the presentation covers all the major hacks and the news in the it industry from 15 sept16 to 15 oct 2016 for null bhopal monthly meet

1. NEWS BYTES
SEPT-OCT16
CYBER-SEC ENTHUSIAST
BY-Saurabh
Chaudhary

2. MAJOR HACKS OF THE
MONTH• US SECRET DEFENCE NETWORK HACKED RESULTED IN THE DEATH OF 100
INOCENTS..!!
• YOUR IOT DEVICE MAY HAVE CONTRIBUTED IN THE BIGGEST DDos
ATTACK ..!!!!!
• EARN 50,000$ !!! YOU HEARD IT RIGHT …
• NTRIBUTED IN THE BIGGEST DDos ATTACK ..!!!!!
• DO NOT OPEN JPEG2000….!!
• 32,4000 FINANCIAL RECORD WITH CVV STOLEN ..
• WORLD'S MOST FAMOUS BITCOIN WALLET WAS BREACHED
• PLAINTEXT PASSWORDS AND COMPLETE WEB-SOURCE CODE ON
SALEEEE…

3. US AIRFORCE
HACKED 62 SYRIAN SOLDIERS, 15 CIVILIANS IN
AFGHANISTAN AND 22 SOMALI SOLDIERS
WERE REPORTEDLY KILLED BY US DRONE
STRIKES
ON 9 SEPTEMBER 2016, THE SIPRNET SYSTEM
CURRENTLY IN OPERATION AT CREECH AFB
FAILED,
 THE AIR FORCE IS INVESTIGATING THE
CONNECTION BETWEEN THE FAILURE OF ITS
CLASSIFIED NETWORK, DUBBED SIPRNET, AT
CREECH AIR FORCE BASE
 SIPRNET, OR SECRET INTERNET PROTOCOL
ROUTER NETWORK, IS A GLOBAL UNITED
STATES MILITARY INTERNET SYSTEM USED FOR
TRANSMITTING CLASSIFIED INFORMATION,

4. WORLDS LARGEST 1 TBPS DDOS
ATTACK
VICTIM-FRANCE-BASED HOSTING PROVIDER OVH
POWERED BY 1500,000 HACKED IOT DEVICE.
 ANNA-SENPAI HAS RELEASED THE SOURCE CODE FOR IOT BOTNET NAMED
MARAI…. I AM STILL WONDERING WHY THE MALWARE'S AUTHOR CHOSE TO DUMP
THE CODE ONLINE ??
THE MALWARE IS PROGRAMMED TO HIJACK CONNECTED IOT DEVICES THAT ARE
USING THE DEFAULT USERNAMES AND PASSWORDS SET BY THE FACTORY BEFORE
DEVICES ARE FIRST SHIPPED TO CUSTOMERS.
 THE ATTACK CODE HAS BUILT-IN SCANNERS THAT LOOK FOR VULNERABLE SMART
DEVICES IN HOMES AND ENROLL THEM INTO A NETWORK OF BOTNET.

5. WIN 50,000 $$$$$$$$
 non-profit research and development
organization MITRE has
challenged researchers to come up with new
ideas for detecting rogue IoT devices on a
network.
THE GOOD NEWS: YOU CAN
EARN $50,000 FOR YOUR
IDEA.
 We already have 6.5 billion to 8 billion IoT
devices connected to the Internet worldwide,
and the number is expected to reach 50
billion by 2020
 This Challenge is open FOR EVERYONE but
you have to participate in TEAM

6. YOU CAN GET HACKED BY OPENIONG JPEG
2000
RESEARCHERS HAVE DISCLOSED A CRITICAL ZERO-DAY
VULNERABILITY IN THE JPEG 2000 IMAGE FILE
DISCOVERED BY SECURITY RESEARCHERS AT CISCO TALOS GROUP,
THE ZERO-DAY FLAW, ASSIGNED AS TALOS-2016-0193/CVE-2016-
8332, COULD ALLOW AN OUT-OF-BOUND HEAP WRITE TO OCCUR
THAT TRIGGERS THE HEAP CORRUPTION AND LEADS TO ARBITRARY
CODE EXECUTION
COMPANY PATCHED THE FLAW LAST WEEK WITH THE RELEASE OF
VERSION 2.1.2.
THE VULNERABILITY HAS BEEN ASSIGNED A CVSS SCORE OF 7.5,
CATEGORIZING IT AS A HIGH-SEVERITY BUG.

