newsbyte by aishwarya iyer
TRANSCRIPT
![Page 1: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/1.jpg)
NewsBytes -Aishwarya Iyer
![Page 2: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/2.jpg)
Graduate from Mumbai University
Interested in Programming and Information Security
Pursuing certification course in core java followed by advanced java.
![Page 3: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/3.jpg)
Serious TCP/IP Bug allows traffic Hijacking
Hitler Ransomware
Australia online census shutdown after
cyber attacks
Data Breach at Oracle’s MICROS Point-of-Sale
Miscellaneous
![Page 4: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/4.jpg)
![Page 5: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/5.jpg)
//OVERVIEW:
o Vulnerability in TCP implementation in Linux version 3.6
o Can affect many linux devices, embedded computers, mobile phones etc..
o Can be done by anyone in the world if attack machine allows IP spoofing
![Page 6: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/6.jpg)
//Vulnerability
o Allows blind off-path attacker to infer between 2 hosts communicating on TCP
o Leading to connection termination and data injection
o TCP assembles data in a series of data packets identified by Sequence numbers
o Side-channel attack
o an attacker with spoofed IP address does not need a man-in-the-middle (MITM) position
![Page 7: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/7.jpg)
//However the good news is…..
Patches have been developed and distributed for the current linux Kernel.
![Page 8: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/8.jpg)
![Page 9: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/9.jpg)
![Page 10: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/10.jpg)
//Technical Analysis
o Main executable is a batch file with other bundled apps
o Removes all extensions for files under various folders like %UserProfile%/Desktop etc..
o 3 files are extracted: chrst.exe, erOne.vbs, firefox32.exe and copied to %temp%
![Page 11: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/11.jpg)
![Page 12: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/12.jpg)
//Lastly
It will look for any processes named taskmgr, cmd etc,, and terminate it
![Page 13: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/13.jpg)
![Page 14: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/14.jpg)
//Overview
o Australian census every 5 years
o As they headed to the website, a series of DOS attacks took place
o “It was an attack from the overseas” – David Kalisch,ABS
![Page 15: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/15.jpg)
//Furtunately but,
o PM-Malcolm Turnbull-”no data has been compromised”
o ABS- data is secure
o Kalisch-Data is encrypted and in the ABS and noone else has it
![Page 16: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/16.jpg)
//Simple Drawbacks
o Embarrassment to Australian Government
o Labor opposition-”Worst run census in the history of Australia”
o Mass-discontent
![Page 17: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/17.jpg)
![Page 18: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/18.jpg)
//Overview
o Breached 100’s of security systems at Oracle
o Compromised customer support portal
MICROS:
o Top 3 POS vendors globallly
o Oracle-”detected and addressed malicious code in some legacy systems”
o Size and scope of attack unclear
o 700 security Systems infected
![Page 19: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/19.jpg)
//Whois???
o 2 security researchers pointed out
Carbanak Gang:
• Russian
• Known to have stolen 1 billion$ from banks, retailer firms etc..
//Oracle
o Forced password Reset
o Attackers failed to grasp enormity of access
![Page 20: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/20.jpg)
![Page 21: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/21.jpg)
o Pokemon Go! Creator’s twitter Hacked!!
o Microsoft accidently leaks backdoor keys to bypass UEFI secure boot
o O2 confirms USBs distributed in marketing campaign contain virus
o Fake Windows Activation is actually a ransomware Trojan
![Page 22: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/22.jpg)
![Page 23: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/23.jpg)
o http://thehackernews.com/2016/08/linux-tcp-packet-hacking.html
o http://www.bleepingcomputer.com/news/security/development-version-of-the-hitler-ransomware-discovered/
o http://www.securityweek.com/australia-online-census-shutdown-after-cyber-attacks?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed:+Securityweek+(SecurityWeek+RSS+Feed)
![Page 24: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/24.jpg)
o https://www.facebook.com/ethicalhackingnewsandtutorials/?notif_t=notify_me_page¬if_id=1470887131517196
o https://www.facebook.com/InfoSecInstitute/?fref=ts
o http://cyberwarzone.com/fake-windows-activation-actually-ransomware-trojan/
o www.scmagazine.com/o2-confirms-usbs-distributed-in-marketing-campaign-contain-virus/article/514719/
![Page 25: NewsByte by Aishwarya Iyer](https://reader034.vdocuments.us/reader034/viewer/2022042600/587199341a28ab044e8b5519/html5/thumbnails/25.jpg)