SlideShare a Scribd company logo

Security News Bytes Null Dec Meet Bangalore

Download as PPTX, PDF
InMobi Technology
InMobi Technology

This is the presentation from Null/OWASP/g4h Bangalore December MeetUp by Vandana Verma. technology.inmobi.com/events/null-owasp-g4h-december-meetup Outline: Security news from November and December 2014.

Technology
1 of 33
Security News Bytes Vandana Verma 12/18/2014 1 Null/ OWASP / G4H Bangalore December Meet
Disclaimer 12/18/2014 2 • The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with any laws • Registered brands belong to their legitimate owners • The opinion here represented are my personal ones and do not necessary reflect my employer’s views. • This presentation doesn't teach you how to hack into any system nor it encourages one to do without prior permission . • All the information has been collected from different Security news sites(public domain).
• Arrests • Data Breach • Hack • Mobile Security • General • Tools • Acquisitions • Stats • Jobs • Trends • Hackable devices • Acquisitions • New Hardware Agenda 12/18/2014 3
Arrests 12/18/2014 4
The Straits Times reports that Mohammad Azhar Tahir defaced the prime minister's website in 2013 with messages and images from the hacktivist group Anonymous, including a Guy Fawkes mask. Tahir ultimately received a sentence of six months after tacking on separate sentences he'd received previously. Tahir used a cross-site scripting (XSS) attack to alter the prime minister's website. He inputted HTML code into a Google search bar embedded on the site. 12/18/2014 5
Data Breach & Hacks 12/18/2014 6
12/18/2014 7 Taiwanese Security Expert found zero-day vulnerability in Xiaomi website that allowed him to obtain credentials of millions of Xiaomi accounts and logs from the servers. Xiaomi devices provide ‘Mi Account’ to its customers through which users gain access to their Mi Cloud, Mi Talk, MIUI Forum, Mi Market and other Xiaomi services. These online Xiaomi Mi Accounts store users’ personal information including mobile numbers, email addresses and account credentials.
8
• This began with a skull appearing on screens, and then a strange message telling users they’d been hacked by something called #GOP (Guardians of Peace). • The cryptic message appeared on staff machines claims that it stole internal corporate data and this is just the beginning and then threatens to release internal data by 11 PM this evening. One of the Sony Sources has announced- “We are down, completely paralyzed”. As a precaution, computers in Los Angeles were shut down while the corporation deals with the breach. • Just a week after the cyber-attack on Sony Pictures Entertainment, high-quality versions of five newest films – Annie, Fury, Still Alice, Mr. Turner and To Write Love on Her Arms – distributed by Sony Pictures leaked online during Black Friday. • Just last week, the massive data breach at Sony appeared to have exposed more sensitive documents, revealing the US Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees. • The gaming network also suffered a more severe hack in 2011, which led to the exposure of 77 million PlayStation and Qriocity accounts along with 25 million Sony Online Entertainment accounts, bringing the total to more than 100 million in one of the largest data breaches ever. 12/18/2014 9
• The Syrian Electronic Army hacked a popular web service, Gigya, which manages the comments and social logins of prominent media and entertainment websites. • DNS redirect that pointed Gigya's content delivery network to a server run by the SEA. • The SEA confirmed the attack via their Twitter account, which was accompanied by a screenshot of the backend control panel for the Gigya.com domain at GoDaddy.com • Gigya’s Top official said “"Rather, the attack only served other JavaScript files instead of those served by Gigya." 10
Mobile Security 12/18/2014 11
A security researcher made a worrying discovery this week and claims, "Uber’s app is literally malware." The ride-hailing company is in disputes of handling privacy of its customers data. A Phoenix-based security researcher Joe Giron found that a surprising amount of users’ data is being collected by the company’s mobile application for Android. Researcher, who runs a cyber security firm in Arizona, just reverse-engineered the code of Uber’s Android application and come to the conclusion that it is a malware. He discovered that the app "calls home" and sends data back to the company. There is a long list of everything the Uber Android app can have about its users • Accounts log (Email) • App Activity (Name, PackageName, Process Number of activity, Processed id) • App Data Usage (Cache size, code size, data size, name, package name) • App Install (installed at, name, package name, unknown sources enabled, version code, version name) 12/18/2014 12
