In Britain, Malware No. 1 Cyberthreat
Mathew J. Schwartz
http://www.inforisktoday.com/in-britain-malware-no-1-cyberthreat-a-8255
Excerpt:
“That finding comes via the first-ever annual report from the U.K.'s computer emergency response team, or CERT-UK. From April 2014 through March 2015, the organization says, it counted 2.6 million Zeus infections inside the U.K., followed by 1.8 million infections of ZeroAccess search-engine-poisoning malware, 816,000 Conficker banking malware infections, 112,000 Salitymalware infections, and 99,000 Torpig rootkit infections.â€
Â
Drone detection: What works and what doesn't
Â
Zain Naboulsi
http://www.net-security.org/article.php?id=2297
Excerpt:
“Another drone was discovered flying in restricted air space around the White House two weeks ago. The Secret Service found the pilot simply because they happened to see him.â€
Â
Data Breach Costs Rise, Healthcare Industry Hardest Hit
Â
Brian Prince
http://www.securityweek.com/data-breach-costs-rise-healthcare-industry-hardest-hit
Excerpt:
“A new report issued by the Ponemon Institute and sponsored by IBM revealed that the cost of data breaches is trending upward. In an examination of breaches at 350 companies spread across 11 countries, the report found the average loss incurred for each lost or stolen record rose from $145 to $154.â€
Â
New 'sleeper' ransomware laid dormant on infected PCs until this week, report says
Â
Colin Neagle
Excerpt:
“A new strain of ransomware that had laid dormant on infected devices suddenly "woke up" at midnight on Monday, May 25, security firm KnowBe4 said in an alert issued today.â€
Â
How businesses can stem the flow of leaky data
Â
Richard Anstey
http://www.net-security.org/article.php?id=2295
Excerpt:
“The privacy and security of corporate data is at risk like never before. Not only are businesses faced with an ever-growing variety of security threats, from sophisticated, targeted attacks, to new zero-day vulnerabilities and state-sponsored espionage, they also need to deal with the sharing habits of their employees.â€
Â
Total cost of average data breach reaches $3.8 million
Â
Mirko Zorz
http://www.net-security.org/secworld.php?id=18428
Excerpt:
“The average consolidated total cost of a data breach is $3.8 million, according to a Ponemon Institute study of 350 companies spanning 11 countries.â€
Â
Why insider threats are succeeding
Â
TK Keanini
http://www.net-security.org/article.php?id=2293
Excerpt:
“Data leaks and other news events over the past few years have brought insider threats to the forefront of public attention, but most companies still lack the means or motivation to protect themselves from malicious insiders.â€
Â
15,000 spam emails have hit the inboxes of Android users in recent days
Â
http://www.net-security.org/malware_news.php?id=3046
Excerpt:
“Thousands of Android users are at risk of having their mobile devices and private contents locked by a particularly ruthless ransomware that demands $500 to restore access. Users that try to independently unlock their devices will see the amount increase to $1,500, with payment demanded via Money Pak and PayPal My Cash transfers.â€
Â
New Point-of-Sale Malware NitlovePoS Sends Card Data via Encrypted Connection
Â
Ionut Ilascu
Excerpt:
“Security researchers identified a fresh malware piece targeting point-of-sale (PoS) systems that relies on encrypted communication to exfiltrate payment card info from the memory of the payment processing machines.â€
Â
Meet ‘Tox': Ransomware for the Rest of Us
Â
Jim Walter
https://blogs.mcafee.com/mcafee-labs/meet-tox-ransomware-for-the-rest-of-us
Excerpt:
“The packaging of malware and malware-construction kits for cybercrime “consumers†has been a long-running trend. Various turnkey kits that cover remote access plus botnet plus stealth functions are available just about anywhere. Ransomware, though very prevalent, has not yet appeared in force in easy-to-deploy kits.â€
Â
New research suggests that hackers can track subway riders through their phones
Â
Patrick Howell O'Neill
http://www.dailydot.com/politics/hackers-track-subway-riders-phone-motion-sensors/
Excerpt:
“Underground subways offer no place to hide from hackers. Determined hackers can track the movements of millions of subway riders around the world even as they go underground by breaking into smartphone motion detectors, new research from Chinese academics reveals. The attack can track subway riders with up to 92 percent accuracy.â€
Â
Malware upsurge threatens millions of POS devices
Â
http://www.net-security.org/malware_news.php?id=3044
Excerpt:
“Notable brands like Target, Neiman Marcus, PF Chang’s, Staples, Michaels Stores, and Home Depot have all have become victims of point of sale (POS) security breaches targeting consumer payment card data. In the majority of cases, POS attacks take place due to malware infections.â€
Â
Keeping passwords safe from cracking
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=18414
Excerpt:
“A group of researchers from Purdue University in Indiana have come up with an effective and easy-to-implement solution for protecting passwords from attackers.â€
Â
Security Firm Redefines APT: African Phishing Threat
Â
Brian Krebs
https://krebsonsecurity.com/2015/05/security-firm-redefines-apt-african-phishing-threat/
Excerpt:
“A security firm made headlines earlier this month when it boasted it had thwarted plans by organized Russian cyber criminals to launch an attack against multiple US-based banks. But a closer look at the details behind that report suggests the actors in question were relatively unsophisticated Nigerian phishers who’d simply registered a bunch of new fake bank Web sites.â€
Â
South Korean minors to be monitored via smartphone spying apps
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=18402
Excerpt:
“The Korea Communications Commission, South Korea's media regulation agency modeled after US' FCC, has made it mandatory for telecoms and parents to install a monitoring app on smartphones used by anyone aged 18 years or under, AP reports.â€
Â
DDoS attacks double, old web application attack vectors still active
Â
Mirko Zorz
http://www.net-security.org/secworld.php?id=18405
Excerpt:
“Akamai Technologies analyzed thousands of DDoS attacks as well as nearly millions of web application attack triggers across the Akamai Edge network.â€
Â
The rise in false fraud alerts
Â
http://www.net-security.org/secworld.php?id=18409
Excerpt:
“68% of Americans who have received a fraudulent activity alert from their credit or debit card issuer have received at least one alert in error, according to CreditCards.com.â€
Â
Address spoofing Safari bug opens door for phishing attacks
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=18399
Excerpt:
“Hacker David Leo has released a PoC exploit for a Safari vulnerability that can be misused to trick users into thinking they are on one site while they are actually on another - a boon for phishers.â€
Â
How much money do cyber crooks collect via crypto ransomware?
Â
Zeljka Zorz
http://www.net-security.org/malware_news.php?id=3042
Excerpt:
“FireEye researchers have calculated that the cybercriminals wielding TeslaCrypt and AlphaCrypt have managed to extort $76,522 from 163 victims in only two months.â€
Â
Anonymous Italy Steals 1TB of Data from Best Union Ticketing Service During Expo 2015 Attacks
Â
Brandon Stosh
Normal 0 false false false EN-US JA X-NONE /* Style Definitions */ table.MsoNormalTable {mso-style-name:"Table Normal"; mso-tstyle-rowband-size:0; mso-tstyle-colband-size:0; mso-style-noshow:yes; mso-style-priority:99; mso-style-parent:""; mso-padding-alt:0cm 5.4pt 0cm 5.4pt; mso-para-margin:0cm; mso-para-margin-bottom:.0001pt; mso-pagination:widow-orphan; font-size:12.0pt; font-family:Cambria; mso-ascii-font-family:Cambria; mso-ascii-theme-font:minor-latin; mso-hansi-font-family:Cambria; mso-hansi-theme-font:minor-latin; mso-ansi-language:EN-US;}
http://freedomhacker.net/anonymous-italy-steals-1tb-data-best-union-ticketing-service-4146/
Excerpt:
“Anonymous Italy has continued to target Expo 2015 with a series of high-scale Distributed Denial of Service (DDoS) Attacks under the collectives Operation Italy (#OpItaly). Anonymous hackers have targeted Expo 2015’s systems and supporting organizations with a series of high-profile cyberattacks for the past few weeks and show no sign of stopping.â€
Â
