SlideShare une entreprise Scribd logo

NewsByte Mumbai October 2017

C
chauhananand17

Null Meet NewsByte October 2017

Technologie
1  sur  16
Télécharger pour lire hors ligne
Null – An Open Security Community NEWS BYTE BY ANAND CHAUHAN n|u
SOMETHING ABOUT ME:- • A Cyber Security Enthusiast. • A Cyber Security Learner • Interested In Web App And Forensics. Twitter Handle @chauhananand17
OVERVIEW • CCleaner Hacked • Deloitte hit by cyber-attack • Equifax Data Breach • Hack The Tor Browser • nRansomware • India Planning Its Own Bitcoin-Like Cryptocurrency: Lakshmi Coin • Expensivewall • BlueBorne – New Attack Vector • Yahoo says all three billion accounts hacked in 2013
CCLEANER HACKED • Piriform’s VP of Products Paul Yung revealed that the company spotted a security breach in CCleaner 5.33.6162 and CCleaner Cloud. • A two-stage backdoor was inserted in the CCleaner.exe binary which was capable of remote code execution after receiving commands from a remote IP. • 2.27 million users have been affected by the attack.
HIT BY CYBER-ATTACK • One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients. • Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016. • The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”. • The account required only a single password and did not have “two-step“ verification, sources said. • An employee at Deloitte, one of the Big Four accounting firms, fell victim to a fake Facebook account in late 2016.
EQUIFAX DATA BREACH • The credit-reporting agency Equifax disclosed, information including the Social Security numbers of 143 million consumers was potentially compromised. • Equifax said its breach includes “names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.” • “It’s one of the worst hacks imaginable," says Dan Guido, CEO of the cybersecurity firm. DATA BREACH
HACK THE TOR BROWSER • Zerodium is a hacking company that sells exploits to governments around the world. • Zerodium says the Tor bounty is designed to help its government customers track criminals who use the anonymous browser.
nRansomware
• Malware Hunter Team researchers found a malware called nRansomware. What’s different about this ransomware is that it wants your nude snaps. • “Your computer has been locked. You can only unlock it with the special unlock code,” the message reads in the screenshot. • According to the message, the attackers will sell those pictures on the deep web (it should be dark web). • The malware spreads in the form of an executable called nRansom.exe.
INDIA PLANNING OWN BITCOIN-LIKE CRYPTOCURRENCY: LAKSHMI COIN • According to the Economic Times, RBI is planning to get in the cryptocurrency business with Lakshmi Coin which can be assumed as their version of Bitcoin. • If made possible, Lakshmi Coin could become a digital currency alternative in India and also contribute to a new Blockchain.
EXPENSIVEWALL : AN ANDROID MALWARE • Founded in an app named “lovely wallpaper”. • Over 50+ apps had been removed which are affected by it. • Uses a obfuscation technique called “Packed”. What is the risk? • This malware family has been downloaded between 5 million to 21 million times • A similar malware could be easily modified to use the same infrastructure in order to capture pictures, record audio, and even steal sensitive data and send the data to a command and control (C&C) server.
BLUEBORNE – NEW ATTACK VECTOR • An attack vector by which hacker can leverage Bluetooth and can take complete control over targeted devices. • Eight more zero day vulnerabilities are disclosed by armis labs. WHAT IS THE RISK? • Currently 8.2 billion active Bluetooth devices in world. • Its malware behavior • May result in a botnet bigger then mirai botnet.
VULNERABILITIES 1. Linux kernel RCE vulnerability - CVE-017-1000251 2. Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017- 1000250 3. Android information Leak vulnerability - CVE-2017-0785 4. Android RCE vulnerability #1 – CVE-2017-0781 5. Android RCE vulnerability #2 - CVE-2017-0782 6. The Bluetooth Pineapple in Android – Logical Flaw CVE-2017-0783 7. The Bluetooth Pineapple in Windows – Logical Flaw CVE-2017-8628 8. Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315
YAHOO SAYS ALL THREE BILLION ACCOUNTS HACKED IN 2013 • Yahoo said last December that data from more than 1 billion accounts was compromised in 2013. • Verizon said in a statement “That every single customer account affected by the August 2013 theft." • Names, email addresses and passwords, but not financial information, were breached, Yahoo said last year.
BIBLIOGRAPHY • https://www.theverge.com/2017/9/18/16325202/ccleaner-hack-malware-security • https://thenextweb.com/security/2017/09/18/ccleaner-hacked-malware-distribute/#.tnw_1bA7RzPh • https://www.theregister.co.uk/2017/09/25/deloitte_email_breach/ • https://www.forbes.com/sites/thomasbrewster/2017/10/05/facebook-fake-hacks-deloitte-employee-iran-cyber- spies-suspected/ • http://www.businessinsider.in/Equifax-says-2-5-million-more-people-might-have-been-affected-by-the-hack-than- previously-thought/articleshow/60917670.cms • https://zerodium.com/tor.html • https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-googleplay-will-hit-wallet/ • https://fossbytes.com/ransomware-wants-nudes-unlock-pc/ • https://fossbytes.com/india-cryptocurrency-lakshmi-coin/ • https://www.armis.com/blueborne/ • https://www.armis.com/blueborne/#foobox-3/0/U7mWeKhd_-A • https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-googleplay-will-hit-wallet/ • http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html
NewsByte Mumbai October 2017

