This Week in Cyber Security News, Aug 14 - 20, 2018

This Week in Cyber Security News, Aug 14 – 20, 2018

Cyber Security News highlights this week

  • Hackers stole Rs 94 crore ($13.5 million) from the Cosmos Bank in just 2 days.
  • New PHP Code Execution Attack Puts WordPress Sites at Risk.
  • Phishers have found a new way to bypass Microsoft Office 365 protections.
  • Former Microsoft network engineer has been sentenced in prison for 18 months for role in Reveton Ransomware.
  • A new zero-day Flaw used by a North Korean cyber-criminals gang called Darkhotel to compromise vulnerable systems.
  • A 16-Year old teenager from Melbourne, Australia hacked Apple servers and stolen 90GB of secure files.
  • Phishing attack on Augusta University Health led to the exposure of medical and personal information on about 400K persons.
  • A new dangerous Android malware that contains the functionalities of call forwarding, audio recording, keylogging and Ransomware Activities.

In-Short Overview:

Hackers stole Rs 94 crore ($13.5 Million) from one of the largest Indian co-operative Cosmos banks. In two days, hackers withdrew a total Rs 78 crore from various ATMs in 28 countries, including Canada, Hong Kong and a few ATMs in India, and another Rs 2.5 crore was taken out within India.

Read More: Hackers stole Rs 94 crore ($13.5 million) in just in 2 days (Security Affairs, 17 Aug 2018)

A security researcher from Secarma, has discovered a new exploitation technique that could make easy for hackers to trigger critical deserialization vulnerabilities in PHP programming language.

Read More: New PHP code execution attack puts WordPress sites at risk (The Hacker News, Aug 16, 2018)

Security researchers revealed that Over 10% of Office 365 users have been affected in the last two weeks by a phishing attack named PhishPoint. Cybercriminals and email scammers are using this new phishing attack to bypass the Advanced Threat Protection (ATP) mechanism implemented by Microsoft 365.

Read More: New phishing attack PhishPoint used to bypass Microsoft Office 365 security (Latest Hacking News, Aug 17, 2018)

A former Microsoft network engineer who was charged in April this year has now been sentenced to 18 months in prison for the role in Reveton Ransomware.

Read More: Former Microsoft engineer sent behind bars for role in ransomware extortion scheme (ZDNet, Aug 15, 2018)

According to Security Researchers, A new zero-day spotted in July by the North Korean cybercriminal gang called “Darkhotel”, which helped to exploit the code execution vulnerability in Windows VBScript Engine.

Read More: A new zero-day Flaw used by North Korean cyber criminals gang called Darkhotel (GbHackers, Aug 20, 2018)

A 16-year-old high school student from Melbourne, Australia hacked Apple server, Apple servers are widely believed to be unhackable. He downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts. He stored everything in a folder called “hacky hack hack”.

Read More: A 16-Year old teen hacked Apple server and stole 90GB of secure files (BGR, Aug 16, 2018)

A phishing attack aimed at the email accounts of 24 university faculty and administrators at Augusta University Health led to the exposure of medical and personal information on about 417,000 individuals.

Read More: Phishing attack on Augusta University Health led to the exposure of medical and personal information on about 400K persons (SC Magazine, Aug 17, 2018)

A dangerous Android Malware, that has the functionalities of Banking Trojan, call forwarding, audio recording, keylogging and Ransomware Activities. The malware targeted the popular banking apps such as HFC, ICICI, SBI, Axis Bank and other E-Wallets.

Read More: A new Android malware contains the functionalities of call forwarding, audio recording, keylogging and Ransomware Activities(GB Hackers, Aug 19, 2018)