Why Ukraine Has Already Lost The Cyberwar, Too

 

Patrick Tucker

https://www.defenseone.com/technology/2014/04/why-ukraine-has-already-lost-cyberwar-too/83350/

Excerpt:

“Don’t wait for cyberwar between Ukraine and Russia to break out ahead of the actual shooting. Ukraine already lost that, too. Russia may have unfettered access into the Ukrainian telecommunication systems according to several experts. It’s access that Russia can use to watch Ukrainian opposition leadership, or, in the event of an escalation in the conflict, possibly cut off telecommunications within Ukraine.”

 


Privacy, National Security, And Mass Surveillance

 

http://www.tripwire.com/state-of-security/government/privacy-national-security-and-mass-surveillance/

Excerpt:

“National Security and Privacy in cyberspace can be perceived as opposites depending on the audience and perceptions. Understanding the foundational structure of each principle objectively can bring significant comprehension to opposite parties.”

 


Hackers stole £1.25 million only with the help of a small computer hardware

 

Praveen Kashyap

http://hackersnewsbulletin.com/2014/04/hackers-stole-1-25-million-help-small-computer-hardware.html

Excerpt:

“Nine members of a gang responsible for breaking into the accounts of banks and transferring money illegally by gaining access to bank’s IT network were sentenced in London to a total of 24 years and nine months. The gang members who sentenced are identified as: Lanre Mullins-Abudu, 25; Steven Hannah, 53;Tony Colston-Hayter, 49; Darius Valentin Boldor, 34; Dean Outram, 32; Adam Raeburn Jefferson, 38; Segun Ogunfidodo, 27; Dola Leroy Odunsi, 28; and James Lewis Murphy, 39. They have been charged with conspiracy to commit fraud, conspiracy to steal, theft and possession of property or articles used in fraud. Four more members of the gang are scheduled to be sentenced in June for similar crimes.”

 


Can military's satellite links be hacked? Cyber-security firm cites concerns.

 

Mark Clayton

http://www.csmonitor.com/World/Security-Watch/Cyber-Conflict-Monitor/2014/0425/Can-military-s-satellite-links-be-hacked-Cyber-security-firm-cites-concerns

Excerpt:

“Satellite communication terminals, relied upon by US military aircraft, ships, and land vehicles to move in harmony with one another, are susceptible to cyber-attack through digital backdoors and other vulnerabilities, according to a new report that has sent a tremor through the global satellite telecommunications industry.”

 


Two Alleged Members of Anonymous Cambodia Arrested

 

Eduard Kovacs

http://news.softpedia.com/news/Two-Alleged-Members-of-Anonymous-Cambodia-Arrested-438945.shtml

Excerpt:

“A couple of 21-year-old students believed to be members of Anonymous Cambodia have been arrested. Local authorities collaborated with the FBI on the investigation.”


Cybercrime Made More Affordable – The Implications

https://blog.trendmicro.com/trendlabs-security-intelligence/cybercrime-made-more-affordable-the-implications/

Excerpt:

“Before the end of the month, we will release a new paper in our Cybercriminal Underground Economy Series titled Russian Underground Revisited. This is a followup to our earlier paper Russian Underground 101; both papers examined the Russian Underground and looked at the goods and services being sold inside these underground communities.”


Verizon: Espionage hacking grows, with more from east Europe

l33tdawg

https://news.hitb.org/content/verizon-espionage-hacking-grows-more-east-europe

Excerpt:

“Hacking for espionage purposes is sharply increasing, with groups or national governments from Eastern Europe playing a growing role, according to one of the most comprehensive annual studies of computer intrusions.”


RedHack Hackers Target Aktif Bank over Controversial e-Ticketing System

Eduard Kovacs

http://news.softpedia.com/news/RedHack-Hackers-Target-Aktif-Bank-over-Controversial-e-Ticketing-System-438409.shtml

Excerpt:

“Members of the hacktivist collective RedHack claim to have breached into the systems of Aktif Bank (aktifbank.com.tr), Turkey’s largest privately owned investment bank. The attack comes just as the bank introduced a controversial e-ticketing system for soccer (football) fans.”


