cyber security news articles

hello everyone,
welcome to first episode of "news of the month"
i will make this kind of video at every end of the month.i think,it will help you to stay informed and secure.and if you do not want to wait for whole month for news then you can get weekly news update from https://pctricksandcybersecuritytest.blogspot.in/search/label/NEWS
and i will also share all post on google+ ,so you can also get weekly update from my google+ profile by following me.

click on topic to read whole article

topics of news which i have mentioned in this video are as follows:

1.news Warning — Bitcoin Users Could Be Targeted by State-Sponsored Hackers-

2.Omegle, the Popular 'Chat with Strangers' Service Leaks Your Dirty Chats and Personal Info-

3. Microsoft Open Sources PowerShell; Now Available for Linux and Mac OS X-

4.he NSA Hack — What, When, Where, How, Who & Why-

5. Internet Traffic Hijacking Linux Flaw Affects 80 of Android Devices

6.DDoSCoin New CryptoCurrency Pays Users for Participating in DDoS Attacks-

7.Bitcoin Exchange Offers $3.5 Million Reward for Information of Stolen Bitcoins-

8.New Hack Uses Hard Drive's Noise to Transfer Stolen Data from Air-Gapped Computer-

9.Car Thieves Can Unlock 100 Million Volkswagens With A Simple Wireless Hack-

10.Linux TCP Flaw allows Hackers to Hijack Internet Traffic and Inject Malware Remotely-

11.Blackhat Firm Offers $500,000 for Zero-day iOS Exploit; Double Than Apple’s Highest Bounty-

12.Oops! Microsoft Accidentally Leaks Backdoor Keys to Bypass UEFI Secure Boot-

13.Microsoft Releases 9 Security Updates to Patch 34 Vulnerabilities-

14. 2 Hackers Win Over 1 Million Air Miles each for Reporting Bugs in United Airlines-

15- How Your Computer Monitor Could Be Hacked To Spy On You-

16. Data Breach — Oracle's Micros Payment Systems Hacked-

17.Germany and France declare War on Encryption to Fight Terrorism-

18.Apple releases 'Emergency' Patch after Advanced Spyware Targets Human Rights Activist-

topics of news which i have not mentioned in this video are as follows:

Happy Birthday! LINUX Turns 25 Years Old

First-Ever Ransomware For Smart Thermostat is Here — It's Hot!

Does your WebCam Crash after Windows 10 Anniversary Update? Here’s How to Fix It

Read More

Apple releases 'Emergency' Patch after Advanced Spyware Targets Human Rights Activist

Apple has released iOS 9.3.5 update for iPhones and iPads to patch three zero-day vulnerabilities after a piece of spyware found targeting the iPhone used by a renowned UAE human rights defender, Ahmed Mansoor.

One of the world's most invasive software weapon distributors, called the NSO Group, has been exploiting three zero-day security vulnerabilities in order to spy on dissidents and journalists.

The NSO Group is an Israeli firm that sells spying and surveillance software that secretly tracks a target's mobile phone.

he zero-day exploits have allowed the company to develop sophisticated spyware tools that can access the device location, contacts, texts, calls logs, emails and even microphone.

Apple fixed these three vulnerabilities within ten days after being informed by two security firms, Citizen Lab and Lookout, who conducted a joint investigation.

Background Story: Malware Discovery

Mansoor, 46, ‘Martin Ennals Award’ winner from the United Arab Emirates, received a text message on his iPhone on August 10, from an unknown number.

Mansoor found the message suspicious and knowing that government hackers had already targeted him in the past, he forwarded that message directly to Citizen Lab researcher Bill Marczak.

Citizen Lab brought in Lookout, a San Francisco mobile security company, to help examine the message.

After analyzing the message content, the researchers found that the link led to a sophisticated piece of malware that exploited three different unknown flaws in Apple’s iOS that would have allowed the attackers to get complete control of Mansoor’s iPhone.

Those links, if clicked, "Mansoor’s iPhone would have been turned into a sophisticated bugging device controlled by UAE security agencies," the Citizen Lab explained in a blog post.

