What is an ORM?
Business’s online reputation is a crucial step for growing a business. Online reputation management is all about how the brand identifies itself and how their customers perceive it. This helps in enhancing the brand name and revenues.
Trojan Hunt India has a team of experts in managing online reputation of clients from different domains globally. We provide customized service to our clients as per their organization’s need. Online Reputation Management has proven to be a necessity when you have an online presence. It is a process of looking and analyzing the ongoing trend statistics and then implementing the strategies effectively.
Trojan Hunt India ORM services include:
TicketFly, the events ticketing firm, was the victim of a website hacking scandal, which was carried out by a group who identified themselves as IsHaKdZ. The web page displayed an image of Guy Fawkes along with a daring message by the hackers, “Your Security Down im Not Sorry”. Besides the message, the hackers boldly left a Yandex email address as well, claiming to reveal the company’s “backstage” database.
According to Motherboard, the company’s user data has been compromised. The hackers allegedly have uploaded hacked data in the form of CSV files on a server. These files apparently contain all details of Ticketfly’s employees and customers. This information, however, has not been confirmed by TicketFly.
The company’s officials are however working day and night to investigate the matters. As a precautionary measure, they have taken offline the official Ticketfly website, and are continually updating their users through tweets.
The sudden rise of the blockchain technology has shown a new and exciting way to do business. But with this comes a new series of challenges—the rise of cybersecurity being a major case in point.
One of blockchain’s most valued features is its inherently secure structure, therefore the threat of cyber security would seem counter-intuitive at first glance. The main reason being that the distributed nature of the system makes it more difficult to tamper with unlike traditional centralized databases, which tend to have more clear and public attack targets.
Luckily, these emerging threats have only pushed blockchains to implement robust security protocols, specifically through the full encryption of blockchain data and authentication, authorization, and audit (AAA) strategies. This means that data cannot be accessed by third parties while in transit, not least when transit takes places in untrusted networks. And companies have been quick to successfully implement such measures in full-force.
Tom Court, a security researcher from Context Information Security, discovered a flaw which would allow the attacker to execute malicious code on all of Steams 15 million gaming clients. The flaw worked even without prior access to the clients PC. It sent some malicious UDP packets over the network without the need to access the victim’s computer, meaning, the bug could then be triggered allowing the attacker to run malicious code.
The main cause of this error is a buffer overflow in one of the steams internal libraries. Most of the Steam code is fragmented in the user datagram protocol assembly. The Context researcher said that exploitation of this particular
flaw would have been more straightforward prior to July 2017 at which time Valve added the ASLR protection to the data streams.
This gave the attacker an opportunity to have access to exposed memory and even the location of the steam accounts. Steam and Valve received the information about the update earlier this year and within a mere 12 hours of the report, a beta version of the Steam Client was launched and a final fix was scheduled.
Grant West, a notorious British hacker and dark web seller, was arrested in September 2017 while traveling from Wales to London on a first class train ticket. Thanks to the Metropolitan Police’s cybercrime unit his arrest was a result of an undercover operation in which he was caught redhanded while logging in to a Dark Web marketplace from his laptop.
He was on the wanted list for hacking into hundreds of companies and stealing their database and selling it on the dark web. He had made a surprising 47,000 sales on the dark web, generally selling a particular person's information, or somebody's credit card details etc.
West attacked targeted profile companies around the world including Apple, Argos, Asda, Uber, and JustEat, Groupon, and Nectar etc. West also sold illegal drugs on now seized AlphaBay marketplace and taught people how to carry cyber attacks on others.
The Bank Of Montreal was contacted by a group of cyber-criminals on Monday, saying that they had the financial and personal information of a number of the bank’s customers. The bank is certain that the hacking must have been done from outside the country, and are confident that the vulnerability in the system that led to such information falling in the wrong hands has been mitigated.
The Bank of Montreal is said to have been working with authorities to find the cause of the issue. Bank of Montreal is also Canada’s fourth biggest money lender. They have still not disclosed how many customers have been affected by this attack or if the customers have lost money.
They gave a statement saying, “Customers are recommended to monitor their accounts and notify BMO with any suspicious activity.”
Iranian Hackers Deface Iran By Putting Up Anti-Government Slogans On Airport Screens
On Thursday 24th May, the airport screens at Mashhad city in northeast Iran were hacked and defaced by an unknown group of hackers with messages against the Iranian government.
The hackers left images on the arrival and departure monitor screens at the airport displaying statements against the Iranian government and military’s activities and presence in the Middle East. According to Radio Farda, the messages were left in the Persian language which when translated into English accused the Iranian government of wasting Iranian lives and resources in Lebanon, Syria, and Gaza.
“Wasting Iranians lives and financial resources in Gaza, Lebanon, and Syria by the Islamic Revolution Guards Corps (IRGC),” said the deface message.
Moreover, hackers hacked into the official email account of Mohsen Eidizadeh, the head of Mashad airport civil aviation and used it to spread the word about their hack. Additionally, the group urged Iranians to take snapshots of deface screens and use social media platforms to spread the word using the hashtag “Protests_alloverthecountry.”
Max Schrems who is a longtime critic of the companies because of their data collection and data policies, filed a lawsuit against both Facebook and Google, of 3.9 Billion Euros each. It was filed a day after GDPR was to be enforced.
GDPR requires the companies to take clear consent before taking any personal data from the users and these guidelines have instructed the companies to revise their user privacy policies and data collection practices. There is also a lot of widespread uncertainty on how the European regulation and the government officials representing the European regulation committee will treat the requirements.
The lawsuit was filed on the basis of the findings of Schrems, which suggested that both the companies named had not totally complied with GDPR yet. There were some key and vital parts left out, which could put the users' private data at risk. The companies are currently disputing the lawsuits saying that “We build privacy and security into our products from the very earliest stages,” Google said in a statement, “and are committed to complying with the EU GDPR.” Similarly, Facebook has followed Google saying that they have prepared for the past 18 month trying to comply with the GDPR regulations.
A team from UpGuard discovered an unsecured AWS S3 bucket exposed to the Internet which contained about 3.2 Million records. The records were from a non-profit organization serving LA County named “211 LA County”. The records also had credentials of 211 system operators and email addresses of their contacts. There were more than 200,000 rows of detailed notes.
The notes held information such as abuser names, graphic descriptions of elder abuse, child abuse and suicidal distress, raising serious, large-scale privacy concerns. The bucket, which was located in the subdomain 'LA County', was found to be misfigured and anonymously accessible.
UpGuard later assured the public that the bucket was no longer accessible by everyone after they had informed LA County about it. But this incident throws light on all the big companies that store data online and that can they store such high risk information in unsafe places.
Hackers have found a new technique to access WordPress websites through weak accounts who do not have a two way authentication and through JetPack plugins. The technique is highly complex to compromise a website and a hacker must utilize multiple steps to attack a WordPress website.
Hackers first try and hijack websites by trying reused passwords of the usernames they have. This is where the two way authentication loophole is compromised. There is an analytics module named Jetpack which is one of the most popular plugins for WordPress Sites. JetPack provides an ability to install various plugins across different sites by just using the wordpress.com Jetpack dashboard. The plugin doesn’t even have to be hosted or hidden on the official WordPress.org repository, and criminals can easily upload a ZIP file with the malicious code that then gets sent to each site.
Hackers are taking advantage of this remote management feature to deploy backdoored plugins across previously secured websites. Experts say that attacks started on May 16, with the hackers deploying a plugin named “pluginsamonsters,” later switching to another plugin named “wpsmilepack” on May 21.
Team Trojan Hunt