Turkey Arrests Five Suspects in Qatar News Agency Hacking



“Qatar has said that five suspected computer hackers have been arrested in Turkey in connection with a cyber attack on Qatar's state news agency last May.”

In China you now have to provide your real identity if you want to comment online

Nikhil Sonnad



“The Chinese government under president Xi Jinping is continuing to make life on the internet difficult for its potential detractors. Yesterday (Aug. 25), the country’s highest internet regulator released new rules (link in Chinese) that govern who can post what online. The upshot: anonymity on the Chinese internet is just about dead.”

NHS Board Infected by Malware, Hospital Systems Taken Offline

Bogdan Popa



“The UK National Health Service (NHS) has once again been the victim of cybercriminals, as the systems operated by one board ended up infected with malware on Friday.”

Chinese government’s latest crack against online anonymity

Zeljka Zorz



“The Chinese government is dead-set on making it so that all online interactions can be tied to a specific user. The latest move towards this goal came on Friday, when the Cyberspace Administration of China (CAC) released an overview of the new rules that dictate that anonymous users can’t post content online.”

Ransomware 2.0: Spora now steals your credentials and logs what you type

Danny Palmer



“A vicious strain of ransomware has been upgraded to enable it to steal browsing information and record keystrokes from infected PCs.”

Security issues of the top and bottom government organizations



“SecurityScorecard released its annual U.S. State and Federal Government Cybersecurity Report, which paints a grim picture of the overall cyber health of the nation’s government entities.”

Ukrainian Security Firm Warns of Another Massive Global Cyberattack

Bogdan Popa



“A new wave of cyberattacks could be launched as soon as this week, Ukrainian security firm ISSP warns, pointing out that the main objective would be taking down networks on August 24 when Ukraine celebrates the Independence Day.”

Identity Thieves Porting Mobile Numbers to Hijack Victims’ Web Accounts

David Bisson



“Identity thieves are porting users’ mobile phone numbers to devices under their control in order to hijack their web accounts.”

Disturbing lack of cyber attack awareness among directors



“Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new government research and a ‘cyber health check’.”

Hackers stole over $500,000 from Enigma cryptocurrency investors

Zeljka Zorz



“Unknown hackers have managed to steal over $500,000 from aspiring investors in the Enigma cryptocurrency investment platform.”

NHS HACK ATTACK Anonymous hacker claims to have stolen private data on up to 1.2million NHS patients

Shaun Wooler



“A COMPUTER geek with alleged links to global hacking group Anonymous has stolen patient data from an NHS appointment booking system.”

Bitcoin Ransomware Education: SyncCrypt

JP Buntinx



“It was only a matter of time before cybercriminals started using stenography to hide malicious tools. A new ransomware variant, SyncCrypt, hides within JPEG image files. This method of distribution will only become more prevalent, since most computer users view JPEGs as completely harmless. That is no longer the case, and SyncCrypt could be a very dangerous type of ransomware if left unchecked.”

IT staffers may have compromised sensitive data to foreign intelligence

Paul Sperry



“Federal authorities are investigating whether sensitive data was stolen from congressional offices by several Pakistani-American tech staffers and sold to Pakistani or Russian intelligence, knowledgeable sources say.”

Hacking smartphones with malicious replacement parts

Zeljka Zorz



“Smartphone users can now add a new entry to the list of things they need to worry about: their phones being compromised via replacement parts.”

Disturbing lack of cyber attack awareness among directors



Britain’s top firms and charities urgently need to do more to protect themselves from online threats, according to new government research and a ‘cyber health check’.

Scottish Parliament Targeted by Brute Force Attackers

David Bisson



“Bad actors have targeted the Scottish Parliament with a brute force attack designed to crack weak passwords used by MSPs and staff.”

World's biggest shipper: cyberattack cost up to $300 million



“The June cyberattack that paralyzed the computer systems in companies around the world is estimated to have cost the world's biggest container shipping line between $200 million and $300 million, A.P. Moller-Maersk said Wednesday.”

DOJ wants to know who visited anti-Trump website

Zeljka Zorz



“The US Department of Justice wants DreamHost to hand over IP addresses of some 1.3 million visitors to disruptj20.org, a website that helped organize political protests during President Trump’s inauguration. The company has decided to challenge the request in court.’

