The Australian Bureau of Statistics suffered four attacks during the week in the process of her five-yearly census. The census website was taken offline overnight on Tuesday.
The Bureau in a statement on their website mentioned that they took an abundance of caution by closing down the online Census form to protect data already submitted and the system from further incidents and minimize disruption on the Australian public of an unreliable service. They also confirmed that the disruption was not a hack and no data was compromised.
The attack is suspected to be launched from overseas and the site will be restored as soon as the necessary defenses are effected.
A data breach of Ubuntu forum database has exposed two million usernames, email addresses and IPs to hackers. The hack was confirmed by Ubuntu Linux developer, Canonical. The forum was shut down and all system and database passwords were reset as a precautionary measure.
The breach is reported to be an exploitation of a known SQl injection vulnerability in the Forumrunner add-on on the forum which wasn’t patched. A part of the statement from Canonical reads, “The attacker had the ability to inject certain formatted SQL to the Forums database on the Forums database servers. This gave them the ability to read from any table but we believe they only ever read from the ‘user’ table,”
Infosecurity Magazine reports that Canonical has wiped and rebuilt the servers that were affected and patched it to the latest release and have also added a web application firewall to improve their security.
A free gambling app, Black Jack which has been downloaded by as many as 5,000 users from Google Play Store has been found to be a banking Trojan, reports HELPNETSECURITY .
The App’s main goal is to steal users’ personal and banking information and login credentials to a handful of popular online services and social networks by presenting fake pop-up windows to users containing forms to be filled with credentials.
The app was also found to contain a variant of the Acecard malware family which has the ability of intercepting and sending sms messages, forwarding phone calls, locking the device screen and wiping all user data from the device.
It also attempts to download another app name Play Store Update (cosmetiq.fl).
Lookout researchers who uncovered this malware have advised users who downloaded Black Jack to uninstall it as well as the cosmetiq.fl app and change their online accounts passwords immediately.
Hackers are using the popular jQuery library to inject malicious code into websites powered by WordPress and Joomla. It’s a fairly widespread issue: Since November 2015, Avast has registered more than 4.5 million users who encountered the infection.
Malicious code was found in almost 70 million unique files on hacked websites.
According to Avast researcher Alexej Savcin fake jQuery injections have been very popular among hackers, because jQuery itself is popular.
Despite risk awareness, many businesses are ignoring critical cyber-issues. Case in point: Although 83% of IT staff highlight email as a common attack vector, one out of 10 reports not having any kind of email security training in place.
That’s according to Mimecast’s Email Security Uncovered global research study, which also shows that while 64% regard email as a major cybersecurity threat to their business, 65% also feel ill-equipped or too out of date to reasonably defend against email-based attacks. One-third of respondents also believe email is more vulnerable today than it was five years ago. Continue reading