Hackers try to attack German parliament Bundestag
Â
Pratibha Rawal
http://www.ehackingnews.com/2015/05/hackers-try-to-attack-german-parliament.html
Excerpt:
“The officials of Bundestag, lower house of German parliament, on May 15 confirmed that its IT system has been attacked by hackers.â€
Â
Penn State engineering network is taken offline following two cyberattacks
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=18396
Excerpt:
“The computer network of Pennsylvania State University's College of Engineering has been temporarily disconnected from the Internet in the wake of two "highly sophisticated cyberattacks," Penn State president Eric Barron has confirmed on Friday.â€
Â
FBI claims security researcher took control of plane
Â
Chris Matyszczyk
http://www.cnet.com/news/fbi-claims-security-researcher-took-control-of-plane/
Excerpt:
“When Chris Roberts was pulled off a United Airlines flight last month -- and banned by the airline -- was it just because of a tweet that he deemed humorous?â€
Â
Computer Criminals Brought to Justice – Randall Charles Tucker
Â
David Bisson
Excerpt:
“We now report on the story of Randall Charles Tucker, a serial distributed denial of service (DDoS) attacker who targeted the websites of government authorities whom he felt were guilty of unjust behavior.â€
Â
The Naikon APT - Tracking Down Geo-Political Intelligence Across APAC, One Nation at a Time
Â
Kurt Baumgartner, Maxim Golovkin
https://securelist.com/analysis/publications/69953/the-naikon-apt/
Excerpt:
“Our recent report, “The Chronicles of the Hellsing APT: the Empire Strikes Back†began with an introduction to the Naikon APT, describing it as “One of the most active APTs in Asia, especially around the South China Seaâ€. Naikon was mentioned because of its role in what turned out to be a unique and surprising story about payback. It was a Naikon attack on a Hellsing-related organization that first introduced us to the Hellsing APT.  Considering the volume of Naikon activity observed and its relentless, repeated attack attempts, such a confrontation was worth looking into, so we did.â€
Â
Mobile Spyware Maker mSpy Hacked, Customer Data Leaked
Â
Brian Krebs
https://krebsonsecurity.com/2015/05/mobile-spy-software-maker-mspy-hacked-customer-data-leaked/
Excerpt:
“mSpy, the makers of a dubious software-as-a-service product that claims to help more than two million people spy on the mobile devices of their kids and partners, appears to have been massively hacked. Last week, a huge trove of data apparently stolen from the company’s servers was posted on the Deep Web, exposing countless emails, text messages, payment and location data on an undetermined number of mSpy “users.â€
Â
Organizations lack control over mobile workspaces
Â
http://www.net-security.org/secworld.php?id=18386
Excerpt:
“More than 64 percent of respondents to a SANS survey said a majority of their mobile workforce can access their organizations’ secure data remotely, yet less than 25 percent said sufficient policies/controls are in place for mobile media.â€
Â
Ex-NSA security bod fanboi: Apple Macs are wide open to malware
Â
John Leyden
http://www.theregister.co.uk/2015/05/07/mac_malware/
Excerpt:
“Patrick Wardle, a former NSA staffer and NASA intern who now heads up research at crowd-sourced security intelligence firm Synack, found that Apple's defensive Gatekeeper technology can be bypassed allowing unsigned code to run. Apple's Gatekeeper utility is pre-installed in Mac OS X PCs and used to verify code. The tool is designed so that by default it will only allow signed code to run or, depending on settings, only packages from the Mac App Store.â€
Â
The cost of insecurity: $2.1 trillion every year by 2019
Â
Graeme Burton
http://www.computing.co.uk/ctg/news/2408344/the-cost-of-insecurity-usd21-trillion-every-year-by-2019
Excerpt:
“Continuing digitisation of goods and services, combined with the further development of mobile, including wearables, and the so-called internet of things, will see the annual cost of cyber-crime and security breaches reach $2.1 trillion (£1.3 trillion) in just four years, according to Juniper Research.â€
Â
Can you correctly identify phishing emails?
