Report: $3-5M in Ad Fraud Daily from ‘Methbot’

Brian Krebs

https://krebsonsecurity.com/2016/12/report-3-5m-in-ad-fraud-daily-from-methbot/

Excerpt:

“New research suggests that an elaborate cybercrime ring is responsible for stealing between $3 million and $5 million worth of revenue from online publishers and video advertising networks each day. Experts say the scam relies on a vast network of cloaked Internet addresses, rented data centers, phony Web sites and fake users made to look like real people watching short ad segments online.”


Crook Who Used His Home IP Address for Banking Fraud Gets 5 Years in Prison

Catalin Cimpanu

https://www.bleepingcomputer.com/news/security/crook-who-used-his-home-ip-address-for-banking-fraud-gets-5-years-in-prison/

Excerpt:

“A UK judge sentenced a crook part of a cybercrime operation that used banking malware to five years in prison for stealing £840,000 ($1,035,000) from victims all over the world.”


Hackers could take control of a plane using in-flight entertainment system

Cara McGoogan

http://www.telegraph.co.uk/technology/2016/12/20/hackers-could-take-control-plane-using-in-flight-entertainment/

Excerpt:

“A flaw in an in-flight entertainment system used by major airlines including Emirates, Virgin and Qatar could let hackers access a planes' controls.”


Hackers Might Have Turned Off the Lights in Ukraine for the Second Time

Bogdan Popa

http://news.softpedia.com/news/hackers-might-have-turned-off-the-lights-in-ukraine-for-the-second-time-511132.shtml

Excerpt:

“Ukraine experienced a new power outage during the weekend, and it’s believed that hackers are once again responsible, after they previously breached energy companies in 2015.”


8,000 exposed in Slovak Chamber of Commerce and Industry hack

Alexandra Gheorghe

https://hotforsecurity.bitdefender.com/blog/8000-exposed-in-slovak-chamber-of-commerce-and-industry-hack-17405.html

Excerpt:

“The official site of the Slovak Chamber of Commerce and Industry (scci.sk) got hacked and 8,000 users were affected, according to news reports.”


The economics of ransomware revealed

https://www.helpnetsecurity.com/2016/12/15/economics-ransomware-revealed/

Excerpt:

“70 percent of businesses infected with ransomware have paid ransom to regain access to business data and systems. In comparison, over 50 percent of consumers surveyed said they would not pay to regain access back to personal data or devices aside from financial data, according to IBM Security”


Growth rates of cryptographic keys and certificates

https://www.helpnetsecurity.com/2016/12/16/cryptographic-keys-certificates/

Excerpt:

“A new study conducted by Dimensional Research evaluated current and projected growth rates of cryptographic keys and digital certificates in the enterprise for 2016 and 2017. Study respondents included 505 IT professionals that manage these critical cryptographic assets in the U.S., U.K., France and Germany.”


'One billion' affected by Yahoo hack

http://www.bbc.com/news/world-us-canada-38324527

Excerpt:

“Yahoo has said more than one billion user accounts may have been affected in a hacking attack dating back to 2013.”


Ukrainian Defense Ministry Says Hackers Tried to Take Down Its Website

Bogdan Popa

http://news.softpedia.com/news/ukrainian-defense-ministry-says-hackers-tried-to-take-down-its-website-510971.shtml

Excerpt:

“Ukraine is the latest target of unknown hackers who attempted to take down the website of the defense ministry, according to local authorities.”


Seventeen-year-old sentenced for 2015 TalkTalk hack

Camilla Hodgson

http://www.reuters.com/article/us-talktalk-tlcm-gp-sentence-idUSKBN1421I0

Excerpt:

“A 17-year-old who admitted illegally hacking communications company Talk Talk last year was sentenced to a 12-month rehabilitation order on Tuesday.”


Russian Consulate Hacked, Passport Numbers and Personal Information Stolen

Bogdan Popa

http://news.softpedia.com/news/russian-consulate-hacked-passport-numbers-and-personal-information-stolen-510928.shtml

Excerpt:

“Security pentester Kapustkiy has managed to hack the website belonging to a Russian consular department, accessing personal information that includes names, emails, phone numbers, and passport numbers.”


Law enforcement operation targets users of DDoS tools

https://www.helpnetsecurity.com/2016/12/12/law-enforcement-ddos-tools/

Excerpt:

“From 5 to 9 December 2016, Europol and law enforcement authorities from Australia, Belgium, France, Hungary, Lithuania, the Netherlands, Norway, Portugal, Romania, Spain, Sweden, the United Kingdom and the United States carried out a coordinated action targeting users of DDoS tools, leading to 34 arrests and 101 suspects interviewed and cautioned.”


Cyberspies stole secrets from industrial giant ThyssenKrupp

Lucian Constantin

http://www.csoonline.com/article/3148704/security/cyberspies-stole-secrets-from-industrial-giant-thyssenkrupp.html

Excerpt:

“Germany-based industrial conglomerate ThyssenKrupp was hit by a cyberespionage attack earlier this year that resulted in data being stolen from its industrial solutions and steel producing units.”


‘Avalanche’ Crime Ring Leader Eludes Justice

Brian Krebs

https://krebsonsecurity.com/2016/12/avalanche-crime-ring-leader-eludes-justice/

Excerpt:

“The accused ringleader of a cyber fraud gang that allegedly rented out access to a criminal cloud hosting service known as “Avalanche” is now a fugitive from justice following a bizarre series of events in which he shot at Ukrainian police, was arrested on cybercrime charges and then released from custody.”


