Lawmakers scathing over FBI’s facial recognition database

Lisa Vaas

https://nakedsecurity.sophos.com/2017/03/29/lawmakers-scathing-over-fbis-facial-recognition-database/

Excerpt:

“Between civil and criminal mugshot photos, the State Department’s visa and passport databases, the Defense Department’s biometric database, and the drivers’ license databases of 18 states, nearly half of all Americans are in a facial recognition database that the FBI can get at without warrants or without even having to prove they have reasonable suspicion that we’ve done anything wrong.”


Two Laptops with Hong Kong's 3.7 Million Voters' Data Stolen

Gabriela Vatu

http://news.softpedia.com/news/two-laptops-with-hong-kong-s-3-7-million-voters-data-stolen-514346.shtml

Excerpt:

“Hong Kong may be going through one of the most significant data breaches in its history after two computers holding personal data of 3.7 million voters have been stolen.”


1.37 billion data records compromised globally in 2016

https://www.helpnetsecurity.com/2017/03/28/data-records-compromised-globally/

Excerpt:

“Gemalto’s Breach Level Index revealed that 1,792 data breaches led to 1.37 billion data records being compromised worldwide during 2016, an increase of 86% compared to 2015. Identity theft was the leading type of data breach in 2016, accounting for 59% of all data breaches. In addition, 52% of the data breaches in 2016 did not disclose the number of compromised records at the time they were reported.”


Singapore Ministry of Defence hacked with personal data stolen

Medha Basu

https://govinsider.asia/digital-gov/singapore-ministry-of-defence-hacked-with-personal-data-stolen/

Excerpt:

“The Singapore Ministry of Defence’s servers were hacked in February with personal data of 850 national servicemen and employees stolen, it announced yesterday.”


New targeted attack against Saudi Arabia Government

https://blog.malwarebytes.com/cybercrime/social-engineering-cybercrime/2017/03/new-targeted-attack-saudi-arabia-government/

Excerpt:

“A new spear phishing campaign is targeting Saudi Arabia governmental organizations. The attack originates from a phishing email containing a Word document in Arabic language. If the victim opens it up, it will not only infect their system but send the same phishing document to other contacts via their Outlook inbox.


Kenya Revenue Authority 'lost $39m to hacker'

http://www.bbc.com/news/world-africa-39351172

Excerpt:

“An IT expert has been charged with hacking into Kenya's Revenue Authority and stealing $39m (£31m).


Online banking customers remain extremely frustrated with passwords

https://www.helpnetsecurity.com/2017/03/22/frustrated-passwords/

Excerpt:

“A new survey by iovation and Aite Group, polled nearly 1,100 consumers across four generations who use online and/or mobile banking platforms to better understand their attitudes toward various authentication mechanisms used today.”


Lithuanian arrested for $100 million BEC scams

https://www.helpnetsecurity.com/2017/03/22/lithuanian-arrested-scam/

Excerpt:

“Criminal charges were announced against Evaldas Rimasauskas for orchestrating a fraudulent business email compromise (BEC) scheme that induced two U.S.-based Internet companies to wire a total of over $100 million to bank accounts controlled by Rimasauskas. He was arrested late last week by authorities in Lithuania on the basis of a provisional arrest warrant.”


Russian bank claims hackers are trying to connect it to Trump

John E Dunn

https://nakedsecurity.sophos.com/2017/03/21/russian-bank-claims-hackers-are-trying-to-connect-it-to-trump/

Excerpt:

“If you find the phenomenon of fake news dizzying, try “fake traffic” for size. Last year nobody gave either much thought: now, they have starring roles in the increasingly serious stand-off between the US and Russia about the latter’s connections to an alleged hacking-for-Trump campaign.”


Hackers: We Will Remotely Wipe iPhones Unless Apple Pays Ransom

Joseph Cox

https://motherboard.vice.com/en_us/article/hackers-we-will-remotely-wipe-iphones-unless-apple-pays-ransom

Excerpt:

“A hacker or group of hackers is apparently trying to extort Apple over alleged access to a large cache of iCloud and other Apple email accounts.”


US to ban electronic devices from airplane cabins on some US-bound flights

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/21/electronic-devices-ban-airplane-us/

Excerpt:

“With a (now deleted) tweet, Royal Jordanian Airlines has jumped the gun on a new ban by the US government expected to be announced on Tuesday: air travellers to the US from several Middle Eastern and African countries will be forced to stow all electronic devices in the airplane’s cargo hold.”


Organizations still vulnerable to brute force attacks

https://www.helpnetsecurity.com/2017/03/20/brute-force-attacks/

Excerpt:

“While increases in malware are clearly a major threat to both enterprises and service providers, network complexity is creating its own vulnerability, according to Ixia.”


