CyberSecurity Pulse 2016-04-07

CyberSecurity Pulse 2016-04-07

"The best way to have a good idea is to have lots of ideas"
Louis Pasteur (1822 – 1895) – French chemist and microbiologist

Analyst Insight

The Risks of Major Data Breaches: Almost 50 Million Turkish Citizens Exposed

On April 3 2016 a database associated with the Central Population Management System (MERNIS, for its acronym in Turkish) of the Turkish Ministry of Interior containing 49,611,709 records relating to Turkish citizens public was leaked. Amongst the filtered registries, the information included the identification number, citizens' names in ASCII characters, their parents' name, city and date of birth, sex, and complete mailing addresses (including city, district, street and door).

CyberSecurity Pulse 2016-04-07Even when usernames and passwords are not part of the leak, the real life information found in major data breaches can be exploited in credential-theft scenarios by constructing new IDs and trying to guess access tokens exploiting password-recovery processes. In the case of certain advanced spear phishing attacks this data can help malicious individuals to build detailed profiles of each potential victim, including well-known personalities in the politics and social life.

At the same time, the exposure of such personal information can be used in practice for the impersonation of Turkish citizens or even document forgery making use of the specific details of personal identification numbers and residential addresses which are not supposed to be in the public domain. Because of this, the sensitivity of the leak will be increased whenever any web platform is set up to provide the information in a structured way using search interfaces to use it online, a scenario that cannot be discarded given the ease of processing each delimited field in the the leak.

Top Stories

WhatsApp Activates End-to-end Encryption for One Billion Users

CyberSecurity Pulse 2016-04-07WhatsApp has enabled end-to-end encryption across all versions of its messaging and voice calling software, according to a Tuesday announcement on the company's website, significant news taking into account that with this movement WhatsApp will become the most widely used end-to-end crypto tool. As the company explained in a white paper that was released on Monday night, WhatsApp uses the Signal protocol, which was created by Moxie Marlinspike’s Open Whisper Systems, a cryptography-oriented developer firm which has already designed several free software tools to protect end users privacy.

» More information by WhatsApp

Who Is Responsible for Mossack Fonseca Email Server Leak?

CyberSecurity Pulse 2016-04-07Mossack Fonseca & Co., the Panama-based law firm is in the middle of the well-known #panamapapers leak that has shocked the media this week. The global economic scandal has exposed how some publicly known personalities have hidden their transactions from offshore companies, while the law firm has blamed an unprecedented leak of over 11 million customer records on a computer hack against an email server. In the same way, they have also confirmed to the media that the firm will be taking "all necessary steps to prevent it happening again".

» More information at International Business Times UK

Rest of the Week´s News

How to Easily Bypass iPhone 6s

IPhone 6s and 6s Plus are affected by a Lockscreen Bypass vulnerability that could be exploited by attackers to access the device. The vulnerability was discovered in mid-March but the security firm Vulnerability Lab decided to disclose it last week after checking that the release of the iOS 9.3.1 version has not fixed the problem yet.

» More information at Security Affairs

WordPress and Joomla Domains Get Hacked with Fake JQuery

According to cybersecurity firm Avast, fake jQuery injections have become a very popular attack lately. The team said a particular attack method which has surged over the past few months includes the use of a fake jQuery script injected into the head section of websites powered by the WordPress and Joomla content management systems.

» More information at Avast Software

UK, Concerned about the Software Updates of Its Ballistic Missiles

Given the concern about possible cyber attacks on nuclear defense infrastructure in United Kingdom and in order to prevent attacks against the country's nuclear defense cyberinfrastructure, the Ministry of Defense is going to launch a software update for its ballistic missiles Trident II D -5 which are capable of carrying up to 16 nuclear warheads. The deployment is expected to take place before 2021, with an estimated cost closer to £1.9 billion, which is more than double that amount allocated in the previous budget.

» More information at ArsTechnica UK

Further Reading

Hack the Pentagon: First US Government Bug Bounty Programme

» More information at ZDNet

Facebook Uses Artificial Intelligence to Describe Photos to Blind Users

» More information at The Hacker News

How to Look After Your Digital Wallets?

» More information at Ars Technica UK