Sixth teen arrested in breach of UK ISP TalkTalk

Greg Masters

http://www.scmagazineuk.com/sixth-teen-arrested-in-breach-of-uk-isp-talktalk/article/491743/

Excerpt:

“A teenager turned himself in to police in Staffordshire, UK, where he was arrested on charges stemming from a breach of internet services provider TalkTalk which impacted more than 150,000 customers, according to Express & Star.”


Hackers expose a million people who belong to a website only for the ‘beautiful’

Karen Turner

https://www.washingtonpost.com/news/the-switch/wp/2016/04/26/hackers-expose-a-million-people-who-belong-to-a-website-only-for-the-beautiful/

Excerpt:

“The personal data of 1.1 million users deemed attractive enough for controversial dating site BeautifulPeople.com were leaked, according to news reports and an expert who runs the security-analysis site HaveIBeenPwned.com on Monday. The breach included some 15 million private messages sent between members of the website, as well as details such as encrypted passwords, email addresses, mobile-phone numbers and personal information such as height, weight, job, favorite movie and TV show.”


Phantom riders abusing stolen Uber users' accounts for strange journeys

David Bisson

https://www.grahamcluley.com/2016/04/phantom-riders-steal-uber-user-passwords/

Excerpt:

“As reported by The Guardian, all sorts of people, including TV personalities, have had their accounts taken over by scammers and charged for rides they did not order.”


ISIS Hackers Join Forces to Create Mega Hacking Unit

Catalin Cimpanu

http://news.softpedia.com/news/isis-hackers-join-forces-to-create-mega-hacking-unit-503411.shtml

Excerpt:

“Through a series of messages posted on official ISIS social media accounts and Telegram channels, the terrorist group has announced the creation of a mega hacking unit called the United Cyber Caliphate (UCC).”


Most organizations still lack visibility into database assets

https://www.helpnetsecurity.com/2016/04/25/organizations-lack-visibility-database-assets/

Excerpt:

“Only 19 percent of organizations have what the organization considers to be “excellent” visibility into their data and database assets, according to Osterman Research and DB Networks. This level of visibility is necessary to rapidly identify a data breach.”


Bangladesh Bank hackers compromised SWIFT software with bespoke malware

Zeljka Zorz

https://www.helpnetsecurity.com/2016/04/25/compromised-swift-software/

Excerpt:

“Bit by bit, indications about how the attackers who targeted Bangladesh’s central bank managed to take off with some $80 milllion (of the nearly $1 billion they aimed for) via fraudulent transfers are coming to light.”


Anonymous Member Arrested for the COMELEC Hack

Catalin Cimpanu

http://news.softpedia.com/news/anonymous-member-arrested-for-the-comelec-hack-503311.shtml

Excerpt:

“Philippine authorities announced they arrested Paul Biteng, a 23-year-old college student, for his role in the hacking of the Philippines Commission on Elections (COMELEC) website.”


Hacktivist school set up on dark web

Greg Masters

http://www.scmagazineuk.com/hacktivist-school-set-up-on-dark-web/article/491114/

Excerpt:

“Aspiring hacktivists can now login to a chat service hosted by Anonymous to learn coding and encryption.”


Judge tosses evidence obtained by FBI malware planted on dark website

John Zorabedian

https://nakedsecurity.sophos.com/2016/04/21/judge-tosses-evidence-obtained-by-fbi-malware-planted-on-dark-website/

Excerpt:

“A US federal judge has thrown out evidence in a child abuse imagery case obtained by the FBI’s use of a hacking tool.”


Philippines arrests tech graduate suspected of hacking poll body's website

Karen Lema

http://www.reuters.com/article/us-philippines-election-idUSKCN0XI1FR

Excerpt:

“Philippine law enforcers have arrested an information technology graduate on charges of hacking the website of the Commission on Elections (Comelec), officials said on Thursday, less than three weeks before a presidential election that could be very close.”


How to automate a custom password dictionary for your pen test

Mirko Zorz

https://www.helpnetsecurity.com/2016/04/21/automate-password-dictionary/

Excerpt:

“When doing penetration testing, security professionals regularly have to deal with words that are specific to the task at hand, and many are not found in common wordlists. Another problem comes from popular tools, many of which are challenging to customize.”