Even a cybersecurity firm can fall for a W-2 phishing scam

https://www.helpnetsecurity.com/2017/03/20/w-2-phishing-scam/

Excerpt:

“US Tax Day (April 18) is quickly approaching, and scammers are hard at work to get what they can before the set tax season deadline.”


Fileless Malware Campaigns Tied to Same Attacker

Michael Mimoso

https://threatpost.com/fileless-malware-campaigns-tied-to-same-attacker/124369/

Excerpt:

“Two recent fileless malware campaigns targeting financial institutions, government agencies and other enterprises have been linked to the same attack group.”


Abta website: Holidaymakers hit by cyber attack

http://www.bbc.com/news/uk-39292133

Excerpt:

“The travel trade organisation, Abta, says a cyber attack on its website may have affected about 43,000 people.”


Adoption of advanced technology continues quickly despite security gaps

https://www.helpnetsecurity.com/2017/03/16/adoption-advanced-technology/

Excerpt:

“93% will use sensitive data in an advanced technology (defined as cloud, SaaS, big data, IoT and container) environments this year. 63% of those also believe their organisations are deploying these technologies ahead of having appropriate data security solutions in place, according to Thales.”


Lip movement: Authentication through biometrics you can change

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/16/lip-movement-authentication/

Excerpt:

“Choosing a unique, complex and long enough password that will still be easy to remember is a big challenge for most users, and most of them would happily opt for biometric authentication in a heartbeat.”


Bad bots attack 96% of websites with login pages

https://www.helpnetsecurity.com/2017/03/17/bad-bots-attack/

Excerpt:

“Almost every website with a login page is under attack from bad bots, the automated programs used to carry out a variety of nefarious activities, according to Distil Networks.”


U.S. charges Russian FSB officers for hacking Yahoo, millions email accounts

https://www.helpnetsecurity.com/2017/03/15/russian-hacking-yahoo/

Excerpt:

“A grand jury in the Northern District of California has indicted four defendants, including two officers of the Russian Federal Security Service (FSB), for computer hacking, economic espionage and other criminal offenses in connection with a conspiracy, beginning in January 2014, to access Yahoo’s network and the contents of webmail accounts.”


Millions of US employee records 'leaked'

http://www.bbc.com/news/technology-39278637

Excerpt:

“Details of more than 33 million US employees - including military staff - have been released online, according to a security researcher.”


Cyber espionage topping the list of largest security concerns

https://www.helpnetsecurity.com/2017/03/15/cyber-espionage-concerns/

Excerpt:

“20 percent of global organizations rank cyber espionage as the most serious threat to their business, with 26 percent struggling to keep up with the rapidly evolving threat landscape. In addition, one in five U.S. organizations have suffered a cyber espionage-related attack in the last year.


Organizations hit with Petya ransomware with a twist

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/15/organizations-hit-petya-ransomware-twist/

Excerpt:

“Various organizations are being targeted by cyber crooks leveraging the infamous Petya ransomware.”


Online fraudsters’ preferred tools and techniques revealed

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/15/online-fraudsters-tools-trade/

Excerpt:

“A new report by DataVisor Threat Labs has provided unprecedented insight into the behaviors and attack techniques of some of the world’s largest online crime rings, and revealed their favorite tools and attack techniques for creating accounts and evading detection.”


Chinese police bust nearly 100 in crackdown on insider threats and data theft

Max Metzger

https://www.scmagazineuk.com/chinese-police-bust-nearly-100-in-crackdown-on-insider-threats-and-data-theft/article/644100/

Excerpt:

“Nearly 100 suspects have been arrested by Chinese police in a nationwide crackdown on data theft.”


Significant cyberthreat to UK businesses continues to grow

https://www.welivesecurity.com/2017/03/14/significant-cyberthreat-uk-businesses-continues-grow/

Excerpt:

“Greater collaboration is needed in order to combat the significant cyberthreat to British businesses, according to the UK’s National Crime Agency and the National Cyber Security Centre.”


A new age of digital signatures is upon us

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/14/new-age-digital-signatures-upon-us/

Excerpt:

“The increased adoption of digital signatures should not come as a surprise: many businesses are trying to digitalise their everyday processes, and digital signatures are both reliable and secure due to several features, and are increasingly easy to use.


Sensitive US Air Force data found exposed online

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/14/us-air-force-data-exposed-online/

Excerpt:

“A misconfigured, unsecured backup drive containing a huge amount of sensitive (but not classified) data on US Air Force officers has been sitting online, accessible to anyone, for who knows how long.”


