Why Ukraine Has Already Lost The Cyberwar, Too
Â
Patrick Tucker
https://www.defenseone.com/technology/2014/04/why-ukraine-has-already-lost-cyberwar-too/83350/
Excerpt:
“Don’t wait for cyberwar between Ukraine and Russia to break out ahead of the actual shooting. Ukraine already lost that, too. Russia may have unfettered access into the Ukrainian telecommunication systems according to several experts. It’s access that Russia can use to watch Ukrainian opposition leadership, or, in the event of an escalation in the conflict, possibly cut off telecommunications within Ukraine.â€
Â
Privacy, National Security, And Mass Surveillance
Â
Excerpt:
“National Security and Privacy in cyberspace can be perceived as opposites depending on the audience and perceptions. Understanding the foundational structure of each principle objectively can bring significant comprehension to opposite parties.â€
Â
Hackers stole £1.25 million only with the help of a small computer hardware
Â
Praveen Kashyap
http://hackersnewsbulletin.com/2014/04/hackers-stole-1-25-million-help-small-computer-hardware.html
Excerpt:
“Nine members of a gang responsible for breaking into the accounts of banks and transferring money illegally by gaining access to bank’s IT network were sentenced in London to a total of 24 years and nine months. The gang members who sentenced are identified as: Lanre Mullins-Abudu, 25; Steven Hannah, 53;Tony Colston-Hayter, 49; Darius Valentin Boldor, 34; Dean Outram, 32; Adam Raeburn Jefferson, 38; Segun Ogunfidodo, 27; Dola Leroy Odunsi, 28; and James Lewis Murphy, 39. They have been charged with conspiracy to commit fraud, conspiracy to steal, theft and possession of property or articles used in fraud. Four more members of the gang are scheduled to be sentenced in June for similar crimes.â€
Â
Can military's satellite links be hacked? Cyber-security firm cites concerns.
Â
Mark Clayton
Excerpt:
“Satellite communication terminals, relied upon by US military aircraft, ships, and land vehicles to move in harmony with one another, are susceptible to cyber-attack through digital backdoors and other vulnerabilities, according to a new report that has sent a tremor through the global satellite telecommunications industry.â€
Â
Two Alleged Members of Anonymous Cambodia Arrested
Â
Eduard Kovacs
http://news.softpedia.com/news/Two-Alleged-Members-of-Anonymous-Cambodia-Arrested-438945.shtml
Excerpt:
“A couple of 21-year-old students believed to be members of Anonymous Cambodia have been arrested. Local authorities collaborated with the FBI on the investigation.â€
Cybercrime Made More Affordable – The Implications
Excerpt:
“Before the end of the month, we will release a new paper in our Cybercriminal Underground Economy Series titled Russian Underground Revisited. This is a followup to our earlier paper Russian Underground 101; both papers examined the Russian Underground and looked at the goods and services being sold inside these underground communities.â€
Verizon: Espionage hacking grows, with more from east Europe
l33tdawg
https://news.hitb.org/content/verizon-espionage-hacking-grows-more-east-europe
Excerpt:
“Hacking for espionage purposes is sharply increasing, with groups or national governments from Eastern Europe playing a growing role, according to one of the most comprehensive annual studies of computer intrusions.â€
RedHack Hackers Target Aktif Bank over Controversial e-Ticketing System
Eduard Kovacs
Excerpt:
“Members of the hacktivist collective RedHack claim to have breached into the systems of Aktif Bank (aktifbank.com.tr), Turkey’s largest privately owned investment bank. The attack comes just as the bank introduced a controversial e-ticketing system for soccer (football) fans.â€
Mounties always get their man: Heartbleed 'hacker', 19, CUFFED
Shaun Nichols
http://www.theregister.co.uk/2014/04/16/mounties_get_their_man_canadian_heartbleed_hacker_nabbed
Excerpt:
“A teen suspected of exploiting the Heartbleed bug to rifle through Canada's tax computer systems has been arrested.â€
Putin tells Snowden: Russia conducts no US-style mass surveillance
Neil McAllister
http://www.theregister.co.uk/2014/04/17/putin_russia_has_no_mass_surveillance/
Excerpt:
“Vladimir Putin has said that Russia has no mass telephone and internet surveillance programs to compare with those in the United States.â€
The security software being used by Edward Snowden to evade NSA
Praveen Kashyap
http://hackersnewsbulletin.com/2014/04/security-software-used-edward-snowden-evade-nsa.html
Excerpt:
“Everyone was shocked and mostly the NSA-When one of the NSA employee ‘Edward Snowden’ leaked the internal information to the public that US Govt. Spies on people of own country, as well as other country, but one thing also was unique that how Snowden bypassing his networks, that none of them able to stop distributing the leaks online or to media.
