Jeff Smith’s Practical SCADA Security

 

Heather MacKenzie

https://www.tofinosecurity.com/blog/jeff-smith%E2%80%99s-practical-scada-security

Excerpt:

“Jeff Smith of American Axle & Manufacturing (AAM) is a guru in the world of industrial Ethernet networking and ICS Security. We were fortunate to have him speak again at the 2013 Belden Industrial Ethernet Infrastructure Design Seminar.”


One in four UK consumers have had online accounts hacked

 

http://www.net-security.org/secworld.php?id=16102

Excerpt:

“As user engagement with ecommerce sites and online services inevitably increases in the run up to Christmas, almost a quarter (24 per cent) of UK consumers have had their account hacked or data stolen for an online service, with five per cent having been compromised more than once.”

 


ChewBacca - a new episode of Tor-based Malware

 

Marco

https://www.securelist.com/en/blog/208214185/ChewBacca_a_new_episode_of_Tor_based_Malware

Excerpt:

“We have discovered a new Tor-based malware, named "ChewBacca" and detected as "Trojan.Win32.Fsysna.fej". Adding Tor to malware is not unique to this sample, but it-s still a rare feature.”

 


DOD official: Snowden ‘stole everything — literally everything’

 

Giuseppe Macri

http://dailycaller.com/2013/12/17/dod-official-snowden-stole-everything-literally-everything/

Excerpt:

“Former National Security Agency contractor Edward Snowden stole vastly more information than previously speculated, and is holding it at ransom for his own protection.“What’s floating is so dangerous, we’d be behind for twenty years in terms of access (if it were to be leaked),” a ranking Department of Defense official told the Daily Caller. “He stole everything — literally everything,” the official said.”

 


Russian hackers stole Personal details of 54 million Turkish Citizens

 

Swati Khandelwal

http://thehackernews.com/2013/12/russian-hackers-stole-personal-details.html

Excerpt:

“Recently, Some unknown Russian hackers have reportedly stolen Personal details of nearly 54 million Turkish citizens, about 70% of the whole Turkish population. According to a report published by 'Hurriyet News', Researchers from KONDA Security firm revealed that the hackers have stolen data from a political party's vulnerable system that include Name, ID numbers and address of 54 million voters across the Nation.”

 


CERT Poland Warns of DDOS Botnet Targeting Windows and Linux Machines

 

Eduard Kovacs

http://news.softpedia.com/news/CERT-Poland-Warns-of-DDOS-Botnet-Targeting-Windows-and-Linux-Machines-410223.shtml

Excerpt:

“Researchers from CERT Poland say they’ve come across what appears to be a new distributed denial-of-service (DDOS) botnet. What’s interesting about it is the fact that the cybercriminals have developed malware to infect both Windows and Linux machines.”

 


Cyber-Security Risks Posed by Suppliers Highlighted by Financial Group

 

Robert Lemos

http://www.eweek.com/security/cyber-security-risks-posed-by-suppliers-highlighted-by-financial-group.html

Excerpt:

“Almost all companies rely on third-party suppliers, but few consider the IT security risks that these providers inadvertently deliver along with their services and software. While cyber-attackers are increasingly targeting third-party suppliers as a way to get access to their clients, most companies do not evaluate the security readiness of their partners and software providers.”

 


NSA Spying Scandal Could Cost U.S. Tech Giants Billions

 

Sam Gustin

http://business.time.com/2013/12/10/nsa-spying-scandal-could-cost-u-s-tech-giants-billions/

Excerpt:

“The National Security Agency spying scandal could cost the top U.S. tech companies billions of dollars over the next several years, according to industry experts. In addition to consumer Internet companies, hardware and cloud-storage giants like IBM, Hewlett-Packard, and Oracle could suffer billions of dollars in losses if international clients take their business elsewhere. Now, the nation’s largest Internet companies are calling for Congress and President Obama to reform the U.S. government’s secret surveillance programs.”

 


Chinese hackers leak hotel guest data on WeChat

 

Patrick Boehler

http://www.scmp.com/news/china-insider/article/1376769/chinese-hackers-leak-hotel-guest-data-wechat

Excerpt:

“Hackers in China have leaked a database of an estimated 20 million hotel reservations on multiple websites and even WeChat, the wildly popular messaging service, reflecting failed government efforts to prevent massive leaks of personal data.”