Worldwide infosec spending to reach $90 billion in 2017

https://www.helpnetsecurity.com/2017/03/15/worldwide-infosec-spending-2017/

Excerpt:

“Enterprises are transforming their security spending strategy in 2017, moving away from prevention-only approaches to focus more on detection and response, according to Gartner.”


Mobile workers continually expose organizations to security risks

https://www.helpnetsecurity.com/2017/03/15/mobile-workers-security-risks/

Excerpt:

“29 percent of organisations have already experienced either a data loss or breach as a direct result of mobile working, according to research conducted by Vanson Bourne. As many as 44 percent expect that mobile workers will expose their organisation to the risk of a data breach. Underlining this concern, 48 percent say employees are one of their biggest security risks.”


Student Expelled from University for Hacking Professors’ Emails

David Bisson

https://www.tripwire.com/state-of-security/latest-security-news/student-expelled-university-hacking-professors-emails/

Excerpt:

“A university has expelled a student for hacking the email accounts of several professors in an attempt to improve their grades.”


Android devices delivered to employees with pre-installed malware

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/13/android-devices-pre-installed-malware/

Excerpt:                                                                                                                                                                                                                                                                                                                                       

“A test of Android devices used in two unnamed companies revealed that 38 of them were infected with malware before being delivered to the employees.


Most security pros expect increasing attacks on Industrial Internet of Things

https://www.helpnetsecurity.com/2017/03/13/attacks-iiot/

Excerpt:

“A new Dimensional Research survey looked at the rise of Industrial Internet of Things (IIoT) deployment in organizations, and to what extent it is expected to cause security problems in 2017.”


Top five most wanted malware families worldwide

https://www.helpnetsecurity.com/2017/03/14/top-five-most-wanted-malware/

Excerpt:

“The Hancitor downloader has surged into the top five most wanted malware families worldwide for the first time, according to Check Point.”


UK political parties warned of Russian hacking threat: report

William James

http://www.reuters.com/article/us-britain-russia-cybercrime-idUSKBN16J0OE

Excerpt:

“A British intelligence agency has told political parties to protect themselves against potential cyber attacks, citing allegations that Russian hackers tried to influence last year's U.S. presidential election.”


Catch emerging strains of ransomware with RansomFree

Mirko Zorz

https://www.helpnetsecurity.com/2017/03/10/ransomware-ransomfree/

Excerpt:

“n this podcast recorded at RSA Conference 2017, Yoel Eilat, Senior Product Manager at Cybereason, talks about RansomFree – the free, anti-ransomware protection software, which works on PCs running Windows 7, 8 and 10, Windows 2010 R2 and Windows 2008 R2.”


China mulls national cryptocurrency in race to digital money

Danny Bradbury

https://nakedsecurity.sophos.com/2017/03/09/china-mulls-national-cryptocurrency-in-race-to-digital-money/

Excerpt:

“Eight years ago, bitcoin was an experimental technology of interest only to a handful of enthusiasts. Today, China – which contains one in every five internet users – is mulling the idea of a national cryptocurrency.”


185,000+ vulnerable Wi-Fi cameras just waiting to be hijacked

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/09/vulnerable-wi-fi-cameras/

Excerpt:

“A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet.”


The West African cybercriminal ecosystem is unlike any other

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/09/west-african-cybercriminal-ecosystem-unlike/

Excerpt:

“While there is still not an actual underground marketplace, cybercrime is pervasive in the West African region. Specifically, scamming operations.


Chinese police bust data theft operation targeting debtors

Roi Perez

https://www.scmagazineuk.com/chinese-police-bust-data-theft-operation-targeting-debtors/article/641830/

Excerpt:

“Police raids in China bring down professionally organised criminal operations, which intercepted millions of items of personal data to steal information.”


The power of Big Data for security, operations and DDoS protection

Mirko Zorz

https://www.helpnetsecurity.com/2017/03/07/big-data-ddos/

Excerpt:

“DDoS atacks are costly to your reputation and your bottom line. In this podcast recorded at RSA Conference 2017, Avi Freedman, CEO at Kentik, discusses how to recognize attacks quickly and accurately, then shut them down with situation-appropriate mitigation.”


IoT goods, software and digital services to be evaluated for privacy and security

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/07/iot-security-standard/

Excerpt:

“Consumer Reports, a US non-profit group whose extensive reviews of consumer goods have helped the public make informed and better choices for many decades, has announced that it will start evaluating products and services for privacy and data security.”


From Shamoon to StoneDrill

Costin Raiu, Mohamad Amin Hasbini, Sergey Belov, Sergey Mineev

https://securelist.com/blog/research/77725/from-shamoon-to-stonedrill/

Excerpt:

“Beginning in November 2016, Kaspersky Lab observed a new wave of wiper attacks directed at multiple targets in the Middle East. The malware used in the new attacks was a variant of the infamous Shamoon worm that targeted Saudi Aramco and Rasgas back in 2012.”