• A Vulnerability has been discovered in the wildly popular messaging app WhatsApp, which allows anyone to remotely crash WhatsApp just by sending a specially crafted message. • Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar demonstrated the WhatsApp Message Handler vulnerability on how a 2000 words (2kb in size) message in special character set can crash Whatsapp messenger app. • The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely. • It has not been tested on iOS, but it is sure that all versions of WhatsApp including 2.11.431 and 2.11.432 are affected with this bug. 12/18/2014 13
General 12/18/2014 14
12/18/2014 15 The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — went dark from the internet on Tuesday after Swedish Police raided the site's server room in Stockholm and seized several servers and other equipment. It remained unavailable for several hours, but the site appeared back online in the late hours with a new URL hosted under the top-level domain for Costa Rica The Pirate Bay has previously been shut down number of times and had its domain seized. Back in September, The Pirate Bay claimed that it ran the notorious website on 21 "raid-proof" virtual machines.
• . A new mobile Trojan horse infection has been discovered by security researchers that masquerades as a ringtone app and comes pre-loaded with Android smartphones. • DeathRing malware app cannot be uninstalled or removed by the end user or by antimalware software • Though the malware pretends to be a genuine ringtone app, but actually downloads SMS and WAP content from its command-and-control server to the victim’s handset, which gives it potential to phish user’s sensitive data through fake text messages. AFFECTED SMARTPHONE HANDSETS Counterfeit Samsung GS4/Note II A variety of TECNO devices Gionee Gpad G1 Polytron Rocket S2350 Gionee GN708W Gionee GN800 Hi-Tech Amaze Tab Karbonn TA-FONE A34/A37 Jiayu G4S – Galaxy S4 clones, Haier H7 a i9502+ Samsung clone by an unspecified manufacturer 12/18/2014 16
December 02, 2014 17 Fixes were issued for several critical memory safety bugs in the browser engine used by Firefox, as well as other Mozilla-based products. Disabling support for SSL 3.0 will address POODLE, a severe vulnerability in SSL 3.0 that was discovered by Google researchers in October and could enable an attacker to intercept plaintext data from secure connections. Fallback to SSL 3.0 was removed in Chrome 39 when the Google browser was promoted to the stable channel in November
18 Attackers are freely distributing pirated Joomla, WordPress and Drupal themes and plugins that are packaged with a backdoor being referred to as CryptoPHP. Fox-It released a whitepaper on CryptoPHP and revealed that most of the command-and-control domains had been sinkholed or taken down. Fox-It mentioned the number of connections to the sinkholes is declining, but threat is not over since the attackers are still distributing the compromised plugins and themes via their websites.
Malwares 12/18/2014 19
LusyPOS malware, a new malware point-of-sale (PoS) uncovered by CTBS reverse engineers early this month. This malware clocks in around 4.0 MB in size, so it’s not small. The malware will also create the mutex “prowin32Mutex” and injects code into iexplore.exe. This was a strange mix of dexter-like behavior mixed with Chewbacca-like techniques. It comes in freeware, toolbar, games, and other downloadable apps that are costless. Some people may install the programs packed with LusyPOS malware code intentionally by agreeing to the terms and conditions of the downloaded program.
Tools 12/18/2014 21
• Google launched a new "Devices and Activity dashboard" with additional insight over the devices which will allow Google Apps users to identify every single active device that has been used to access their account in the last 28 days as well as those currently signed in. • The company also launched a new security wizard to help secure Google for Work accounts by walking users through functions to tighten security features including recovery settings, and the ability to review account permissions and access. 12/18/2014 22
Statistics 12/18/2014 23
• Google Dorks - 6 • Remote Exploits – 18 • Local Exploits - 16 • Web Application Exploits - 34 • Denial of Service Attacks - 10 • Shell Code - 1 • Whitepapers - 5 12/18/2014 24
Jobs 12/18/2014 25
12/18/2014 26
Trends 12/18/2014 27
World-wide Karnataka 12/18/2014 28
Hackable Devices 12/18/2014 29
• TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption. Such implementations are vulnerable to the POODLE attack even with TLS. • The attacks are mainly targeted at browsers as the attacker has to inject malicious JavaScript to begin the attack. • A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical,” he argued. • So far F5 load balancers have been found to be impacted by the threat. The firm has issued this advisory on how to patch any affected kit. 12/18/2014 30
References 12/18/2014 31
• www.google.com • www.thehackernews.com • www.ehackingnews.com • www.news.cnet.com/security/ • http://cve.mitre.org/ • https://www.indiegogo.com • http://www.scmagazine.com/ • http://www.infosecurity-magazine.com/ • http://jobs.null.co.in/ • http://www.hackersnewsbulletin.com • http://www.shodanhq.com/ • http://threatpost.com/ • http://www.securityweek.com/ • http://www.infosecurity-magazine.com 12/18/2014 32
Thank You !! 12/18/2014 33

