UK Man Gets Two Years in Jail for Running ‘Titanium Stresser’ Attack-for-Hire Service
Brian Krebs
https://krebsonsecurity.com/2017/04/uk-man-gets-two-years-in-jail-for-running-titanium-stresser-attack-for-hire-service/
Excerpt:
“A 20-year-old man from the United Kingdom was sentenced to two years in prison today after admitting to operating and selling access to “Titanium Stresser,” a simple-to-use service that let paying customers launch crippling online attacks against Web sites and individual Internet users.”
Hajime, the mysterious evolving botnet
Jornt van der Wiel, Vicente Diaz, Yury Namestnikov, Konstantin Zykov
https://securelist.com/blog/research/78160/hajime-the-mysterious-evolving-botnet/
Excerpt:
“Hajime (meaning ‘beginning’ in Japanese) is an IoT worm that was first mentioned on 16 October 2016 in a public report by RapidityNetworks. One month later we saw the first samples being uploaded from Spain to VT. This worm builds a huge P2P botnet (almost 300,000 devices at the time of publishing this blogpost), but its real purpose remains unknown.”
A third of employees say it’s common to take corporate data with them when leaving a company
https://www.helpnetsecurity.com/2017/04/21/corporate-data-security/
Excerpt:
“Today’s workforce is caught between two imperatives: be productive and efficient on the job and maintain the security of company data.”
Free hacking tools 'help young into cyber-crime'
http://www.bbc.com/news/technology-39654092
Excerpt:
“Free, easy-to-use hacking tools help many young people slip into a life of cyber-crime, according to a report.”
CIA and FBI manhunt for mole who leaked secrets to Wikileaks
Graeme Burton
http://www.v3.co.uk/v3-uk/news/3008725/cia-and-fbi-manhunt-for-mole-who-leaked-secrets-to-wikileaks
Excerpt:
“The Central Intelligence Agency (CIA) and the Federal Bureau of Investigation (FBI) in the US have launched a manhunt to find the mole who, they believe, passed-on secret documents to Wikileaks.”
Sysadmin Accused of Causing $100K in Damages to Former Employer with “Time Bomb”
David Bisson
https://www.tripwire.com/state-of-security/latest-security-news/sysadmin-accused-causing-100k-damages-former-employer-time-bomb/
Excerpt:
“A system administrator is accused of having caused its former employer $100,000 in damages using malicious code equipped with a “time bomb” feature.”
Calisto Group targeted UK government with spear phishing campaign
Sooraj Shah
http://www.v3.co.uk/v3-uk/news/3008463/calisto-group-targeted-uk-government-with-spear-phishing-campaign
Excerpt:
“The Calisto Group, a cyber-crime gang known to target military personnel, think tanks and journalists in Europe and the South Caucasus, targeted the UK government last year in a series of attacks.”
Why businesses should care about identity theft
Zeljka Zorz
https://www.helpnetsecurity.com/2017/04/14/identity-theft-effects/
Excerpt:
“Identity theft is a type of fraud that’s directed squarely against individuals, but to believe that businesses don’t suffer any consequences or costs associated with it is simply wrong.”
Brazilian Malware Never Sleeps: Meet EmbusteBot
Maksim Shudrak
https://securityintelligence.com/brazilian-malware-never-sleeps-meet-embustebot/
Excerpt:
“IBM Research — Haifa Labs continually invests in the research and development of advanced malware analysis solutions that enhance IBM’s ability to quickly detect and neutralize malware as new and challenging threats arise. Our ongoing observations of the Brazilian cybercriminal landscape have revealed a perpetual rise in new malicious campaigns in this region of the world, especially those targeting online banking and payment platforms.”
IGP: Cybercrime more lucrative than drug trafficking
http://www.thestar.com.my/news/nation/2017/04/13/igp-cybercrime-more-lucrative-than-drug-trafficking/
Excerpt:
“Cybercrime is emerging as a serious economic threat in Malaysia, and losses amounting to RM179.3mil were recorded last year, said Inspector General of Police Tan Sri Khalid Abu Bakar.”
