SlideShare a Scribd company logo

Null Mumbai 14th May News bytes by Dhawal Shah

N
nullowaspmumbai

Security News and Events >> Panama Paper Leak >> Qatar National Bank Data Breach >> Investigative summary of Bangladesh Bank Heist >> Other News

Technology
1 of 22
Download to read offline
News Bytes Chapter: Mumbai May,2016 Dhawal Shah
./About_me >> Part of Incident response team at HDFC bank >> Student of M.Tech(Information Security) at KJSCE,Mumbai >> Fields of interest: SOC, SIEM, Computer Forensics
./Agenda >> Panama Papers Leak. >> Qatar National Bank Data Breach >> Investigative summary of Bangladesh Bank Heist. >> Other NEWS
Panama Papers Leak
./Panama_Papers >> 2.6 terabytes of leaked data >> Email Server Hacked >> Vulnerable front end of Website.
./Panama_Papers >> Technical Flaws: – Outlook Web Access login since 2009 and not updated its client login portal since 2013. – Client portal was vulnerable to the DROWN attack. – Drupal open source CMS, was last updated in August 2013 – Drupal had 25 vulnerabilities, including a high-risk SQL injection vulnerability that allows anyone to remotely execute arbitrary commands. – Directory Traversal – WordPress version was three months out of date – Emails were also not encrypted
./Panama_Papers >> Suspected Methodology: – Wordpress Revolution Slider vulnerability – Versions of Revslider all the way up to 3.0.95 are vulnerable to attack.
./Panama_Papers >> Suspected Methodology: – Web server and Mail server were on same network – Web server was not behind a firewall – Sensitive data was accessible though Web Based Portal
./Panama_Papers >> Suspected Methodology: – Exploiting Wordpress Revolution Slider vulnerability – Demo: https://player.vimeo.com/video/161966079
./Panama_Papers >> Suspected Methodology: – Other Possible Vulnerability Exploited: – Two plugins were used in addition to Revolution slider: • WP SMTP plugin – ability to send mail from your website via a mail server – plugin stores email server address and login information in plain text in the WordPress database • ALO EasyMail Newsletter plugin – to receive bounced emails from a mail server and automatically remove those bounced mails from the subscriber list – plugin also stores email server login information in the WordPress database in plain text
./Panama_Papers >> WP SMTP plugin
./Panama_Papers >> ALO EasyMail Newsletter plugin
Qatar National Bank Data Breach
./QNB_Data_leak >> Thousands of bank records, totalling 1.4GB of data >> Uploaded to a file-sharing website called "global- files.net“ >> Consisted of Critical Information – bank credentials. – telephone numbers. – payment card details. >>@bozkurthackers shared an online video claiming responsibility for the breach
./QNB_Data_leak >>Suspected Methodology • Attacker Runs SQLMAP to identify the vulnerability • Webshell was implemented • Lateral movement to compromise rest of the database. • Out of 11, 7database were exposed • The data was arranged into nine various folders, including those named “Al-Jazeera”, “Police Security”, “Defence and etc”, and “Mukhabarat”.
Bangladesh Bank Heist
./Bangladesh_bank_Heist >> resulted in theft from the institutes' Federal Reserve bank account. >>Total Loss incurred $81 million. >>On Feb 5, 2016, Nearly 36 Requests hit Federal Reserve bank using spoofed Bangladesh Bank identity. >>4 requests were got processed resulting in amount of $81 million. >>5th transfer request had typo – error in the beneficiary account name “Shalika Foundation” named as “Fandation”. >>This typo error caught by beneficiary bank ”Deutsche bank” brought eyes on the incident. >>Possible attacked planed was about $950 Million.
./Bangladesh_bank_Heist
./Bangladesh_bank_Heist
./Bangladesh_bank_Heist >> Module Patching
./News >> Encryption Trends – wordpress – Whatsapp – Blackberry – Viber >> Kiddicare Hacked! 794,000 Accounts Leaked >> UserVoice Hacked! Users’ Accounts Breached >> Google Suffers Insider Data Breach >> London Clinic fined £180,000 for Leaking HIV Patients Data >> Ransomware hits various companies.
Discussion… Thank You!!

