Personal Details of 2000 Expatriates Living in Southern Thailand have been Leaked

The personal details of 2000 of foreign nationals living in southern Thailand have been found freely available online. On Sunday, Former Thailand-based journalist Andrew MacGregor Marshall, now resident in Scotland, highlighted the apparent data leak via Facebook.

The web site, lacking password protection against public access displayed an interactive map of much of southern Thailand – stretching from Chumphon to Yala and Narathiwat, and including expat-favoured provinces such as Phuket and Koh Samui’s Surat Thani.

The database appeared online containing the names, addresses, professions and passport numbers of more than 2,000 foreigners living in Thailand’s southern provinces.

The leak comes as the junta-ruled nation pushes ahead with a much publicized crackdown against foreign visa overstayers and criminals, with immigration police adopting the official slogan “Good guys in, bad guys out.”

Thai Netizens, a digital advocacy group, tracked down the website’s owner, a developer called Akram Aleeming, public access to the site ceased a few hours after Marshall’s first post.

Youngcyber’s owner Akram Aleeming claimed on Facebook, in response to criticism of the apparent poor approach to data protection, that he had taken it offline at around 2am. 

He claimed that the site was an ‘internal system’ used for testing data and demonstrating the system’s functionality to immigration authorities.

Bangladesh Central Bank SWIFT software compromised

In February, unknown hackers broke into the Bangladesh Central Bank and almost got away with just shy of $1 billion, bank had no firewall and was using a second-hand $10 network when it was hacked.

British defense contractor BAE Systems has also shown that the SWIFT software used to make payments was compromised, enabling the hackers to send money around the world without leaving any trace in Bangladesh.

The SWIFT organization is owned by 3,000 financial companies and operates a network for sending financial transactions between financial institutions. 

Institutions using the network must have existing banking relationships; SWIFT transactions do not actually send money but instead send payment orders that must then be settled by having the institutions involved moving money between accounts.

The technical details of the attack have yet to be made public, BAE identified tools uploaded to online malware repositories that we believe are linked to the heist. 

The custom malware was submitted by a user in Bangladesh, and contains sophisticated functionality for interacting with local SWIFT Alliance Access software running in the victim infrastructure.

This malware appears to be just part of a wider attack toolkit, and would have been used to cover the attackers’ tracks as they sent forged payment instructions to make the transfers. 

This would have hampered the detection and response to the attack, giving more time for the subsequent money laundering to take place. 

Airtel Secretly Injecting Scripts Into Their User’s Web Browser?

Indian multinational telecommunications service Airtel being accused of secretly injecting Javascripts, and iframes into the web browser in order to alter the browsing experience. 

Mr.Thejesh GN was published his findings on GitHub, the iframe tries to insert a toolbar into the browsing experience and that the parent URL of both the iframe and Javascript belongs to Bharti Airtel Bangalore.

 This injection of scripts without user consent is a highly unethical thing. According to a GitHub thread, Airtel is also inserting iframe into the browser forcibly. As reported on the GitHub Thread, the inserted iframe tries to insert a toolbar into the browsing session.

We were certainly not expecting an ISP like Airtel to come to this for collecting user data from the browser. Getting user data is like hitting a gold mine these days. Internet companies, ad companies, and intelligence agencies are willing to pay any price for getting such personal info.

If it is proved that Airtel is doing this purposely then it can soon land up in the court of law.

Airtel has already been condemned nation-wide for violating net neutrality via its Airtel Zero platform, and it certainly won’t be in the best interest of the company to do such a malicious thing.

It looks like even Vodafone has been accused of doing the same. One of our readers, Dayson Pais pointed us out on Facebook that Vodafone does this when user is connected through USB dongle. He also showed us a screenshot of the same.

Airtel company’s statement “Our customers have frequently asked us for ways of easily keeping a track of their data consumption – specifically dongle and broadband users, who unlike mobile users, cannot receive real-time alerts on their usage.”

Zero Day Flaw in Linux Kernal, Millions of Linux Servers Affected

Recently Perception Point Research team was identified a zero-day local privilege escalation vulnerability in the Linux kernel,the vulnerability has existed since 2012.

This vulnerability has implications for approximately tens of millions of 32-bit and 64-bit using Linux PCs and servers.

