Security NEWS BytesBhavna Kulshrestha

From April 8 2014, technical assistance for Windows XP will no longer be available, including automatic updates.

2.2 million ATMs worldwide, 95% of them still using Win XP.

A bit of a reprieve: ATMs using Windows XP Embedded, support lasts until early 2016.

Support is ending soon!!

An Israeli security startup that uses smartphones & high-frequency sounds for identity verification.

A password replacement or Two-Factor authentication layer on top of traditional password.

The Idea : Visit SlickLogin enabled site, tap login button, hold your phone close to laptop & Your IN..!!!

How it works: Uses protocols to verify your phone’s position (Wi-Fi, NFC, GPS, Bluetooth)

SlickLogin joins Google

Entry into the system was through a refrigeration, heating & cooling company in Pennsylvania.

Large retail operations have a team that routinely monitors energy consumption & temperatures in stores to save on costs. 

To support this solution, vendors need to be able to remote into the system .

Target estimates say that the breach exposed approx 40 million debit and credit card accounts between Nov. 27 & Dec. 15, 2013.

“Target” Hackers broke in through HVAC Vendor

Sentient Hyper-Optimized Data Access Network, is the "Google for hackers."

A search engine for servers, routers, load balancers, PCs & collects info on over 500 million devices every month.

Identifies by scanning the Internet for ports typically associated with HTTP, FTP, SSH and Telnet.

A new way to browse the Shodan in the form of an add-on: “Shodan Maps."

Scariest Search Engine on the Internet Just Got Scarier…

Tinder connects to Facebook profiles & offers matches based on proximity

A vulnerability allowed the attacker to potentially pinpoint the exact location to within 100 feet.

Using GPS data collected by Smartphone, one could determine a user’s location (latitude, longitude) simply by entering a member's Tinder identification number.

Tinder App Allowed Users to Precisely Locate Others

Brought key decision makers and thought leaders from the industry and government.

Well known for its speakers & talks where new vulnerabilities are responsibly disclosed along with their prevention mechanisms.

Highlights of Nullcon 2014 include: Nullcon BlackShield, Nullcon Ammo, Nullcon 2014 Exhibition, Nullcon Job Fair, Nullcon Training

India's most popular security conference returns for the fifth year

Two security researchers developed a home-made gadget called 'CAN Hacking Tools (CHT)’

Capable to give away the entire control of your car to an attacker from windows & headlights to its steering & brakes.

Device uses the Controller Area Network (CAN) ports that are built into cars for computer-system checks.

Injecting a malicious code to CAN ports allows to send wireless commands remotely from a computer.

Hacking a Car remotely with iPhone sized Device

Security researchers at the University of Liverpool, Britain have demonstrated a WiFi virus that can spread between computer networks.

Named as 'Chameleon', it self-propagates over WiFi networks from AP to AP but doesn’t affect working of AP.

POC: Replaces the firmware of the vulnerable (AP) with a virus-loaded version Propagates to next victim in network

Research shows that this kind of attack is undetectable to any Antivirus and Wireless Intrusion Detection System (IDS).

However, this is created for demo purpose in research lab only.

Chameleon virus that spreads across Wi-Fi APs

Hacker gained access to thousands of passports of law enforcement and military officials.

EC-Council says its servers have not been compromised.

Domain redirection was done at the DNS Registrar & traffic was re-routed from Authentic EC-Council Servers to a Host in Finland known for hosting other illegal websites.

EC-Council Web Site Hacked, Defaced

3 Lakh Android devices infected by Premium SMS sending malware

Panda Labs has identified malicious Android apps that sign up users for Premium SMS services without their permission.

Four malicious apps found free in the app store : "Easy Hairdos", "Abs Diets", "Workout Routines" and "Cupcake Recipes”.

App gets phone number of the device, connects to a webpage and registers to premium service.

Average scammed user gets charged $20 by these apps & around 300,000 plus users downloaded them. Scammers have made $6 million from unsuspecting users.

Thank You..!!