Recommended

The Panama Papers Hack
The Panama Papers HackThe Panama Papers Hack
The Panama Papers HackLondon School of Cyber Security
 
Panama Papers( leaks) ? The Biggest Financial leaks in History.
Panama Papers( leaks) ? The Biggest Financial leaks in History.Panama Papers( leaks) ? The Biggest Financial leaks in History.
Panama Papers( leaks) ? The Biggest Financial leaks in History.Arslan Haider
 
Panama Papers - The Biggest Financial Leak in History
Panama Papers - The Biggest Financial Leak in HistoryPanama Papers - The Biggest Financial Leak in History
Panama Papers - The Biggest Financial Leak in HistoryStinson
 
Security & Compliance for Startups
Security & Compliance for StartupsSecurity & Compliance for Startups
Security & Compliance for StartupsSymosis Security (Previously C-Level Security)
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityColin English
 

Recommended

The Panama Papers Hack
The Panama Papers HackThe Panama Papers Hack
The Panama Papers HackLondon School of Cyber Security
 
Panama Papers( leaks) ? The Biggest Financial leaks in History.
Panama Papers( leaks) ? The Biggest Financial leaks in History.Panama Papers( leaks) ? The Biggest Financial leaks in History.
Panama Papers( leaks) ? The Biggest Financial leaks in History.Arslan Haider
 
Panama Papers - The Biggest Financial Leak in History
Panama Papers - The Biggest Financial Leak in HistoryPanama Papers - The Biggest Financial Leak in History
Panama Papers - The Biggest Financial Leak in HistoryStinson
 
Security & Compliance for Startups
Security & Compliance for StartupsSecurity & Compliance for Startups
Security & Compliance for StartupsSymosis Security (Previously C-Level Security)
 
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme... هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...
هک پایگاه داده و راهکارهای مقابلهDatabases hacking, safeguards and counterme...M Mehdi Ahmadian
 
Get Ready for Web Application Security Testing
Get Ready for Web Application Security TestingGet Ready for Web Application Security Testing
Get Ready for Web Application Security TestingAlan Kan
 
Solvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSolvay secure application layer v2015 seba
Solvay secure application layer v2015 sebaSebastien Deleersnyder
 
Web Application Security
Web Application SecurityWeb Application Security
Web Application SecurityColin English
 
The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsNetFort
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachIBM Security
 
Cv Jawad Munir
Cv Jawad MunirCv Jawad Munir
Cv Jawad Munirjawad_munir
 
Developing Secure Web Apps
Developing Secure Web AppsDeveloping Secure Web Apps
Developing Secure Web AppsMark Garratt
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awarenessJanagi Kannan
 
Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016Sergey Gordeychik
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxShivamBajaj36
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016Karla Sasser, CPA CITP, CIA, CGMA
 
A Validation Model of Data Input for Web Services
A Validation Model of Data Input for Web ServicesA Validation Model of Data Input for Web Services
A Validation Model of Data Input for Web ServicesRafael Brinhosa
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guideanpapathanasiou
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...Cognizant
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 
Public Auditing for Regenerating Code Based Cloud Storage
Public Auditing for Regenerating Code Based Cloud StoragePublic Auditing for Regenerating Code Based Cloud Storage
Public Auditing for Regenerating Code Based Cloud StorageIRJET Journal
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
 
Based on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfBased on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfarri2009av
 
Penetration testing by Burpsuite
Penetration testing by BurpsuitePenetration testing by Burpsuite
Penetration testing by BurpsuiteAyonDebnathCertified
 
Xxe
XxeXxe
Xxenullowaspmumbai
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 

More Related Content

Similar to Null Mumbai 14th May News bytes by Dhawal Shah

The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?BCS ProSoft
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsNetFort
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachIBM Security
 
