Archive for August 31, 2018

Air Canada Exposes the Personal Details of 20000 Customers



A security breach incident occurred in Air Canada as the personal details of approx. 1% (i.e. 20,000 users) of the airline customers was exposed. The matter came to light as the airline authorities saw an unauthorized access to its mobile application and uploaded a notice on their official website about the same on the 28th of August 2018.

The company said that it had "observed odd log-in behaviour" transpiring between August 22-24.

The attackers - apart from the sensitive data that users may have had - likewise had access to passport numbers and expiry date, passport country of issuance, NEXUS numbers alongside essential profile data, gender, dates of birth, nationality and country of residence.

In any case, the company expresses that the credit card numbers remained unaffected in the break yet at the same time advised the customers to keep a mind on every one of their transactions.

As an extra security precautionary measure, the Air Canada authorities saw it fit to have locked all Air Canada mobile Application accounts with a specific end goal to protect their customers' data.

In this way, each of the 1.7 million customers of Air Canada will have to sign in again to the apps. Air Canada, along with sending messages to the customers influenced by the breach is currently looking for more ways to keep the customers at ease and is focused on sending mails to the customers with directions to reset logins.



Air Canada Exposes the Personal Details of 20000 Customers



A security breach incident occurred in Air Canada as the personal details of approx. 1% (i.e. 20,000 users) of the airline customers was exposed. The matter came to light as the airline authorities saw an unauthorized access to its mobile application and uploaded a notice on their official website about the same on the 28th of August 2018.

The company said that it had "observed odd log-in behaviour" transpiring between August 22-24.

The attackers - apart from the sensitive data that users may have had - likewise had access to passport numbers and expiry date, passport country of issuance, NEXUS numbers alongside essential profile data, gender, dates of birth, nationality and country of residence.

In any case, the company expresses that the credit card numbers remained unaffected in the break yet at the same time advised the customers to keep a mind on every one of their transactions.

As an extra security precautionary measure, the Air Canada authorities saw it fit to have locked all Air Canada mobile Application accounts with a specific end goal to protect their customers' data.

In this way, each of the 1.7 million customers of Air Canada will have to sign in again to the apps. Air Canada, along with sending messages to the customers influenced by the breach is currently looking for more ways to keep the customers at ease and is focused on sending mails to the customers with directions to reset logins.



Loki Bot Malware stealing corporate passwords, Air Canada warns users

Newly discovered Loki Bot Malware is spreading as a .iso extension that targets Corporate network and applications to steal passwords from Browsers, Messaging Applications, Mail & FTP Clients.

Recently it was observed by Kaspersky researchers that the malware is mainly targeting corporate networks around the world and gaining a large amount of sensitive information.

Loki Bot Malware is also capable of stealing cryptocurrency wallets and is sharing the stolen data into attacker via its Command & Control server.

Hackers are using email as a primary malware distribution medium that contains an attachment with a .iso extension.

ISO images are copies of optical discs that can be mounted in a virtual CD/DVD drive to be used in the same way as the originals.

Air Canada is also forcing all users of its Mobile+ app to change their passwords after hackers managed to access the profile information, including names, email addresses, birth dates and passport details of some customers.

The company detected unusual login behaviour through its mobile application between August 22 and 24 that might have resulted in unauthorised access to around 20,000 profiles, or approximately one percent of the app’s 1.7 million users.

“Starting August 29, 2018, we have sent emails to customers whose accounts may have been improperly accessed,” the company said on its website. “If you did not receive an email from Air Canada specifically advising you that your Air Canada mobile App account may have been improperly accessed, we are confident your account was unaffected during this period. As an additional precaution, however, we are contacting all Air Canada mobile App users requiring all users to reset their passwords.”

In addition to basic information such as name, email address and telephone number, an Air Canada customer’s profile can also include Aeroplan number, passport number, NEXUS number, Known Traveler Number, gender, birth date, nationality, passport expiration date, passport country of issuance and country of residence.

Trusted Platform Modules: Can’t be trusted?



TPM chips, as recently researched by National Security Research Institute of South Korea are a subject to vulnerability by two fresh-in-the-market attacks.

High-end computers with TPM equipped within them are the basic targets of the attacks.


TPMs chiefly are microcontroller chips or cryptoprocessors and their basic function is to ensure the authenticity of hardware. RSA encryption keys are used to authenticate the components in the bootup process of the computer.

  •       The Attacks


                 DRTM Vulnerability
In one of the two attacks that the researchers found out, the TPM chips are affected by the use of a ‘Dynamic Root of Trust for Measurement’ (DRTM) system for the boot-up routine. The attack hasn’t spread to that extent. The main error lies in the open source library used by Intel TXT technology which goes by the name of ‘Trusted Boot’. The computers which use Intel’s Trusted eXecution Technology (TXT) for booting up are the most vulnerable to this attack. Although, the tboot maintainers had provided for a patch in the last year after they were contacted by the researchers.

 SRTM Vulnerability
The other attack affects the computers with TPM chips with SRTM (Static Root of Trust for Measurement) system for booting up. Sources say that this is actually nothing but a mere design flaw in the TPM 2.0 specification. The logic’s error was hidden until recent times. During the attack the attacker abuses power interrupts and the TPM state brings itself back to get valid hashes in the booting up and sends it to the SRTM which makes it think that it’s running on non-tampered components. Hardware vendors must provide a patch to resolve this issue.

According to sources the TPMs embedded in ASUS, Dell, Intel and Gigabyte. Dell and Intel are preparing the patch for their firmware and whether other vendors’ PC and Motherboards are affected too, is unclear.

People must be on the lookout for the latest updates in their firmware. The DRTM system vulnerability could be tracked under the CVE-2017-16827 identifier and the SRTM system error could be checked by CVE-2018-6622.




Sextortion scams are a new way of demanding ransom

Email fraudsters are using personal information to make their threats seem credible. Many people are receiving emails from hackers who are demanding anywhere between $1700 to $3000 in bitcoin or else they will send compromised information—such as pictures sexual in nature, porn-watching history and webcam video—to the victim’s friends, family and co-workers.

But the victims don’t need to panic. They haven’t been hacked as the email claims. But this is merely a new variation on an old scam which is popularly being called "sextortion." This is a type of online phishing that is targeting people around the world and preying off digital-age fears. Sextortion scammers use urgent language to scare their intended targets into paying a ransom.

One such "sextortion" scam that threatens to expose porn-viewing habits unless one pays a bitcoin "ransom" has hit New Zealand.

The scam is in the form of an email claiming that the sender has installed a malware on the computer and has hacked the recipient's computer and got a copy of the website history which states that the victim has visited an adult website and the scammer has recorded what they were doing via the computer’s webcam.

“Scams preying on human emotions aren’t new, but what stands out about this sextortion scam is how they’re trying to blackmail somebody using something that would be the most sensitive or embarrassing thing you could hold over them,” said Gordie Mah, the U of A’s chief information security officer. “And the personal information is the bait.”

What makes the email especially alarming is that to prove their authenticity, they begin the emails showing you a password you once used or currently use or even your driver’s licence in some cases.

However, cybersecurity experts have warned users against paying ransom as the hackers are not likely having any information and it is merely a way of threatening users.