Bulletin vulnerabilities exposed more than 27 million users’ records

Pierluigi Paganini



“The Data breach monitoring service LeakedSource has disclosed 11 new data breaches. Security vulnerabilities in the vBulletin platform have exposed more than 27 million accounts, the majority of which belongs to three games on mail.ru.”

$378,000 Malware Attack Leads Thai Bank to Shut Down Half of Its ATMs

David Bisson



“The Government Savings Bank (GSB) of Thailand shut down nearly half of its ATMs following a malware attack that cost it 12 million baht, or about $378,000.”

Hackers can easily take over cellphone towers, researchers found

Zeljka Zorz



“Zimperium researchers have unearthed three critical vulnerabilities in widely used software running on base transceiver stations (BTS), i.e. the equipment that makes cellphone towers work.”

UK universities hit repeatedly with ransomware, one over 21 times!

Zeljka Zorz



“63 percent of UK universities have been hit by ransomware – most of them multiple times, and Bournemouth University a total of 21 times in the last year, SentinelOne has found.”

Privileged user abuse and the insider threat



“Although insider leaks and attacks continue to multiply, a Ponemon Institute study found that 58 percent of IT operations and security managers believe their organizations are unnecessarily granting access to individuals beyond their roles or responsibilities with 91 percent predicting the risk of insider threats will continue to grow or stay the same.”

Cybercriminals select insiders to attack telecom providers



“Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these criminals are also recruiting disillusioned employees through underground channels and blackmailing staff using compromising information gathered from open sources.”

Russia's Central Bank introduces new mandatory cyber-security regulations

Eugene Gerden



“The Russian Central Bank has announced mandatory cyber-security regulations for domestic banks, according to a Central Bank spokesperson.”

Teen Avoids Jail Time After DDoSing Australia's Biggest Bank & E-Crime Portal

Catalin Cimpanu



“A judge at the Christies Beach Youth Court in Adelaide, Australia has sentenced a 15-year-old teenager to a "family conference" after the teen has launched DDoS attacks on his school, the Commonwealth Bank of Australia (CBA), and ACORN - the Australian Cybercrime Online Reporting Network portal.”

Banking customers hesitant to use mobile features due to security concerns



“Banking customers are hesitant to use mobile features due to fraud and security concerns, according to Kaspersky Lab and IDC Financial Insights. Their findings show that of those not using mobile banking at all today (36 percent), 74 percent cited security as the major reason, which could slow the overall adoption of mobile banking services during a time where mobile device usage is exploding.”

DOE Awards $34M in Funding to Help Bolster Power Grid Security



“The United States Department of Energy (DOE) has awarded $34 million in funding for projects aimed to protect the U.S. power grid against digital attacks.”

The inner workings of the Cerber ransomware campaign



“Check Point’s research team has analysed the inner workings of Cerber, the world’s biggest ransomware-as-a-service scheme.”

Hacking smart cities: Dangerous connections

Mirko Zorz



“Once just a curiosity for technology enthusiasts, the Internet of Things (IoT) has become mainstream. In fact, the IoT security market is estimated to grow from USD 7.90 billion in 2016 to USD 36.95 billion by 2021, at a CAGR of 36.1%, according to MarketsandMarkets.”

Iran Investigates If Series of Oil Industry Accidents Were Caused by Cyber Attack

Kay Armin Serjoie/Tehran



“After weeks of speculation on the cause of an unprecedented string of fires and explosions in major Iranian oil and gas facilities, Iran’s Supreme National Cyberspace Council has said that it is looking into cyber-attacks as a possible cause. “Special teams will be sent to the afflicted sites to study the possibility of cyber systems having a role in the recent fires,” said Abolhasan Firoozabadi, secretary of the council according to local media on Wednesday.”

Shark Ransomware-as-a-Service: A real threat, a scam, or both?

Zeljka Zorz



“A new Ransomware-as-a-Service project has sprung up, and the “service providers” are allowing others to use it for free, but take a 20 percent cut out of every ransom that gets paid by the victims. The ransomware is called Shark.”

Russian pizza restaurant 'hacker' faces US trial



“The trial of a Russian man accused of orchestrating a hacking scheme that targeted US pizza restaurants is due to begin this week. Prosecutors allege that Roman Seleznev, the son of a Russian MP, was a "master hacker" behind a plan which led to $170m (£131m) of fraudulent purchases.”

Text scam victimises parents, claiming kids have been in an accident

Danielle Correa



“Fraudsters have stooped to a new low by alerting parents with scam text messages that claim to be from loved ones that have been injured in an accident to trick them into replying and sending money.”

Pakistan passes controversial cyber-crime law

Mehreen Zahra-Malik



“Pakistan has adopted a much-criticized cyber security law that grants sweeping powers to regulators to block private information they deem illegal”

Hundreds of millions of cars can be easily unlocked by attackers

Zeljka Zorz



“Security researchers have come up with a way to unlock cars manufactured by vendors around the world, and are set to present their findings on Friday at the Usenix security conference in Austin, Texas.”

Financial malware attacks increase as malware creators join forces



“Kaspersky Lab blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company’s IT threat evolution report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware.”

Millions of Russians' personal data may be put at risk 

Eugene Gerden



“Leading Russian cyber-security analysts have criticised recently announced government plans to create a single national database containing the personal data of all Russian citizens, expected to be the largest electronic archive in Russia.”

Philippine bank says it preserves ties with big U.S. banks despite heist role

Krishna N. Das and Karen Lema



“Rizal Commercial Banking Corp (RCBC) officials say they have preserved ties with major U.S. banks despite the use of one of its branches in Manila by cyber criminals to funnel $81 million stolen from the Bangladesh central bank’s account at the Federal Reserve Bank of New York.”

Man Charged with Selling Stolen Bank Accounts on Dark Web

David Bisson



“A federal grand jury has charged a man with selling access to bank customers’ stolen account logins on a dark web marketplace.”

Banner Health cyber attack sees 3.7 million customer records accessed

Dan Worth



“US health insurance giant Banner Health has said that details of up to 3.7 million patients and staff were accessed during a cyber incident at the company.”

Israeli hacker breaches systems of Iranian ISP

Roi Perez



“An Israeli hacker has breached the website of Iranian Internet Service Provider (ISP) Daba and is claiming to have leaked the details of 52,000 registered users.”

Yahoo 'Aware' Hacker Is Advertising 200 Million Supposed Accounts on Dark Web

Joseph Cox



“A notorious cybercriminal is advertising 200 million of alleged Yahoo user credentials on the dark web, and the company has said it is “aware” of the hacker’s claims, but has not confirmed nor denied the legitimacy of the data.”

Data of 200 million Yahoo users offered for sale

Zeljka Zorz



“Data of some 200 million Yahoo users has been offered for sale on the TheRealDeal dark web market by “peace_of_mind” (aka “Peace”).”

South Korea Says North Korea Hacked Email Accounts of 56 State Officials

Catalin Cimpanu



“South Korean investigators revealed this morning that they detected over 90 attempts to hack the email accounts of various state officials, of which 56 were successful.”

Russian government admits agencies were hacked

Max Metzger



” The Russian government has announced that 20 different bodies within Russia, many of them government agencies, have been found with espionage malware lurking in their networks”

Interpol arrests Nigerian scam mastermind who stole $60 million



“The head of an international criminal network behind thousands of online frauds has been arrested in a joint operation by INTERPOL and the Nigerian Economic and Financial Crime Commission (EFCC).”