Cybersecurity is paramount for any business in the digital age. Organizations are trying hard and spending millions of dollars in keeping themselves secure from any cybersecurity breach in their information systems. The cyber incidents take place every day causing significant loss to not only the reputation of the enterprise but also results in financial losses and regulatory issues. Let’s have a look into some of the most widely discusses cyber security incidents and news in cyberspace in recent last week.
Google Patches Critical Remote Code-Execution (RCE) Bugs In Its Latest Android Security Updates
In its most recent Android security update, Google has updated some critical Remote Code-Execution (RCE) security vulnerabilities that might affect the Android devices including the one which could open the backdoor for an attacker on the Media framework of Android operating system. These vulnerabilities can result in enabling a malicious application to bypass users interaction requirements to escalate the access privileges.
If you use an Android device, then you’re highly encouraged to update your android operating system with the latest update. Keep the option on to download updates automatically.
QakBot(Or Also Known As Qbot): A Trojan Malware’s Reincarnation
QakBot has been a famous malware for almost a decade now which was explicitly developed to steal user’s login credentials and eventually to get access to their bank accounts. As per few security researchers and analysts, QakBot has reinvented itself in a new, evolved from and with new obfuscation techniques that are said to be harder for traditional anti-virus software to identify and remove the trojan.
Users and organisations can prevent and protect themselves from a trojan like QakBot by using Advanced Malware Protection (AMP) tools which can detect malicious activities associated with the malware, devices such as Next-Generation firewall (NGFW), Next-Generation Intrusions prevention system (NGIPS).
Theft Of 7000 Bitcoins, Crypt Exchanges, Loses Around $40.8 Billion.
Binance, which is believed to operate the world’s largest cryptocurrency exchange has recently become the victim of a large scale cyber fraud which resulted in the theft of 700 Bitcoins. This is important to note that by using a variety of phishing techniques, the hackers were able to affect numerous accounts on Binance platform. The exchange compromised around 2 per cent of the total holdings of Binance, which is a significant percentage.
Binance is compensating victims with their “Security Asset Funds for Users” or also known as ‘SAFU’. Also, there are other crypto exchanges supporting the affected users through the process of blacklisting the addresses to the fiat based exchanges (a common place for stolen finance) they were transferred. The attack is so far the largest crypto heists of the year 2019 involving digital currencies.
Interestingly what is generally considered as the most reliable security controls such as secure API, 2FA (Two-Factor Authentication), and other security measures were exploited by the hackers during this incident.
AI-Driven Malware Created By Researchers To Alarm About Data Poisoning Attacks
Artificial Intelligence or AI has become much more than the realm of science fiction movies we are used to watching. AI is now something that we see and interact with on a regular basis in our day to day life.
With the advent of artificial intelligence, cybercriminals have also indulged in learning AI and Machine Learning. AI, when combined with malware can create a challenging breed of evasive malware. It unleashes its malicious action as soon as the AI model identifies the target through indicators like facial recognition, geolocation and voice recognition etc.
For example, Data Poisoning is a real threat which could manipulate, corrupt and the entire medical intelligence of the hospital’s information system. The AI Malware can create fake scan images which can be used to treat a healthy patient with radiation or can send an early stage patient home.
Data Of 1.6 Million Subscribers Left Accessible To The Public: AMC Networks
A security researcher is said to have discovered that American entertainment company AMC Networks had inadvertently exposed records of more than 1.6 million subscribers to its services.
The exposed database consisted of email addresses, names, and details about their subscription emails. This personal information was left accessible for the breach to the public. The database also encompassed video analytics data with the earlier mentioned records.
The information was intended for use by the users but was accidentally left to be accessed by everyone.
Data Breach Affected 1.5 Million Freedom Mobile Users
Due to a technical glitch, the Canadian wireless telecommunications provider, Freedom mobile’s server exposed five million logs with customer data. This customer data contains highly sensitive information about individuals who took mortgages over the past decade.
Security Researchers Noah Rotem and Ran Locar from vpnmentor stated that the server was left online without any password protection leading to a data breach of 1.5 million user data. The researchers also added that it took them one week to report the issue to the owner of the server.
Interestingly as per company’s internal investigations, the breach began on March 25 and affected data that is processed by an external third-party vendor, Apptium Technologies. This incident once again highlights the Cybersecurity risks around hiring third-party vendors or services.
Online Education Platform Wyzant Suffers A Data Breach
An Anomaly was noticed on 02 May 2019 on the Wyzant server. This online platform provides one on one tutorial service in hundreds of subjects. This anomaly was further investigated which led to findings of a security breach by a cyber attacker on 27th April 2019. The stolen information includes personally identifiable information of users. It is still unknown about the number of users being affected by this breach.
Reportedly the customer’s personal identification information (PII) that was stolen includes their first name, last name, email and, and also in some cases customer’s Facebook profile image as well who had opted to log-in to the company’s website using Facebook.
Hacker Crypto Mining Groups Fighting Over Cloud-Based Linux Servers
Crypto jacking is a new threat facing organizations as crypto mining industry grows at a faster pace and so the competition in mining companies.
Two crypto mining hackers groups are fighting to mine cryptocurrency through taking control over Cloud-based Linux servers. Both groups are working on mass-based scan operations, and they look for open or unpatched cloud services. These crypto groups now target cloud-based technologies such as Docker and Kubernetes so that they can use cloud-based computational resources to effectively mine cryptocurrencies.
The fight is significant as the attackers are trying to exploit the vulnerabilities in the software running on cloud servers and then try to infest these servers with multi-functional Linux based malware.
Cybersecurity experts claim that this malware could belong to one of the most active malware categories.
- AMC accidentally exposed data on 1.6 million subscribers (By A. J. Dellinger, Date-03 May 2019)
- Hackers Steal 7000 BTC from Binance in Biggest Attack of 2019 (By Arnob Shome, Date- May 8th, 2019.)
- From drone swarms to modified E. Coli: say hello to a new wave of cyberattacks (By Eleonore Pauwels, Date – 01 May 2019)
- Wyzant online tutoring platform suffers data breach (By Charlie Obsorne, Date – 07 May 2019)
- Two crypto-mining groups are fighting a turf war over unsecured Linux servers (By Catalin Cimpanu, Date – 10 May 2019)
- Data breach affects over 1.5 million Freedom Mobile users(By CISOMAG, Date 09 May 2019)