Developing Secure Web Apps
Developing Secure Web AppsDeveloping Secure Web Apps
Developing Secure Web AppsMark Garratt
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awarenessJanagi Kannan
 
Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016Sergey Gordeychik
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageAnant Shrivastava
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxShivamBajaj36
 
A Validation Model of Data Input for Web Services
A Validation Model of Data Input for Web ServicesA Validation Model of Data Input for Web Services
A Validation Model of Data Input for Web ServicesRafael Brinhosa
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing BasicsRick Wanner
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)ijceronline
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...Cognizant
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceDulanja Liyanage
 
Public Auditing for Regenerating Code Based Cloud Storage
Public Auditing for Regenerating Code Based Cloud StoragePublic Auditing for Regenerating Code Based Cloud Storage
Public Auditing for Regenerating Code Based Cloud StorageIRJET Journal
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreBlake Carver
 
Based on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfBased on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfarri2009av
 

Similar to Null Mumbai 14th May News bytes by Dhawal Shah (20)

The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?The Notorious 9: Is Your Data Secure in the Cloud?
The Notorious 9: Is Your Data Secure in the Cloud?
 
Finding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analyticsFinding the source of Ransomware - Wire data analytics
Finding the source of Ransomware - Wire data analytics
 
Anatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail BreachAnatomy of an Advanced Retail Breach
Anatomy of an Advanced Retail Breach
 
Cv Jawad Munir
Cv Jawad MunirCv Jawad Munir
Cv Jawad Munir
 
Developing Secure Web Apps
Developing Secure Web AppsDeveloping Secure Web Apps
Developing Secure Web Apps
 
Security risks awareness
Security risks awarenessSecurity risks awareness
Security risks awareness
 
Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016Greater China Cyber Threat Landscape - ISC 2016
Greater China Cyber Threat Landscape - ISC 2016
 
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data LeakageOwasp Mobile Risk Series : M4 : Unintended Data Leakage
Owasp Mobile Risk Series : M4 : Unintended Data Leakage
 
Computer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptxComputer Network Case Study - bajju.pptx
Computer Network Case Study - bajju.pptx
 
User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016User_Access_IIA-LA_3-9-2016
User_Access_IIA-LA_3-9-2016
 
A Validation Model of Data Input for Web Services
A Validation Model of Data Input for Web ServicesA Validation Model of Data Input for Web Services
A Validation Model of Data Input for Web Services
 
Cisa ransomware guide
Cisa ransomware guideCisa ransomware guide
Cisa ransomware guide
 
Penetration Testing Basics
Penetration Testing BasicsPenetration Testing Basics
Penetration Testing Basics
 
International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)International Journal of Computational Engineering Research(IJCER)
International Journal of Computational Engineering Research(IJCER)
 
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...A Multidimensional View of Critical Web Application Security Risks: A Novel '...
A Multidimensional View of Critical Web Application Security Risks: A Novel '...
 
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in CyberspaceColombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
Colombo White Hat Security 3rd Meetup - Recent Trends & Attacks in Cyberspace
 
Public Auditing for Regenerating Code Based Cloud Storage
Public Auditing for Regenerating Code Based Cloud StoragePublic Auditing for Regenerating Code Based Cloud Storage
Public Auditing for Regenerating Code Based Cloud Storage
 
An Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And MoreAn Introduction To IT Security And Privacy - Servers And More
An Introduction To IT Security And Privacy - Servers And More
 
Based on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdfBased on the below and using the 12 categories of threats identify 3 .pdf
Based on the below and using the 12 categories of threats identify 3 .pdf
 
Penetration testing by Burpsuite
Penetration testing by BurpsuitePenetration testing by Burpsuite
Penetration testing by Burpsuite
 

More from nullowaspmumbai

ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics nullowaspmumbai
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management nullowaspmumbai
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniquesnullowaspmumbai
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updatednullowaspmumbai
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning nullowaspmumbai
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool nullowaspmumbai
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsnullowaspmumbai
 

