Hijacking drones with malware
Zeljka Zorz
http://www.net-security.org/malware_news.php?id=2949
Excerpt:
“A recent incident at the White House showed that small aerial vehicles (drones) present a specific security problem. While in this particular case the actual danger turned out to be non-existent, the fact that these devices can be hijacked and misused for malicious purposes is something that the manufacturers will have to think about very soon.â€
Â
Critical BlackPhone bug allows attackers to spy on users
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17885
Excerpt:
“BlackPhone, a mobile phone aimed at users who want to keep their communications secure from mass surveillance attempts, is affected by a critical security vulnerability that can be exploited to reveal users' contacts, the content of their (encrypted) messages, and their location information, as well as to load additional code that can lead to the attacker having complete control over the handset.â€
Â
Facebook takes blame for service outages, which hit wider Web
Â
Eric Auchard
http://www.reuters.com/article/2015/01/27/us-facebook-down-idUSKBN0L00GE20150127
Excerpt:
“Access to Facebook (FB.O), the world's largest social network, and its Instagram photo-sharing site, were blocked around the world for up to an hour on Tuesday, which the company said later was due to an internal fault and not an outside attack.â€
Â
10 Notorious Cyber Criminals Brought to Justice – No. 5
Â
David Bisson
Excerpt:
“Tripwire now continues its series on some of the most notorious cyber criminals brought to justice with Vladislav Anatolievich Horohorin, a Ukrainian hacker who used online forums to sell “dumps†of stolen debit and credit card credentials to customers around the world.â€
Â
10 Notorious Cyber Criminals Brought to Justice – No. 6
Â
David Bisson
Excerpt:
“Tripwire now continues its series of some of the most notorious cyber criminals brought to justice with Lin Mun Poo, a Malaysian hacker best known for his cyber exploits against prominent financial institutions in the United States.â€
Â
Police ransomware scam drives UK teen to suicide
Â
Zeljka Zorz
http://www.net-security.org/malware_news.php?id=2946
Excerpt:
“For most people, a ransomware infection is not a huge tragedy: they pay the bogus fine (or not), and ultimately get their computer back either because the criminals unlock it or because they clean up the machine themselves.â€
Â
VPN services blocked by China's Great Firewall
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17869
Excerpt:
“A number of popular VPN services are the latest target of China's Great Firewall, including Astrill, StrongVPN and Golden Frog's VyprVPN.â€
Â
Malaysia Airlines website DNS-hijacked; Lizard Squad claims responsibility
Â
Reuben Thum
Excerpt:
“Still recuperating from the tragedy of two lost aircraft last year with a total of 537 people either dead or missing, Malaysia Airlines’ (MAS) website was DNS-hicjacked this morning at around 10am.â€
Â
How health care providers can protect sensitive data
Â
http://www.net-security.org/secworld.php?id=17854
Excerpt:
“Despite increasingly stringent industry regulations a lot of health care organizations along with their business associates often fail to ensure integrity of sensitive information.â€
Â
Click-fraud malware brings thousands of dollars to YouTube scammers
Â
Zeljka Zorz
http://www.net-security.org/malware_news.php?id=2945
Excerpt:
“A malware delivery campaign aimed at making victims' computers surreptitiously view YouTube videos and, consequently, artificially inflate their popularity so that scammers might earn money from the ads embedded in them, has been targeting users around the world for months now.â€
Â
Journalist Barrett Brown sentenced to 63 months
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17862
Excerpt:
“Barrett Brown, the journalist that at one time claimed to be a spokesman for the hacktivist collective Anonymous, has been handed a 63-months-long prison sentence and has been order to pay $890,000 in restitution - most of it to Stratfor, the company whose stolen data he linked to, and other companies hit by Anonymous.â€
Â
Hacktivist Group CyberBerkut Behind Attacks on German Official Websites
Â
Trend Micro
Excerpt:
“A pro-Russian group called CyberBerkut claimed responsibility for a recent hack on certain German government websites in early January. We were able to gather some information on some of its members based on Pastebin data that had been leaked by the Ukrainian nationalist political party (Pravy Sektor).â€
Â
Hacker hits Australian travel insurer, leaks records of 800,000 customers
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17845
Excerpt:
“Personal and limited financial information of over 800,000 customers of Australian travel insurance company Aussie Travel Cover have been stolen by a hacker that goes by the online handle "Abdilo" and is believed to be a member of the infamous Lizard Squad.â€
Â
The cost of malware containment
Â
http://www.net-security.org/malware_news.php?id=2942
Excerpt:
“Enterprises spend $1.3 million a year dealing with false positive cyber security alerts, which equals nearly 21,000 hours in wasted time.â€
Â
The rise of mercenary hacker crews offering Espionage-as-a-Service
Â
http://www.net-security.org/secworld.php?id=17836
Excerpt:
“Although the Sony attack was loud, damaging and hugely embarrassing to the company, the bigger threat is from mercenary hacker crews who steal billions of dollars of valuable technology secrets every year from U.S. companies on behalf of paying clients according to Jeffrey Carr, President and CEO of Taia Global.â€
Â
2+ million US cars can be hacked remotely, researcher claims
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17840
Excerpt:
“Security researcher Corey Thuen has made a surprising discovery when he reverse-engineered the firmware of the Snapshot tracking dongles that US-based Progressive Insurance gives out to its customers: the devices are woefully insecure, and can lead to data theft, as well as to the compromise of a car's functions crucial to passenger safety.â€
Â
US and UK to play "cyber war games" with each other
Â
Lee Munson
https://nakedsecurity.sophos.com/2015/01/16/us-and-uk-to-play-cyber-war-games-with-each-other/
Excerpt:
“Agents from the United States and United Kingdom will carry out simulated cyber attacks against each other following talks between President Barack Obama and Prime Minister David Cameron.â€
Â
France sees 19,000 cyberattacks since terror rampage
Â
Jamey Keaten and Sylvie Corbet
http://www.armytimes.com/story/military/tech/2015/01/15/france-cyberattacks/21807941/
Excerpt:
“Hackers have targeted about 19,000 French websites since a rampage by Islamic extremists left 20 dead last week, a top French cyberdefense official said Thursday as the president tried to calm the nation's inflamed religious tensions.â€
Â
Man arrested for Playstation and Xbox attacks
Â
http://www.net-security.org/secworld.php?id=17834
Excerpt:
“Officers from the South East Regional Organised Crime Unit (SEROCU) Cyber Crime Unit, supported by Titan ROCU (North West Regional Organised Crime Unit), have arrested a man as part of an investigation into swatting and computer hacking offenses.â€
Â
UK PM Cameron demonizes encryption, US report says it's vital
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17835
Excerpt:
“When British Prime Minister David Cameron announced on Tuesday his plan to introduce new surveillance powers in the UK by forcing businesses to plant backdoors in their communication products, and ban applications that use end-to-end encryption, security experts we asked for an opinion have unanimously declared that weakening users' security posture is not the right answer to the problem of fighting criminals and terrorists.â€
Â
Pirate activist shows politicians what digital surveillance looks like
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17828
Excerpt:
“Gustav Nipe, the 26-year old president of the Swedish Pirate Party's youth wing, tried to do it by setting up an open Wi-Fi network at the Society and Defence National Conference held in Sälen, Sweden, late last and earlier this week, and collecting and analyzing the metadata of conference attendees who connected to it.â€
Â
Cyber attacks demonstrated on autonomous ground vehicles
Â
http://www.net-security.org/secworld.php?id=17820
Excerpt:
“Mission Secure Inc. (MSi), a cyber defense technology and solutions provider, and Perrone Robotics Inc. (PRI), a provider of robotic and autonomous ground vehicle solutions, announced a pilot project to demonstrate cyber attacks and protections targeted at ground vehicles. The University of Virginia Department of Systems and Information Engineering is sponsoring the pilot project.â€
Â
Skeleton Key malware makes all passwords valid
Â
Zeljka Zorz
http://www.net-security.org/malware_news.php?id=2939
Excerpt:
“Researchers from the Dell Secureworks CTU team have unearthed a new type of malware whose goal is to allow attackers to bypass authentication on Active Directory (AD) systems by enabling them to use any random password. They dubbed the malware "Skeleton Key."
Â
Rex Mundi hackers try, fail to blackmail Swiss bank
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17813
Excerpt:
“The Banque Cantonale de Geneve has refused to pay the ransom demanded by a group of hackers that goes under the name of Rex Mundi, and they have made good on their word and have published the whole batch of customer emails they managed to steal from the bank's website.â€
Â
Over 930M Android users in danger as Google stops delivering critical patches
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17814
Excerpt:
“Nearly a billion of Android users - over half of the total number of worldwide users - are in danger of being targeted by cyber attackers exploiting vulnerabilities in WebView, as Google has decided not to provide security patches for the core component used in pre-KitKat (v4.4) versions of the mobile OS.â€
Â
Cost of breach vs. cost of deployment
Â
Boudewijn Kiljan
http://www.net-security.org/article.php?id=2200
Excerpt:
“In security terms, 2014 read like a who’s who of data breaches. Huge, global companies like Target, eBay and Coca-Cola have succumbed to data loss. Public services like the US Postal Service have also been left exposed. Others do not want to follow suit in 2015.â€
Â
Swiss Bank BCGE compromised; client’ personal data made public
Â
Pushpa Mishra
http://hackread.com/swiss-bank-bcge-compromised-client-personal-details-made-public/
Excerpt:
“A group of hackers going with the handle of Rex Mundi on Twitter  has divulged confidential information from Banque Cantonale de Geneve, a Swiss bank, after it declined to give in to the hacker’s demand for money, according to media reports.â€
Â
Do we need regular IT security fire drills?
