North Korea Is Behind Sony Pictures Hack, Says FBI

North Korea Behind Sony Picture Hack

Why blame North Korea?

A North Korean spokesman called the movie- The Interview, a ‘blatant act of terrorism and war,’ leading to initial speculation that the country was behind the attack on Sony. Further to this, U.S. official said that the unprecedented hack of Sony Pictures is linked to North Korea and it has been the most damaging cyber-attack ever imposed on an American business. Analyst at research firm Gartner say, the attack is possibly the costliest ever for a U.S. company and there has not been any attack like this in the annals of U.S. breach history.

The attackers not only hacked terabytes of data that included personal emails from top executives and celebrities, but also personal information of employees. In addition, intellectual property ranging from unreleased movies, to scripts of upcoming potential blockbusters, which was also made available for download on the internet. Sony said the reason behind this attack is the Sony-produced comedy movie “The Interview” a fictional comedy about tabloid journalists who plot to kill North Korea’s Dictator Kim Jong Un.

The Guardians of Peace hacker group claiming responsibility for the hack had threatened violence against theaters showing the movie. Hacker group also said that they would generate a 9/11-style attack against the premiere and theaters showing the movie.  Further to this, Sony’s announcement came after discussions with major multiplex chains in North America to pull screenings of the movie.

But is North Korea really behind this hack? If not, then why is the US government blaming North Korea? As of now all these questions are unanswered and so far, the main purpose behind the Sony Pictures hack appears to be destruction of information and reputation.

So, how much the cyber-attack will ultimately cost Sony is unclear. However, Sony possibly faces losses of tens of millions of dollars by vanishing the box-office revenue from the movie and from a class-action lawsuit by ex-employees angry over leaked Social Security numbers and other personal information.

But, was this the first time Sony has been brought to its knees by a hacker group? No, in 2011 too hackers took down Sony’s PlayStation Network for 23 days that affected 77 million customers.

Experts say negligent Internet security practices inside Sony such as using easy-to-guess passwords, pasting passwords into emails, and failing to encrypt sensitive materials such as salary and revenue figures of employees and other sensitive document lead to this hack. Experts also add that such disorganized and negligent Internet security practices are common across corporate America.

Moreover, we have seen such attacks in the past as well; consider Home Depot, where hackers stole 56 million credit and debit card numbers or Target, where hackers stole 40 million credit and debit card numbers. This indicates that cybercriminals will always work to defeat security measures, and they have already done so, but, its high time companies realize that best security practices should be followed so that confidential customers and employees information is not at stake.

About eScan: eScan, one of the leading Anti-Virus & Content Security solutions for Desktops & Servers is developed and marketed by MicroWorld. It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provides protection from current threats, but also provides proactive protection against evolving threats.

Connect with us on Facebook, LinkedIn, Twitter, Google Plus

Posted in eScan 11, eScan 14, Security | Tagged , , , , , , | Leave a comment

Beware! Hackers Can Gain Access To Your System

In this age of modern technology, new and improved software/applications and operating systems (OS) based on new technology has been evolved. These new software/applications may have loopholes or vulnerability which can be harmful for our computer system.

Hackers Can Gain Access To Your System

The US-CERT Cyber Security Bulletin provides a summary of latest vulnerabilities that have been recorded by its research department for the Week of December 8, 2014

The National Institute of Standards and Technology (NIST) have found vulnerabilities that can make a system prone to malware attacks and unauthorized access.

Common vulnerabilities and their impact recorded by the National Institute of Standards and Technology (NIST) National Vulnerability Database (NVD) in the past week are:

  • Adobe Flash Player vulnerability before 13.0.0.259 and 14.x through 16.x before 16.0.0.235 on Windows and OS X and before 11.2.202.425 on Linux allows remote attackers to bypass the Same Origin Policy via unspecified vectors. Find out other vulnerable versions from here: http://1.usa.gov/1sz8K1V
  • Integer overflow vulnerability in Adobe Reader and Acrobat 10.x before 10.1.13 and 11.x before 11.0.10 on Windows and OS X allows attackers to execute arbitrary code via unspecified vectors. Find out the other vulnerable versions from here: http://1.usa.gov/1vV7AZ3
  • Vulnerability in GNU binutils 2.24 and earlier allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code via crafted section group headers in an ELF file. Find out other vulnerable versions from here: http://1.usa.gov/1uN3d1X
  • Microsoft Internet Explorer 11 vulnerability allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a malicious website.Find out other vulnerable versions from here: http://1.usa.gov/1DFPhkx
  • Use-after-free vulnerability in Microsoft Office 2010 SP2, Office 2013 Gold and SP1, allows remote attackers to execute malicious code through an infected office document. Find out other vulnerable versions and its details from here: http://1.usa.gov/1yV4XZj
  • WebKit vulnerability in Apple Safari before 6.2.1, 7.x before 7.1.1, and 8.x before 8.0.1, allows hackers to execute malicious code or cause a denial of service (memory corruption and application crash) via an infected website. Find out other vulnerable versions from here: http://1.usa.gov/1yV5oTp

There are many such vulnerable software ranked in the division of high, medium, and low severities.

To know more about these vulnerable software and the affected versions read the US-CERT Cyber Security Bulletin from here: http://1.usa.gov/1A3fqpt

Posted in eScan 11, eScan 14, Security | Tagged , , , , | Leave a comment

Are Smartwatches Threat To Our Privacy And Security?

smartwatches-samsung-qualcomm-sony-640x353

In this digital world, it has become even more crucial to be worried about our personal privacy and security, especially when it comes to smart devices and electronics. It is true that smart devices make our lives very simple and easy, but these devices also pose threat to our important and personal data.