Recommended

Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Novprashsiv
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sonyBlueBit Technologies
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on SonyNick Bilogorskiy
 
The Mirai Botnet and Massive DDoS Attacks of October 2016
The Mirai Botnet and Massive DDoS Attacks of October 2016The Mirai Botnet and Massive DDoS Attacks of October 2016
The Mirai Botnet and Massive DDoS Attacks of October 2016William Slater III
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 

Recommended

Security News Byes- Nov
Security News Byes- NovSecurity News Byes- Nov
Security News Byes- Novprashsiv
 
Newsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecNewsbytes_NULLHYD_Dec
Newsbytes_NULLHYD_DecRaghunath G
 
Data Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryData Security Breach: The Sony & Staples Story
Data Security Breach: The Sony & Staples StoryInternational Institute for Learning
 
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...
The Sharp Increase in Unmasking of Obtrusion into Internet of Things (IoT) IP...IJCSIS Research Publications
 
Data breach at sony
Data breach at sonyData breach at sony
Data breach at sonyBlueBit Technologies
 
Attack on Sony
Attack on SonyAttack on Sony
Attack on SonyNick Bilogorskiy
 
The Mirai Botnet and Massive DDoS Attacks of October 2016
The Mirai Botnet and Massive DDoS Attacks of October 2016The Mirai Botnet and Massive DDoS Attacks of October 2016
The Mirai Botnet and Massive DDoS Attacks of October 2016William Slater III
 
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...
Dave Mahon - CenturyLink & Cyber Security - How Modern Cyber Attacks Are Disr...Alisha Deboer
 
You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?TechGenie
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013Henrik Kramshøj
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai RevisitedClare Nelson, CISSP, CIPP-E
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, ChiaravalleAdam Chiaravalle
 
Tor talk-prosa-screen
Tor talk-prosa-screenTor talk-prosa-screen
Tor talk-prosa-screenHenrik Kramshøj
 
IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the ArtBiagio Botticelli
 
Network Security
Network SecurityNetwork Security
Network SecurityMohammed Adam
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsGerry Elman
 
DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET Sukhdeep Singh Sandhu
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013n|u - The Open Security Community
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismRichard Stiennon
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threatsHarsh Kumar
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in MaySathish Kumar K
 
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2drewz lin
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introductionsunnysmith
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 
Null pune 1st March-news bytes
Null pune 1st March-news bytesNull pune 1st March-news bytes
Null pune 1st March-news bytesn|u - The Open Security Community
 
Security bytes - null mumbai
Security bytes - null mumbaiSecurity bytes - null mumbai
Security bytes - null mumbain|u - The Open Security Community
 

More Related Content

What's hot

You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?TechGenie
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trumpMAXfocus
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Mender.io
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013Henrik Kramshøj
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.Kalpesh Doru
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, ChiaravalleAdam Chiaravalle
 
IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the ArtBiagio Botticelli
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsGerry Elman
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismRichard Stiennon
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threatsHarsh Kumar
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesPierluigi Paganini
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in MaySathish Kumar K
 
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2drewz lin
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introductionsunnysmith
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Roen Branham
 

What's hot (20)

You think you are safe online. Are You?
You think you are safe online. Are You?You think you are safe online. Are You?
You think you are safe online. Are You?
 