Mounties always get their man: Heartbleed 'hacker', 19, CUFFED

Shaun Nichols

http://www.theregister.co.uk/2014/04/16/mounties_get_their_man_canadian_heartbleed_hacker_nabbed

Excerpt:

“A teen suspected of exploiting the Heartbleed bug to rifle through Canada's tax computer systems has been arrested.”


Putin tells Snowden: Russia conducts no US-style mass surveillance

Neil McAllister

http://www.theregister.co.uk/2014/04/17/putin_russia_has_no_mass_surveillance/

Excerpt:

“Vladimir Putin has said that Russia has no mass telephone and internet surveillance programs to compare with those in the United States.”


The security software being used by Edward Snowden to evade NSA

Praveen Kashyap

http://hackersnewsbulletin.com/2014/04/security-software-used-edward-snowden-evade-nsa.html

Excerpt:

“Everyone was shocked and mostly the NSA-When one of the NSA employee ‘Edward Snowden’ leaked the internal information to the public that US Govt. Spies on people of own country, as well as other country, but one thing also was unique that how Snowden bypassing his networks, that none of them able to stop distributing the leaks online or to media.


How to confirm your systems aren’t suffering a major Heartbleed

David Kelleher

https://www.gfi.com/blog/how-to-confirm-your-systems-arent-suffering-a-major-heartbleed/

Excerpt:

“The Internet was rocked last week when a two-year-old bug in OpenSSL was revealed. Heartbleed, as the vulnerability is known, can result in massive information disclosure through simple requests that require no privileges, and leave no logs. Anything from command history to other users’ credentials to private keys can be exposed, and the aftershocks of this revelation will go on for months as SysAdmins try to patch their systems and data losses are reported. CVE 2014-0160 details the vulnerability."


Akamai Withdraws Proposed Heartbleed Patch

Mathew J. Schwartz

http://www.darkreading.com/application-security/akamai-withdraws-proposed-heartbleed-patch/d/d-id/1204443

Excerpt:

“As researchers demonstrate OpenSSL bug exploits that retrieve private keys, Akamai rescinds a patch suggestion for the SSL/TLS library after a security researcher punches holes in it.”


Heartbleed: Android Phones Still at Risk for Data Breach

Justin Bachman

http://www.businessweek.com/articles/2014-04-14/read-this-if-your-phone-runs-android

Excerpt:

“The Internet security world mobilized to tackle the Heartbleed software bug. But although most of the holes have been patched, a big one remains: Millions of smartphones still operate on Android version 4.1.1, which remains vulnerable to hackers exploiting a design flaw in the bedrock encryption software OpenSSL. It’s a good time to check what your phone is running.”


First sites admit data loss through Heartbleed attacks

Martyn Williams

http://www.computerworld.com/s/article/9247661/First_sites_admit_data_loss_through_Heartbleed_attacks

Excerpt:

“Canada's tax authority and a popular British parenting website both lost user data after attackers exploited the Heartbleed SSL vulnerability, they said Monday.”

 


The effect of the Heartbleed bug on open source projects

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16678

Excerpt:

“The Heartbleed bug in OpenSSL is all the information security world is talking about these days. Many are beginning to realize, its existence has opened multiple cans of worms.”

 


Heartbleed bug: Checking websites and changing passwords

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16680

Excerpt:

“In the wake of the discovery of the Heartbleed bug in OpenSSL, some security experts even went as far as advising users to avoid the Internet for a few days until the problem is sorted.”

 


Heartbleed bug: What regular users need to do

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16671

Excerpt:

“As the news of the existence of the Heartbleed bug in OpenSSL and the implications of its existence trickles down into mainstream media, users are trying to figure out what passwords to change and which software to update.”

 


Breaches expose 552 million identities in 2013

 

http://www.net-security.org/secworld.php?id=16668

Excerpt:

“After lurking in the shadows for the first ten months of 2013, cybercriminals unleashed the most damaging series of cyberattacks in history. Symantec’s Internet Security Threat Report (ISTR), Volume 19, shows a significant shift in cybercriminal behavior, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick hits with smaller rewards.”

 


Heartbleed OpenSSL vulnerability: A technical remediation

 

Stephen Coty

http://www.net-security.org/secworld.php?id=16661

Excerpt:

“OpenSSL released an bug advisory about a 64kb memory leak patch in their library. The bug has been assigned CVE-2014-0160 TLS heartbeat read overrun.”

 


How does the Heartbleed bug affect me?