We store a lot of sensitive data on our Smartphones and Tablets, which we carry everywhere with us. As these devices are most of the time connected to the internet, it can cause serious security and privacy issues. All the apps on our Smartphones today access almost all the information available on it. Be it Facebook, Twitter, Google or others – all of them collect lots of personal data, which are then used across various platforms, causing serious issues when it comes to privacy.

After Desktops, Laptops, Tablets & Smartphones, it’s time for Smartwatches, which will now be worn by many and used in a similar way as a Smartphone. Apart from being convenient, Smartwatches can also expose us to a whole new kind of security threat and make our sensitive information wide open to hackers. As these smart devices inter-operate with our phones, if hacked, it could allow attackers to access all our data available on our phones.

Moreover, recently, security researchers have found out that the data sent between a Smartwatch and an Android Smartphone is not secure and that attackers can easily monitor the data being transferred through brute force attack.

How does attackers hack Smartwatches?

Bluetooth connection:
The Bluetooth communication between most Smartwatches and Android devices for the purpose of transferring data, depend on a six-digit PIN code, which can be easily brute-forced by hackers to access our data.

On-Watch Software and Apps:
Some Smartwatches, like Pebble 2.0, requires you to download apps from its own app store. However, to use these apps on your Smartwatch, you must provide your username and password. And if at all these apps get hacked, which is quite possible, then it can put your account credentials in danger.

So, Is It Safe?
Any connected device is going to have security and privacy risks associated with it. Smartwatches do not have pins, passwords, biometric readers, or any other kind of screen lock. Be careful where you leave your watch when you are not wearing it.  Even if they are connected with our Smartphones or not, they will at some point be used to store or come in contact with sensitive personal information. Hence, always use security measures to protect yourself across devices. Ultimately, it is up to you to keep yourself secure.

How to be protected?

  • Researchers say; to be protected from such attacks, use Near Field Communication (NFC) that allows you to safely transmit a PIN code to compatible Smartwatches when pairing with Blootooth.
  • To enhance Bluetooth Security and have a secure pairing mechanism, augmenting Bluetooth encryption with a second layer of encryption is required. Augmentation will add more robustness and ensure increased security, as the attacker will be able to observe the number of sessions, but he will not be able to guess the number of transactions between the two devices.
  • Another option for secure transfers is to use original equipment manufacturers (OEMs) by Google as an alternative to make secure data transfers between devices.

About eScan: eScan, one of the leading Anti-Virus & Content Security solutions for Desktops & Servers is developed and marketed by MicroWorld. It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provides protection from current threats, but also provides proactive protection against evolving threats.

Connect with us on Facebook, LinkedIn, Twitter, Google Plus

Posted in eScan 11, eScan 14, Security | Tagged , , , , , , , , | Leave a comment

What Annoys You Most About Android 5.0 Lollipop?

Android 5.0 Lollipop bugs

Android 5.0 Lollipop came with new and improved features for users. Many Android users upgraded to Android 5.0 to experience the change. Its all new Material Design, its enhanced notification system that made it easier than ever to keep track of things, its smart lock and app pinning feature along with other features made this a complete package.

But, along with all the great things about Android 5.0 Lollipop, users experienced few bugs and issues too.

  • Some Android 5.0 users complained about dropped internet connections, while others were unable to get online at all and some users reported about Wi-Fi connectivity issues as well.
  • Based on user reviews, battery problems appeared to be even more common than Wi-Fi ones.
  • Several Android 5.0 Lollipop users reported about performance issue. Users said that device crashes at random times.
  • Most common was video playback on the 2013 Nexus 7, users also complained that Lollipop is unable to find the video player software when they want to watch a video clip.
  • Apart from the above, memory leakage problem on Galaxy S5 and Nexus 5 running Android 5.0 Lollipop was encountered by few users. Wherein, they were unable to use the full memory, which further offered relatively less memory for users to use.
  • Many users also complained that Google Chrome and Hangouts crashed a couple of times.

Here is how most of the above can be resolved?

  • If you are facing problems with Wi-Fi channel, they must try reconnecting it. Moreover, changing the Wi-Fi channel can also improve performance.
  • If battery issue is more prominent in your device, then you can also try uninstalling specific apps which are not in use. Apart from this, factory reset option can also be useful. Additionally, Google has already pushed out an update to fix the battery life issue. So insure that your version is up to date.
  • If you are unable to play videos on your device after upgrading to Android 5.0 Lollipop, then clearing the cache, resetting your device to enabled then disable NuPlayer can help.
  • If some of your applications are experiencing random force closes, then rebooting your device and getting the latest update of those applications can be helpful.

About eScan: eScan, one of the leading Anti-Virus & Content Security solutions for Desktops & Servers is developed and marketed by MicroWorld. It is powered by innovative and futuristic technologies, such as MWL Technology, DIRC Technology, NILP Technology, and sophisticated Anti-Virus Heuristic Algorithms that not only provides protection from current threats, but also provides proactive protection against evolving threats.

Connect with us on Facebook, LinkedIn, Twitter, Google Plus

Posted in eScan 11, eScan 14, Security | Tagged , , , | Leave a comment