Â
http://www.net-security.org/secworld.php?id=18378
Excerpt:
“An Intel Security quiz presented ten emails and asked respondents to identify which of the emails were phishing attempts designed to steal personal information and which were legitimate. Of the approximately 19,000 survey respondents from 144 countries, only 3% were able to correctly identify every example correctly and 80% of all respondents misidentified at least one of the phishing emails, which is all it takes to fall victim to an attack.â€
Â
Data breaches lead to surge of spoofing attacks
Â
Mirko Zorz
http://www.net-security.org/secworld.php?id=18379
Excerpt:
“The number of attacks on businesses is trending up as crimeware tools gain traction providing tools to fraudsters to automate cybercrime attacks leveraging the customer data made available from breaches.â€
Â
Naikon APT steals geopolitical data from the South China Sea
Â
Brian Donohue
https://blog.kaspersky.com/naikon-apt-south-china-sea/
Excerpt:
“The Chinese-language Naikon advanced persistent threat group is targeting military, government and civil organizations located in and around the South China Sea, which is an increasingly contentious hot-bed of territorial disputes between various Southeast Asian nations.â€
Â
High-level, state-sponsored Naikon hackers exposed
Â
John Leyden
http://www.theregister.co.uk/2015/05/18/naikon_cyberspies_spying/
Excerpt:
“The activities of yet another long-running apparently state-sponsored hacking crew have finally been exposed. The Naikon cyber-espionage group has been targeting government, military and civil organisations around the South China Sea for at least five years, according to researchers at Kaspersky Lab.â€
Â
'Home-brewed' encryption scheme opens millions of smart meters to hacking, warn researchers
Â
Fred Donovan
Excerpt:
“Millions of smart meters and other Internet-connected devices are at risk of cyberattacks because of weak encryption developed by the Open Smart Grid Protocol (OSGP) Alliance, according to European security researchers.â€
Â
Man charged with attempted spear-phishing attack on U.S. Department of Energy
Â
http://www.net-security.org/secworld.php?id=18373
Excerpt:
“An indictment is charging a former employee of the U.S. Department of Energy and the U.S. Nuclear Regulatory Commission (NRC) with a total of four felony offenses in connection with an attempted email “spear-phishing†attack in January 2015, targeting dozens of Department of Energy employee e-mail accounts.â€
Â
US Passport Agency contractor stole applicants’ data to steal their identities
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=18375
Excerpt:
“Three women from Houston, Texas, stand accused of engaging in an identity theft scheme in which one of them, a contract employee of the Department of State Passport Agency, was in charge of stealing personally identifiable information of persons applying for a passport.â€
Â
CyberSecurity Firm Accused of Hacking Clients to Extort Money
Â
Brandon Stosh
http://freedomhacker.net/cybersecurity-firm-tiversa-accused-hacking-clients-extort-money-4114/
Excerpt:
“In a rather bizarre turn of events, one cybersecurity company has been accused of falsifying data breaches and even hacking into companies to gain potential clients and extort money from smaller and larger organizations.â€
Â
Breaking Bad-themed ransomware targeting users
Â
Zeljka Zorz
http://www.net-security.org/malware_news.php?id=3035
Excerpt:
“A new type of ransomware is targeting Australian users, and its creators have decided to have some fun and express their love for the popular US TV show Breaking Bad while trying to "earn" some money.â€
Â
Do you know where your sensitive data lives?