How to confirm your systems aren’t suffering a major Heartbleed
David Kelleher
https://www.gfi.com/blog/how-to-confirm-your-systems-arent-suffering-a-major-heartbleed/
Excerpt:
“The Internet was rocked last week when a two-year-old bug in OpenSSL was revealed. Heartbleed, as the vulnerability is known, can result in massive information disclosure through simple requests that require no privileges, and leave no logs. Anything from command history to other users’ credentials to private keys can be exposed, and the aftershocks of this revelation will go on for months as SysAdmins try to patch their systems and data losses are reported. CVE 2014-0160 details the vulnerability."
Akamai Withdraws Proposed Heartbleed Patch
Mathew J. Schwartz
Excerpt:
“As researchers demonstrate OpenSSL bug exploits that retrieve private keys, Akamai rescinds a patch suggestion for the SSL/TLS library after a security researcher punches holes in it.â€
Heartbleed: Android Phones Still at Risk for Data Breach
Justin Bachman
http://www.businessweek.com/articles/2014-04-14/read-this-if-your-phone-runs-android
Excerpt:
“The Internet security world mobilized to tackle the Heartbleed software bug. But although most of the holes have been patched, a big one remains: Millions of smartphones still operate on Android version 4.1.1, which remains vulnerable to hackers exploiting a design flaw in the bedrock encryption software OpenSSL. It’s a good time to check what your phone is running.â€
First sites admit data loss through Heartbleed attacks
Martyn Williams
Excerpt:
“Canada's tax authority and a popular British parenting website both lost user data after attackers exploited the Heartbleed SSL vulnerability, they said Monday.â€
Â
The effect of the Heartbleed bug on open source projects
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=16678
Excerpt:
“The Heartbleed bug in OpenSSL is all the information security world is talking about these days. Many are beginning to realize, its existence has opened multiple cans of worms.â€
Â
Heartbleed bug: Checking websites and changing passwords
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=16680
Excerpt:
“In the wake of the discovery of the Heartbleed bug in OpenSSL, some security experts even went as far as advising users to avoid the Internet for a few days until the problem is sorted.â€
Â
Heartbleed bug: What regular users need to do
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=16671
Excerpt:
“As the news of the existence of the Heartbleed bug in OpenSSL and the implications of its existence trickles down into mainstream media, users are trying to figure out what passwords to change and which software to update.â€
Â
Breaches expose 552 million identities in 2013
Â
http://www.net-security.org/secworld.php?id=16668
Excerpt:
“After lurking in the shadows for the first ten months of 2013, cybercriminals unleashed the most damaging series of cyberattacks in history. Symantec’s Internet Security Threat Report (ISTR), Volume 19, shows a significant shift in cybercriminal behavior, revealing the bad guys are plotting for months before pulling off huge heists – instead of executing quick hits with smaller rewards.â€
Â
Heartbleed OpenSSL vulnerability: A technical remediation
Â
Stephen Coty
http://www.net-security.org/secworld.php?id=16661
Excerpt:
“OpenSSL released an bug advisory about a 64kb memory leak patch in their library. The bug has been assigned CVE-2014-0160 TLS heartbeat read overrun.â€
Â
How does the Heartbleed bug affect me?
