Just a week into 2018, four cyber attacks already

It’s been a week into 2018, and here we have four major cyber security breaches.

From Aadhaar details getting compromised to fake apps stealing banking data, 2018 has presented us with four large scale cyber attacks which potentially affect millions, even billions of people.

Here’s a quick read of the 4 attacks…….

Aadhaar data access

Just Rs. 500 for unrestricted access to Aadhaar details

Although the authorities have been claiming over the fact that all Aadhaar data is safe and secure despite all the controversies that were going on. All it took was to pay 500 rupees through Paytm and in 10 minutes you would get all the details. The Tribune was the first to report this through their investigation. One of their own journalist anonymously contacted the person who sold the data illegally and bought it to light.

After Rs. 500 was transferred to them via Paytm, they created an ID for the client, which allowed unrestricted access to the Aadhaar portal.

But that’s not all. For another Rs. 300, the racketeers also let the client print Aadhaar cards. They installed software on the client’s computer while accessing it remotely. Once the job was done, they made sure to delete the software drivers completely from the system.

Android.banker.A2f8a

Android trojan steals banking login data

Quick Heal labs recently reported that an Android malware which could steal banking details of 232 banking apps including SBI, Axis Bank, ICICI, HDFC and few crypto-currency apps too.

Known as Android.banker.A2f8a, the malware is being distributed via a fake Flash Player app on third party stores.

It has the potential of stealing personal data, intercepting SMS which contain OTPs, stealing contacts and tricks users into giving up login details.

It uses the android’s screen overlay mechanism and also shows fake notifications of banking apps and tries to capture login data.

Meltdown and Spectre

Researchers find security flaws in modern chips

Researchers with Google’s Project Zero, along with academic and industry researchers, discovered two security flaws in modern microchips which puts almost all phones and computers at risk.

Meltdown affects Intel chips and has the potential to let hackers read the kernel memory and steal passwords.

This led to a raise in competitors market share, but did not last too long.

Spectre a second major chip vulnerability affects Intel, AMD, and ARM chips, lets hackers steal information from apps.

Now all chip manufacturers will have a tough time this year!

Uber app

Fake Uber app steals user’s Uber ID and password

Although Uber did not suffer much, researchers at Symantec discovered a fake Uber app for Android smartphones.

The app shows users a mock-up version of Uber’s service which attempts to steal information by asking for users’ Uber IDs and passwords.

Later, the fake app tried to cover its tracks – it started showing screens of the legitimate Uber app with a user’s location.

DSCI Excellence Award 2017 in Cyber Security Education for Hindustan Institute of Technology and Science

On 14th December the DSCI Excellence Awards 2017 was presented in various disciplines to honor best practices adopted by the industry, exemplary work carried out in the field of security and privacy, and reward visionary leaders.

Hindustan Institute of Technology and Science was nominated under the Category of Excellence in Cyber Security Evangelism and was awarded the Excellence in Cyber Security Education. This was the one academic institution to be honored by DSCI this year.

Dr V Ceronmani Sharmila, Head-Centre for Networking and Cyber Defense, Asst. Prof, School of Computing Sciences and Dr T Sudalai Muthu, Asst Prof, School of Computing Sciences received the award of behalf of HITS and CNCD.

It was really a proud moment for members of Kruptos Security Club and Centre for Networking and Cyber Defense.

MacOS HighSierra “root” vulnerability

On November 28th , Lemi Orhan, an Agile Software Craftsman, tweeted about a bug on MacOS HighSierra which allows anyone have a root access to the computer with the username “root” with a blank password which was later confirmed by Apple.

Tweet Screenshot

Testing this bug on your Computer

If you are testing it on your machine it will have a negative impact, which means it creates a persistent root user account on your Computer. It will have effect on some remotely accessibly services like Remote Desktop. Once this has been enabled on your system, it posses some security impact on your Computer.

Some users on Twitter even claimed the vulnerability can be exploited remotely if VNC or Apple Remote Desktop is enabled.

One of the way to protect yourself against this bug is not to try it on your computer. But if you have already done so, Just the change the root password and also disable remote services through System Preferences > Sharing and disable any of the remote services you’re already using.

You can follow this instructions provided by Apple Support to protect yourself.

Computer Security Day

Computer Security Day is an annual event and is celebrated on the 30th November each year. It is designed to raise awareness and to promote best practices in Information Security.

CNCD at Hindustan Institute of Technology and Scinece celebrated the Computer Security Day by organizing a talk event. Mr. Sam Abraham, CISO, Royal Sundaram General Insurance Co. Limited, Chennai was the speaker of the day.

Students and Staff had an exciting interactive session.

#ksc #cncd #CyberAware