CyberSecurity Pulse 2016-04-07
|"The best way to have a good idea is to have lots of ideas"|
|Louis Pasteur (1822 – 1895) – French chemist and microbiologist|
The Risks of Major Data Breaches: Almost 50 Million Turkish Citizens Exposed
Even when usernames and passwords are not part of the leak, the real life information found in major data breaches can be exploited in credential-theft scenarios by constructing new IDs and trying to guess access tokens exploiting password-recovery processes. In the case of certain advanced spear phishing attacks this data can help malicious individuals to build detailed profiles of each potential victim, including well-known personalities in the politics and social life.
At the same time, the exposure of such personal information can be used in practice for the impersonation of Turkish citizens or even document forgery making use of the specific details of personal identification numbers and residential addresses which are not supposed to be in the public domain. Because of this, the sensitivity of the leak will be increased whenever any web platform is set up to provide the information in a structured way using search interfaces to use it online, a scenario that cannot be discarded given the ease of processing each delimited field in the the leak.
WhatsApp Activates End-to-end Encryption for One Billion Users
WhatsApp has enabled end-to-end encryption across all versions of its messaging and voice calling software, according to a Tuesday announcement on the company's website, significant news taking into account that with this movement WhatsApp will become the most widely used end-to-end crypto tool. As the company explained in a white paper that was released on Monday night, WhatsApp uses the Signal protocol, which was created by Moxie Marlinspike’s Open Whisper Systems, a cryptography-oriented developer firm which has already designed several free software tools to protect end users privacy.
Who Is Responsible for Mossack Fonseca Email Server Leak?
Mossack Fonseca & Co., the Panama-based law firm is in the middle of the well-known #panamapapers leak that has shocked the media this week. The global economic scandal has exposed how some publicly known personalities have hidden their transactions from offshore companies, while the law firm has blamed an unprecedented leak of over 11 million customer records on a computer hack against an email server. In the same way, they have also confirmed to the media that the firm will be taking "all necessary steps to prevent it happening again".
Rest of the Week´s News
How to Easily Bypass iPhone 6s
IPhone 6s and 6s Plus are affected by a Lockscreen Bypass vulnerability that could be exploited by attackers to access the device. The vulnerability was discovered in mid-March but the security firm Vulnerability Lab decided to disclose it last week after checking that the release of the iOS 9.3.1 version has not fixed the problem yet.
WordPress and Joomla Domains Get Hacked with Fake JQuery
According to cybersecurity firm Avast, fake jQuery injections have become a very popular attack lately. The team said a particular attack method which has surged over the past few months includes the use of a fake jQuery script injected into the head section of websites powered by the WordPress and Joomla content management systems.
UK, Concerned about the Software Updates of Its Ballistic Missiles
Given the concern about possible cyber attacks on nuclear defense infrastructure in United Kingdom and in order to prevent attacks against the country's nuclear defense cyberinfrastructure, the Ministry of Defense is going to launch a software update for its ballistic missiles Trident II D -5 which are capable of carrying up to 16 nuclear warheads. The deployment is expected to take place before 2021, with an estimated cost closer to £1.9 billion, which is more than double that amount allocated in the previous budget.