P2P Weakness Exposes Millions of IoT Devices

Brian Krebs

https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/

Excerpt:

“A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.”


United Airlines covers up seat cameras following passenger privacy outrage

Charlie Osborne

https://www.zdnet.com/article/united-airlines-covers-up-infotainment-seat-camera-following-passenger-outrage/

Excerpt:

“United Airlines has covered every camera embedded in entertainment systems embedded within the back of plane seats in response to passenger privacy concerns.”


Drug dealers who relied on Bitcoin’s ‘anonymity’ get 30 years behind bars

Yessi Bello Perez

https://thenextweb.com/hardfork/2019/04/26/drug-dealers-who-relied-on-bitcoins-anonymity-get-30-years-behind-bars/

Excerpt:

“Most drugs were imported from Canada in a popular comparison website’s freebie toys. The group is believed to have sold more than 1 kilo of controlled drugs – including cocaine and ecstasy – worth tens of thousands of pounds during a fourth-month period in 2017.”


CI Security raises $9.6M to defend healthcare and the public sector from cyber threats

https://www.helpnetsecurity.com/2019/04/24/ci-security-raised-9-6-million/

Excerpt:

“CI Security announced it has raised an additional $9.6 million to defend critical services in healthcare and the public sector from cyber threats.”


Forge: Simplifying the process for cracking hashed passwords

https://www.helpnetsecurity.com/2019/04/24/inferno-systems-forge/

Excerpt:

“Inferno Systems unveiled Forge, a web application that simplifies the process for cracking hashed passwords. Forge offers a workflow for creating attacks against password hashes that includes dictionary management, plan building and use of mixed local and cloud-based compute clusters.”

 


Source code of Carbanak trojan found on VirusTotal

Catalin Cimpanu

https://www.zdnet.com/article/source-code-of-carbanak-trojan-found-on-virustotal/

Excerpt:

“The source code of one of the world's most dangerous malware strains has been uploaded and left available on VirusTotal for two years, and almost nobody has noticed.”


PDF: The vehicle of choice for malware and fraud

https://www.helpnetsecurity.com/2019/04/23/fraudulent-pdf-files-increase/

Excerpt:

“There has been a substantial increase of fraudulent PDF files, according to a report by SonicWall Capture Labs threat researchers.”


Are your passwords among the 100,000 most breached ones?

Zeljka Zorz

https://www.helpnetsecurity.com/2019/04/23/most-often-used-passwords/

Excerpt:

“Year after year, the list of most often used passwords changes but a little: the latest one, compiled by infosec researcher Troy Hunt and published by the UK National Cyber Security Centre (NCSC), puts “123456”, “123456789”, “qwerty”, “password” and “111111” on the top five spots.”


Hacker Exposes Confidential Files, Correspondence from Mexican Embassy in Guatemala

Luana Pascu

https://securityboulevard.com/2019/04/hacker-exposes-confidential-files-correspondence-from-mexican-embassy-in-guatemala/

Excerpt:

“After expressing anger that his bug bounty efforts were completely ignored by Mexican officials, a hackers stole and leaked online almost 5,000 confidential documents from the Mexican embassy in Guatemala, writes TechCrunch.”


Scammers are selling 3.2 million payment records stolen from Indian cardholders

Sean Lyngaas

https://www.cyberscoop.com/scammers-selling-3-2-million-payment-records-stolen-indian-cardholders/

Excerpt:

“Cybercriminals have reaped a healthy profit by buying and selling on the dark web financial information that belongs to cardholders in India, according to new research.”


Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data

Lawrence Abrams

https://www.bleepingcomputer.com/news/security/unsecured-databases-leak-60-million-records-of-scraped-linkedin-data/

Excerpt:

“Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users.”


Man fried over 50 college computers with weaponized USB stick

Graham Cluley

https://www.tripwire.com/state-of-security/security-data-protection/man-fried-over-50-college-computers-with-weaponized-usb-stick/

Excerpt:

“It’s not as though 27-year-old Vishwanath Akuthota made it hard for authorities to prove that he was the person who destroyed $58,000 worth of college equipment in February this year.


Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission

Swati Khandelwal

https://thehackernews.com/2019/04/facebook-email-database.html

Excerpt:

“In a statement released on Wednesday, Facebook said the social media company "unintentionally" uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge, since May 2016.”


Script Kiddies Do What They Do Best: Infect Themselves

Ionut Ilascu

https://www.bleepingcomputer.com/news/security/script-kiddies-do-what-they-do-best-infect-themselves/

Excerpt:

“It's easy to set up a cybercriminal operation these days. But not all crooks are cut out for this game, some ending up not just infecting their own computers but also leaving identifying evidence on supporting infrastructure that is insecure and open to snooping.”


