The document provides a summary of recent cybersecurity news stories: - Support for Windows XP will end in April 2014, though some ATMs will have until 2016 due to a special embedded version of XP. - An Israeli startup called SlickLogin uses sounds from smartphones for identity verification as a password replacement or two-factor authentication. - Hackers accessed a HVAC company's system to breach Target and steal credit card info from 40 million customers between November and December 2013. - The search engine Shodan now has a map feature to browse internet-connected devices, finding over 500 million per month.

1. Security NEWS Bytes
Bhavna Kulshrestha

2.  From April 8 2014, technical
assistance for Windows XP will
no longer be available, including
automatic updates.
 2.2 million ATMs worldwide, 95%
of them still using Win XP.
 A bit of a reprieve: ATMs using
Windows XP Embedded, support
lasts until early 2016.
Support is ending soon!!

3.  An Israeli security startup that uses
smartphones & high-frequency
sounds for identity verification.
 A password replacement or Two-
Factor authentication layer on top of
traditional password.
 The Idea : Visit SlickLogin enabled
site, tap login button, hold your
phone close to laptop & Your IN..!!!
 How it works: Uses protocols to
verify your phone’s position (Wi-Fi,
NFC, GPS, Bluetooth)
SlickLogin joins Google

4.  Entry into the system was through a refrigeration, heating &
cooling company in Pennsylvania.
 Large retail operations have a team that routinely monitors
energy consumption & temperatures in stores to save on costs.
 To support this solution, vendors need to be able to remote into
the system .
 Target estimates say that the breach exposed approx 40 million
debit and credit card accounts between Nov. 27 & Dec. 15, 2013.
“Target” Hackers broke in through
HVAC Vendor

5.  Sentient Hyper-Optimized Data Access
Network, is the "Google for hackers."
 A search engine for servers, routers, load
balancers, PCs & collects info on over 500
million devices every month.
 Identifies by scanning the Internet for
ports typically associated with HTTP, FTP,
SSH and Telnet.
 A new way to browse the Shodan in the
form of an add-on: “Shodan Maps."
Scariest Search Engine on the
Internet Just Got Scarier…

6.  Tinder connects to Facebook profiles
& offers matches based on proximity
 A vulnerability allowed the attacker to
potentially pinpoint the exact location
to within 100 feet.
 Using GPS data collected by
Smartphone, one could determine a
user’s location (latitude, longitude)
simply by entering a member's Tinder
identification number.
Tinder App Allowed Users to
Precisely Locate Others

7.  Brought key decision makers and
thought leaders from the industry
and government.
 Well known for its speakers & talks
where new vulnerabilities are
responsibly disclosed along with
their prevention mechanisms.
 Highlights of Nullcon 2014 include:
Nullcon BlackShield, Nullcon Ammo,
Nullcon 2014 Exhibition, Nullcon Job
Fair, Nullcon Training
India's most popular security
conference returns for the fifth year

8.  Two security researchers developed a home-made
gadget called 'CAN Hacking Tools (CHT)’
 Capable to give away the entire control of your car to an attacker from
windows & headlights to its steering & brakes.
 Device uses the Controller Area Network (CAN) ports that are built into cars
for computer-system checks.
 Injecting a malicious code to CAN ports allows to send wireless commands
remotely from a computer.
Hacking a Car remotely with iPhone
sized Device

9.  Security researchers at the University of Liverpool, Britain have
demonstrated a WiFi virus that can spread between computer networks.
 Named as 'Chameleon', it self-propagates over WiFi networks from AP to
AP but doesn’t affect working of AP.
 POC: Replaces the firmware of the vulnerable (AP) with a virus-loaded
version  Propagates to next victim in network
 Research shows that this kind of attack is undetectable to any Antivirus
and Wireless Intrusion Detection System (IDS).
 However, this is created for demo purpose in research lab only.
Chameleon virus that spreads
across Wi-Fi APs

10.  Hacker gained access to thousands of
passports of law enforcement and
military officials.
 EC-Council says its servers have not
been compromised.
 Domain redirection was done at the
DNS Registrar & traffic was re-routed
from Authentic EC-Council Servers to a
Host in Finland known for hosting
other illegal websites.
EC-Council Web Site Hacked, Defaced

11. 3 Lakh Android devices infected by
Premium SMS sending malware
 Panda Labs has identified malicious Android apps that sign up users for
Premium SMS services without their permission.
 Four malicious apps found free in the app store : "Easy Hairdos", "Abs Diets",
"Workout Routines" and "Cupcake Recipes”.
 App gets phone number of the device, connects to a webpage and registers
to premium service.
 Average scammed user gets charged $20 by these apps &
around 300,000 plus users downloaded them. Scammers have
made $6 million from unsuspecting users.

12. Thank You..!!