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16662

Excerpt:

“By now, you have surely heard about the "Heartbleed" bug discovered in Open SSL, and you're wondering how its existence affects you.”

 


OpenSSL "Heartbleed" bug undermines widely used encryption scheme

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16649

Excerpt:

“OpenSSL, an open-source cryptographic library that is the default encryption engine for popular Web server software and is used in many popular operating system and apps, sports a critical vulnerability that can easily be misused by attackers to impersonate online services and steal information users believe to be protected by SSL/TLS.”

 


One third of phishing attacks aimed at stealing money

 

http://www.net-security.org/secworld.php?id=16646

Excerpt:

“According to data collected as part of Kaspersky Lab's 'Financial cyber threats in 2013' study, cybercriminals are trying harder than ever to acquire confidential user information and steal money from bank accounts by creating fake sites mimicking financial organizations.”

 


Emerging trends in cyber-attack methodology

 

http://www.net-security.org/secworld.php?id=16643

Excerpt:

“Websense documented the latest shift in complex attack trends, evolution in the threat ecosystem and shifting motivation of cyber-attacks.”

 


German police finds 18M stolen and misused account logins

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=16638

Excerpt:

“Police in northwestern German city of Verden have discovered a collection of 18 million stolen email addresses and corresponding passwords that are being actively used to send out spam, compromise social networks' accounts and event to occasionally plunder the victims' banking accounts.”

 


Statistics on the impact of Heartbleed on Select Top Level Domains

 

Paganinip

http://securityaffairs.co/wordpress/23878/intelligence/statistics-impact-heartbleed.html

Excerpt:

“The Heartbleed Bug is probably the most serious menace to the modern Internet, a serious flaw in the popular OpenSSL library that is having a great impact. It’s been just over 48 hours after the disclosure of the news about the Heartbleed vulnerability, the serious flaw which affect OpenSSL library that allows an attacker to reveal up to 64kB of memory to a connected client or server.”

 


In the wake of Heartbleed, watch out for phishing attacks, disguised as password reset emails

 

Graham Cluley

http://www.hotforsecurity.com/blog/in-the-wake-of-heartbleed-watch-out-for-phishing-attacks-disguised-as-password-reset-emails-8372.html

Excerpt:

“Everywhere you look people are panicking about the Heartbleed bug. And, to be fair, it is a very serious bug that does give malicious hackers, security researchers and snoopers the opportunity to spy upon what should have been private communications, and hoover up confidential information such as email addresses and passwords.”

 


10 ways your mobile phone leaks your sensitive information

 

danielmiessler

https://h30499.www3.hp.com/t5/Fortify-Application-Security/10-ways-your-mobile-phone-leaks-your-sensitive-information/ba-p/6441422#.U0uZ4q2SxPM

Excerpt:

“We all use mobile phones, but few of us are aware of how careless they can be with our information. It's not really the phones by themselves, though. It's the applications and how they interact with the operating system. This article will walk through a few of the common dangers to your data security and privacy that come from poorly coded mobile applications.”

 


Heartbleed Bug – What You Should And Shouldn’t Do

 

Lee Munson

http://bhconsulting.ie/securitywatch/?p=2103

Excerpt:

“If you are looking for information about the Heartbleed bug and what you, or your business, should do next then the good news is that there is already a huge amount of information on the net and in mainstream media. The bad news, however, is that some of the advice on offer isn’t the greatest.”

 


Nigeria launches emergency response to cyber security

 

http://en.africatime.com/nigeria/articles/nigeria-launches-emergency-response-cyber-security

Excerpt:

“The Nigerian government Tuesday launched a Computer Emergency Readiness and Response Team (CERRT.ng) Ecosystem, aimed at providing support in responding to computer, network and related cyber security incidents.”

 


Why a hacked Twitter account is worth more than a stolen credit card

 

Christina Commisso

http://www.ctvnews.ca/sci-tech/why-a-hacked-twitter-account-is-worth-more-than-a-stolen-credit-card-1.1750226

Excerpt:

“Twitter is becoming the channel of choice for hackers, according to a new report that suggests stolen account information can fetch more money than credit cards on the cybercrime black market. The RAND Corporation report says a December 2013 breach, in which 70 million Target customers had their data stolen, flooded the black market with credit card information.”