Note: Each week we bring you the latest hacking news on the internet. Read on to find out who and what was hacked this week.
Ongoing Phishing Attack Threatens on Gmail Users
A new phishing attack targeting Gmail users has been tricking even tech-savvy users.
First, attackers compromise a separate Gmail account. The hackers then search through the compromised account and finds users the victim knows to send new phishing emails to, from the compromised account that is familiar and trusted to the unsuspecting third party.
The phishing emails include image attachments disguised as PDF files with thumbnail versions attached. When clicked, the user is taken to a fake Google sign-in page. If credentials are submitted they are automatically sent to the hackers.
Be on the lookout for these clever scams.
Largest NHS Trust in UK Forced Offline by Cyber Attack
Barts Health was hit by an IT attack on Friday that took a number of drives offline.
The NHS Trust covers five hospitals in London, serving 2.5 million people. The Trust’s pathology services were forced offline by the attack.
Reports suggest Barts Health runs an unsupported Windows XP OS, which may have contributed to exploit flaws.
Law Enforcement Spied On Connected Cars for 15 Years
Court documents obtained by Forbes revealed a 15-year history of “cartapping” by the federal government.
The practice allows for almost real-time audio and location data to be retrieved by law enforcement from tech providers.
Forbes found instances of law enforcement demanding and receiving this information from Amazon, SiriusXM, and GM through the OnStar application.
Former IT Employee Holds Data Ransom
The American College of Education in Indianapolis last year fired its IT employee. Unfortunately the did not change the administrative password before doing so.
When the institution asked the mean to unlock the Google account with email and course material for 2,000 students, he said he would do it for $200,000.
The man was left as the sole systems administrator after widespread resignations due to the institution asking remote IT personnel to move to Indianapolis. The college says the man changed the password and login information before leaving.
The college is currently suing the man, while the man is suing back on claims of racial discrimination.
Netflix Phishing Scam Targets Users
A new phishing attack is being targeted at Netflix users.
The attack involves emails with fake Netflix login screens that ask for login information. When users login, the hackers ask for credit card details.
The hackers are using malware and encryption tactics that prevent detection from spam stopping application and phishing filters.
Mac Malware is Spying on Biotech Firms
A malware that uses unsophisticated and antiquated code has remained undetected for years on macOS systems.
“Fruitfly” has been used in the past to spy on biomedical research center computers. It’s being called the first Mac malware of 2017, but uses code that dates before OS X. It uses hidden pearl script to communicate back to two command and control servers. It can also capture webcam, screenshots, and move and click the mouse cursor on Mac and Linux systems.
The malware uses a secondary script and Java class to hide its icon, and is even running open-source “libjpeg” code to open or create JPEG-formatted files, last updated in 1998.
Apple has released an update to address this malware.
Hackers Can Remotely Access Samsung SmartCam Security Cameras
The SmartCam range of home security cameras from Samsung can be easily hijacked due to a critical remote code execution vulnerability. This allows hackers to gain root access and take full control of the devices.
In 2014, a hacking group called Exploiteers listed exploits in the SmartCam system. Samsung didn’t patch the flaws, instead they ripped out the accessible web interface to use an alternate route through its SmartCloud website.
Samsun left a set of scripts that have a command injection vulnerability that allows unauthorized users to execute remote shell commands. It allows them to turn on web management systems that should be turned off.
The Exploiteers have shared a DIY patch that can be downloaded, while Samsung has yet to release a patch.
Three Indian Banks Face Cyber Attack
Two banks in Mumbai and one in Kolkata were infiltrated by hackers this week.
The Hackers created fake trade documents that could have been used to raise finance or facilitate dealings in banned items.
The banks’ messaging services used to move dollars and documents across borders were compromised to create fake documents.
The origin and intention of the attack is still unknown.
If you enjoyed this article and want to receive more valuable industry content like this, click here to sign up for our digital newsletters!
Leave a Reply