Attackers can steal smartphone users’ PINs by tapping into data collected by mobile sensors
Zeljka Zorz
https://www.helpnetsecurity.com/2017/04/12/steal-smartphone-users-pins/
Excerpt:
“Researchers have demonstrated that a malicious website or app could work out smartphone users’ PINs or passwords based just on the data collected by various motion sensors on modern mobile devices.”
Alleged Spam King Pyotr Levashov Arrested
Brian Krebs
https://krebsonsecurity.com/2017/04/alleged-spam-king-pyotr-levashov-arrested/
Excerpt:
“Authorities in Spain have arrested a Russian computer programmer thought to be one of the world’s most notorious spam kingpins.”
270,000 customers affected in UK loan firm Wonga data breach
Zeljka Zorz
https://www.helpnetsecurity.com/2017/04/10/wonga-data-breach/
Excerpt:
“Personal and financial data of some 270,000 customers of UK payday loan firm Wonga have likely been pilfered in a data breach.”
Hack of emergency siren system kept Dallas citizens up for hours
Zeljka Zorz
https://www.helpnetsecurity.com/2017/04/10/hack-emergency-siren/
Excerpt:
“When 156 emergency sirens in Dallas started wailing around midnight last Friday, the city’s 911 line was flooded with calls by panicked citizens who wanted to know what was going on, and whether the city was under attack.”
IoT devices under attack: Amnesia hijacks, BrickerBot destroys
Zeljka Zorz
https://www.helpnetsecurity.com/2017/04/10/iot-attack-amnesia-brickerbot/
Excerpt:
“Every hour of every day, computer systems and IoT devices are under attack by bots trying to recruit them into growing botnets. Security researchers have recently highlighted two of these threats coming after Linux- and BusyBox-based systems and devices.”
Self-Proclaimed ‘Nuclear Bot’ Author Weighs U.S. Job Offer
Brian Krebs
https://krebsonsecurity.com/2017/04/self-proclaimed-nuclear-bot-author-weighs-u-s-job-offer/
Excerpt:
“The author of a banking Trojan called Nuclear Bot — a teenager living in France — recently released the source code for his creation just months after the malware began showing up for sale in cybercrime forums. Now the young man’s father is trying to convince him not to act on a job offer in the United States, fearing it may be a trap set by law enforcement agents.”
APT10 (MenuPass Group): New Tools, Global Campaign Latest Manifestation of Longstanding Threat
https://www.fireeye.com/blog/threat-research/2017/04/apt10_menupass_grou.html
Excerpt:
“APT10 (MenuPass Group) is a Chinese cyber espionage group that FireEye has tracked since 2009. They have historically targeted construction and engineering, aerospace, and telecom firms, and governments in the United States, Europe, and Japan. We believe that the targeting of these industries has been in support of Chinese national security goals, including acquiring valuable military and intelligence information as well as the theft of confidential business data to support Chinese corporations. PwC and BAE recently issued a joint blog detailing extensive APT10 activity.”
20,000-bots-strong Sathurbot botnet grows by compromising WordPress sites
Zeljka Zorz
https://www.helpnetsecurity.com/2017/04/07/sathurbot-botnet/
Excerpt:
“A 20,000-bots-strong botnet is probing WordPress sites, trying to compromise them and spread a backdoor downloader Trojan called Sathurbot as far and as wide as possible.”
Teenager Arrested in Austria for Spreading Philadelphia Ransomware
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/teenager-arrested-in-austria-for-spreading-philadelphia-ransomware/
Excerpt:
“Austrian police arrested a 19-year-old teenager from Linz for infecting the network of a local company with the Philadelphia ransomware.”
