The document provides a summary of recent cybersecurity news stories:
- Support for Windows XP will end in April 2014, though some ATMs will have until 2016 due to a special embedded version of XP.
- An Israeli startup called SlickLogin uses sounds from smartphones for identity verification as a password replacement or two-factor authentication.
- Hackers accessed a HVAC company's system to breach Target and steal credit card info from 40 million customers between November and December 2013.
- The search engine Shodan now has a map feature to browse internet-connected devices, finding over 500 million per month.
2. From April 8 2014, technical
assistance for Windows XP will
no longer be available, including
automatic updates.
2.2 million ATMs worldwide, 95%
of them still using Win XP.
A bit of a reprieve: ATMs using
Windows XP Embedded, support
lasts until early 2016.
Support is ending soon!!
3. An Israeli security startup that uses
smartphones & high-frequency
sounds for identity verification.
A password replacement or Two-
Factor authentication layer on top of
traditional password.
The Idea : Visit SlickLogin enabled
site, tap login button, hold your
phone close to laptop & Your IN..!!!
How it works: Uses protocols to
verify your phone’s position (Wi-Fi,
NFC, GPS, Bluetooth)
SlickLogin joins Google
4. Entry into the system was through a refrigeration, heating &
cooling company in Pennsylvania.
Large retail operations have a team that routinely monitors
energy consumption & temperatures in stores to save on costs.
To support this solution, vendors need to be able to remote into
the system .
Target estimates say that the breach exposed approx 40 million
debit and credit card accounts between Nov. 27 & Dec. 15, 2013.
“Target” Hackers broke in through
HVAC Vendor
5. Sentient Hyper-Optimized Data Access
Network, is the "Google for hackers."
A search engine for servers, routers, load
balancers, PCs & collects info on over 500
million devices every month.
Identifies by scanning the Internet for
ports typically associated with HTTP, FTP,
SSH and Telnet.
A new way to browse the Shodan in the
form of an add-on: “Shodan Maps."
Scariest Search Engine on the
Internet Just Got Scarier…
6. Tinder connects to Facebook profiles
& offers matches based on proximity
A vulnerability allowed the attacker to
potentially pinpoint the exact location
to within 100 feet.
Using GPS data collected by
Smartphone, one could determine a
user’s location (latitude, longitude)
simply by entering a member's Tinder
identification number.
Tinder App Allowed Users to
Precisely Locate Others
7. Brought key decision makers and
thought leaders from the industry
and government.
Well known for its speakers & talks
where new vulnerabilities are
responsibly disclosed along with
their prevention mechanisms.
Highlights of Nullcon 2014 include:
Nullcon BlackShield, Nullcon Ammo,
Nullcon 2014 Exhibition, Nullcon Job
Fair, Nullcon Training
India's most popular security
conference returns for the fifth year
8. Two security researchers developed a home-made
gadget called 'CAN Hacking Tools (CHT)’
Capable to give away the entire control of your car to an attacker from
windows & headlights to its steering & brakes.
Device uses the Controller Area Network (CAN) ports that are built into cars
for computer-system checks.
Injecting a malicious code to CAN ports allows to send wireless commands
remotely from a computer.
Hacking a Car remotely with iPhone
sized Device
9. Security researchers at the University of Liverpool, Britain have
demonstrated a WiFi virus that can spread between computer networks.
Named as 'Chameleon', it self-propagates over WiFi networks from AP to
AP but doesn’t affect working of AP.
POC: Replaces the firmware of the vulnerable (AP) with a virus-loaded
version Propagates to next victim in network
Research shows that this kind of attack is undetectable to any Antivirus
and Wireless Intrusion Detection System (IDS).
However, this is created for demo purpose in research lab only.
Chameleon virus that spreads
across Wi-Fi APs
10. Hacker gained access to thousands of
passports of law enforcement and
military officials.
EC-Council says its servers have not
been compromised.
Domain redirection was done at the
DNS Registrar & traffic was re-routed
from Authentic EC-Council Servers to a
Host in Finland known for hosting
other illegal websites.
EC-Council Web Site Hacked, Defaced
11. 3 Lakh Android devices infected by
Premium SMS sending malware
Panda Labs has identified malicious Android apps that sign up users for
Premium SMS services without their permission.
Four malicious apps found free in the app store : "Easy Hairdos", "Abs Diets",
"Workout Routines" and "Cupcake Recipes”.
App gets phone number of the device, connects to a webpage and registers
to premium service.
Average scammed user gets charged $20 by these apps &
around 300,000 plus users downloaded them. Scammers have
made $6 million from unsuspecting users.