Recommandé

DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET Sukhdeep Singh Sandhu
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd n|u - The Open Security Community
 
Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Apurv Singh Gautam
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Null hyderabad - October Newsbytes
Null hyderabad - October NewsbytesNull hyderabad - October Newsbytes
Null hyderabad - October Newsbytesn|u - The Open Security Community
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crimeSMSumon8
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismRichard Stiennon
 

Recommandé

DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET Sukhdeep Singh Sandhu
 
NewsBytes - Nullhyd
NewsBytes - Nullhyd NewsBytes - Nullhyd
NewsBytes - Nullhyd n|u - The Open Security Community
 
Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Apurv Singh Gautam
 
Cyber Security
Cyber SecurityCyber Security
Cyber Securityfrcarlson
 
Null hyderabad - October Newsbytes
Null hyderabad - October NewsbytesNull hyderabad - October Newsbytes
Null hyderabad - October Newsbytesn|u - The Open Security Community
 
Presentation on cyber crime
Presentation on cyber crimePresentation on cyber crime
Presentation on cyber crimeSMSumon8
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismRichard Stiennon
 
David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
 
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwareUpwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwarePriyanka Aash
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
News Bytes - December 2012
News Bytes - December 2012News Bytes - December 2012
News Bytes - December 2012n|u - The Open Security Community
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreInMobi Technology
 
LiPari_Assignment8
LiPari_Assignment8LiPari_Assignment8
LiPari_Assignment8Phillip LiPari
 
Newsbyte
NewsbyteNewsbyte
NewsbyteCHETAN THAKRE
 
News Bytes
News BytesNews Bytes
News BytesMegha Sahu
 
Building an Android Scale Incident Response Process
Building an Android Scale Incident Response ProcessBuilding an Android Scale Incident Response Process
Building an Android Scale Incident Response ProcessPriyanka Aash
 
2014 information technology threat predictions
2014 information technology threat predictions2014 information technology threat predictions
2014 information technology threat predictionsPrayukth K V
 
R1 - Slides
R1 - SlidesR1 - Slides
R1 - SlidesezSec
 
Nanu
NanuNanu
Nanupiyushu90
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015n|u - The Open Security Community
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Novprashsiv
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomwareCharles Steve
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Parag Deodhar
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...ForgeRock
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 
Internet Security
Internet SecurityInternet Security
Internet SecurityPeter R. Egli
 
The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 

Contenu connexe

Tendances

David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwarePro Mrkt
 
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwareUpwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwarePriyanka Aash
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyb coatesworth
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreInMobi Technology
 
Building an Android Scale Incident Response Process
Building an Android Scale Incident Response ProcessBuilding an Android Scale Incident Response Process
Building an Android Scale Incident Response ProcessPriyanka Aash
 
2014 information technology threat predictions
2014 information technology threat predictions2014 information technology threat predictions
2014 information technology threat predictionsPrayukth K V
 
R1 - Slides
R1 - SlidesR1 - Slides
R1 - SlidesezSec
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Novprashsiv
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomwareCharles Steve
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Parag Deodhar
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...ForgeRock
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Andrew Morris
 

