LINK THE WORLD

Cyber criminals launched a sophisticated cyber heist that compromised the entire DNS infrastructure of a major Brazilian Bank. A cyber criminal organization took over online service of a major Brazilian bank for five hours. The hackers compromised the bank DNS system and intercepted all the connections to the financial institution. According to Kaspersky Lab who investigated the incident, the attack was very sophisticated, attackers used a valid SSL digital certificates and Google Cloud to support the phony bank infrastructure. Kaspersky Lab did not disclose the name of the bank that was victim of the attack.Crooks compromised 36 domains belonging to the bank, including internal email and FTP servers. The hackers took control of the bank’s DNS account after they have compromised the bank’s Domain Name Service (DNS) provider Registro.br. It is still unclear how hackers compromised the DNS provider, but the experts believe the cyber attacks began at least five months

Facebook has fixed a serious security bug that could have been exploited by hackers to delete any video shared by anyone on their wall. A new bug was discovered in the Facebook platform by the security researcher Dan Melamed, the flaw could be exploited to delete any video shared by anyone on their wall. Dan Melamed explained that a similar issue was discovered in June 2016 by the Indian security researcher Pranav Hivarekar who demonstrated that was able to delete any video by exploiting a security issue that exits  in the recently introduced video comment feature. The new but discovered by Melamed allowed him to delete any video on Facebook shared by anyone without having any permission or authentication. The expert also discovered that was possible to disable commenting on the video of your choice. “Back in June of last  year  I discovered a critical vulnerability that allows me to remotely delete any video on Facebook. In addition, I also had the ability to disable co

Japan plan to develop a hack proof satellite system to protect transmissions between satellites and ground stations with a dynamic encryption of data. Japan’s Internal Affairs and Communications Ministry plans to develop a communications system to protect satellites from cyber attacks. The hack proof satellite system will protect transmissions between satellites and ground stations implementing a dynamic encryption of data. “With the proposed plan, the government aims to establish a secure communications network that is unique to Japan, for domestic security purposes and to spur investment in the private-sector aerospace industry.” reported the Water town Daily Times. The ambitious project of a hack proof satellite system is led by the National Institute of Information and Communications Technology under the jurisdiction of the ministry, it will involve government, industry and academic institutions. The goal is to propose the system for commercial purposes in five to 10

A single picture could have been used by attackers to hack the popular secure messaging applications WhatsApp and Telegram. Security experts from checkpoint have discovered a vulnerability that was present in both messaging services. The hack only affected the browser-based versions of both WhatsApp and Telegram. The flaw affected the way both apps process images and multimedia files, in both cases they lack verifying the presence of malicious code inside the media files. This flaw, if exploited, would have allowed hackers to take over victims’accounts on any browser. The attackers would have exploited the issue to access victims’ personal and group conversations, videos, photos, and other shared files, contact lists, and much more. The attack starts by sending an image containing a hidden malicious code, the flaw is triggered when the victim clicks on the picture. “The exploitation of this vulnerability starts with the attacker sending an innocent looking file to the

Chinese scammers are deploying rogue cellphone towers to spread the Android Swearing Trojan via malicious URL in SMS messages. Chinese scammers are deploying fake mobile base stations to spread the Android Swearing Trojan in text messages. The attackers have improved the well-known Smishing attack using rogue cell phone towers as the attack vector and distribute the Android banking malware via spoofed SMS messages. The rogue Cellphone towers send SMS messages include a malicious URL purport to be from China Telecom or China Unicom. According to the experts from Check Point, China’s Tencent has also observed a more conventional malware dropper in infected applications. With this technique, the scammers avoid being caught by the control implemented by carriers. The Swearing Trojan is quite similar to other banking trojan, it is able to steal user data and it can bypass 2-factory authentication (2FA) security. It is able to intercept the one-time code sent to the user v

The source code for a new banking Trojan dubbed Nuclear Bot was leaked online, experts speculate a rapid diffusion of the threat in the wild . The source code for a new banking Trojan, dubbed Nuclear Bot, is available for sale in the cyber criminal   underground.The Nuclear Bot banking Trojan first appeared in the cybercrime forums in early December when it was offered for $2,500. The malicious code implements features commonly seen in banking Trojans, it is able to inject code in Mozilla Firefox, Internet Explorer and Google Chrome browsers and steal sentitive data provided by the users. “In early December 2016, IBM X-Force researchers noticed the emergence of a new banking malware advertised for sale in a few underground boards.” reads a blogspot published by IBM researchers who are following the evolution of the threat. “The malware’s vendor, who went by the online moniker Gosya, was a Russian-speaking member who introduced himself as the developer of Nuclear Bot, or nukeb