all the approaching HTTP demands or requests that handle by this file elevated to admin enabling the attacker to gain a total device access.

According to ESET Research, “No authorization is needed since the HTTP requests to the camera’s web server are automatically elevated to admin level when accessing it from a localhost IP (viewer app’s localhost is tunneled to camera localhost).”

What's more, this weakness lets the hackers to supplant the real firmware with their own fixed or backdoored variant.

An attacker, who is sitting amidst the system traffic between the viewer application and the cloud or between the cloud and the camera, can see the HTTP demands or requests for the video and audio packets utilizing the data stream of the TCP connection on the server and accordingly answer and recreate these captured packets whenever wherever.



Emotet trojan is back with a bang

Emotet gang takes their operation to a whole new level, showing why they're today's most dangerous malware. It would seem it now has taken on new tactics in the form of hijacking users old email chains and then responding from a spoofed address to portray legitimacy, this additional tactic can heighten a hackers chances when stealing financial information once a victim has been lured into clicking on said malicious content. Targeted emails appears to affect both private and public sectors, including government, particularly those that provide financial and banking services.

Emotet is a known banking Trojan, discovered five years ago, first in Europe and the USA. It started out stealing information from individuals, like credit card details. It has been lurking around since 2014 and has evolved tremendously over the years, becoming major threat that infiltrates corporate networks and spreads other strains of malware.

It injects itself into a user’s device via malspam links or attachments, with the intent to steal financial data. It targets banking emails and can sometimes deploy further attacks once inside a device.

The Emotet malware gang is now using a tactic that has been previously seen used by nation-state hackers.

The U.S. Department of Homeland Security published an alert on Emotet in July 2018, describing it as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans,” and warning that it’s very difficult to combat, capable of evading typical signature-based detection, and determined to spread itself. The alert explains that “Emotet infections have cost SLTT (state, local, tribal, and territorial) governments up to $1 million per incident to remediate.”

This campaign targeted mainly Chile and used living off the land techniques (LotL) to bypass Virus Total detections. This up and coming tactic uses already installed tools on a users’ device to remain undetected for as long as possible.

Google Warns Users to Update Their Browser Immediately Due To a Disruptive Bug




A security breach revealed by hackers on the desktop version of Chrome has driven Google into warning its users to update Chrome as soon as they can or risk having their system 'hijacked'.

A part of Chrome called FileReader is supposedly thought to have been connected with the exploit, as it clearly lets software incorporated into websites access the information stored on the user's computer.

Being the most commonly utilized internet browser on the planet, with in excess of approximately two billion active users, the search giant is quite guarded about the details of the manner in which the exploit operates so as to keep the copycat hackers from utilizing comparable methods to attempt and break into user's accounts.

The fact that the security risk 'CVE-2019-5786' wasn't identified by Google in the first place accordingly implies that Chrome browsers were 'actively under attack  ' even before a fix could be released for the users, which thusly on the other hand gave hackers a 'head start' and left the user's systems at high risk even before an update is installed.

Google's lead security engineer Justin Schuh writing on Twitter, warned users: 'Seriously update your Chrome installs... like right this minute.'  Adding later that ‘unlike previous bugs found in Chrome which have targeted third-party software linked to the browser, this bug targeted Chrome code directly. 

Therefore he says that it is 'worth' cautioning user's all the more freely as the fix expects them to make the additional stride of manually restarting the browser after the update to invalidate the exploit had been downloaded.

‘Access to bug details and links may be kept restricted until a majority of users are updated with a fix, we will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven't yet fixed.’ says Google.


Cybercriminals disturbing air traffic




Travelling via air has always been the most preferred and fastest option available to us at any given time but have we ever given a thought whether it is the safest in every context technical and cyber?

Never mind the technical mishaps that happen when least expected the accidents that occur are rare but shocking and terrible but are we aware of the dangers related to flying in the light of cyber security?

As we probably are aware, cybercriminals are driven for the most part by their thirst for money and power—and disturbing the air traffic and airport regulation helps they satisfy it. While the dominant part of these cyber security occurrences result in data breaks, but: Attacks on this imperative framework could prompt significantly more inauspicious outcomes.

Associations like the ATO and EUROCONTROL deal with the air traffic across continents, connecting with business and military bodies to control the coordination and planning of air traffic in their assigned region. These associations work firmly together, as there are numerous intercontinental flights that move across from one area then onto the next they respond quite rapidly to such episodes.
These Aviation control organisations require immaculate correspondence to work legitimately, as they are essential to keeping up the normal stream of air traffic. 

Along these lines, their related frameworks are intensely computerized which makes them the primary targets for the said cyber-attacks.

However apart from Air Traffic there are a lot more factors as well that have a specific negative effect on the transportation service. Some of the major ones being terrorist attacks, ransomeware attacks, targeted cyber-attacks in addition to the budget concerns.

Terrorists have hijacked Aircrafts before, the most known incident being 9/11, where the terrorists infiltrated onto four different air crafts, disabled the pilots. Anyway these physical, in-person hijacks are the reason behind the broad safety measures that we all experience at each major air terminal.

Despite the fact that these hijackers don't need to be physically present to cause such immense harm. As exhibited before, air crafts can be hacked remotely and malware can contaminate computer frameworks in the air crafts as well.

What's more, similar to some other industry, we likewise find numerous ransomware victims in the avionics and air traffic sector. The most popular one being air and express freight carrier FedEx that surprisingly has been a ransomeware victim twice: once through their TNT division hit by NotPetya, and once in their own conveyance unit by WannaCry.

When turning towards targeted cyberattacks the most fitting precedent is that of the IT system of Boryspil International Airport, situated in the Ukraine, which purportedly incorporated the airport's air traffic regulation system. Because of rough relations among Ukraine and Russia, attribution immediately swerved to BlackEnergy, a Russian APT group considered responsible of numerous cyberattacks on the country.

Lastly, "Where budgets are concerned, cybersecurity is treated reactively instead of proactively.
In 2017, the Air Traffic Control Aviation (ATCA) published a white paper issuing this warning as in a 2016 report by the Ponemon Institute discovered that the associations did not budget for the technical, administrative, testing, and review activities that are important to appropriately operate a  secure framework.

Bearing these factors in mind while the physical security on airports have been increased fundamentally, it appears that the cyber security of this essential framework still needs a considerable amount of work and attention, particularly remembering the sheer number of cyber-attacks on the industry that have occurred over the most recent couple of years.

The excrement will undoubtedly hit the propeller if the air traffic and cargo enterprises yet again fail to incorporate cybersecurity in their financial plan and structure propositions for the coming year.