Hijacking drones with malware

Zeljka Zorz

http://www.net-security.org/malware_news.php?id=2949

Excerpt:

“A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. While in this particular case the actual danger turned out to be non-existent, the fact that these devices can be hijacked and misused for malicious purposes is something that the manufacturers will have to think about very soon.”

 


Critical BlackPhone bug allows attackers to spy on users

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17885

Excerpt:

“BlackPhone, a mobile phone aimed at users who want to keep their communications secure from mass surveillance attempts, is affected by a critical security vulnerability that can be exploited to reveal users' contacts, the content of their (encrypted) messages, and their location information, as well as to load additional code that can lead to the attacker having complete control over the handset.”

 


Facebook takes blame for service outages, which hit wider Web

 

Eric Auchard

http://www.reuters.com/article/2015/01/27/us-facebook-down-idUSKBN0L00GE20150127

Excerpt:

“Access to Facebook (FB.O), the world's largest social network, and its Instagram photo-sharing site, were blocked around the world for up to an hour on Tuesday, which the company said later was due to an internal fault and not an outside attack.”

 


10 Notorious Cyber Criminals Brought to Justice – No. 5

 

David Bisson

http://www.tripwire.com/state-of-security/government/10-notorious-cyber-criminals-brought-to-justice-no-5/

Excerpt:

“Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Vladislav Anatolievich Horohorin, a Ukrainian hacker who used online forums to sell “dumps” of stolen debit and credit card credentials to customers around the world.”

 


10 Notorious Cyber Criminals Brought to Justice – No. 6

 

David Bisson

http://www.tripwire.com/state-of-security/government/10-notorious-cyber-criminals-brought-to-justice-no-6/

Excerpt:

“Tripwire now continues its series of some of the most notorious cyber criminals brought to justice with Lin Mun Poo, a Malaysian hacker best known for his cyber exploits against prominent financial institutions in the United States.”

 


Police ransomware scam drives UK teen to suicide

 

Zeljka Zorz

http://www.net-security.org/malware_news.php?id=2946

Excerpt:

“For most people, a ransomware infection is not a huge tragedy: they pay the bogus fine (or not), and ultimately get their computer back either because the criminals unlock it or because they clean up the machine themselves.”

 


VPN services blocked by China's Great Firewall

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17869

Excerpt:

“A number of popular VPN services are the latest target of China's Great Firewall, including Astrill, StrongVPN and Golden Frog's VyprVPN.”

 


Malaysia Airlines website DNS-hijacked; Lizard Squad claims responsibility

 

Reuben Thum

http://www.techattack.my/19888/malaysia-airlines-website-dns-hijacked-lizard-squad-claims-responsibility/

Excerpt:

“Still recuperating from the tragedy of two lost aircraft last year with a total of 537 people either dead or missing, Malaysia Airlines’ (MAS) website was DNS-hicjacked this morning at around 10am.”

 


How health care providers can protect sensitive data

 

http://www.net-security.org/secworld.php?id=17854

Excerpt:

“Despite increasingly stringent industry regulations a lot of health care organizations along with their business associates often fail to ensure integrity of sensitive information.”

 


Click-fraud malware brings thousands of dollars to YouTube scammers

 

Zeljka Zorz

http://www.net-security.org/malware_news.php?id=2945

Excerpt:

“A malware delivery campaign aimed at making victims' computers surreptitiously view YouTube videos and, consequently, artificially inflate their popularity so that scammers might earn money from the ads embedded in them, has been targeting users around the world for months now.”

 


Journalist Barrett Brown sentenced to 63 months

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17862

Excerpt:

“Barrett Brown, the journalist that at one time claimed to be a spokesman for the hacktivist collective Anonymous, has been handed a 63-months-long prison sentence and has been order to pay $890,000 in restitution - most of it to Stratfor, the company whose stolen data he linked to, and other companies hit by Anonymous.”

 


Hacktivist Group CyberBerkut Behind Attacks on German Official Websites

 

Trend Micro

http://blog.trendmicro.com/trendlabs-security-intelligence/hacktivist-group-cyberberkut-behind-attacks-on-german-official-websites/

Excerpt:

“A pro-Russian group called CyberBerkut claimed responsibility for a recent hack on certain German government websites in early January. We were able to gather some information on some of its members based on Pastebin data that had been leaked by the Ukrainian nationalist political party (Pravy Sektor).”

 


Hacker hits Australian travel insurer, leaks records of 800,000 customers

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17845

Excerpt:

“Personal and limited financial information of over 800,000 customers of Australian travel insurance company Aussie Travel Cover have been stolen by a hacker that goes by the online handle "Abdilo" and is believed to be a member of the infamous Lizard Squad.”