Year of pawnage - Ian trump
Year of pawnage - Ian trumpYear of pawnage - Ian trump
Year of pawnage - Ian trump
 
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
Linux IOT Botnet Wars and the Lack of Basic Security Hardening - OSCON 2018
 
Paranoia or risk management 2013
Paranoia or risk management 2013Paranoia or risk management 2013
Paranoia or risk management 2013
 
IoT Security, Mirai Revisited
IoT Security, Mirai RevisitedIoT Security, Mirai Revisited
IoT Security, Mirai Revisited
 
Hacking and Cyber Security.
Hacking and Cyber Security.Hacking and Cyber Security.
Hacking and Cyber Security.
 
Software Backdoors, Chiaravalle
Software Backdoors, ChiaravalleSoftware Backdoors, Chiaravalle
Software Backdoors, Chiaravalle
 
Tor talk-prosa-screen
Tor talk-prosa-screenTor talk-prosa-screen
Tor talk-prosa-screen
 
IoT Honeypots: State of the Art
IoT Honeypots: State of the ArtIoT Honeypots: State of the Art
IoT Honeypots: State of the Art
 
Network Security
Network SecurityNetwork Security
Network Security
 
Privacy & Security for the Internet of Things
Privacy & Security for the Internet of ThingsPrivacy & Security for the Internet of Things
Privacy & Security for the Internet of Things
 
DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET DDOS ATTACK - MIRAI BOTNET
DDOS ATTACK - MIRAI BOTNET
 
News bytes-July 2013
News bytes-July 2013News bytes-July 2013
News bytes-July 2013
 
Post Apocalyptic Cyber Realism
Post Apocalyptic Cyber RealismPost Apocalyptic Cyber Realism
Post Apocalyptic Cyber Realism
 
Cyber security and threats
Cyber security and threatsCyber security and threats
Cyber security and threats
 
Internet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issuesInternet of Things - Privacy and Security issues
Internet of Things - Privacy and Security issues
 
cyber attacks in May , breaches in May
cyber attacks in May , breaches in Maycyber attacks in May , breaches in May
cyber attacks in May , breaches in May
 
I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2I mas appsecusa-nov13-v2
I mas appsecusa-nov13-v2
 
C|EH Introduction
C|EH IntroductionC|EH Introduction
C|EH Introduction
 
Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021 Security weekly september 28 october 4, 2021
Security weekly september 28 october 4, 2021
 

Viewers also liked

The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseLancope, Inc.
 

Viewers also liked (6)

Null pune 1st March-news bytes
Null pune 1st March-news bytesNull pune 1st March-news bytes
Null pune 1st March-news bytes
 
Security bytes - null mumbai
Security bytes - null mumbaiSecurity bytes - null mumbai
Security bytes - null mumbai
 
The Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident ResponseThe Seven Deadly Sins of Incident Response
The Seven Deadly Sins of Incident Response
 
Attacking VPN's
Attacking VPN'sAttacking VPN's
Attacking VPN's
 
Identifying XSS Vulnerabilities
Identifying XSS VulnerabilitiesIdentifying XSS Vulnerabilities
Identifying XSS Vulnerabilities
 
Newbytes NullHyd
Newbytes NullHydNewbytes NullHyd
Newbytes NullHyd
 

Similar to Security News Bytes Null Dec Meet Bangalore

Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud ComputingMitesh Katira
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual ReportLabris Networks
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Andris Soroka
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017chauhananand17
 
Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Apurv Singh Gautam
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed Great Bay Software
 
Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewarePriyanka Aash
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal Jaskaran Narula
 
InfoSec Monthly News Recap: April 2017
InfoSec Monthly News Recap: April 2017InfoSec Monthly News Recap: April 2017
InfoSec Monthly News Recap: April 2017Ettore Fantin
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoTVasco Veloso
 
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Black Duck by Synopsys
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Duo Security
 
Cyber Espionage Against Georgia (Georbot)
Cyber Espionage Against Georgia (Georbot)Cyber Espionage Against Georgia (Georbot)
Cyber Espionage Against Georgia (Georbot)DataExchangeAgency
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsZivaro Inc
 

Similar to Security News Bytes Null Dec Meet Bangalore (20)

Forensic And Cloud Computing
Forensic And Cloud ComputingForensic And Cloud Computing
Forensic And Cloud Computing
 