FBI warns farming industry about equipment hacks, data breaches

Zeljka Zorz

https://www.helpnetsecurity.com/2016/04/21/farming-cyber-risks/

Excerpt:

“As Internet-connected equipment is increasingly used in many industry sectors, alerts like the latest one issued by the FBI to US farmers will likely become a regular occurrence.”


SpyEye Makers Get 24 Years in Prison

Brian Krebs

http://krebsonsecurity.com/2016/04/spyeye-makers-get-24-years-in-prison/

Excerpt:

“Two hackers convicted of making and selling the infamous SpyEye botnet creation kit were sentenced in Georgia today to a combined 24 years in prison for helping to infect hundreds of thousands of computers with malware and stealing millions from unsuspecting victims.”


9 Years Prison, $1.7 Million Fine For Malicious Insider

Sara Peters

http://www.darkreading.com/operations/9-years-prison-$17-million-fine-for-malicious-insider-/d/d-id/1325166

Excerpt:

“A former IT engineer for a Dallas law firm was sentenced to 115 months in prison and ordered to pay $1.697 million in restitution for a destructive computer attack he committed against his former employer in 2011. The sentencing comes in the wake of a flurry of attacks on law firms and the highly publicized leak at Panamanian law firm Mossack Fonseca.”  


PoS Malware Steals Credit Card Numbers via DNS Requests

Catalin Cimpanu

http://news.softpedia.com/news/pos-malware-steals-credit-card-numbers-via-dns-requests-503180.shtml

Excerpt:

“A new version of the NewPosThings PoS malware is using a clever technique to extract data from infected PoS terminals that almost no security solution monitors for malware activity.”


Cyberattack brings down Newark Police Dept. Systems

Robert Abel

http://www.scmagazine.com/newark-pd-hit-with-cyberattack-systems-down-for-three-days/article/490359/

Excerpt:

“A cyberattack on the Newark Police Department brought down systems used to track and analyze crime data and to dispatch officers.”


Employees risk corporate security by accessing pirated content

https://www.helpnetsecurity.com/2016/04/20/corporate-security-pirated-content/

Excerpt:

“6 in 10 Brits who use personal devices for work also use the same device for streaming or downloading pirated content.”


Exposing the Cybercrime as a Business model

https://www.helpnetsecurity.com/2016/04/20/cybercrime-as-a-business-model/

Excerpt:

“Trustwave released a new report which reveals the top cybercrime, data breach and security threat trends from 2015. Experts gathered real-world data from hundreds of breach investigations the company conducted in 2015 across 17 countries.”


Buffalo buffalo buffalo: malware that attacks malware

Adrian Bridgwater

http://www.scmagazineuk.com/buffalo-buffalo-buffalo-malware-that-attacks-malware/article/490614/

Excerpt:

“Buffalo buffalo Buffalo buffalo buffalo buffalo Buffalo buffalo is a grammatically correct sentence based upon the use of homonyms and homophones, this link explains how it works. Basically, bison from the town of Buffalo who get bullied by other buffalo bison will they themselves also bully back.”


Sweden’s Critical Infrastructure Was “Incorrectly Reportedly” as Attacked by Hackers

Maritza Santillan

http://www.tripwire.com/state-of-security/latest-security-news/swedens-critical-infrastructure-was-reportedly-attacked-by-russian-hackers/

Excerpt:

“In November 2015, outages in Sweden’s Air Traffic Control System lasting several days led to hundreds of domestic and international flights being grounded at multiple airports across the country.”


Hacking Team hacker explains how he did it

Zeljka Zorz

https://www.helpnetsecurity.com/2016/04/18/hacking-team-hacker-explains/

Excerpt:

“Some nine months ago, a hacker that calls himself Phineas Fisher managed to breach the systems and networks of Hacking Team, the (in)famous Italian company that provides offensive intrusion and surveillance software to governments, intelligence and law enforcement agencies around the world.”


US government is lousy at cybersecurity

https://www.helpnetsecurity.com/2016/04/18/us-government-lousy-cybersecurity/

Excerpt:

“SecurityScorecard released its 2016 Government Cybersecurity Report, a comprehensive analysis that exposes alarming cybersecurity vulnerabilities across 600 local, state, and federal government organizations in the United States.”