 


The cost of malware containment

 

http://www.net-security.org/malware_news.php?id=2942

Excerpt:

“Enterprises spend $1.3 million a year dealing with false positive cyber security alerts, which equals nearly 21,000 hours in wasted time.”

 


The rise of mercenary hacker crews offering Espionage-as-a-Service

 

http://www.net-security.org/secworld.php?id=17836

Excerpt:

“Although the Sony attack was loud, damaging and hugely embarrassing to the company, the bigger threat is from mercenary hacker crews who steal billions of dollars of valuable technology secrets every year from U.S. companies on behalf of paying clients according to Jeffrey Carr, President and CEO of Taia Global.”

 


2+ million US cars can be hacked remotely, researcher claims

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17840

Excerpt:

“Security researcher Corey Thuen has made a surprising discovery when he reverse-engineered the firmware of the Snapshot tracking dongles that US-based Progressive Insurance gives out to its customers: the devices are woefully insecure, and can lead to data theft, as well as to the compromise of a car's functions crucial to passenger safety.”

 


US and UK to play "cyber war games" with each other

 

Lee Munson

https://nakedsecurity.sophos.com/2015/01/16/us-and-uk-to-play-cyber-war-games-with-each-other/

Excerpt:

“Agents from the United States and United Kingdom will carry out simulated cyber attacks against each other following talks between President Barack Obama and Prime Minister David Cameron.”

 


France sees 19,000 cyberattacks since terror rampage

 

Jamey Keaten and Sylvie Corbet

http://www.armytimes.com/story/military/tech/2015/01/15/france-cyberattacks/21807941/

Excerpt:

“Hackers have targeted about 19,000 French websites since a rampage by Islamic extremists left 20 dead last week, a top French cyberdefense official said Thursday as the president tried to calm the nation's inflamed religious tensions.”

 


Man arrested for Playstation and Xbox attacks

 

http://www.net-security.org/secworld.php?id=17834

Excerpt:

“Officers from the South East Regional Organised Crime Unit (SEROCU) Cyber Crime Unit, supported by Titan ROCU (North West Regional Organised Crime Unit), have arrested a man as part of an investigation into swatting and computer hacking offenses.”

 


UK PM Cameron demonizes encryption, US report says it's vital

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17835

Excerpt:

“When British Prime Minister David Cameron announced on Tuesday his plan to introduce new surveillance powers in the UK by forcing businesses to plant backdoors in their communication products, and ban applications that use end-to-end encryption, security experts we asked for an opinion have unanimously declared that weakening users' security posture is not the right answer to the problem of fighting criminals and terrorists.”

 


Pirate activist shows politicians what digital surveillance looks like

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17828

Excerpt:

“Gustav Nipe, the 26-year old president of the Swedish Pirate Party's youth wing, tried to do it by setting up an open Wi-Fi network at the Society and Defence National Conference held in Sälen, Sweden, late last and earlier this week, and collecting and analyzing the metadata of conference attendees who connected to it.”

 


Cyber attacks demonstrated on autonomous ground vehicles

 

http://www.net-security.org/secworld.php?id=17820

Excerpt:

“Mission Secure Inc. (MSi), a cyber defense technology and solutions provider, and Perrone Robotics Inc. (PRI), a provider of robotic and autonomous ground vehicle solutions, announced a pilot project to demonstrate cyber attacks and protections targeted at ground vehicles. The University of Virginia Department of Systems and Information Engineering is sponsoring the pilot project.”

 


Skeleton Key malware makes all passwords valid

 

Zeljka Zorz

http://www.net-security.org/malware_news.php?id=2939

Excerpt:

“Researchers from the Dell Secureworks CTU team have unearthed a new type of malware whose goal is to allow attackers to bypass authentication on Active Directory (AD) systems by enabling them to use any random password. They dubbed the malware "Skeleton Key."

 


Rex Mundi hackers try, fail to blackmail Swiss bank

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17813

Excerpt:

“The Banque Cantonale de Geneve has refused to pay the ransom demanded by a group of hackers that goes under the name of Rex Mundi, and they have made good on their word and have published the whole batch of customer emails they managed to steal from the bank's website.”

 


Over 930M Android users in danger as Google stops delivering critical patches

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17814

Excerpt:

“Nearly a billion of Android users - over half of the total number of worldwide users - are in danger of being targeted by cyber attackers exploiting vulnerabilities in WebView, as Google has decided not to provide security patches for the core component used in pre-KitKat (v4.4) versions of the mobile OS.”

 


Cost of breach vs. cost of deployment

 

Boudewijn Kiljan

http://www.net-security.org/article.php?id=2200

Excerpt:

“In security terms, 2014 read like a who’s who of data breaches. Huge, global companies like Target, eBay and Coca-Cola have succumbed to data loss. Public services like the US Postal Service have also been left exposed. Others do not want to follow suit in 2015.”

