newsbyte by aishwarya iyer
TRANSCRIPT
NewsBytes -Aishwarya Iyer
Graduate from Mumbai University
Interested in Programming and Information Security
Pursuing certification course in core java followed by advanced java.
Serious TCP/IP Bug allows traffic Hijacking
Hitler Ransomware
Australia online census shutdown after
cyber attacks
Data Breach at Oracle’s MICROS Point-of-Sale
Miscellaneous
//OVERVIEW:
o Vulnerability in TCP implementation in Linux version 3.6
o Can affect many linux devices, embedded computers, mobile phones etc..
o Can be done by anyone in the world if attack machine allows IP spoofing
//Vulnerability
o Allows blind off-path attacker to infer between 2 hosts communicating on TCP
o Leading to connection termination and data injection
o TCP assembles data in a series of data packets identified by Sequence numbers
o Side-channel attack
o an attacker with spoofed IP address does not need a man-in-the-middle (MITM) position
//However the good news is…..
Patches have been developed and distributed for the current linux Kernel.
//Technical Analysis
o Main executable is a batch file with other bundled apps
o Removes all extensions for files under various folders like %UserProfile%/Desktop etc..
o 3 files are extracted: chrst.exe, erOne.vbs, firefox32.exe and copied to %temp%
//Lastly
It will look for any processes named taskmgr, cmd etc,, and terminate it
//Overview
o Australian census every 5 years
o As they headed to the website, a series of DOS attacks took place
o “It was an attack from the overseas” – David Kalisch,ABS
//Furtunately but,
o PM-Malcolm Turnbull-”no data has been compromised”
o ABS- data is secure
o Kalisch-Data is encrypted and in the ABS and noone else has it
//Simple Drawbacks
o Embarrassment to Australian Government
o Labor opposition-”Worst run census in the history of Australia”
o Mass-discontent
//Overview
o Breached 100’s of security systems at Oracle
o Compromised customer support portal
MICROS:
o Top 3 POS vendors globallly
o Oracle-”detected and addressed malicious code in some legacy systems”
o Size and scope of attack unclear
o 700 security Systems infected
//Whois???
o 2 security researchers pointed out
Carbanak Gang:
• Russian
• Known to have stolen 1 billion$ from banks, retailer firms etc..
//Oracle
o Forced password Reset
o Attackers failed to grasp enormity of access
o Pokemon Go! Creator’s twitter Hacked!!
o Microsoft accidently leaks backdoor keys to bypass UEFI secure boot
o O2 confirms USBs distributed in marketing campaign contain virus
o Fake Windows Activation is actually a ransomware Trojan
o http://thehackernews.com/2016/08/linux-tcp-packet-hacking.html
o http://www.bleepingcomputer.com/news/security/development-version-of-the-hitler-ransomware-discovered/
o http://www.securityweek.com/australia-online-census-shutdown-after-cyber-attacks?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Securityweek+(SecurityWeek+RSS+Feed)
o https://www.facebook.com/ethicalhackingnewsandtutorials/?notif_t=notify_me_page¬if_id=1470887131517196
o https://www.facebook.com/InfoSecInstitute/?fref=ts
o http://cyberwarzone.com/fake-windows-activation-actually-ransomware-trojan/
o www.scmagazine.com/o2-confirms-usbs-distributed-in-marketing-campaign-contain-virus/article/514719/