News Bytes June 2012
News Bytes June 2012News Bytes June 2012
News Bytes June 2012
 
2015 Labris SOC Annual Report
2015 Labris SOC Annual Report2015 Labris SOC Annual Report
2015 Labris SOC Annual Report
 
Security Bytes - July 2013
Security Bytes - July 2013Security Bytes - July 2013
Security Bytes - July 2013
 
Trojan horseofbyod2
Trojan horseofbyod2Trojan horseofbyod2
Trojan horseofbyod2
 
Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012Lumension Security - Adjusting our defenses for 2012
Lumension Security - Adjusting our defenses for 2012
 
NewsByte Mumbai October 2017
NewsByte Mumbai October 2017NewsByte Mumbai October 2017
NewsByte Mumbai October 2017
 
Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)Security News Bytes (Aug Sept 2017)
Security News Bytes (Aug Sept 2017)
 
IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed IoT DDoS Attacks: the stakes have changed
IoT DDoS Attacks: the stakes have changed
 
Stealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile SurveillancewareStealth Mango and the Prevalence of Mobile Surveillanceware
Stealth Mango and the Prevalence of Mobile Surveillanceware
 
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work NetworkPrivate Date and PRYING Eyes - Talking Cybersecurity at After Work Network
Private Date and PRYING Eyes - Talking Cybersecurity at After Work Network
 
News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal News Bytes by Jaskaran Narula - Null Meet Bhopal
News Bytes by Jaskaran Narula - Null Meet Bhopal
 
InfoSec Monthly News Recap: April 2017
InfoSec Monthly News Recap: April 2017InfoSec Monthly News Recap: April 2017
InfoSec Monthly News Recap: April 2017
 
Privacy and security in IoT
Privacy and security in IoTPrivacy and security in IoT
Privacy and security in IoT
 
Computer hacking
Computer hackingComputer hacking
Computer hacking
 
News Bytes - December 2015
News Bytes - December 2015News Bytes - December 2015
News Bytes - December 2015
 
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
Open Source Insight: Samba Vulnerability, Connected Car Risks, and Are You R...
 
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
Internet of Fails: Where IoT Has Gone Wrong and How We're Making it Right by ...
 
Cyber Espionage Against Georgia (Georbot)
Cyber Espionage Against Georgia (Georbot)Cyber Espionage Against Georgia (Georbot)
Cyber Espionage Against Georgia (Georbot)
 
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced ThreatsGood Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
Good Guys vs Bad Guys: Using Big Data to Counteract Advanced Threats
 

More from InMobi Technology

PostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major FeaturesPostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major FeaturesInMobi Technology
 
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQLToro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQLInMobi Technology
 
Building Spark as Service in Cloud
Building Spark as Service in CloudBuilding Spark as Service in Cloud
Building Spark as Service in CloudInMobi Technology
 
Building Machine Learning Pipelines
Building Machine Learning PipelinesBuilding Machine Learning Pipelines
Building Machine Learning PipelinesInMobi Technology
 
Ensemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic TradingEnsemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic TradingInMobi Technology
 
24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQLInMobi Technology
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingInMobi Technology
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat ModelingInMobi Technology
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataThe Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataInMobi Technology
 
What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014InMobi Technology
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataInMobi Technology
 
Running Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale PlatformRunning Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale PlatformInMobi Technology
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search EngineInMobi Technology
 

More from InMobi Technology (20)

Optimizer Hints
Optimizer HintsOptimizer Hints
Optimizer Hints
 
Case Studies on PostgreSQL
Case Studies on PostgreSQLCase Studies on PostgreSQL
Case Studies on PostgreSQL
 
PostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major FeaturesPostgreSQL 9.5 - Major Features
PostgreSQL 9.5 - Major Features
 
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQLToro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
Toro DB- Open-source, MongoDB-compatible database, built on top of PostgreSQL
 
Building Spark as Service in Cloud
Building Spark as Service in CloudBuilding Spark as Service in Cloud
Building Spark as Service in Cloud
 
Building Machine Learning Pipelines
Building Machine Learning PipelinesBuilding Machine Learning Pipelines
Building Machine Learning Pipelines
 
Ensemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic TradingEnsemble Methods for Algorithmic Trading
Ensemble Methods for Algorithmic Trading
 
Backbone & Graphs
Backbone & GraphsBackbone & Graphs
Backbone & Graphs
 
24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL24/7 Monitoring and Alerting of PostgreSQL
24/7 Monitoring and Alerting of PostgreSQL
 
Reflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site ScriptingReflective and Stored XSS- Cross Site Scripting
Reflective and Stored XSS- Cross Site Scripting
 
Introduction to Threat Modeling
Introduction to Threat ModelingIntroduction to Threat Modeling
Introduction to Threat Modeling
 
HTTP Basics Demo
HTTP Basics DemoHTTP Basics Demo
HTTP Basics Demo
 
The Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big DataThe Synapse IoT Stack: Technology Trends in IOT and Big Data
The Synapse IoT Stack: Technology Trends in IOT and Big Data
 
What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014What's new in Hadoop Yarn- Dec 2014
What's new in Hadoop Yarn- Dec 2014
 
Attacking Web Proxies
Attacking Web ProxiesAttacking Web Proxies
Attacking Web Proxies
 
Matriux blue
Matriux blueMatriux blue
Matriux blue
 
PCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder dataPCI DSS v3 - Protecting Cardholder data
PCI DSS v3 - Protecting Cardholder data
 
Running Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale PlatformRunning Hadoop as Service in AltiScale Platform
Running Hadoop as Service in AltiScale Platform
 
Shodan- That Device Search Engine
Shodan- That Device Search EngineShodan- That Device Search Engine
Shodan- That Device Search Engine
 
Big Data BI Simplified
Big Data BI SimplifiedBig Data BI Simplified
Big Data BI Simplified
 

Recently uploaded

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountPuma Security, LLC
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsHyundai Motor Group
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 3652toLead Limited
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...HostedbyConfluent
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxnull - The Open Security Community
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsEnterprise Knowledge
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesSinan KOZAK
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxMalak Abu Hammad
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 

Recently uploaded (20)

Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Breaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path MountBreaking the Kubernetes Kill Chain: Host Path Mount
Breaking the Kubernetes Kill Chain: Host Path Mount
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter RoadsSnow Chain-Integrated Tire for a Safe Drive on Winter Roads
Snow Chain-Integrated Tire for a Safe Drive on Winter Roads
 
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
Tech-Forward - Achieving Business Readiness For Copilot in Microsoft 365
 
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
Transforming Data Streams with Kafka Connect: An Introduction to Single Messa...
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptxMaking_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
Making_way_through_DLL_hollowing_inspite_of_CFG_by_Debjeet Banerjee.pptx
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
IAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI SolutionsIAC 2024 - IA Fast Track to Search Focused AI Solutions
IAC 2024 - IA Fast Track to Search Focused AI Solutions
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
Transcript: #StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
Unblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen FramesUnblocking The Main Thread Solving ANRs and Frozen Frames
Unblocking The Main Thread Solving ANRs and Frozen Frames
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
The Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptxThe Codex of Business Writing Software for Real-World Solutions 2.pptx
The Codex of Business Writing Software for Real-World Solutions 2.pptx
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 

