newsbytes_nullhyd_dec
TRANSCRIPT
12 million office/home routers vulnerable to ‘Misfortune Cookie’
attacks
• The Misfortune Cookie vulnerability is due to an error within the
HTTP cookie management
• They further added that, all an attacker has to do is to send a
specially crafted HTTP cookie to the public IP address of the
device and take over total control of the network.
• No hacking tools required, just a simple modern browser.
Critical Git Client vulnerability Allows Malicious Remote
Code Execution
Developers running the open source Git code-repository
software and tools, like GitHub, on Mac OS X and
Windows computers are highly being recommended to install a security update
An attacker can craft a malicious Git tree that will cause
Git to overwrite its own .git/config file when cloning or
checking out a repository, leading to arbitrary
command execution in the client machine,
Git version 2.2.1 release for further information on the
security fixes.
The Internet Corporation for Assigned Names and Numbers (ICANN) has been hacked by unknown
attackers that allowed them to gain administrative access
to some of the organization's systems, the organization
confirmed.
The attackers used "spear phishing" campaign to target sensitive systems operated by ICANN and sent spoofed
emails disguised as internal ICANN communications to its
staff members.
The link in the emails took the staff to bogus login page,
where they provided their usernames and passwords with
the keys to their work email accounts.
Detroit City Database Hacked
The entire Detroit data base was hacked and
encrypted via a malware.They demanded 2000
bitcoins to Decrypt the data.Since the files are of no
good use to the city the ransom was not paid
Not Compatiable
Back in 2012 malware called Not Compatible was haunting
android devices. Now more powerful than ever the latest version
of NotCompatible.C has its own self protected encryption. Thus
making this program difficult to find and delete. The only way you
can find out is through Manage Applications>Settings. This will
show you that an application by the long name of
(com.andriod.fixed.update) is running. All you need to do is
simply uninstall it.
A Drone That Can Steal What’s on Your Phone
SensePost Information Security created a drone called Snoopy.
The software designed for Snoopy deceives the person connected to it simply
by making the user think that it is a part of the network that already exists
After being a part of the network that is approved like Macy’s and other public
routers. Once in, it is capable of recording data such as pictures, locations,
Facebook information, Twitter details, contact details, usernames, passwords
RedHack Hacks Turkish Power Distribution System & Deletes INR
41,397.24k Debt of Soma region
The famous Turkish hacker team ‘Redhack’ announced hacking
into power administration system and canceling 1.5 million liras
(approx. 650K US dollars) of electricity bills to be paid to Soma
Electricity Production company.
Sony Hack Last month, hackers infiltrated the computer
network of Sony Pictures Entertainment, a major
Hollywood movie studio.
A group calling itself the Guardians of Peace, or GOP, targeted the film studio last month.
There have been suggestions that the attack was retaliation for
a Sony-backed comedy Program “THE INTERVIWE”.
The hackers posted five Sony movies (four unreleased) to file-sharing networks.(Annie,Firy, Mr. Turner,Still Alice and To Write
Love on Her Arms.)
Sony Pictures employees received e-mails from hackers
threatening to harm them and their family members.
Celebrities' Personal Data - like phone numbers,email id.
Release Schedules - a number of files detailed confidential
movie release schedules, both for Sony Pictures and Sony-
owned Columbia Pictures.
Bank Accounts - there are files which contain dozens of bank accounts, both personal and belonging to Sony corporation.
Latest :A draft script for the new James Bond film has been
stolen and leaked by hackers, producers have confirmed.
Anonymous Hacks Swedish Government in Revenge for 'Pirate
Bay' Takedown
The Anonymous group also left a message at the end of the leak:
"Warning: Merry Christmas & a Happy New Year to all!! Bye :*“
hacked into the government email accounts of Israel, India, Brazil,
Argentina, and Mexico, and revealed their email addresses with
passwords in plain-text.
Chrome Plans to Mark All 'HTTP' Traffic as Insecure from 2015
Let’s Encrypt — A Certificate Authority to Provide Free SSL
Certificates for Entire Web
'SoakSoak' Malware Compromises 100,000 WordPress
Websites
GCHQ Releases 'Cryptoy' App for Kids to Teach Encryption
Las Vegas Sands' Casino Network hit by Destructive
Malware
The cyber attack occurred on this year’s February but the
details of damages to the casino was not publicized until
Bloomberg Businessweek exposed it in a story on Thursday
The critical zero-day IE vulnerability (CVE-2014-
8967) was discovered by security researcher
Arthur Gerkis of Zero Day Initiative (ZDI) in June this
year.
Microsoft Releases 7 Security Updates
'DeathRing' Chinese Malware Found Pre-Installed On
Several Smartphones
• Counterfeit Samsung GS4/Note II
• A variety of TECNO devices
• Gionee Gpad G1
• Gionee GN708W
• Gionee GN800
• Polytron Rocket S2350
• Hi-Tech Amaze Tab
• Karbonn TA-FONE A34/A37
• Jiayu G4S – Galaxy S4 clones,
• Haier H7
• a i9502+ Samsung clone by an
unspecified manufacturer
Google's reCAPTCHA can tell if You're a Spambot or Human
with Just a Click
Crash Your Friends' WhatsApp Remotely with Just a
Message
Adobe Releases Emergency Flash Player Update to
Address Critical Vulnerability
The critical vulnerability (CVE 2014-8439) in Flash Player for
Windows, Mac and Linux was originally mitigated more
than a month ago in October 14, 2014 patch release, but a
French researcher Kafeine found its exploits in
the Angler and Nuclear malware kits after Adobe released
a patch,