Meet GozNym: The Banking Malware Offspring of Gozi ISFB and Nymaim

Limor Kessem

https://securityintelligence.com/meet-goznym-the-banking-malware-offspring-of-gozi-isfb-and-nymaim/

Excerpt:

“IBM X-Force Research uncovered a Trojan hybrid spawned from the Nymaim and Gozi ISFB malware. It appears that the operators of Nymaim have recompiled its source code with part of the Gozi ISFB source code, creating a combination that is being actively used in attacks against more than 24 U.S. and Canadian banks, stealing millions of dollars so far. X-Force named this new hybrid GozNym.”


Exclusive: Canadian Police Obtained BlackBerry’s Global Decryption Key

Justin Ling and Jordan Pearson

https://news.vice.com/article/exclusive-canada-police-obtained-blackberrys-global-decryption-key-how

Excerpt:

“A high-level surveillance probe of Montreal's criminal underworld shows that Canada's federal policing agency has had a global encryption key for BlackBerry devices since 2010.”


How To Prepare For A DDoS Attack: 10 Steps

Steve Zurier

http://www.darkreading.com/endpoint/how-to-prepare-for-a-ddos-attack-10-steps/d/d-id/1325148?

Excerpt:

“Distributed denial of service (DDoS) attacks are scary. In a matter of minutes, they can shut down a network, service or website, costing companies millions of dollars.”


Microsoft sues US govt for right to tell users when their data is accessed by feds

Zeljka Zorz

https://www.helpnetsecurity.com/2016/04/15/microsoft-sues-us-govt/

Excerpt:

“Microsoft has filed a new lawsuit against the US government, asking the court to permit them to alert their users when their online accounts and the data in them has been accessed by the authorities.”


Is your train or bus eavesdropping on your conversation?

John Zorabedian

https://nakedsecurity.sophos.com/2016/04/14/is-your-train-or-bus-eavesdropping-on-your-conversation/

Excerpt:

“In at least two US states, privacy advocates are raising questions about the use of surveillance equipment to record audio on trains and buses.New Jersey Transit is defending its recording audio on light rail trains, although the agency won’t say exactly how it is using those recordings, how they are stored, or for how long.”


Former Reuters journalist gets two years in hacking case

Steven Musil

http://www.cnet.com/news/former-reuters-journalist-gets-two-years-in-hacking-case/

Excerpt:

“A former Reuters editor convicted of conspiring with hackers to deface the Los Angeles Times website in 2010 was sentenced Wednesday to two years in prison. Matthew Keys, who had faced up to 25 years in prison, continued to assert his innocence and said he plans to appeal the sentencing.”


Prosecutor suspended over fake Facebook profile used in murder prosecution

Lisa Vaas

https://nakedsecurity.sophos.com/2016/04/13/prosecutor-suspended-over-fake-facebook-profile-used-in-murder-prosecution/

Excerpt:

“A US lawyer from Ohio has been suspended for a year for posing as the mistress of a murderer on Facebook to turn his girlfriend against him. The assistant county prosecutor, Aaron Brockler, got creative on social media while he was working a case involving a 2012 murder.


China says tech firms pledge to counter online terror activities

Ben Blanchard

http://www.reuters.com/article/us-china-internet-security-idUSKCN0X912A

Excerpt:

“Twenty-five Chinese technology companies have signed a pledge to counter images and information online that promote terrorism, the internet regulator said on Tuesday, months after China passed a controversial new anti-terrorism law.”


Cybercriminals are adopting corporate best practices

https://www.helpnetsecurity.com/2016/04/12/professional-attack-groups/

Excerpt:

“Cybercriminals are adopting corporate best practices and establishing professional businesses in order to increase the efficiency of their attacks against enterprises and consumers. This new class of professional cybercriminal spans the entire ecosystem of attackers, extending the reach of enterprise and consumer threats and fueling the growth of online crime.”


