Many water and energy systems vulnerable to significant cyber risk

https://www.helpnetsecurity.com/2018/10/31/vulnerable-critical-systems/

Excerpt

“New Trend Micro research revealed how exposed human machine interface (HMI) systems in thousands of critical water and energy organizations around the world could be exploited, causing significant real-world impacts, such as contaminating the water supply.”


Satori botnet author in jail again after breaking pretrial release conditions

Catalin Cimpanu

https://www.zdnet.com/article/satori-botnet-author-in-jail-again-after-breaking-pretrial-release-conditions/

Excerpt

“The alleged creator of the Satori IoT botnet is back in jail after breaking the terms of his pretrial conditional release, ZDNet has learned.”


Two hackers behind 2016 Uber data breach have been indicted for another hack

Zack Whittaker

https://techcrunch.com/2018/10/25/uber-hackers-indicted-lynda-breach/

Excerpt

“Two hackers who stole millions of users’ data from ride-hailing firm Uber have been indicted on separate hacking charges related to a data breach at online learning portal Lynda, two people familiar with the case have told TechCrunch.”


Cathay Pacific hit by data leak affecting 9.4m passengers

https://phys.org/news/2018-10-cathay-pacific-leak-affecting-94m.html

Excerpt

“Hong Kong flag carrier Cathay Pacific said Wednesday it had suffered a major data leak affecting up to 9.4 million passengers.”


Gamma ransomware compromises data on 16,000 patients at California hernia institute

Filip Truta

https://hotforsecurity.bitdefender.com/blog/gamma-ransomware-compromises-data-on-16000-patients-at-california-hernia-institute-20471.html

Excerpt

“In the latest ransomware attack on the healthcare industry, a California-based hernia repair institute has revealed that hackers have compromised almost 16,000 patient records containing sensitive information.”


Yahoo Agrees to Pay $50 Million in Damages to Settle Data Breach Lawsuit

David Bisson

https://www.tripwire.com/state-of-security/security-data-protection/yahoo-to-pay-50-million-in-damages-to-settle-data-breach-lawsuit/

Excerpt

“Yahoo has agreed to pay $50 million to help settle a lawsuit that seeks to hold the company responsible for a data breach the company suffered several years ago.”


Hackers steal data of 75,000 users after Healthcare.gov FFE breach

Catalin Cimpanu

https://www.zdnet.com/article/hackers-steal-data-of-75000-users-after-healthcare-gov-ffe-breach/

Excerpt

” Hackers have breached a HealthCare.gov sign-up system and have gotten their hands on the personal information of roughly 75,000 people, the government said on Friday, October 19.”


A crippling ransomware attack hit a water utility in the aftermath of Hurricane Florence

Pierluigi Paganini

https://securityaffairs.co/wordpress/77171/malware/hurricane-florence-ransomware-attack.html

Excerpt

“A water utility in the US state of North Carolina suffered a severe ransomware attack in the week after Hurricane Florence hit the East Coast of the U.S.”


French Dark-Web Drug Dealer Sentenced to 20 Years in US Prison

Swati Khandelwal

https://thehackernews.com/2018/10/dark-web-drugs-kingpin.html

Excerpt

“A dark web drugs kingpin who was arrested last year when he arrived in the United States to compete in the World Beard and Mustache Championships has now been sentenced to 20 years in prison.”


Hackers can compromise your WhatsApp account by tricking you into answering a video call

Pierluigi Paganini

https://securityaffairs.co/wordpress/76997/hacking/whatsapp-hack-video-call.html

Excerpt

“Hackers can compromise your WhatsApp account by tricking you into answering a video call, the company fixed the flaw in September.WhatsApp has addressed a vulnerability in the mobile applications that could have been exploited by attackers to crash victims instant messaging app simply by placing a call.”


Serious lack of infosec professionals a key risk to national security

https://www.helpnetsecurity.com/2018/10/11/infosec-professionals-shortage/

Excerpt

“The unprecedented demand for well-trained cybersecurity workers continues to grow. Some experts predict that there will be a global shortage of two million cybersecurity professionals by next year. Enlisting the next generation of skilled cybersecurity workers and training existing employees will help build stronger defenses and restore confidence among digital citizens.”


Most routers full of firmware flaws that leave users at risk

Tomáš Foltýn

https://www.welivesecurity.com/2018/10/08/routers-firmware-flaws-leave-users-risk/

Excerpt

“Five out of every six (83%) Wi-Fi routers in US homes and offices leave their users at risk of cyberattacks, because their firmware is inadequately updated for security vulnerabilities, research by The American Consumer Institute (ACI) has shown.”


Most hosting providers take too long to remove malware distribution sites

Zeljka Zorz

https://www.helpnetsecurity.com/2018/10/08/malware-distribution-abuse-reporting/

Excerpt

“How long does it take web hosting providers to remove malware distribution sites parked on their network? Roman Hussy, the Swiss security activist behind abuse.ch, says that, on average, it takes them 3 days, 2 hours, and 33 minutes.”


BEC-as-a-service offers hacked business accounts for as little as $150

https://www.tripwire.com/state-of-security/security-data-protection/bec-as-a-service-offers-hacked-business-accounts-for-as-little-as-150/

Graham Cluley

Excerpt

“Everyone responsible for securing organisations today recognises the significant growth in BEC (Business Email Compromise) attacks, also sometimes known as “Whaling” or “CEO fraud”.


Can we trust digital forensic evidence?

https://www.helpnetsecurity.com/2018/10/05/trust-digital-forensic-evidence/

Excerpt

“Research carried out at the University of York has suggested that more work is needed to show that digital forensic methods are robust enough to stand-up to interrogation in a court of law.”