 


13 Anonymous hackers plead guilty to PayPal DDoS attack

 

http://www.net-security.org/secworld.php?id=16068

Excerpt:

“Thirteen defendants pleaded guilty in federal court in San Jose on Friday to charges related to their involvement in the cyber-attack of PayPal’s website as part of the group Anonymous. One of the defendants also pleaded guilty to the charges arising from a separate cyber-attack on the website of Santa Cruz County.”

 


FBI used spying malware to track down terror suspect

 

Zeljka Zorz

http://www.net-security.org/malware_news.php?id=2645

Excerpt:

“The suspect called himself Mo, and has repeatedly threatened to set up bombs in a number of public facilities across the US. The threats came via email, video chat, and Google Voice (Internet-based phone service), but Mo used a virtual proxy to prevent the agents to discover details about his computer and IP address.”

 


Google catches French govt spoofing its domain certificates

 

Michael Lee

http://www.zdnet.com/google-catches-french-govt-spoofing-its-domain-certificates-7000024062/?

Excerpt:

“France's cyberdefence division, Agence nationale de la sécurité des systèmes d’information (ANSSI), has been detected creating unauthorised digital certificates for several Google domains.Google states on its own security blog that an intermediate certificate authority (CA) issued the certificate, which links back to ANSSI.”

 


Hackers’ server with over 2 million stolen passwords found

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16046

Excerpt:

“Every now and then, security researchers come across a server used by hackers to store stolen account credentials. The latest instance of this has been flagged by Daniel Chechik and Anat (Fox) Davidi of Trustwave’s SpiderLabs, who have discovered a stash login credentials for nearly two million online accounts.”

 


Police arrests Chinese Bitcoin exchange owners suspected of fraud

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16045

Excerpt:

“Three individuals allegedly involved in the recent ransacking of the Hong Kong-based Global Bond Limited Bitcoin exchange have been arrested in China.”

 


90,000 patients’ info exposed in hospital malware attack

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16032

Excerpt:

“Personal information of some 90,000 patients of two Seattle hospitals has been compromised after an employee opened an email attachment that contained malware.”

 


Researchers prove malware can communicate via computer speakers and microphones

 

Zeljka Zorz

http://www.net-security.org/malware_news.php?id=2640

Excerpt:

“Physically isolating critical systems from networks and systems that are unsecured has long been used as a simple way to protect the former from unwanted intrusions and malware. But, with the advent of Stuxnet, the “air gap” measure has proven to be inadequate when motivated attackers are involved”

 


Hacker database exposed; thousands of stolen Facebook, Twitter, Google passwords found

 

Charlie Osborne

http://www.zdnet.com/hacker-database-exposed-thousands-of-stolen-facebook-twitter-google-passwords-found-7000023922/

Excerpt:

“On Tuesday, the security team at Trustwave's Spider Labs revealed in a blog post that 1,580,000 usernames and passwords on the server are website accounts, including 318,121 Facebook login credentials, 21,708 Twitter accounts, 54,437 Google-based accounts and 59,549 Yahoo accounts. 320,000 email account credentials were also stolen, and the remaining number of compromised accounts on the server are FTP accounts, remote desktop details and secure shells.”

 


ENISA Releases Guide for Defending Against Attacks on Industrial Control Systems

 

Mike Lennon

http://www.securityweek.com/enisa-releases-guide-defending-attacks-industrial-control-systems

Excerpt:

“The European Network and Information Security Agency (ENISA), Europe’s cyber security agency, has released a new guide designed to help organizations better mitigate attacks against Industrial Control Systems (ICS).”

 


How To Keep The Grinch From Stealing Your Identity

 

Samantha Sharf

http://www.forbes.com/sites/samanthasharf/2013/12/03/how-to-keep-the-grinch-from-stealing-your-identity/

Excerpt:

“With  Cyber Monday sales up 20.6% from 2012 according to the IBM Digital Analytics Benchmark, it’s clear that more shoppers will be spending online than ever before. That means more will also become victims to identity theft. While there are no  guarantees, there are some smart—and not t0o burdensome–steps you can take to protect yourself from the identity thieves both online and off.”

 


Kenya, bracing for $23 million in online fraud, to support African cybercrime pact

 

Michael Malakata

http://www.computerworld.com.sg/tech/industries/kenya-bracing-for-23-million-in-online-fraud-to-support-african-cybercrime-pact/

Excerpt:

“Amid revelations that Kenya could lose up to US$23 million this year through cybercrime, the Kenyan government has announced its support for the ratification of the African Union (AU) convention on the establishment of a credible legal framework for cybersecurity in Africa”