2013 DDoS Attacks on US Banking Sector Used Sweden's Military Servers

Catalin Cimpanu

http://news.softpedia.com/news/2013-ddos-attacks-on-us-banking-sector-used-sweden-s-military-servers-502809.shtml

Excerpt:

“Swedish newspaper Daily News discovered that a large number of Web servers belonging to Sweden's Armed Forces were hijacked and forced to participate in DDoS attacks against US banking institutions.”


Universities aren’t doing enough to train the cyberdefenders America desperately needs

Andrea Peterson

https://www.washingtonpost.com/news/the-switch/wp/2016/04/11/universities-arent-doing-enough-to-train-the-cyberdefenders-america-desperately-needs/

Excerpt:

“The threat of hacking seems to lurk around every corner, but American universities may not be doing enough to prepare the next generation of cyberdefenders.”


Petya ransomware encryption has been cracked

Zeljka Zorz

https://www.helpnetsecurity.com/2016/04/11/petya-ransomware-encryption-cracked/

Excerpt:

“Petya ransomware hit companies hard, but the good news is that there are now tools available to get the encrypted files and locked computers back. The ransomware not only encrypts the victims’ files, but also their disk’s Master File Table (MFT), and it replaces the boot drive’s existing Master Boot Record (MBR) with a malicious loader.”


Creepy adware takes screenshot of victim's desktop without their permission

David Bisson

https://www.grahamcluley.com/2016/04/adware-desktop-screenshot/

Excerpt:

“Researchers have come across a nasty adware variant that takes a screenshot of a user's computer desktop without their permission. Lawrence Abrams, a computer security expert at Bleeping Computer, notes in a blog post that the adware, known as "Faster Internet," has a penchant for collecting unsuspecting users' data:”


Faxing faux pas compromises patients' mental health records

David Bisson

https://www.grahamcluley.com/2016/04/fax-patients-mental-health-records/

Excerpt:

“A businesswoman has gone public with a story about how a careless faxing mistake has compromised dozens of patients' mental health records over the course of the last decade.


UK Teen That Sold DDoS Tools on the Dark Web Avoids Going to Prison

Catalin Cimpanu

http://news.softpedia.com/news/uk-teen-that-sold-ddos-tools-on-the-dark-web-avoids-going-to-prison-502762.shtml

Excerpt:

“Grant Manser, 20, of Kidderminster, a town near Birmingham, in the UK, has pleaded guilty to selling DDoS stressers on the Dark Web that had been used to bring down servers and websites in the UK and many European countries.”


BEC scammers stole $2.3 billion in less than three years

Zeljka Zorz

https://www.helpnetsecurity.com/2016/04/08/bec-scammers-stole-2-3-billion/

Excerpt:

“Once again, the FBI has issued a warning about business email compromise scams. Their numbers say there has been a 270 percent increase in identified victims and exposed loss since January 2015.”


FBI Quietly Admits To Multi-Year Apt Attack, Sensitive Data Stolen

Tom Spring

https://threatpost.com/fbi-quietly-admits-to-multi-year-apt-attack-sensitive-data-stolen/117267/

Excerpt:

“The FBI issued a rare bulletin admitting that a group named Advanced Persistent Threat 6 (APT6) hacked into US government computer systems as far back as 2011 and for years stole sensitive data.”


New application level attack bodes ill for hybrid DDoS protection

Zeljka Zorz

https://www.helpnetsecurity.com/2016/04/07/new-application-level-attack-bodes-ill-hybrid-ddos-protection/

Excerpt:

“Imperva has recently witnessed a new type of DDoS attack they believe might become a go-to for cyber criminals looking to take sites and services down.”


Vengeful Hacker Risks Ten Years in Prison for DDoSing Security Firm's Website

Catalin Cimpanu

http://news.softpedia.com/news/vengeful-hacker-risks-ten-years-in-prison-for-ddosing-security-firm-s-website-502699.shtml

Excerpt:

“A man from Oklahoma City is risking ten years in prison after harassing a security researcher that helped law enforcement catch and send to jail a fellow member of his hacking crew.”


Mumblehard takedown ends army of Linux servers from spamming

Marc-Etienne M.Léveillé

http://www.welivesecurity.com/2016/04/07/mumblehard-takedown-ends-army-of-linux-servers-from-spamming/

Excerpt:

“One year after the release of the technical analysis of the Mumblehard Linux botnet, we are pleased to report that it is no longer active. ESET, in cooperation with the Cyber Police of Ukraine and CyS Centrum LLC, have taken down the Mumblehard botnet, stopping all its spamming activities since February 29th, 2016.”