Tendances (20)

David Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer MalwareDavid Emm | The What, How, Who and Why of Computer Malware
David Emm | The What, How, Who and Why of Computer Malware
 
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile MalwareUpwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
Upwardly Mobile: Looking at Evolving Cybercrime Tactics in Mobile Malware
 
Cyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spyCyber espionage - Tinker, taylor, soldier, spy
Cyber espionage - Tinker, taylor, soldier, spy
 
News Bytes - December 2012
News Bytes - December 2012News Bytes - December 2012
News Bytes - December 2012
 
Security News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet BangaloreSecurity News Bytes Null Dec Meet Bangalore
Security News Bytes Null Dec Meet Bangalore
 
LiPari_Assignment8
LiPari_Assignment8LiPari_Assignment8
LiPari_Assignment8
 
Newsbyte
NewsbyteNewsbyte
Newsbyte
 
News Bytes
News BytesNews Bytes
News Bytes
 
Building an Android Scale Incident Response Process
Building an Android Scale Incident Response ProcessBuilding an Android Scale Incident Response Process
Building an Android Scale Incident Response Process
 
2014 information technology threat predictions
2014 information technology threat predictions2014 information technology threat predictions
2014 information technology threat predictions
 
R1 - Slides
R1 - SlidesR1 - Slides
R1 - Slides
 
Nanu
NanuNanu
Nanu
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Nov
 
Evolution of ransomware
Evolution of ransomwareEvolution of ransomware
Evolution of ransomware
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
 
Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function Cyber Crime - How New Age Criminals Function
Cyber Crime - How New Age Criminals Function
 
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...Using Network Security and Identity Management to Empower CISOs Today: The Ca...
Using Network Security and Identity Management to Empower CISOs Today: The Ca...
 
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
Staying Ahead of Internet Background Exploitation - Microsoft BlueHat Israel ...
 
Internet Security
Internet SecurityInternet Security
Internet Security
 

Similaire à NewsByte Mumbai October 2017

The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityAVG Technologies AU
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec Technology and Consulting
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52Felipe Prado
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityIRJET Journal
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Jay Beale
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in MaySathish Kumar K
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalZscaler
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal Jaskaran Narula
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingMuhammad FAHAD
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing BotBellaj Badr
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptschwarz10
 

Similaire à NewsByte Mumbai October 2017 (20)

The Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our CommunityThe Endless Wave of Online Threats - Protecting our Community
The Endless Wave of Online Threats - Protecting our Community
 
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updatesBriskinfosec - Threatsploit Report Augest 2021- Cyber security updates
Briskinfosec - Threatsploit Report Augest 2021- Cyber security updates
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
News Bytes - May 2015
News Bytes - May 2015News Bytes - May 2015
News Bytes - May 2015
 
Insecure magazine - 52
Insecure magazine - 52Insecure magazine - 52
Insecure magazine - 52
 
News Bytes June 2012
News Bytes June 2012News Bytes June 2012
News Bytes June 2012
 
A Review Paper on Cyber-Security
A Review Paper on Cyber-SecurityA Review Paper on Cyber-Security
A Review Paper on Cyber-Security
 
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
Crypto-Jacking, Ransomware & Worming Malware's Frightening Future (Keynote an...
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in May
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
Ransomware webinar may 2016 final version external
Ransomware webinar may 2016 final version externalRansomware webinar may 2016 final version external
Ransomware webinar may 2016 final version external
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal
 
Cyber crime
Cyber crimeCyber crime
Cyber crime
 
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary ReadingThe Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
The Cyber Kill Chain. 7 Stages of Cyber Kill Chain Supplementary Reading
 
Ransomware ly
Ransomware lyRansomware ly
Ransomware ly
 
beware of Thing Bot
beware of Thing Botbeware of Thing Bot
beware of Thing Bot
 
Cyber ppt
Cyber pptCyber ppt
Cyber ppt
 
DEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.pptDEVSECOPS_the_beginning.ppt
DEVSECOPS_the_beginning.ppt
 