Security News Bytes Null Dec Meet Bangalore

  • 1. Security News Bytes Vandana Verma 12/18/2014 1 Null/ OWASP / G4H Bangalore December Meet
  • 2. Disclaimer 12/18/2014 2 • The information contained in this presentation does not break any intellectual property, nor does it provide detailed information that may be in conflict with any laws • Registered brands belong to their legitimate owners • The opinion here represented are my personal ones and do not necessary reflect my employer’s views. • This presentation doesn't teach you how to hack into any system nor it encourages one to do without prior permission . • All the information has been collected from different Security news sites(public domain).
  • 3. • Arrests • Data Breach • Hack • Mobile Security • General • Tools • Acquisitions • Stats • Jobs • Trends • Hackable devices • Acquisitions • New Hardware Agenda 12/18/2014 3
  • 5. The Straits Times reports that Mohammad Azhar Tahir defaced the prime minister's website in 2013 with messages and images from the hacktivist group Anonymous, including a Guy Fawkes mask. Tahir ultimately received a sentence of six months after tacking on separate sentences he'd received previously. Tahir used a cross-site scripting (XSS) attack to alter the prime minister's website. He inputted HTML code into a Google search bar embedded on the site. 12/18/2014 5
  • 6. Data Breach & Hacks 12/18/2014 6
  • 7. 12/18/2014 7 Taiwanese Security Expert found zero-day vulnerability in Xiaomi website that allowed him to obtain credentials of millions of Xiaomi accounts and logs from the servers. Xiaomi devices provide ‘Mi Account’ to its customers through which users gain access to their Mi Cloud, Mi Talk, MIUI Forum, Mi Market and other Xiaomi services. These online Xiaomi Mi Accounts store users’ personal information including mobile numbers, email addresses and account credentials.
  • 8. 8
  • 9. • This began with a skull appearing on screens, and then a strange message telling users they’d been hacked by something called #GOP (Guardians of Peace). • The cryptic message appeared on staff machines claims that it stole internal corporate data and this is just the beginning and then threatens to release internal data by 11 PM this evening. One of the Sony Sources has announced- “We are down, completely paralyzed”. As a precaution, computers in Los Angeles were shut down while the corporation deals with the breach. • Just a week after the cyber-attack on Sony Pictures Entertainment, high-quality versions of five newest films – Annie, Fury, Still Alice, Mr. Turner and To Write Love on Her Arms – distributed by Sony Pictures leaked online during Black Friday. • Just last week, the massive data breach at Sony appeared to have exposed more sensitive documents, revealing the US Social Security numbers of more than 47,000 celebrities, freelancers, and current and former Sony employees. • The gaming network also suffered a more severe hack in 2011, which led to the exposure of 77 million PlayStation and Qriocity accounts along with 25 million Sony Online Entertainment accounts, bringing the total to more than 100 million in one of the largest data breaches ever. 12/18/2014 9
  • 10. • The Syrian Electronic Army hacked a popular web service, Gigya, which manages the comments and social logins of prominent media and entertainment websites. • DNS redirect that pointed Gigya's content delivery network to a server run by the SEA. • The SEA confirmed the attack via their Twitter account, which was accompanied by a screenshot of the backend control panel for the Gigya.com domain at GoDaddy.com • Gigya’s Top official said “"Rather, the attack only served other JavaScript files instead of those served by Gigya." 10
  • 12. A security researcher made a worrying discovery this week and claims, "Uber’s app is literally malware." The ride-hailing company is in disputes of handling privacy of its customers data. A Phoenix-based security researcher Joe Giron found that a surprising amount of users’ data is being collected by the company’s mobile application for Android. Researcher, who runs a cyber security firm in Arizona, just reverse-engineered the code of Uber’s Android application and come to the conclusion that it is a malware. He discovered that the app "calls home" and sends data back to the company. There is a long list of everything the Uber Android app can have about its users • Accounts log (Email) • App Activity (Name, PackageName, Process Number of activity, Processed id) • App Data Usage (Cache size, code size, data size, name, package name) • App Install (installed at, name, package name, unknown sources enabled, version code, version name) 12/18/2014 12
  • 13. • A Vulnerability has been discovered in the wildly popular messaging app WhatsApp, which allows anyone to remotely crash WhatsApp just by sending a specially crafted message. • Two India based independent security researchers, Indrajeet Bhuyan and Saurav Kar demonstrated the WhatsApp Message Handler vulnerability on how a 2000 words (2kb in size) message in special character set can crash Whatsapp messenger app. • The worried impact of the vulnerability is that the user who received the specially crafted message will have to delete his/her whole conversation and start a fresh chat, because opening the message keeps on crashing WhatsApp unless the chat is deleted completely. • It has not been tested on iOS, but it is sure that all versions of WhatsApp including 2.11.431 and 2.11.432 are affected with this bug. 12/18/2014 13