 


Swiss Bank BCGE compromised; client’ personal data made public

 

Pushpa Mishra

http://hackread.com/swiss-bank-bcge-compromised-client-personal-details-made-public/

Excerpt:

“A group of hackers going with the handle of Rex Mundi on Twitter  has divulged confidential information from Banque Cantonale de Geneve, a Swiss bank, after it declined to give in to the hacker’s demand for money, according to media reports.”

 


Do we need regular IT security fire drills?

 

http://www.net-security.org/secworld.php?id=17810

Excerpt:

“IT security ‘fire drills’, supported by executive management and the risk committee should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. So says Neil Campbell, Group General Manager for Dimension Data's Security Business Unit.”

 


Ransomware-wielding crooks made over $217,000 in a single month

 

Zeljka Zorz

http://www.net-security.org/malware_news.php?id=2938

Excerpt:

“Crypto-ransomware continues to be a very effective way for cyber crooks to "earn" serious money: the method is so lucrative that with a single campaign, the crooks have managed to get their hands on 810 BTC (over $217,000) in a month.”

 


Cyber intrusion lead to physical damage at German steel plant

 

Zeljka Zorz

http://www.net-security.org/secworld.php?id=17805

Excerpt:

“Three weeks ago, Germany's Federal Office for Information Security (BSI) released its traditional end-of-the-year report about the state of IT security in Germany.”

 


16-31 December Cyber Attacks Timeline

 

Paolo Passeri

http://hackmageddon.com/2015/01/05/16-31-december-cyber-attacks-timeline/

Excerpt:

“Despite still related to December 2014, here is the first timeline for 2015 covering the main events occurred between the 16th and 31st December 2014.”

 


Who’s Attacking Whom? Realtime Attack Trackers

 

http://krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/

Excerpt:

“It seems nearly every day we’re reading about Internet attacks aimed at knocking sites offline and breaking into networks, but it’s often difficult to visualize this type of activity. In this post, we’ll take a look at multiple ways of tracking online attacks and attackers around the globe and in real-time.”

 


Hackers use Pastebin to deliver backdoor code

 

http://www.net-security.org/malware_news.php?id=2937

Excerpt:

“Cyber attackers taking advantage of legitimate online services is not a new thing, and "online clipboard" Pastebin.com is often used to anonymously leak stolen information. But the latest malicious use of the service is not tied to leaked data, but the hosting of malicious files.”

 


Top 3 reasons businesses should prioritize web security

 

Neill Feather

http://www.net-security.org/article.php?id=2194

Excerpt:

“2014 was a year of high-profile hacks for businesses around the world. From The Home Depot breach to the recent Sony data leak, it seemed like as soon as one data breach was under control, another one came to light.”

 


Morgan Stanley Insider Theft Affects Tenth of Wealth Management Clients

 

Brian Donohue

http://threatpost.com/morgan-stanley-insider-affects-tenth-of-wealth-management-clients/110239

Excerpt:

“The financial services giant Morgan Stanley announced yesterday that that an employee had stolen sensitive information pertaining to more than 900 of the firm’s wealth-management clients.“

 


United Nation Pakistan Website Hacked By Free Syrian Hacker

 

Waqas

http://hackread.com/united-nation-pakistan-website-hacked-free-syrian-hacker/

Excerpt:

“The famous anti-Bashar Al Assad hacker Dr.SHA6H from Free Syrian Hacker group has hacked and defaced the official website of  UNDP – United Nations Development Programme, Pakistan against the ongoing Syrian conflict.”

 


Four cyber security risks not to be taken for granted

 

Ilia Kolochenko

http://www.net-security.org/article.php?id=2192

Excerpt:

“It's pretty difficult to make information security predictions, and even more difficult to verify them afterwards: we can only judge the effectiveness of information security by the number of public security incidents that were uncovered, while the majority of data breaches remain undetected.”

 


Scandinavian banks hit with DDoS attacks

 

http://www.net-security.org/secworld.php?id=17785

Excerpt:

“The new year started poorly for Finnish bank OP Pohjola Group and its customers: the latter have been prevented from executing their online banking transactions by a DDoS attack that targeted the bank's online services starting on the last day of 2014.”

 


Identity theft for dummies

 

Raj Samani

http://www.net-security.org/article.php?id=2191

Excerpt:

“It happened again. Checking into the hotel, I was asked if I can provide my credit card to cover additional expenses (not unusual). However, the receptionist simply wrote my credit card information down on a piece of paper and put it into an unlocked drawer. This, of course, led to a very awkward conversation in my best Spanglish regarding Principle 9 of the PCI-DSS standard.”