More from nullowaspmumbai (20)

Xxe
XxeXxe
Xxe
 
ELK in Security Analytics
ELK in Security Analytics ELK in Security Analytics
ELK in Security Analytics
 
Switch security
Switch securitySwitch security
Switch security
 
Radio hacking - Part 1
Radio hacking - Part 1 Radio hacking - Part 1
Radio hacking - Part 1
 
How I got my First CVE
How I got my First CVE How I got my First CVE
How I got my First CVE
 
Power forensics
Power forensicsPower forensics
Power forensics
 
Infrastructure security & Incident Management
Infrastructure security & Incident Management Infrastructure security & Incident Management
Infrastructure security & Incident Management
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Internet censorship circumvention techniques
Internet censorship circumvention techniquesInternet censorship circumvention techniques
Internet censorship circumvention techniques
 
How i got my first cve
How i got my first cveHow i got my first cve
How i got my first cve
 
Adversarial machine learning updated
Adversarial machine learning updatedAdversarial machine learning updated
Adversarial machine learning updated
 
Commix
Commix Commix
Commix
 
Adversarial machine learning
Adversarial machine learning Adversarial machine learning
Adversarial machine learning
 
Dll Hijacking
Dll Hijacking Dll Hijacking
Dll Hijacking
 
Abusing Target
Abusing Target Abusing Target
Abusing Target
 
NTFS Forensics
NTFS Forensics NTFS Forensics
NTFS Forensics
 
Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool Drozer - An Android Application Security Tool
Drozer - An Android Application Security Tool
 
Middleware hacking
Middleware hackingMiddleware hacking
Middleware hacking
 
Ganesh naik linux_kernel_internals
Ganesh naik linux_kernel_internalsGanesh naik linux_kernel_internals
Ganesh naik linux_kernel_internals
 
Buffer overflow null
Buffer overflow nullBuffer overflow null
Buffer overflow null
 

Recently uploaded

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilV3cube
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024The Digital Insurer
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Enterprise Knowledge
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Igalia
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Neo4j
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Drew Madelung
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Servicegiselly40
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processorsdebabhi2
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationRadu Cotescu
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxKatpro Technologies
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Miguel Araújo
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptxHampshireHUG
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityPrincipled Technologies
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking MenDelhi Call girls
 

Recently uploaded (20)

TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law DevelopmentsTrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
TrustArc Webinar - Stay Ahead of US State Data Privacy Law Developments
 
Developing An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of BrazilDeveloping An App To Navigate The Roads of Brazil
Developing An App To Navigate The Roads of Brazil
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024Axa Assurance Maroc - Insurer Innovation Award 2024
Axa Assurance Maroc - Insurer Innovation Award 2024
 
Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...Driving Behavioral Change for Information Management through Data-Driven Gree...
Driving Behavioral Change for Information Management through Data-Driven Gree...
 
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
Raspberry Pi 5: Challenges and Solutions in Bringing up an OpenGL/Vulkan Driv...
 
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
Workshop - Best of Both Worlds_ Combine KG and Vector search for enhanced R...
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
Neo4j - How KGs are shaping the future of Generative AI at AWS Summit London ...
 
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
Strategies for Unlocking Knowledge Management in Microsoft 365 in the Copilot...
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
CNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of ServiceCNv6 Instructor Chapter 6 Quality of Service
CNv6 Instructor Chapter 6 Quality of Service
 
Exploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone ProcessorsExploring the Future Potential of AI-Enabled Smartphone Processors
Exploring the Future Potential of AI-Enabled Smartphone Processors
 
Scaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organizationScaling API-first – The story of a global engineering organization
Scaling API-first – The story of a global engineering organization
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptxFactors to Consider When Choosing Accounts Payable Services Providers.pptx
Factors to Consider When Choosing Accounts Payable Services Providers.pptx
 
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
Mastering MySQL Database Architecture: Deep Dive into MySQL Shell and MySQL R...
 