In-flight communication monitored for years by US, UK secret services

Luana Pascu

https://hotforsecurity.bitdefender.com/blog/in-flight-communication-monitored-for-years-by-us-uk-secret-services-17288.html

Excerpt:

“From as early as 2012, mobile phone activity on commercial airlines has been monitored by the intelligence agencies NSA (US) and GCHQ (UK) with Air France being a top target as of 2005, Le Monde announced yesterday, based on additional information from Edward Snowden’s leaked information.”


Cybersecurity advice for the nuclear industry

Zeljka Zorz

https://www.helpnetsecurity.com/2016/12/08/cybersecurity-nuclear-industry/

Excerpt:

“Less complexity, an active defense, transformative research, and institutionalized cybersecurity should be nuclear industry’s key priorities to stem the rising tide of cyber threats.”


Suspects arrested in Russia central bank cyberheist: bank official

Alexander Winning and Elena Fabrichnaya

http://www.reuters.com/article/us-russia-cenbank-cyberattack-idUSKBN13W2AK

Excerpt:

“Russian authorities arrested a large number of suspects in May in connection with the recently revealed electronic theft of $19 million from accounts held at the Russian central bank, an official said on Wednesday.”


Argentinian Government Site Suffers Major Breach, Personal Information Exposed

Bogdan Popa

http://news.softpedia.com/news/argentinian-government-site-suffers-major-breach-personal-information-exposed-510780.shtml

Excerpt:

“The official website of the Argentinian Ministry of Industry (Ministerio de Produccion) suffered a major breach that exposed not only private documents but also personal information and contact details of a big number of individuals.”


DailyMotion Allegedly Hacked, 85 Million User Accounts Stolen

Catalin Cimpanu

https://www.bleepingcomputer.com/news/security/dailymotion-allegedly-hacked-85-million-user-accounts-stolen/

Excerpt:

“An unknown hacker has supposedly breached video sharing platform DailyMotion and stolen details for 87.6 million accounts, belonging to approximately 85 million users, according to data breach index website LeakedSource.”


Sysadmin Gets Two Years in Prison for Sabotaging ISP

Catalin Cimpanu

https://www.bleepingcomputer.com/news/security/sysadmin-gets-two-years-in-prison-for-sabotaging-isp/

Excerpt:

“A judge in New York has sentenced Dariusz J. Prugar, 32, of Syracuse, New York, to two years in prison for hacking his former employee, Pa Online, an internet service provider (ISP) formerly located in Enola, Pennsylvania.”


AirDroid app opens millions of Android users to device compromise

Zeljka Zorz

https://www.helpnetsecurity.com/2016/12/02/airdroid-vulnerability/

Excerpt:

“Tens of millions of users of AirDroid, a remote management tool for Android, are vulnerable to man-in-the-middle attacks that could lead to data theft and their devices being compromised through malicious updates.”


Russia’s Central Bank Hacked, $31 Million Stolen

Bogdan Popa

http://news.softpedia.com/news/russia-s-central-bank-hacked-31-million-stolen-510692.shtml

Excerpt:

“Russia’s central bank suffered a major cyberattack that made it possible for hackers to steal no less than 2 billion rubles, which is approximately $31 million, according to reports.”


Saudi Arabia whacked by cyber attacks

John Leonard

http://www.v3.co.uk/v3-uk/news/2478970/saudi-arabia-whacked-by-cyber-attacks

Excerpt:

“Saudi Arabia has been hit by a wave of destructive cyber attacks that have resulted in data being erased at the government's aviation agency. Five additional targets were hit too, unnamed sources told Bloomberg.”


Hacker Gets 4 Years in Prison for Selling Stolen Bank Accounts on the Dark Web

Catalin Cimpanu

https://www.bleepingcomputer.com/news/security/hacker-gets-4-years-in-prison-for-selling-stolen-bank-accounts-on-the-dark-web/

Excerpt:

“A judge in Atlanta, Georgia, has sentenced Aaron James Glende, a hacker known as IcyEagle, to four years and two months in prison,  followed by three years of supervised release, for selling access to stolen bank accounts and others, via the AlphaBay Dark Web marketplace.”


Uber now collecting location data even after you leave a driver’s car

Lisa Vaas

https://nakedsecurity.sophos.com/2016/12/01/uber-now-collecting-location-data-even-after-you-leave-a-drivers-car/

Excerpt:

“Last year, Uber gave us a heads-up about its new privacy policy and how it had given itself permission to routinely track our locations even after we’ve left the car, following us as we sally forth into businesses, cross the street, or head for our doctors’ appointments, even if the app is only running in the background.”


65% of social engineering attacks compromised employee credentials

https://www.helpnetsecurity.com/2016/12/02/social-engineering-attacks-compromised/

Excerpt:

“Social engineering is having a notable impact on organizations across a range of industrial sectors in the US.”


Online credit card fraud up 20% Black Friday to Cyber Monday

https://www.helpnetsecurity.com/2016/12/02/online-credit-card-fraud/

Excerpt:

“Iovation released new data that shows card-not-present fraud increased significantly from Black Friday to Cyber Monday 2016 when compared to the same period in past years.”