A new variant of HawkEye stealer emerges in the threat landscape

Pierluigi Paganini

https://securityaffairs.co/wordpress/84008/malware/hawkeye-stealer.html

Excerpt:

“New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. has been under active development since at least 2013. The malicious code is under continuous enhancement, it is offered for sale on various hacking forums as a keylogger and stealer, it allows to monitor systems and exfiltrate information.”


What hackers inside your company are after: Convenience

Doug Wick

https://www.helpnetsecurity.com/2019/04/10/convenience-hackers/

Excerpt:

“Digital transformation is not a technology trend. Rather, it is a convenience trend. Businesses are changing because customer expectations demand it. Each day, consumers find yet another use for mobile connectivity. Corporations, meanwhile, hasten the rush of data into the cloud. And the so-called Internet of Things, or IoT, is woven more tightly into the fabric of our lives.”


Hackers attacked California DMV voter registration system marred by bugs, glitches

John Myers

https://www.latimes.com/politics/la-pol-ca-california-motor-voter-problems-investigation-20190409-story.html

Excerpt:

“California has launched few government projects with higher stakes than its ambitious 2018 program for registering millions of new voters at the Department of Motor Vehicles, an effort with the potential to shape elections for years to come.”


Bitcoin phisher steals $365,000 and 10,000 passwords from dark web users

Yessi Bello Perez

https://thenextweb.com/hardfork/2019/04/10/bitcoin-phisher-steals-365000-and-10000-passwords-from-dark-web-users/

Excerpt:

“A 37 year-old man in the US has been sentenced to one year and one day in prison for fraud in connection with a Bitcoin $BTC▼1.3% phishing scheme designed to rob victims of their cryptocurrency.”


Hackers can add, remove cancer and other illnesses from Computer Tomography scans

Pierluigi Paganini

https://securityaffairs.co/wordpress/83412/hacking/computer-tomography-scans-hack.html

Excerpt:

“Researchers demonstrated that hackers can modify 3D Computer Tomography scans to add or remove evidence of a serious illness, including cancers.”


Consumer routers targeted by DNS hijacking attackers

https://www.helpnetsecurity.com/2019/04/05/consumer-routers-dns-hijacking/

Zeljka Zorz

Excerpt:

“Owners of a slew of D-Link, ARGtek, DSLink, Secutech, TOTOLINK and Cisco consumer routers are urged to update their device’s firmware, lest they fall prey to ongoing DNS hijacking campaigns and device hijacking attacks.”


As fraud attacks grow more sophisticated, a need for contextual detection strategies increases

https://www.helpnetsecurity.com/2019/04/04/contextual-detection-strategies/

Excerpt:

” Fraudsters are using a complex array of tools to build armies of fake accounts, 74% of all fraudulent accounts are created from desktops, and cloud service provider IP ranges are at a higher risk.”


Attackers fighting back against security teams while also targeting supply chains

https://www.helpnetsecurity.com/2019/04/04/attackers-fighting-back-against-security-teams/

Excerpt:

“According to the world’s leading IR professionals, increasingly sophisticated attacks involving instances of “island hopping,” counter incident response (IR), and lateral movement within a network are quickly becoming the new normal.”


Woman illegally entered Mar-a-Lago with thumb drive full of malware, prosecutors say

Greg Otto

https://www.cyberscoop.com/mar-a-lago-malware-yujing-zhang-china-secret-service/

Excerpt:

“A Chinese woman who briefly entered President Donald Trump’s Mar-a-Lago residence last week had two Chinese passports and numerous electronic devices in her possession, including a thumb drive carrying malware, according to federal prosecutors.”


Securing your home increasingly means securing all of your IoT devices

https://www.helpnetsecurity.com/2019/04/03/securing-your-iot-devices/

Excerpt:

“The Internet of Things explosion has proven controversial due to the insufficient security measures in many of these internet-connected devices.”


Georgia Tech data breach: 1.3M students and staff potentially affected

Zeljka Zorz

https://www.helpnetsecurity.com/2019/04/03/georgia-tech-data-breach/

Excerpt:

“The Georgia Institute of Technology, commonly referred to as Georgia Tech, has suffered yet another data breach. This time, the number of affected individuals may have reached 1.3 million.”


How to Marie Kondo your data

Jason Wang

https://www.helpnetsecurity.com/2019/04/01/how-to-marie-kondo-your-data/

Excerpt:

“By now you’ve heard about Marie Kondo, the author of New York Times bestseller, The Life Changing Magic of Tidying Up, and star of Tidying Up, the new Netflix show that puts her principles of organization and decluttering into practice in family homes throughout Los Angeles.”


3.1 million customer records possibly stolen in Toyota hack

Zeljka Zorz

https://www.helpnetsecurity.com/2019/04/01/toyota-hack/

Excerpt:

“Personal information of some 3.1 million Toyota customers may have been leaked outside the company, the Toyota Motor Corporation (TMC) announced on Friday.”