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
04-2024-HHUG-Sales-and-Marketing-Alignment.pptx
 
Boost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivityBoost PC performance: How more available memory can improve productivity
Boost PC performance: How more available memory can improve productivity
 
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
08448380779 Call Girls In Diplomatic Enclave Women Seeking Men
 

Null Mumbai 14th May News bytes by Dhawal Shah

  • 2. ./About_me >> Part of Incident response team at HDFC bank >> Student of M.Tech(Information Security) at KJSCE,Mumbai >> Fields of interest: SOC, SIEM, Computer Forensics
  • 3. ./Agenda >> Panama Papers Leak. >> Qatar National Bank Data Breach >> Investigative summary of Bangladesh Bank Heist. >> Other NEWS
  • 5. ./Panama_Papers >> 2.6 terabytes of leaked data >> Email Server Hacked >> Vulnerable front end of Website.
  • 6. ./Panama_Papers >> Technical Flaws: – Outlook Web Access login since 2009 and not updated its client login portal since 2013. – Client portal was vulnerable to the DROWN attack. – Drupal open source CMS, was last updated in August 2013 – Drupal had 25 vulnerabilities, including a high-risk SQL injection vulnerability that allows anyone to remotely execute arbitrary commands. – Directory Traversal – WordPress version was three months out of date – Emails were also not encrypted
  • 7. ./Panama_Papers >> Suspected Methodology: – Wordpress Revolution Slider vulnerability – Versions of Revslider all the way up to 3.0.95 are vulnerable to attack.
  • 8. ./Panama_Papers >> Suspected Methodology: – Web server and Mail server were on same network – Web server was not behind a firewall – Sensitive data was accessible though Web Based Portal
  • 9. ./Panama_Papers >> Suspected Methodology: – Exploiting Wordpress Revolution Slider vulnerability – Demo: https://player.vimeo.com/video/161966079
  • 10. ./Panama_Papers >> Suspected Methodology: – Other Possible Vulnerability Exploited: – Two plugins were used in addition to Revolution slider: • WP SMTP plugin – ability to send mail from your website via a mail server – plugin stores email server address and login information in plain text in the WordPress database • ALO EasyMail Newsletter plugin – to receive bounced emails from a mail server and automatically remove those bounced mails from the subscriber list – plugin also stores email server login information in the WordPress database in plain text
  • 12. ./Panama_Papers >> ALO EasyMail Newsletter plugin
  • 14. ./QNB_Data_leak >> Thousands of bank records, totalling 1.4GB of data >> Uploaded to a file-sharing website called "global- files.net“ >> Consisted of Critical Information – bank credentials. – telephone numbers. – payment card details. >>@bozkurthackers shared an online video claiming responsibility for the breach
  • 15. ./QNB_Data_leak >>Suspected Methodology • Attacker Runs SQLMAP to identify the vulnerability • Webshell was implemented • Lateral movement to compromise rest of the database. • Out of 11, 7database were exposed • The data was arranged into nine various folders, including those named “Al-Jazeera”, “Police Security”, “Defence and etc”, and “Mukhabarat”.
  • 17. ./Bangladesh_bank_Heist >> resulted in theft from the institutes' Federal Reserve bank account. >>Total Loss incurred $81 million. >>On Feb 5, 2016, Nearly 36 Requests hit Federal Reserve bank using spoofed Bangladesh Bank identity. >>4 requests were got processed resulting in amount of $81 million. >>5th transfer request had typo – error in the beneficiary account name “Shalika Foundation” named as “Fandation”. >>This typo error caught by beneficiary bank ”Deutsche bank” brought eyes on the incident. >>Possible attacked planed was about $950 Million.
  • 21. ./News >> Encryption Trends – wordpress – Whatsapp – Blackberry – Viber >> Kiddicare Hacked! 794,000 Accounts Leaked >> UserVoice Hacked! Users’ Accounts Breached >> Google Suffers Insider Data Breach >> London Clinic fined £180,000 for Leaking HIV Patients Data >> Ransomware hits various companies.