7. 324,000 FINANCIAL RECORDS WITH CVV
NUMBERS STOLEN FROM A PAYMENT
GATEWAY
 VICTIM- BLUESNAP
 AROUND 324,000 USERS HAVE LIKELY HAD
THEIR PAYMENT RECORDS STOLEN EITHER
FROM PAYMENT PROCESSOR BLUESNAP OR
ITS CUSTOMER REGPACK
 WHO SO EVER DID THIS IS NOT CLEAR BUT
THE STOLEN DATA IS FLOATING AROUND
THE WEB
 ALTHOUGH THE PAYMENT DATA DOES NOT
CONTAIN FULL CREDIT CARD NUMBER BUT
IT HAS EMAIL ADDRESSES, PHYSICAL
ADDRESSES, PHONE NUMBERS, IP
ADDRESSES, LAST FOUR DIGITS OF CREDIT
CARD NUMBERS, EVEN CVV CODES
NUMBERS WHICH IS ENOUGH FOR A

8. MASSIVE DATA BREACH EXPOSES 6.6
MILLION PLAINTEXT PASSWORDS FROM AD
COMPANY
VICTIM- CLIXSENSE
THE DATA BREACH HAS EXPOSED PLAINTEXT
PASSWORDS, USERNAMES,
EMAIL ADDRESSES, AND A LARGE TROVE OF OTHER
PERSONAL INFORMATION OF MORE THAN 6.6 M
CLIXSENSE USERS.
 LATEST VICTIM TO JOIN THE LIST OF "MEGA-BREACHES"
REVEALED IN RECENT MONTHS,
INCLUDING LINKEDIN,MYSPACE, VK.COM, TUMBLR,
AND DROPBOX.
MORE THAN 2.2 MILLION DATA POSTED ON PASTEBIN
OVER THE WEEKEND. ANOTHER 4.4 MILLION ACCOUNTS
UP FOR SALE.
CLIXSENSE ADMITTED THE DATA BREACH AND SAID
Another Day, Another Data Breach!

9. BLOCKCHAIN.INFO DOMAIN HIJACKED; SITE
GOES DOWN; 8 MILLION BITCOIN WALLETS
INACCESSIBLE
 BLOCKCHAIN.INFO, THE WORLD'S MOST
POPULAR BITCOIN WALLET AND BLOCK
EXPLORER SERVICE, HAS BEEN DOWN
FROM LAST FEW HOURS, AND IT'S BELIEVED
THAT A POSSIBLE CYBER ATTACK HAS
DISRUPTED THE SITE.
 WITH MORE THAN 8 MILLION DIGITAL
WALLET CUSTOMERS, BLOCKCHAIN IS USERS'
FAVORITE DESTINATION TO SEE RECENT
TRANSACTIONS, STATS ON MINED BLOCKS
AND BITCOIN ECONOMY CHARTS.
 SINCE ITS DNS SERVER HAS BEEN HIJACKED,
IT COULD BE POSSIBLE THAT AN ATTACKER
CAN HOST A FAKE WEB PAGE ON THE SAME
DOMAIN IN AN EFFORT TO STEAL YOUR
BITCOIN WALLET CREDENTIALS.

10. MP-ONLINE
HACKED
 THE COUNCELLING OF PRIVATE MEDICAL
COLLEGE WAS AFFACTED
 ALL THE DETA REGUARDING THE
STUDENTS WERE GONE
 THE SITE WHICH WAS FACILITATING ADMISSION TO MEDICAL COLLEGE
WAS HACKED .
 AT MIDNIGHT STUDENTS GOT DEADLINE SMS FROM (DME )TO PRESENT
PHYSICALY AT (GMC) IN THE NEXT 8 HOURS WITH ALL THEIR DOCUMENTS.

11. MP-ONLINE HACKED

12. REFERENCE
• The times of india
• www.thehackersnews.com
• www.twiter.com
• www.news.ycombinator.com

13. THANK YOU VERY MUCH
FOR YOUR TIME