TicketFly, the events ticketing firm, was the victim of a website hacking scandal, which was carried out by a group who identified themselves as IsHaKdZ. The web page displayed an image of Guy Fawkes along with a daring message by the hackers, “Your Security Down im Not Sorry”. Besides the message, the hackers boldly left a Yandex email address as well, claiming to reveal the company’s “backstage” database.
According to Motherboard, the company’s user data has been compromised. The hackers allegedly have uploaded hacked data in the form of CSV files on a server. These files apparently contain all details of Ticketfly’s employees and customers. This information, however, has not been confirmed by TicketFly.
The company’s officials are however working day and night to investigate the matters. As a precautionary measure, they have taken offline the official Ticketfly website, and are continually updating their users through tweets.
The sudden rise of the blockchain technology has shown a new and exciting way to do business. But with this comes a new series of challenges—the rise of cybersecurity being a major case in point.
One of blockchain’s most valued features is its inherently secure structure, therefore the threat of cyber security would seem counter-intuitive at first glance. The main reason being that the distributed nature of the system makes it more difficult to tamper with unlike traditional centralized databases, which tend to have more clear and public attack targets.
Luckily, these emerging threats have only pushed blockchains to implement robust security protocols, specifically through the full encryption of blockchain data and authentication, authorization, and audit (AAA) strategies. This means that data cannot be accessed by third parties while in transit, not least when transit takes places in untrusted networks. And companies have been quick to successfully implement such measures in full-force.
Tom Court, a security researcher from Context Information Security, discovered a flaw which would allow the attacker to execute malicious code on all of Steams 15 million gaming clients. The flaw worked even without prior access to the clients PC. It sent some malicious UDP packets over the network without the need to access the victim’s computer, meaning, the bug could then be triggered allowing the attacker to run malicious code.
The main cause of this error is a buffer overflow in one of the steams internal libraries. Most of the Steam code is fragmented in the user datagram protocol assembly. The Context researcher said that exploitation of this particular
flaw would have been more straightforward prior to July 2017 at which time Valve added the ASLR protection to the data streams.
This gave the attacker an opportunity to have access to exposed memory and even the location of the steam accounts. Steam and Valve received the information about the update earlier this year and within a mere 12 hours of the report, a beta version of the Steam Client was launched and a final fix was scheduled.
Team Trojan Hunt
TROJAN HUNT INDIA LLP
Review Us on Google