‘Dozens’ of police departments maintain private DNA databases

Lisa Vaas

https://nakedsecurity.sophos.com/2017/03/06/dozens-of-police-departments-maintain-private-dna-databases/

Excerpt:

“Last year, San Diego police stopped, searched, handcuffed and detained one of a group of kids walking through a park. They found an unloaded handgun in his duffel bag.”


StoneDrill: New wiper targets Middle East, shows interest in Europe

https://www.helpnetsecurity.com/2017/03/07/stonedrill/

Excerpt:

“Kaspersky Lab has discovered a new sophisticated wiper malware, called StoneDrill. Just like another infamous wiper, Shamoon, it destroys everything on the infected computer.”


The agile IT stack grows and becomes more complex

https://www.helpnetsecurity.com/2017/03/03/agile-it-stack-grows/

Excerpt:

“BigPanda’s annual survey evaluated the current IT monitoring landscape, including a review of the most popular tools for monitoring, deployment, and ticketing/collaboration; the biggest challenges facing IT pros in the upcoming year; and insights into monitoring strategy satisfaction and performance.”


Health firm fined £200,000 for sending insecure audio recordings via email

Dan Worth

http://www.v3.co.uk/v3-uk/news/3005507/health-firm-fined-gbp200-000-for-sending-insecure-audio-recordings-via-email

Excerpt:

“A health firm has been fined £200,000 for emailing audio recordings of outpatient letters in an unencrypted format, and the transcripts of these conversations were then searchable online via an insecure FTP server.”


Ransomware spiked 752% in new families

https://www.helpnetsecurity.com/2017/03/02/ransomware-spiked/

Excerpt:

“2016 was truly the year of online extortion. Cyber threats reached an all-time high, with ransomware and Business Email Compromise (BEC) scams gaining increased popularity among cybercriminals looking to extort enterprises. A 752 percent increase in new ransomware families ultimately resulted in $1 billion in losses for enterprises worldwide, according to Trend Micro.”


Yahoo cookie-forging incident affected 32 million accounts

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/02/yahoo-cookie-forging-incident/

Excerpt:

“We finally know how many user accounts were affected by last year’s Yahoo cookie-forging incident: 32 million.”


How can we build a secure IoT world?

Zeljka Zorz

https://www.helpnetsecurity.com/2017/03/01/secure-iot-world/

Excerpt:

“We have almost daily proof that the Internet of Things, as it is now, is a minefield of security issues that are just waiting to be exploited.”


Email and IoT security issues persist

https://www.helpnetsecurity.com/2017/03/02/email-iot-security-issues/

Excerpt:

“New AT&T research shows many businesses are not effectively protecting their data. As more organizations adopt cloud architectures, traditional security protections aren’t enough.”


Web Cache Deception Attack Tricks Servers Into Caching Pages with Personal Data

Catalin Cimpanu

https://www.bleepingcomputer.com/news/security/web-cache-deception-attack-tricks-servers-into-caching-pages-with-personal-data/

Excerpt:

“Caching servers commonly deployed with big-name services will often cache the incorrect page content, including personal details, when the user accesses a non-existent resource, such as CSS or JavaScript files.”


Millions of smart devices in Spain are vulnerable to attack

https://www.helpnetsecurity.com/2017/02/28/smart-devices-spain-vulnerable/

Excerpt:

“Avast revealed the findings of its research experiment into smart devices, including public and private webcam vulnerabilities in Spain, and, specifically, in Barcelona.”


Germans, Czechs served with banking malware through SMS

Zeljka Zorz

https://www.helpnetsecurity.com/2017/02/28/germans-czechs-banking-malware/

Excerpt:

“German and Czech Android users are getting served with a banking Trojan directly through text messages, warns malware researcher Bart Blaze.”


Global cloud security market to reach $13.93 billion by 2024

https://www.helpnetsecurity.com/2017/03/01/global-cloud-security-market-2024/

Excerpt:

“The cloud infrastructure has witnessed a significant growth in recent years and its popularity can be attributed to the on-demand services, scalability and flexibility, and the cost effective solutions it offers to organizations. The global cloud security market is expected to reach $13.93 billion by 2024, according to Grand View Research.’


With 1.2 million phishing attacks, 2016 was a success for cybercriminals

https://www.helpnetsecurity.com/2017/03/01/phishing-attacks-2016/

Excerpt:

“The Anti-Phishing Working Group (APWG) observed that 2016 ended as the worst year for phishing in history. The total number of phishing attacks in 2016 was 1,220,523. This number represents the highest ever recorded, and fully a 65 percent increase over 2015.”