Â
http://www.net-security.org/secworld.php?id=18369
Excerpt:
“The majority of IT security professionals don’t have full visibility into where all their organization’s sensitive data resides, according to Perspecsys.â€
Â
Alleged Photobucket hackers arrested in US
Â
http://www.itnews.com.au/News/403757,alleged-photobucket-hackers-arrested-in-us.aspx
Excerpt:
“US prosecutors have charged two men with conspiracy and fraud after they allegedly breached the computer systems of Denver-based Photobucket and sold passwords and access to private information on the giant photo-sharing website.â€
Â
Spear Phishing Campaign Targets Government Office in Taiwan
Â
Ionut Ilascu
Excerpt:
“Workers at a government office in Taiwan have received emails carrying a backdoor that extracts system identifying information and delivers it to a remote server.â€
Â
Anonymous Knocks Pro-Nazi Websites Offline with DDoS Attacks
Â
Brandon Stosh
http://freedomhacker.net/anonymous-knocks-pro-nazi-websites-offline-ddos-attack-4106/
Excerpt:
“Anonymous hackers decided to commemorate the 70th anniversary of the defeat of Nazi forces in 1945, by Anonymous Sweden deciding to knock pro-Nazi websites offline in motion of the 70 year old victory.â€
Â
CPL Malware in Brazil: somewhere between banking trojans and malicious emails
Â
MatÃas Porolli
http://www.welivesecurity.com/2015/05/07/cpl-malware-brazil-white-paper-now-available/
Excerpt:
“When we analyze the most prevalent threats in Latin America, we see the same malware families across the region. In Brazil, however, there is a different situation. Not only is Brazil one of the most populated countries in the world, but it is also one of the countries with the highest percentage of Internet users using online banking. That is why Brazil is the country where banking trojans are the number one threat.â€
Â
Criminal attacks in healthcare are up 125% since 2010
Â
http://www.net-security.org/secworld.php?id=18351
Excerpt:
“The healthcare industry is experiencing a surge in data breaches, security incidents, and criminal attacks—exposing millions of patients and their medical records, according to the Ponemon Institute.â€
Â
Workplace stress dramatically impacting IT professionals
Â
http://www.net-security.org/secworld.php?id=18358
Excerpt:
“High workplace stress levels for IT professionals are dramatically impacting both employees and employers. These impacts are illustrated by increases in those staff looking to find another job, and in those working increasing amounts of unpaid overtime to cope with workloads. A growing number of IT staff are also experiencing substantial disruption to their personal lives as a result of work demands.â€
Â
Millions of WordPress sites risk hijacking due to flaw in default theme
Â
Zeljka Zorz
http://www.net-security.org/secworld.php?id=18360
Excerpt:
“Netsparker researchers have recently unearthed a vulnerability affecting one popular theme installed by default in all WordPress installations, and which can be exploited by attackers to take control of vulnerable WP sites. The vulnerability has later been also found in one widely-used WP plugin.â€
Â
Anonymous Leaks Email and Passwords of Baltimore Police Officials Involved in the Death of Freddie Gray
Â
Brandon Stosh
Excerpt:
“The hacktivist collective, Anonymous has now leaked the emails and passwords of six different police officials who were involved with the death of 25 year old, Freddie Gray. Anonymous has leaked personal information including amass of emails and IP addresses for the officers involved in the shooting and death of Gray.â€
Â
How secure are digital transactions?
Â
http://www.net-security.org/secworld.php?id=18336
Excerpt:
“The online payment industry was exposed to a slew of attacks in 2013-14, with hackers meticulously examining the payment infrastructure to exploit potential weaknesses. To guard against such security breaches, the payment industry needs to devise global security initiatives and establish common rules.â€
Â
Â
The importance of integrating identity and data
Mirko Zorz
http://www.net-security.org/article.php?id=2265
Excerpt:
“In this podcast recorded at RSA Conference 2015, Siva Belasamy, CEO and CTO at Deep Identity, talks about how identifying who has access to what, and the risks associated with such access, can be a daunting task.â€