The most bothersome part is that the problem affects Android versions KitKat and higher, which means about 66 percent of all Android devices are also exposed to the serious Linux kernel flaw.

The vulnerability affects any Linux Kernel version 3.8 and higher.  SMEP & SMAP will make it difficult to exploit as well as SELinux on android devices. 

list of affected Linux distros:

Red Hat Enterprise Linux 7
CentOS Linux 7
Scientific Linux 7
Debian Linux stable 8.x (jessie)
Debian Linux testing 9.x (stretch)
SUSE Linux Enterprise Desktop 12
SUSE Linux Enterprise Desktop 12 SP1
SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 SP1
SUSE Linux Enterprise Workstation Extension 12
SUSE Linux Enterprise Workstation Extension 12 SP1
Ubuntu Linux 14.04 LTS (Trusty Tahr)
Ubuntu Linux 15.04 (Vivid Vervet)
Ubuntu Linux 15.10 (Wily Werewolf)
Opensuse Linux LEAP and version 13.2

How to fix it on Linux?

Type the commands as per your Linux distro. You need to reboot the box. Before you apply patch, note down your current kernel version:

$ uname -a
$ uname -mrs

Sample outputs:

Linux 3.13.0-74-generic x86_64

Debian or Ubuntu Linux
$ sudo apt-get update && sudo apt-get upgrade && apt-get dist-upgrade

Sample outputs:

Reading package lists… Done
Building dependency tree
Reading state information… Done
Calculating upgrade… Done
The following packages were automatically installed and are no longer required:
  git-man liberror-perl
Use ‘apt-get autoremove’ to remove them.
The following NEW packages will be installed:
  linux-headers-3.13.0-76 linux-headers-3.13.0-76-generic
  linux-image-3.13.0-76-generic linux-image-extra-3.13.0-76-generic
The following packages will be upgraded:
  linux-generic linux-headers-generic linux-image-generic
3 upgraded, 4 newly installed, 0 to remove and 0 not upgraded.
Need to get 61.6 MB of archives.
After this operation, 271 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 trusty-security/main linux-image-3.13.0-76-generic amd64 3.13.0-76.120 [15.2 MB]
Get:2 trusty-security/main linux-image-extra-3.13.0-76-generic amd64 3.13.0-76.120 [36.8 MB]
Get:3 trusty-security/main linux-generic amd64 [1,780 B]

Setting up linux-image-extra-3.13.0-76-generic (3.13.0-76.120) …
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 3.13.0-76-generic /boot/vmlinuz-3.13.0-76-generic
run-parts: executing /etc/kernel/postinst.d/dkms 3.13.0-76-generic /boot/vmlinuz-3.13.0-76-generic
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 3.13.0-76-generic /boot/vmlinuz-3.13.0-76-generic
update-initramfs: Generating /boot/initrd.img-3.13.0-76-generic
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 3.13.0-76-generic /boot/vmlinuz-3.13.0-76-generic
Generating grub configuration file …
Found linux image: /boot/vmlinuz-3.13.0-76-generic
Found initrd image: /boot/initrd.img-3.13.0-76-generic
Found linux image: /boot/vmlinuz-3.13.0-74-generic
Found initrd image: /boot/initrd.img-3.13.0-74-generic
  No volume groups found
Setting up linux-image-generic ( …
Setting up linux-headers-3.13.0-76 (3.13.0-76.120) …
Setting up linux-headers-3.13.0-76-generic (3.13.0-76.120) …
Examining /etc/kernel/header_postinst.d.
run-parts: executing /etc/kernel/header_postinst.d/dkms 3.13.0-76-generic /boot/vmlinuz-3.13.0-76-generic
Setting up linux-headers-generic ( …
Setting up linux-generic ( …
Reboot the server:
$ sudo reboot

RHEL / CentOS Linux
The package will be released soon on both CentOS and RHEL 7:

$ sudo yum update
$ reboot


You need to make sure your version number changed:

$ uname -a
$ umame -mrs

NSA and GCHQ Spy Agencies Hacked Israeli Military Drones

According to former U.S. National Security Agency contractor Mr.Edward Snowden latest leaked documents shows that GCHQ and NSA spy agencies surveyed drones for military purposes from Israel. 