North Korean hackers target US military contractors

Joe Uchill



“Hackers linked to North Korea are targeting U.S. military contractors, including those interested in the missile defense system protecting South Korea, according to a Monday report from Palo Alto Networks.”

Largest DDoS-For-Hire Service Admins Arrested and Charged in Israel

Francisco Memoria



“According to BleepingComputer, Israeli authorities recently charged two 19-year-olds for running the largest DDoS-for-hire service platform at the time it went down in autumn of last year, known as vDos. DDoS (Distributed Denial of Service) attacks essentially attempt to take an online service down by overwhelming it with traffic from multiple sources. They are so common that there is now an online Digital Attack Map which allows people to witness these attacks as they occur.”

Medical devices and the Internet of Things: Defending against cyber threats



“More than one-third (35.6 percent) of surveyed professionals in the Internet of Things-connected medical device ecosystem say their organizations have experienced a cybersecurity incident in the past year, according to Deloitte. Identifying and mitigating the risks of fielded and legacy connected devices presents the industry’s biggest cybersecurity challenge according to respondents (30.1 percent).”

US, China and the UK are top regions affected by IoT security threats



“In the Internet of Things (IoT) ecosystem today, cyberattacks are becoming more diverse and sophisticated with cybercriminals taking over home network routers to launch attacks on smart home devices.”

How to report a data breach under the GDPR

Conor Donnelly



“The EU General Data Protection Regulation (GDPR) comes into effect on 25 May 2018 and will supersede all EU member states’ current national data protection laws, bringing a standardised approach to data protection throughout the EU.”

HackinItaly: The Story Behind the Takedown of a 2,500-Strong QNAP NAS Botnet

Catalin Cimpanu



“Last Friday, on August 4, a jury in the US found Fabio Gasperini, an Italian citizen, guilty of building a botnet that he used to hijack remote servers and surreptitiously click on ads for his personal profits.”

The return of Mamba ransomware

Anton Ivanov, Orkhan Mamedov



“At the end of 2016, there was a major attack against San Francisco’s Municipal Transportation Agency. The attack was done using Mamba ransomware. This ransomware uses a legitimate utility called DiskCryptor for full disk encryption. This month, we noted that the group behind this ransomware has resumed their attacks against corporations.”

Who is better prepared for IoT-related attacks, SMEs or large organizations?



“Small and midsized organizations (SMEs) are taking more steps to protect themselves from security risks associated with the Internet of Things (IoT) than large businesses, according to Pwnie Express. Small businesses are more likely to close the IoT security gap and better protect mission critical systems and business operations.”

Latest research suggests cybercriminals are not as anonymous as we think



“Understanding a cybercriminal's backstory - where they live, what they do and who they know, is key to cracking cybercrime, new research suggests.”

Disney Sued for Spying on Kids Using iPhone, Android Apps

Bogdan Popa



“The Walt Disney Company is the target of a class action lawsuit claiming the company is tracking children via apps installed on iOS and Android devices, collecting a series of details without the permission of their parents.”

Irish electricity transmission system operator EirGrid targeted by a nation-state actor

Pierluigi Paganini



“The Irish electricity transmission system operator EirGrid was targeted by a state-sponsored actor, the hackers weren’t discovered at least for two months.”

UK mulls hefty fines for CNI providers with poor cyber security

Warwick Ashford



“The UK is considering the same hefty fines for critical national infrastructure (CNI) providers with poor cyber security as those failing to protect the personal data of UK citizens”

UK essential service operators with poor cyber security face massive fines



“Organisations who fail to implement effective cyber security measures could be fined as much as £17 million or 4 per cent of global turnover, as part of plans to make Britain’s essential networks and infrastructure safe, secure and resilient against the risk of future cyber attacks.”

Attacks on manufacturing industry continue to rise



“The frequency and sophistication of cyber attacks continues to rise globally according to research data in the Q2 Threat Intelligence Report released by NTT Security.”

Unsecured Wi-Fi hotspots and troubling browsing behaviors



“As adoption of cloud and mobile continues to rise, common employee practices inside and outside the workplace create risk for enterprises. To uncover the risks posed by users’ data-related habits, Bitglass tested real-world scenarios – frequency of connections to unsecured Wi-Fi hotspots, rate of external sharing in cloud applications, and the volume of corporate credentials already exposed.”