Â
http://www.net-security.org/secworld.php?id=17810
Excerpt:
“IT security ‘fire drills’, supported by executive management and the risk committee should be conducted regularly in organizations, in order to understand the appropriate course of action in advance of a security breach. So says Neil Campbell, Group General Manager for Dimension Data's Security Business Unit.â€
Â
Ransomware-wielding crooks made over $217,000 in a single month
Â
Zeljka Zorz
http://www.net-security.org/malware_news.php?id=2938
Excerpt:
“Crypto-ransomware continues to be a very effective way for cyber crooks to "earn" serious money: the method is so lucrative that with a single campaign, the crooks have managed to get their hands on 810 BTC (over $217,000) in a month.â€
Â
Cyber intrusion lead to physical damage at German steel plant
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=17805
Excerpt:
“Three weeks ago, Germany's Federal Office for Information Security (BSI) released its traditional end-of-the-year report about the state of IT security in Germany.â€
Â
16-31 December Cyber Attacks Timeline
Â
Paolo Passeri
http://hackmageddon.com/2015/01/05/16-31-december-cyber-attacks-timeline/
Excerpt:
“Despite still related to December 2014, here is the first timeline for 2015 covering the main events occurred between the 16th and 31st December 2014.â€
Â
Who’s Attacking Whom? Realtime Attack Trackers
Â
http://krebsonsecurity.com/2015/01/whos-attacking-whom-realtime-attack-trackers/
Excerpt:
“It seems nearly every day we’re reading about Internet attacks aimed at knocking sites offline and breaking into networks, but it’s often difficult to visualize this type of activity. In this post, we’ll take a look at multiple ways of tracking online attacks and attackers around the globe and in real-time.â€
Â
Hackers use Pastebin to deliver backdoor code
Â
http://www.net-security.org/malware_news.php?id=2937
Excerpt:
“Cyber attackers taking advantage of legitimate online services is not a new thing, and "online clipboard" Pastebin.com is often used to anonymously leak stolen information. But the latest malicious use of the service is not tied to leaked data, but the hosting of malicious files.â€
Â
Top 3 reasons businesses should prioritize web security
Â
Neill Feather
http://www.net-security.org/article.php?id=2194
Excerpt:
“2014 was a year of high-profile hacks for businesses around the world. From The Home Depot breach to the recent Sony data leak, it seemed like as soon as one data breach was under control, another one came to light.â€
Â
Morgan Stanley Insider Theft Affects Tenth of Wealth Management Clients
Â
Brian Donohue
http://threatpost.com/morgan-stanley-insider-affects-tenth-of-wealth-management-clients/110239
Excerpt:
“The financial services giant Morgan Stanley announced yesterday that that an employee had stolen sensitive information pertaining to more than 900 of the firm’s wealth-management clients.“
Â
United Nation Pakistan Website Hacked By Free Syrian Hacker
Â
Waqas
http://hackread.com/united-nation-pakistan-website-hacked-free-syrian-hacker/
Excerpt:
“The famous anti-Bashar Al Assad hacker Dr.SHA6H from Free Syrian Hacker group has hacked and defaced the official website of  UNDP – United Nations Development Programme, Pakistan against the ongoing Syrian conflict.â€
Â
Four cyber security risks not to be taken for granted
Â
Ilia Kolochenko
http://www.net-security.org/article.php?id=2192
Excerpt:
“It's pretty difficult to make information security predictions, and even more difficult to verify them afterwards: we can only judge the effectiveness of information security by the number of public security incidents that were uncovered, while the majority of data breaches remain undetected.â€
Â
Scandinavian banks hit with DDoS attacks
Â
http://www.net-security.org/secworld.php?id=17785
Excerpt:
“The new year started poorly for Finnish bank OP Pohjola Group and its customers: the latter have been prevented from executing their online banking transactions by a DDoS attack that targeted the bank's online services starting on the last day of 2014.â€
Â
Identity theft for dummies
Â
Raj Samani
http://www.net-security.org/article.php?id=2191
Excerpt:
“It happened again. Checking into the hotel, I was asked if I can provide my credit card to cover additional expenses (not unusual). However, the receptionist simply wrote my credit card information down on a piece of paper and put it into an unlocked drawer. This, of course, led to a very awkward conversation in my best Spanglish regarding Principle 9 of the PCI-DSS standard.â€