Millions of child support records stolen, D.C. officials want answers

Maria Korolov  

http://www.csoonline.com/article/3053531/security/millions-of-child-support-records-stolen-dc-officials-want-answers.html

Excerpt:

“In early February, a thief broke into several offices in Olympia, Washington to steal anything he could grab that was worth selling. In one locked drawer, the thief found a couple of external hard drives that he added to his haul of cash, cameras, electronics and laptops.”


Couple hosting Tor exit node raided by cops investigating child abuse

John Zorabedian

https://nakedsecurity.sophos.com/2016/04/07/couple-hosting-tor-exit-node-raided-by-cops-investigating-child-abuse/

Excerpt:

“Jan Bultmann and David Robinson, a married couple from Seattle and well-known privacy activists in that city, were awakened early one morning last month by police with a search warrant for their home.”


German police arrest international cyber ring suspect

Caroline Copley

http://www.reuters.com/article/us-germany-cyber-idUSKCN0X324C

Excerpt:

“Police investigating a ring of global cyber criminals arrested the 22-year-old main suspect in Germany and carried out raids across several countries, prosecutors in the west German city of Koblenz said on Wednesday.”


Intel buys Italian startup Yogitech to beef up self-driving car safety

Mike Wheatley

http://siliconangle.com/blog/2016/04/06/intel-buys-italian-startup-yogitech-to-beef-up-self-driving-car-safety/

Excerpt:

“Intel is expanding its Internet of Things horizons with the acquisition of Italian startup Yogitech S.p.A, which designs systems to ensure the functional safety of semiconductors used in the automotive industry.”


Siri flaw in iOS 9.3.1 allows access to photos on locked iPhone 6S and 6S Plus

Carly Page

http://www.v3.co.uk/v3-uk/news/2453440/siri-flaw-in-ios-931-allows-access-to-photos-on-locked-iphone-6s-and-6s-plus

Excerpt:

“The recently released iOS 9.3.1 fix for the link-crashing glitch plaguing iPhones and iPads has a bug that allows anyone to access photos and contacts on a locked device.”


Better History Chrome extension goes rogue, hijacks browsers and displays ads

Graham Cluley

http://www.hotforsecurity.com/blog/better-history-chrome-extension-goes-rogue-hijacks-browsers-and-displays-ads-13674.html

Excerpt:

“A third-party Chrome extension, supposed to make management of your browsing history simpler, has been kicked out of the Chrome web store after users accused it of hijacking their browsing, fiddling with links and opening webpages displaying ads.”


New Variant of TinyPOS Discovered

Kevin Townsend

http://www.securityweek.com/new-variant-tinypos-discovered

Excerpt:

“While we wait to discover what and how the Trump Hotel Collection was breached, a new version of the TinyPOS point-of-sale (PoS) malware has been discovered by Foregenix.”


Former Scotland Yard detective discusses cybercrime and threat intelligence

http://www.csoonline.com/article/3051803/techology-business/former-scotland-yard-detective-discusses-cymbercrime-and-threat-intelligence.html

Excerpt:

“Steve Santorelli became a police officer in 1994, working in London, UK. He worked his way up through various detective grades and branches until he joined Scotland Yards Computer Crime Unit in 2000.”


US passport and visa database open to intrusion?

Zeljka Zorz

https://www.helpnetsecurity.com/2016/04/04/us-passport-visa-database-vulnerable/

Excerpt:

“The Consular Consolidated Database (CCD), which contains over 290 million passport-related records, 184 million visa records, and 25 million records on US citizens living abroad, has been found to be vulnerable to cyber attack and possibly data tampering.”


Calculate the cost and probability of a DDoS attack

https://www.helpnetsecurity.com/2016/04/04/ddos-downtime-calculator/

Excerpt:

“DDoS attacks are becoming increasingly larger, more complex, and perpetrated by cyber extortionist instead of hacktivists and vandals, according to a recent survey from Arbor Networks.”