Unit-3.pptx
Unit-3.pptxUnit-3.pptx
Unit-3.pptx
 
Brooks18
Brooks18Brooks18
Brooks18
 

Dernier

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024Rafal Los
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfEnterprise Knowledge
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdfChristopherTHyatt
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfhans926745
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)Gabriella Davis
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerThousandEyes
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century educationjfdjdjcjdnsjd
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Scriptwesley chun
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationSafe Software
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEarley Information Science
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slidevu2urc
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherRemote DBA Services
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdfhans926745
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...apidays
 

Dernier (20)

The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024The 7 Things I Know About Cyber Security After 25 Years | April 2024
The 7 Things I Know About Cyber Security After 25 Years | April 2024
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdfThe Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
The Role of Taxonomy and Ontology in Semantic Layers - Heather Hedden.pdf
 
Evaluating the top large language models.pdf
Evaluating the top large language models.pdfEvaluating the top large language models.pdf
Evaluating the top large language models.pdf
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
Tech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdfTech Trends Report 2024 Future Today Institute.pdf
Tech Trends Report 2024 Future Today Institute.pdf
 
A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)A Domino Admins Adventures (Engage 2024)
A Domino Admins Adventures (Engage 2024)
 
How to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected WorkerHow to Troubleshoot Apps for the Modern Connected Worker
How to Troubleshoot Apps for the Modern Connected Worker
 
presentation ICT roal in 21st century education
presentation ICT roal in 21st century educationpresentation ICT roal in 21st century education
presentation ICT roal in 21st century education
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
Automating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps ScriptAutomating Google Workspace (GWS) & more with Apps Script
Automating Google Workspace (GWS) & more with Apps Script
 
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time AutomationFrom Event to Action: Accelerate Your Decision Making with Real-Time Automation
From Event to Action: Accelerate Your Decision Making with Real-Time Automation
 
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptxEIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
EIS-Webinar-Prompt-Knowledge-Eng-2024-04-08.pptx
 
Histor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slideHistor y of HAM Radio presentation slide
Histor y of HAM Radio presentation slide
 
Strategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a FresherStrategies for Landing an Oracle DBA Job as a Fresher
Strategies for Landing an Oracle DBA Job as a Fresher
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf[2024]Digital Global Overview Report 2024 Meltwater.pdf
[2024]Digital Global Overview Report 2024 Meltwater.pdf
 
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
Apidays Singapore 2024 - Building Digital Trust in a Digital Economy by Veron...
 