Researchers to study perceived link between cybercrime and autism
Alison Booth
https://nakedsecurity.sophos.com/2017/04/05/researchers-to-study-perceived-link-between-cybercrime-and-autism/
Excerpt:
“A new research project will look into whether the perceived link between cyber crime and “autistic-like personality traits” really exists. The joint University of Bath’s Centre for Applied Autism, National Crime Agency (NCA) Cyber Crime Unit and Research Autism project, which is nicely summarized here, will assess the characteristics of known offenders then compare them with those of non-cyber offenders and the general public.”
23% of security pros are blind to encrypted traffic threats
https://www.helpnetsecurity.com/2017/04/06/encrypted-traffic-threats/
Excerpt:
“According to a Venafi survey conducted at RSA Conference 2017, 23 percent of respondents have no idea how much of their encrypted traffic is decrypted and inspected.”
Video: TinyNuke botnet explained
https://www.helpnetsecurity.com/2017/04/06/tinynuke-botnet/
Excerpt:
“In the videos below, McAfee Labs show the setup requirements for installing and deploying TinyNuke. They review the available features of TinyNuke through the control panel, deploy a bot a client machine, and perform attacks against a client.”
“iCloud Mail” phishing emails doing rounds
Zeljka Zorz
https://www.helpnetsecurity.com/2017/04/06/icloud-mail-phishing/
Excerpt:
“The latest email phishing campaign targeting Apple users is aimed at gathering as much information as possible from unfortunate victims.”
Oil and gas companies’ cybersecurity strategies are evolving
https://www.helpnetsecurity.com/2017/04/07/oil-gas-cybersecurity-strategies/
Excerpt:
“Lacking enterprise-wide cyber analytics technology to monitor for cyberattacks, most oil and gas companies are not fully aware of when or even how cyberattacks might affect them, according to new research from Accenture.”
Lessons From Top-to-Bottom Compromise of Brazilian Bank
Michael Mimoso
https://threatpost.com/lessons-from-top-to-bottom-compromise-of-brazilian-bank/124770/
Excerpt:
“For three months starting last October, hackers pulled off a stunning compromise of a Brazilian bank’s operations top-to-bottom. The attack was comprehensive with each of the bank’s 36 domains, corporate email and DNS under the attacker’s control.”
Trump signs into law repeal of US consumers’ online privacy protections
Zeljka Zorz
https://www.helpnetsecurity.com/2017/04/04/us-online-privacy/
Excerpt:
“It’s official: US Internet service providers and mobile data carriers will be able to to sell or share its customers’ Web browsing and app usage history and other private information to advertisers and other third parties, without having to ask those customers for permission.”
45% of large British businesses sustained a successful ransomware attack
https://www.helpnetsecurity.com/2017/04/05/british-ransomware-attack/
Excerpt:
“Over a third of British businesses (36 percent) are not very confident that efforts to completely eradicate a recent ransomware attack from work systems have been successful.”
15 new ransomware decryption tools added to No More Ransom
https://www.helpnetsecurity.com/2017/04/05/ransomware-decryption-tools/
Excerpt:
“Nine months after the launch of the No More Ransom (NMR) project, an ever-growing number of law enforcement and private partners have joined the initiative, allowing more victims of ransomware to get their files back without paying the criminals.”
How Mobile Phones Turn Into A Corporate Threat
Marco Balduzzi
http://blog.trendmicro.com/trendlabs-security-intelligence/mobile-phones-turn-corporate-threat/
Excerpt:
“Over the last year, the number of mobile phones overtook the world population. In countries like the United States, mobile subscribers outnumbered traditional landline users and half of Americans shifted to mobile-only to communicate. In modern smart cities, wireless-only buildings are becoming the new construction standard for homes, factories, and organizations in general. Landline phones are going away—sooner rather than later.”
European companies hit with highly customizable ransomware
Zeljka Zorz
https://www.helpnetsecurity.com/2017/04/03/eu-companies-customizable-ransomware/
Excerpt:
“Panda Security researchers have been following and analyzing ransomware attacks that have been targeting European business for a few months now, and have tied them to the same group.”
Read full article