Automating the hunt for cyber attackers

Mirko Zorz



“In this podcast recorded at Black Hat USA 2017, Mike Banic, Vice President, Marketing, and Chris Morales, Head of Security Analytics at Vectra Networks, talk about the use of artificial intelligence to perform non-stop, automated threat hunting with always-learning behavioral models to find hidden and unknown attackers before they do damage.”

Hacker Who Blocked WannaCry Arrested in Las Vegas for Creating Banking Malware

Bogdan Popa



“Marcus Hutchins, the security researcher who managed to block the WannaCry ransomware earlier this year, was arrested this week by the FBI and indicted for creating a banking Trojan horse known as Kronos.”

Cerber Ransomware Now Capable of Stealing Bitcoin Wallet Files

David Bisson



“The developers of Cerber ransomware have equipped their creation with the ability to steal victims’ Bitcoin wallet files.”

The anatomy of a completely fileless attack

Zeljka Zorz



“The use of fileless malware is definitely on the rise, and it’s used both by targeted threat actors and cybercriminals.”

Ukrainian Firm Facing Legal Action for Damages Caused by NotPetya Ransomware

Catalin Cimpanu



” The Juscutum Attorneys Association, a Ukrainian law firm, is rallying NotPetya victims to join a collective lawsuit against Intellect-Service LLC, the company behind the M.E.Doc accounting software, the point of origin of the NotPetya ransomware outbreak.”

US senators introduce bill to improve IoT security, protect researchers probing it



“US Senators Mark Warner (D-VA), Cory Gardner (R-CO), Ron Wyden (D-WA) and Steve Daines (R-MT) introduced bipartisan legislation to improve the cybersecurity of Internet-connected devices.”

Hackers impersonate women online to get into target corporate networks 

Zeljka Zorz



“By all (online) accounts, Mia Ash was a pretty and successful photographer based in London, and she was looking for friendship and love on the Internet.”

How Netflix DDoS’d Itself To Help Protect the Entire Internet

Lily Hay Newman



“In June 2016, Netflix security engineer Scott Behrens ran a massive infrastructure test on the streaming system in front of dozens of coworkers. In the process, he brought the site down. But instead of panic or embarrassment, it was a moment of celebration. Behrens, working with cloud security engineer Jeremy Heffner and others, had successfully shown that Netflix was in fact vulnerable to an unorthodox type of distributed denial of service attack. And proving it worked was the first step toward preventing it in the future—not just for Netflix but for the entire internet.”

Anatomy of a privacy fail – when “Dark Data” gives away your identity

Paul Ducklin



“This week’s super-scary security topic is deanonymisation. The media excitement was kindled after the BBC wrote up a short article about an intriguing paper entitled Dark Data, presented at the recent DEF CON conference in Las Vegas.”

Yet another NHS data breach - this time at St Helens and Knowsley Hospitals NHS Trust

Tom Allen



“Junior doctors working at St Helens and Knowsley Hospitals NHS Trust have had their personal details inadvertently revealed online following the careless publication of an internal spreadsheet.”

Fraudster arrested for DDoS attacks, launched death threats at media outlets

Luana Pascu



“An Iranian man holding US citizenship and Canadian permanent residence was arrested by US authorities in Seattle on Friday for allegedly attacking companies and news outlets from the US, Canada, Australia and New Zealand.”

LeakerLocker Mobile Ransomware Threatens to Expose User Information

Ford Qin



“While mobile ransomware such as the recent SLocker focuses on encrypting files on the victim’s devices, a new mobile ransomware named LeakerLocker taps into its victims’ worst fears by allegedly threatening to send personal data on a remote server and expose its contents to everyone on their contact lists.”

Nation-states are biggest cyber threat for drug and medical device makers



“Government-sponsored hackers were seen as the biggest threat to cyber security among executives in charge of technology, information, and security at drug and medical device makers, according to the 2017 Cyber Healthcare & Life Sciences Survey by audit, tax and advisory firm KPMG.”

Digital transformation and IoT to drive investment in IT operations management



“The growth of digital business and the Internet of Things (IoT) is expected to drive large investment in IT operations management (ITOM) through 2020, according to Gartner. A primary driver for organizations moving to ITOM open-source software (OSS) is lower cost of ownership.”