NewsByte Mumbai October 2017

  • 1. Null – An Open Security Community NEWS BYTE BY ANAND CHAUHAN n|u
  • 2. SOMETHING ABOUT ME:- • A Cyber Security Enthusiast. • A Cyber Security Learner • Interested In Web App And Forensics. Twitter Handle @chauhananand17
  • 3. OVERVIEW • CCleaner Hacked • Deloitte hit by cyber-attack • Equifax Data Breach • Hack The Tor Browser • nRansomware • India Planning Its Own Bitcoin-Like Cryptocurrency: Lakshmi Coin • Expensivewall • BlueBorne – New Attack Vector • Yahoo says all three billion accounts hacked in 2013
  • 4. CCLEANER HACKED • Piriform’s VP of Products Paul Yung revealed that the company spotted a security breach in CCleaner 5.33.6162 and CCleaner Cloud. • A two-stage backdoor was inserted in the CCleaner.exe binary which was capable of remote code execution after receiving commands from a remote IP. • 2.27 million users have been affected by the attack.
  • 5. HIT BY CYBER-ATTACK • One of the world’s “big four” accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients. • Deloitte discovered the hack in March this year, but it is believed the attackers may have had access to its systems since October or November 2016. • The hacker compromised the firm’s global email server through an “administrator’s account” that, in theory, gave them privileged, unrestricted “access to all areas”. • The account required only a single password and did not have “two-step“ verification, sources said. • An employee at Deloitte, one of the Big Four accounting firms, fell victim to a fake Facebook account in late 2016.
  • 6. EQUIFAX DATA BREACH • The credit-reporting agency Equifax disclosed, information including the Social Security numbers of 143 million consumers was potentially compromised. • Equifax said its breach includes “names, Social Security numbers, birth dates, addresses and, in some instances, driver’s license numbers.” • “It’s one of the worst hacks imaginable," says Dan Guido, CEO of the cybersecurity firm. DATA BREACH
  • 7. HACK THE TOR BROWSER • Zerodium is a hacking company that sells exploits to governments around the world. • Zerodium says the Tor bounty is designed to help its government customers track criminals who use the anonymous browser.
  • 9. • Malware Hunter Team researchers found a malware called nRansomware. What’s different about this ransomware is that it wants your nude snaps. • “Your computer has been locked. You can only unlock it with the special unlock code,” the message reads in the screenshot. • According to the message, the attackers will sell those pictures on the deep web (it should be dark web). • The malware spreads in the form of an executable called nRansom.exe.
  • 10. INDIA PLANNING OWN BITCOIN-LIKE CRYPTOCURRENCY: LAKSHMI COIN • According to the Economic Times, RBI is planning to get in the cryptocurrency business with Lakshmi Coin which can be assumed as their version of Bitcoin. • If made possible, Lakshmi Coin could become a digital currency alternative in India and also contribute to a new Blockchain.
  • 11. EXPENSIVEWALL : AN ANDROID MALWARE • Founded in an app named “lovely wallpaper”. • Over 50+ apps had been removed which are affected by it. • Uses a obfuscation technique called “Packed”. What is the risk? • This malware family has been downloaded between 5 million to 21 million times • A similar malware could be easily modified to use the same infrastructure in order to capture pictures, record audio, and even steal sensitive data and send the data to a command and control (C&C) server.
  • 12. BLUEBORNE – NEW ATTACK VECTOR • An attack vector by which hacker can leverage Bluetooth and can take complete control over targeted devices. • Eight more zero day vulnerabilities are disclosed by armis labs. WHAT IS THE RISK? • Currently 8.2 billion active Bluetooth devices in world. • Its malware behavior • May result in a botnet bigger then mirai botnet.
  • 13. VULNERABILITIES 1. Linux kernel RCE vulnerability - CVE-017-1000251 2. Linux Bluetooth stack (BlueZ) information Leak vulnerability - CVE-2017- 1000250 3. Android information Leak vulnerability - CVE-2017-0785 4. Android RCE vulnerability #1 – CVE-2017-0781 5. Android RCE vulnerability #2 - CVE-2017-0782 6. The Bluetooth Pineapple in Android – Logical Flaw CVE-2017-0783 7. The Bluetooth Pineapple in Windows – Logical Flaw CVE-2017-8628 8. Apple Low Energy Audio Protocol RCE vulnerability - CVE-2017-14315
  • 14. YAHOO SAYS ALL THREE BILLION ACCOUNTS HACKED IN 2013 • Yahoo said last December that data from more than 1 billion accounts was compromised in 2013. • Verizon said in a statement “That every single customer account affected by the August 2013 theft." • Names, email addresses and passwords, but not financial information, were breached, Yahoo said last year.
  • 15. BIBLIOGRAPHY • https://www.theverge.com/2017/9/18/16325202/ccleaner-hack-malware-security • https://thenextweb.com/security/2017/09/18/ccleaner-hacked-malware-distribute/#.tnw_1bA7RzPh • https://www.theregister.co.uk/2017/09/25/deloitte_email_breach/ • https://www.forbes.com/sites/thomasbrewster/2017/10/05/facebook-fake-hacks-deloitte-employee-iran-cyber- spies-suspected/ • http://www.businessinsider.in/Equifax-says-2-5-million-more-people-might-have-been-affected-by-the-hack-than- previously-thought/articleshow/60917670.cms • https://zerodium.com/tor.html • https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-googleplay-will-hit-wallet/ • https://fossbytes.com/ransomware-wants-nudes-unlock-pc/ • https://fossbytes.com/india-cryptocurrency-lakshmi-coin/ • https://www.armis.com/blueborne/ • https://www.armis.com/blueborne/#foobox-3/0/U7mWeKhd_-A • https://blog.checkpoint.com/2017/09/14/expensivewall-dangerous-packed-malware-googleplay-will-hit-wallet/ • http://money.cnn.com/2017/10/03/technology/business/yahoo-breach-3-billion-accounts/index.html