  • 15. 12/18/2014 15 The Pirate Bay — an infamous Torrent website predominantly used to share copyrighted material such as films, TV shows and music files, free of charge — went dark from the internet on Tuesday after Swedish Police raided the site's server room in Stockholm and seized several servers and other equipment. It remained unavailable for several hours, but the site appeared back online in the late hours with a new URL hosted under the top-level domain for Costa Rica The Pirate Bay has previously been shut down number of times and had its domain seized. Back in September, The Pirate Bay claimed that it ran the notorious website on 21 "raid-proof" virtual machines.
  • 16. • . A new mobile Trojan horse infection has been discovered by security researchers that masquerades as a ringtone app and comes pre-loaded with Android smartphones. • DeathRing malware app cannot be uninstalled or removed by the end user or by antimalware software • Though the malware pretends to be a genuine ringtone app, but actually downloads SMS and WAP content from its command-and-control server to the victim’s handset, which gives it potential to phish user’s sensitive data through fake text messages. AFFECTED SMARTPHONE HANDSETS Counterfeit Samsung GS4/Note II A variety of TECNO devices Gionee Gpad G1 Polytron Rocket S2350 Gionee GN708W Gionee GN800 Hi-Tech Amaze Tab Karbonn TA-FONE A34/A37 Jiayu G4S – Galaxy S4 clones, Haier H7 a i9502+ Samsung clone by an unspecified manufacturer 12/18/2014 16
  • 17. December 02, 2014 17 Fixes were issued for several critical memory safety bugs in the browser engine used by Firefox, as well as other Mozilla-based products. Disabling support for SSL 3.0 will address POODLE, a severe vulnerability in SSL 3.0 that was discovered by Google researchers in October and could enable an attacker to intercept plaintext data from secure connections. Fallback to SSL 3.0 was removed in Chrome 39 when the Google browser was promoted to the stable channel in November
  • 18. 18 Attackers are freely distributing pirated Joomla, WordPress and Drupal themes and plugins that are packaged with a backdoor being referred to as CryptoPHP. Fox-It released a whitepaper on CryptoPHP and revealed that most of the command-and-control domains had been sinkholed or taken down. Fox-It mentioned the number of connections to the sinkholes is declining, but threat is not over since the attackers are still distributing the compromised plugins and themes via their websites.
  • 20. LusyPOS malware, a new malware point-of-sale (PoS) uncovered by CTBS reverse engineers early this month. This malware clocks in around 4.0 MB in size, so it’s not small. The malware will also create the mutex “prowin32Mutex” and injects code into iexplore.exe. This was a strange mix of dexter-like behavior mixed with Chewbacca-like techniques. It comes in freeware, toolbar, games, and other downloadable apps that are costless. Some people may install the programs packed with LusyPOS malware code intentionally by agreeing to the terms and conditions of the downloaded program.
  • 22. • Google launched a new "Devices and Activity dashboard" with additional insight over the devices which will allow Google Apps users to identify every single active device that has been used to access their account in the last 28 days as well as those currently signed in. • The company also launched a new security wizard to help secure Google for Work accounts by walking users through functions to tighten security features including recovery settings, and the ability to review account permissions and access. 12/18/2014 22
  • 24. • Google Dorks - 6 • Remote Exploits – 18 • Local Exploits - 16 • Web Application Exploits - 34 • Denial of Service Attacks - 10 • Shell Code - 1 • Whitepapers - 5 12/18/2014 24
  • 30. • TLS is very strict about how its padding is formatted, it turns out that some TLS implementations omit to check the padding structure after decryption. Such implementations are vulnerable to the POODLE attack even with TLS. • The attacks are mainly targeted at browsers as the attacker has to inject malicious JavaScript to begin the attack. • A successful attack will use about 256 requests to uncover one cookie character, or only 4096 requests for a 16-character cookie. This makes the attack quite practical,” he argued. • So far F5 load balancers have been found to be impacted by the threat. The firm has issued this advisory on how to patch any affected kit. 12/18/2014 30
  • 32. • www.google.com • www.thehackernews.com • www.ehackingnews.com • www.news.cnet.com/security/ • http://cve.mitre.org/ • https://www.indiegogo.com • http://www.scmagazine.com/ • http://www.infosecurity-magazine.com/ • http://jobs.null.co.in/ • http://www.hackersnewsbulletin.com • http://www.shodanhq.com/ • http://threatpost.com/ • http://www.securityweek.com/ • http://www.infosecurity-magazine.com 12/18/2014 32