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=16662
Excerpt:
“By now, you have surely heard about the "Heartbleed" bug discovered in Open SSL, and you're wondering how its existence affects you.â€
Â
OpenSSL "Heartbleed" bug undermines widely used encryption scheme
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=16649
Excerpt:
“OpenSSL, an open-source cryptographic library that is the default encryption engine for popular Web server software and is used in many popular operating system and apps, sports a critical vulnerability that can easily be misused by attackers to impersonate online services and steal information users believe to be protected by SSL/TLS.â€
Â
One third of phishing attacks aimed at stealing money
Â
http://www.net-security.org/secworld.php?id=16646
Excerpt:
“According to data collected as part of Kaspersky Lab's 'Financial cyber threats in 2013' study, cybercriminals are trying harder than ever to acquire confidential user information and steal money from bank accounts by creating fake sites mimicking financial organizations.â€
Â
Emerging trends in cyber-attack methodology
Â
http://www.net-security.org/secworld.php?id=16643
Excerpt:
“Websense documented the latest shift in complex attack trends, evolution in the threat ecosystem and shifting motivation of cyber-attacks.â€
Â
German police finds 18M stolen and misused account logins
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=16638
Excerpt:
“Police in northwestern German city of Verden have discovered a collection of 18 million stolen email addresses and corresponding passwords that are being actively used to send out spam, compromise social networks' accounts and event to occasionally plunder the victims' banking accounts.â€
Â
Statistics on the impact of Heartbleed on Select Top Level Domains
Â
Paganinip
http://securityaffairs.co/wordpress/23878/intelligence/statistics-impact-heartbleed.html
Excerpt:
“The Heartbleed Bug is probably the most serious menace to the modern Internet, a serious flaw in the popular OpenSSL library that is having a great impact. It’s been just over 48 hours after the disclosure of the news about the Heartbleed vulnerability, the serious flaw which affect OpenSSL library that allows an attacker to reveal up to 64kB of memory to a connected client or server.â€
Â
In the wake of Heartbleed, watch out for phishing attacks, disguised as password reset emails
Â
Graham Cluley
Excerpt:
“Everywhere you look people are panicking about the Heartbleed bug. And, to be fair, it is a very serious bug that does give malicious hackers, security researchers and snoopers the opportunity to spy upon what should have been private communications, and hoover up confidential information such as email addresses and passwords.â€
Â
10 ways your mobile phone leaks your sensitive information
Â
danielmiessler
Excerpt:
“We all use mobile phones, but few of us are aware of how careless they can be with our information. It's not really the phones by themselves, though. It's the applications and how they interact with the operating system. This article will walk through a few of the common dangers to your data security and privacy that come from poorly coded mobile applications.â€
Â
Heartbleed Bug – What You Should And Shouldn’t Do
Â
Lee Munson
http://bhconsulting.ie/securitywatch/?p=2103
Excerpt:
“If you are looking for information about the Heartbleed bug and what you, or your business, should do next then the good news is that there is already a huge amount of information on the net and in mainstream media. The bad news, however, is that some of the advice on offer isn’t the greatest.â€
Â
Nigeria launches emergency response to cyber security
Â
http://en.africatime.com/nigeria/articles/nigeria-launches-emergency-response-cyber-security
Excerpt:
“The Nigerian government Tuesday launched a Computer Emergency Readiness and Response Team (CERRT.ng) Ecosystem, aimed at providing support in responding to computer, network and related cyber security incidents.â€
Â
Why a hacked Twitter account is worth more than a stolen credit card
Â
Christina Commisso
Excerpt:
“Twitter is becoming the channel of choice for hackers, according to a new report that suggests stolen account information can fetch more money than credit cards on the cybercrime black market. The RAND Corporation report says a December 2013 breach, in which 70 million Target customers had their data stolen, flooded the black market with credit card information.â€