Nishit Darade

Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens

September 25, 2018 by Nishit Darade Leave a Comment

Ransomware Attack Takes Down Bristol Airport’s Flight Display Screens
– Wang Wei

A Ransomware attack on Bristol airport took out couple computer over the airport network and arrival departure display screens on the airport. This attack took the airport by storm and it took two days to restore the system to normal and in the mean time they were using paper board and manual check-in methods. This attack delayed check-in’s and baggage handling but didn’t delay any flights.

I am surprised that such an important place was compromised and it took airport back old-fashioned techniques to report data to people. I hope major airports have looked at this incident and taken appropriate security precautions. I hope hackers don’t get to the planes next and try to harm safety of people flying in the plane.

Link: https://thehackernews.com/2018/09/cyberattack-bristol-airport.html

Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs

September 19, 2018 by Nishit Darade 1 Comment

Beware! Unpatched Safari Browser Hack Lets Attackers Spoof URLs

– Swati Khandelwal

The phishing attacks today are sophisticated and increasingly more difficult to spot, and this newly discovered vulnerability takes it to another level that can bypass basic indicators like URL and SSL, which are the first things a user checks to determine if a website is fake.

Vulnerability (CVE-2018-8383) is due to a race condition type issue caused by the web browser allowing JavaScript to update the page address in the URL bar while the page is loading. This vulnerability could essentially allow an attacker to load a legitimate page which would cause the page address to be displayed in the URL bar, and then quickly replace the code in the web page with a malicious one.

The URL below has a POC video for the vulnerability. Please do look.

Link: https://thehackernews.com/2018/09/browser-address-spoofing-vulnerability.html

British Airways Hacked – 380,000 Payment Cards Compromised

September 12, 2018 by Nishit Darade 1 Comment

British Airways, who describes itself as “The World’s Favorite Airline,” has confirmed a data breach that exposed personal details and credit-card numbers of up to 380,000 customers and lasted for more than two weeks.

The airline advised customers who made bookings during that 15 days period and believe they may have been affected by this incident to “contact their banks or credit card providers and follow their recommended advice.”

The company also said that saved cards on its website and mobile app are not compromised in the breach. Only cards that have been used by users to make booking payments during the affected period are stolen.

https://thehackernews.com/2018/09/british-airways-data-breach.html

Someone Hijacked MEGA Chrome Extension to Steal Users’ Passwords

September 12, 2018 by Nishit Darade Leave a Comment

The official Chrome extension for the MEGA.nz cloud storage service had been compromised and replaced with a malicious version that can steal users’ credentials for popular websites like Amazon, Microsoft, Github, and Google, as well as private keys for users’ cryptocurrency wallets.

On 4 September at 14:30 UTC, an unknown attacker managed to hack into MEGA’s Google Chrome web store account and upload a malicious version 3.39.4 of an extension to the web store, according to a blog post published by the company.

Four hours after the security breach, the company learned of the incident and updated the extension with a clean MEGA version (3.39.5), auto-updating all the affected installations. Google also removed the MEGA extension from its Chrome Web Store five hours after the breach.

https://thehackernews.com/2018/09/mac-adware-removal-tool.html