The American and British spying are part of regular, ongoing international espionage. The United States and Israel, although allies, regularly peek in on each other’s military projects.
The purpose of which was to predict military operations of Israel on countries like Iran, Gaza and Syria and how it can affect the Middle East in terms of stability.
The documents highlight the conflicted relationship between the United States and Israel and U.S. concerns about Israel’s potentially destabilizing actions in the region. 
The two nations are close counterterrorism partners, and have a memorandum of understanding, dating back to 2009, that allows Israel access to raw communications data collected by the NSA. Yet they are nonetheless constantly engaged in a game of spy versus spy.
The leaked photos show various types of unmanned planes and images showing drones that carry missiles. These photos were collected from 2009 to 2010. The images support report that Israel has unmanned drones that carried attacks, the Israeli government won’t admit its accountability.
According to one GCHQ presentation, technicians first collected signals from a Heron TP in February 2009. Intercepted images indicate that they also picked up video from other models and configurations of the Heron, and from the IAI Searcher drone.
Israel voiced disappointment but no great surprise at the disclosures, published by The Intercept, an online publication associated with Glenn Greenwald, who has collaborated with Snowden, and by the German newsmagazine Der Spiegel.

US and Canada issued an Ransomware Alert to Networked Systems

The United States Department of Homeland Security (DHS), in collaboration with Canadian Cyber Incident Response Centre (CCIRC), is releasing this Alert to provide further information on ransomware, specifically its main characteristics, its prevalence, variants that may be proliferating, and how users can prevent and mitigate against ransomware.

In early 2016, destructive ransomware variants such as Locky and Samas were observed infecting computers belonging to individuals and businesses, which included healthcare facilities and hospitals worldwide. 

Ransomware is a type of malicious software that infects a computer and restricts users’ access to it until a ransom is paid to unlock it.

Ransomware is a type of malware that infects computer systems, restricting users’ access to the infected systems. Ransomware variants have been observed for several years and often attempt to extort money from victims by displaying an on-screen alert. 

Typically, these alerts state that the user’s systems have been locked or that the user’s files have been encrypted. Users are told that unless a ransom is paid, access will not be restored. The ransom demanded from individuals varies greatly but is frequently $200–$400 dollars and must be paid in virtual currency, such as Bitcoin.

Ransomware is often spread through phishing emails that contain malicious attachments or through drive-by downloading. Drive-by downloading occurs when a user unknowingly visits an infected website and then malware is downloaded and installed without the user’s knowledge.

Crypto ransomware, a malware variant that encrypts files, is spread through similar methods and has also been spread through social media, such as Web-based instant messaging applications. Additionally, newer methods of ransomware infection have been observed. For example, vulnerable Web servers have been exploited as an entry point to gain access into an organization’s network.

In 2012, Symantec, using data from a command and control (C2) server of 5,700 computers compromised in one day, estimated that approximately 2.9 percent of those compromised users paid the ransom. 

This financial success has likely led to a proliferation of ransomware variants. In 2013, more destructive and lucrative ransomware variants were introduced, including Xorist, CryptorBit, and CryptoLocker. 

Systems infected with ransomware are also often infected with other malware. In the case of CryptoLocker, a user typically becomes infected by opening a malicious attachment from an email. 

This malicious attachment contains Upatre, a downloader, which infects the user with GameOver Zeus. GameOver Zeus is a variant of the Zeus Trojan that steals banking information and is also used to steal other types of data. Once a system is infected with GameOver Zeus, Upatre will also download CryptoLocker. Finally, CryptoLocker encrypts files on the infected system, and requests that a ransom be paid.

The close ties between ransomware and other types of malware were demonstrated through the recent botnet disruption operation against GameOver Zeus, which also proved effective against CryptoLocker. In June 2014, an international law enforcement operation successfully weakened the infrastructure of both GameOver Zeus and CryptoLocker.

Ransomware not only targets home users; businesses can also become infected with ransomware, leading to negative consequences, including

  • temporary or permanent loss of sensitive or proprietary information,
  • disruption to regular operations,
  • financial losses incurred to restore systems and files, and
  • potential harm to an organization’s reputation.

Infections can be devastating to an individual or organization, and recovery can be a difficult process that may require the services of a reputable data recovery specialist.