"They would have been able to turn on his iPhone’s camera and microphone to record Mansoor and anything nearby, without him being wise about it. They would have been able to log his emails and calls — even those that are encrypted end-to-end. And, of course, they would have been able to track his precise whereabouts."

According to a blog post published by Lookout, the three zero-day flaws, dubbed "Trident" by the firm, involved:

• A memory corruption vulnerability in WebKit that could allow hackers to exploit a device when a user clicks on a malicious link.
• Two kernel bugs (allowing device jailbreak) that an attacker secretly installs malware on victim’s device to carry out surveillance.

Apple released the patch update, iOS 9.3.5, on Thursday, and labeled it "important," advising its users to install the latest version of iOS as soon as possible to protect their devices against these potential security exploits.

You can install the security update over-the-air (OTA) via your iPhone or iPad's settings.

Read More

Germany and France declare War on Encryption to Fight Terrorism

Yet another war on Encryption!

France and Germany are asking the European Union for new laws that would require mobile messaging services to decrypt secure communications on demand and make them available to law enforcement agencies.

French and German interior ministers this week said their governments should be able to access content on encrypted services in order to fight terrorism, the Wall Street Journal reported.

French interior minister Bernard Cazeneuve went on to say that the encrypted messaging apps like Telegram and WhatsApp "constitute a challenge during investigations," making it difficult for law enforcement to conduct surveillance on suspected terrorists.



The proposal calls on the European Commission to draft a law that would "impose obligations on operators who show themselves to be non-cooperative, in particular when it comes to withdrawing illegal content or decrypting messages as part of an investigation."

The proposed laws would force major technology companies including Apple, WhatsApp, Facebook, Telegram, and many others, to build encryption backdoors into their messaging apps.

The European Union has always been a strong supporter of privacy and encryption, but the recent series of terrorist attacks across both France and Germany this summer, including Normandy church attack carried out by two jihadists who reportedly met on Telegram, which made the countries shout for encryption backdoors loudly.

Although the proposal acknowledges encryption to be a critical part in securing communications and financial transactions, it says that solutions must be found to "enable effective investigation" while protecting users’ privacy.

Privacy advocates have been alarmed by the new proposals, as recent NSA hack just recently proved all of us that no system is hack-proof for hackers with right hacking skills and sufficient resources.



So, what happened to the NSA, which is the highly sophisticated intelligence agency of the world, could happen to encrypted messaging services that would feature an encryption backdoor for law enforcement.

The European Commission is believed to come up with new laws on privacy and security for telecom operators this fall, which would include third-party services such as WhatsApp or Telegram.

Read More

Data Breach — Oracle's Micros Payment Systems Hacked

The risks associated with data breaches continue to grow, impacting a variety of industries, tech firms, and social networking platforms. In the past few months, over 1 Billion credentials were dumped online as a result of mega breaches in popular social networks.

Now, Oracle is the latest in the list.

Oracle has confirmed that its MICROS division – which is one of the world's top three point-of-sale (POS) services the company acquired in 2014 – has suffered a security breach.

Hackers had infected hundreds of computers at Oracle's point-of-sale division, infiltrated the support portal used by customers, and potentially accessed sales registers all over the world.

The software giant came to know about the data breach after its staff discovered malicious code on the MICROS customer support portal and certain legacy MICROS systems. Hackers likely installed malware on the troubleshooting portal in order to capture customers' credentials as they logged in.

These usernames and passwords can then be used to access their accounts and remotely control their MICROS point-of-sales terminals.

In a brief letter sent to MICROS customers, Oracle told businesses to change their MICROS account passwords for the MICROS online support site – particularly passwords that are used by MICROS staff to control on-site payment terminals remotely.

"Oracle Security has detected and addressed malicious code in certain legacy MICROS systems," said the company. "Oracle's Corporate network and other cloud and service offerings were not impacted by this code." 

"Payment card data is encrypted both at rest and in transit in the MICROS hosted environment… Consistent with standard security remediation protocols, Oracle [requires] MICROS customers to change the passwords for all MICROS accounts."

