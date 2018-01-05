The first five days of 2018 have been rather crucial. It’s January 5 and there are several reports flooding the internet on how various services have been hacked, resulting in millions of people being affected. Let’s take a quick look at them:

1. One billion Aadhaar details up for sale for Rs 500

Even after several assurances by the government that our Aadhaar details are safe and cannot be misused, a shocking newspaper report claimed that the unrestricted access to over one billion details are up for sale in mere price of just Rs 500.

Not just this, the Unique Identification Authority of India (UIDAI) have also repeatedly assured that he architecture of the Aadhaar ecosystem has been designed to ensure data security and privacy, but an investigative report by the Tribune says otherwise.

The paper said that its reporter purchased a service by an anonymous seller over WhatsApp. The paid Rs 500 via Paytm to an agent. Within 10 minutes, the agent gave a login ID and password, thus giving unrestricted access to details of over 1 billion Aadhaar numbers.

2. Security flaw puts virtually all phones and computers at risk

Security researchers disclosed a set of security flaws that they said could let hackers steal sensitive information from nearly every modern computing device containing chips from Intel Corp, Advanced Micro Devices Inc and ARM Holdings.

One of the bugs is specific to Intel but another affects laptops, desktop computers, smartphones, tablets and internet servers alike. Intel and ARM insisted that the issue was not a design flaw, but it will require users to download a patch and update their operating system to fix. “Phones, PCs, everything are going to have some impact, but it’ll vary from product to product,” Intel CEO Brian Krzanich said in an interview.

Researchers with Alphabet Inc's Google Project Zero, in conjunction with academic and industry researchers from several countries, discovered two flaws. The first, called Meltdown, affects Intel chips and lets hackers bypass the hardware barrier between applications run by users and the computer's memory, potentially letting hackers read a computer's memory and steal passwords. The second, called Spectre, affects chips from Intel, AMD and ARM and lets hackers potentially trick otherwise error-free applications into giving up secret information.

3. Android Trojan attacks over 232 banking apps in India

Cyber security solutions firm Quick Heal said it has spotted an Android banking trojan that imitates over 232 apps, including those offered by Indian banks, and steals user data. The malware known as Android.banker.A2f8a is being distributed through a fake Flash Player app on third-party stores, Quick Heal said in a statement.

After downloading the app, the trojan keeps checking for the installed apps on the victim's device and particularly looks for the 232 banking and cryptocurrency apps, it added. Once any of the targeted apps is found on the device, the app shows fake notifications disguised as coming from the targeted app and asks users to log in with their credentials and ultimately, tricks them by stealing their login ID and password.

4. Fake Uber app hijacks your password

Symantec researchers have discovered a fake Uber app for Android smartphones which shows victims a mock-up version of the ride-hailing service, in an attempt to steal their private information.

The Fakeapp variant has a spoofed Uber application user interface hich pops up on the user’s device screen in regular intervals until the user gets tricked into entering their Uber ID (typically the registered phone number) and password. Later, the malware tries to cover up the heist. To avoid alarming the user, the malware displays a screen of the legitimate app that shows the user’s current location.

Symantec’s researchers write, “This is where creators of this Fakeapp variant got creative. To show the said screen, the malware uses the deep link URI of the legitimate app that starts the app’s Ride Request activity, with the current location of the victim preloaded as the pickup point.”