Citing unknown sources, security news site KrebsOnSecurity, reported that the attack possibly came from a Russian crime gang, dubbed Carbanak Gang, that has been accused of stealing more than $1 Billion from banks and retailer stores in past hacks. 

The scope of the data breach is still unknown, but anonymous sources familiar with the breach have told Krebs that the hack may have affected up to 700 systems.

Since customers payment data is encrypted both at rest and in transit, Oracle said that this information is not at risk.

Oracle acquired MICROS in 2014 in a $5 Billion acquisition deal. Currently, MICROS devices are deployed at over 330,000 point-of-sale terminals (or cash registers) at food and beverage outlets, retail stores, and hotels across 180 countries.

The software giant is still investigating the security breach at its payment terminal division.

Over the past few years, the security breach has hit POS terminals – or "cash registers" – operated by a large number of retailers, food chains, hotels, and other types of merchants. Two of the best-known victims to be hit by POS malware are Target and Home Depot.

POS terminals have emerged as the favorite target for cybercriminal gangs because when it comes to the cheap and easy way to siphon the vast number of payment cards, breaching a single retailer's internal network could allow criminals to collect Millions of valid payment card numbers in a relatively short amount of time.

Read More

How Your Computer Monitor Could Be Hacked To Spy On You

Just stop believing everything you see on your screen, as it turns out that even your computer monitor can be hacked.

You have seen hackers targeting your computer, smartphone, and tablet, but now, it has been proved that they can even compromise your monitor and turn them against by just changing the pixels displayed on the screen.

Although changing pixels is really hard and complicated, a team of security researchers at this year’s DEF CON says that it is not impossible.

Ang Cui and Jatin Kataria of Red Balloon Security has demonstrated a way to hack directly into the computer that controls monitor to see the pixels displayed on the monitor as well as manipulate the pixels in order to display different images.

How to Hack Computer Monitors?

According to the researchers, an attacker first needs to gain physical access to the monitor's USB or HDMI port which would then help the attacker access the firmware of the display.

The duo said they discovered the hack by reverse-engineering a Dell U2410 monitor, though it was not an easy process, as it took over two years.

In the process, the pair found out that Dell had not implemented any security measures with regard to the process to update the display controller’s firmware, which allowed for this hack.

This means that anyone with malicious intent and access to the monitor’s USB or HDMI port would be able to hijack monitor — which involves injecting malicious firmware with the help of a drive-by attack — as well as manipulate the on-screen pixels.

The researchers developed a working exploit, saying "We can now hack the monitor and you shouldn’t have blind trust in those pixels coming out of your monitor."

How Dangerous could the Monitor Hack possibly be?

Changing a single button could cause a huge amount of damage to the nation. The team gave an example by changing the status-alert light on the control interface of a power plant from Green to Red, which could trick someone into shutting down the power plant.

During their presentation, Cui and Kataria were also able to inject a photo onto a display and add a secure lock icon to the address field of a Web browser.

In one example, the team even demonstrated the ability to change PayPal balance from $0 to $1,000,000,000.

So, hackers do not require to infect your computer with a ransomware infection. If they can hack your monitor, they can manipulate the pixels to display a ransomware message permanently on your screen, demanding payment to remove the message.

This could be a new strain of computer-based Ransoming.

What's even Worse?

The hacker could log the pixels generated by the monitor and effectively spy on the target users.

The pair warns that this issue does not limit to just Dell monitors, but also potentially affects one Billion monitors all over the world, given that all of the most common brands have vulnerable processors.

However, there's a downside to this attack.

This type of attack is pretty easy to detect, as the image on a screen does not load nearly as fast as it would have before being infected.

So it's possibly not the most efficient way to manipulate things quickly on the computers of victims, who are sitting in front of their computers all the time.

But what about industrial control systems monitors, whose displays are mostly static?

Well, if hackers target industrial control console, the attack might be a lot harder to detect. So, stop trusting your monitors, peeps!

Read More