P2P Weakness Exposes Millions of IoT Devices
Brian Krebs
https://krebsonsecurity.com/2019/04/p2p-weakness-exposes-millions-of-iot-devices/
Excerpt:
“A peer-to-peer (P2P) communications technology built into millions of security cameras and other consumer electronics includes several critical security flaws that expose the devices to eavesdropping, credential theft and remote compromise, new research has found.”
United Airlines covers up seat cameras following passenger privacy outrage
Charlie Osborne
https://www.zdnet.com/article/united-airlines-covers-up-infotainment-seat-camera-following-passenger-outrage/
Excerpt:
“United Airlines has covered every camera embedded in entertainment systems embedded within the back of plane seats in response to passenger privacy concerns.”
Drug dealers who relied on Bitcoin’s ‘anonymity’ get 30 years behind bars
Yessi Bello Perez
https://thenextweb.com/hardfork/2019/04/26/drug-dealers-who-relied-on-bitcoins-anonymity-get-30-years-behind-bars/
Excerpt:
“Most drugs were imported from Canada in a popular comparison website’s freebie toys. The group is believed to have sold more than 1 kilo of controlled drugs – including cocaine and ecstasy – worth tens of thousands of pounds during a fourth-month period in 2017.”
CI Security raises $9.6M to defend healthcare and the public sector from cyber threats
https://www.helpnetsecurity.com/2019/04/24/ci-security-raised-9-6-million/
Excerpt:
“CI Security announced it has raised an additional $9.6 million to defend critical services in healthcare and the public sector from cyber threats.”
Forge: Simplifying the process for cracking hashed passwords
https://www.helpnetsecurity.com/2019/04/24/inferno-systems-forge/
Excerpt:
“Inferno Systems unveiled Forge, a web application that simplifies the process for cracking hashed passwords. Forge offers a workflow for creating attacks against password hashes that includes dictionary management, plan building and use of mixed local and cloud-based compute clusters.”
Source code of Carbanak trojan found on VirusTotal
Catalin Cimpanu
https://www.zdnet.com/article/source-code-of-carbanak-trojan-found-on-virustotal/
Excerpt:
“The source code of one of the world's most dangerous malware strains has been uploaded and left available on VirusTotal for two years, and almost nobody has noticed.”
PDF: The vehicle of choice for malware and fraud
https://www.helpnetsecurity.com/2019/04/23/fraudulent-pdf-files-increase/
Excerpt:
“There has been a substantial increase of fraudulent PDF files, according to a report by SonicWall Capture Labs threat researchers.”
Are your passwords among the 100,000 most breached ones?
Zeljka Zorz
https://www.helpnetsecurity.com/2019/04/23/most-often-used-passwords/
Excerpt:
“Year after year, the list of most often used passwords changes but a little: the latest one, compiled by infosec researcher Troy Hunt and published by the UK National Cyber Security Centre (NCSC), puts “123456”, “123456789”, “qwerty”, “password” and “111111” on the top five spots.”
Scammers are selling 3.2 million payment records stolen from Indian cardholders
Sean Lyngaas
https://www.cyberscoop.com/scammers-selling-3-2-million-payment-records-stolen-indian-cardholders/
Excerpt:
“Cybercriminals have reaped a healthy profit by buying and selling on the dark web financial information that belongs to cardholders in India, according to new research.”
Unsecured Databases Leak 60 Million Records of Scraped LinkedIn Data
Lawrence Abrams
https://www.bleepingcomputer.com/news/security/unsecured-databases-leak-60-million-records-of-scraped-linkedin-data/
Excerpt:
“Eight unsecured databases were found leaking approximately 60 million records of LinkedIn user information. While most of the information is publicly available, the databases contain the email addresses of the LinkedIn users.”
Man fried over 50 college computers with weaponized USB stick
Graham Cluley
https://www.tripwire.com/state-of-security/security-data-protection/man-fried-over-50-college-computers-with-weaponized-usb-stick/
Excerpt:
“It’s not as though 27-year-old Vishwanath Akuthota made it hard for authorities to prove that he was the person who destroyed $58,000 worth of college equipment in February this year.
Facebook Collected Contacts from 1.5 Million Email Accounts Without Users' Permission
Swati Khandelwal
https://thehackernews.com/2019/04/facebook-email-database.html
Excerpt:
“In a statement released on Wednesday, Facebook said the social media company "unintentionally" uploaded email contacts from up to 1.5 million new users on its servers, without their consent or knowledge, since May 2016.”
Script Kiddies Do What They Do Best: Infect Themselves
Ionut Ilascu
https://www.bleepingcomputer.com/news/security/script-kiddies-do-what-they-do-best-infect-themselves/
Excerpt:
“It's easy to set up a cybercriminal operation these days. But not all crooks are cut out for this game, some ending up not just infecting their own computers but also leaving identifying evidence on supporting infrastructure that is insecure and open to snooping.”
A new variant of HawkEye stealer emerges in the threat landscape
Pierluigi Paganini
https://securityaffairs.co/wordpress/84008/malware/hawkeye-stealer.html
Excerpt:
“New malware campaigns leveraging a new variant of the HawkEye data stealer have been observed by experts at Talos. has been under active development since at least 2013. The malicious code is under continuous enhancement, it is offered for sale on various hacking forums as a keylogger and stealer, it allows to monitor systems and exfiltrate information.”
What hackers inside your company are after: Convenience
Doug Wick
https://www.helpnetsecurity.com/2019/04/10/convenience-hackers/
Excerpt:
“Digital transformation is not a technology trend. Rather, it is a convenience trend. Businesses are changing because customer expectations demand it. Each day, consumers find yet another use for mobile connectivity. Corporations, meanwhile, hasten the rush of data into the cloud. And the so-called Internet of Things, or IoT, is woven more tightly into the fabric of our lives.”
Hackers attacked California DMV voter registration system marred by bugs, glitches
John Myers
https://www.latimes.com/politics/la-pol-ca-california-motor-voter-problems-investigation-20190409-story.html
Excerpt:
“California has launched few government projects with higher stakes than its ambitious 2018 program for registering millions of new voters at the Department of Motor Vehicles, an effort with the potential to shape elections for years to come.”
Bitcoin phisher steals $365,000 and 10,000 passwords from dark web users
Yessi Bello Perez
https://thenextweb.com/hardfork/2019/04/10/bitcoin-phisher-steals-365000-and-10000-passwords-from-dark-web-users/
Excerpt:
“A 37 year-old man in the US has been sentenced to one year and one day in prison for fraud in connection with a Bitcoin $BTC▼1.3% phishing scheme designed to rob victims of their cryptocurrency.”
Hackers can add, remove cancer and other illnesses from Computer Tomography scans
Pierluigi Paganini
https://securityaffairs.co/wordpress/83412/hacking/computer-tomography-scans-hack.html
Excerpt:
“Researchers demonstrated that hackers can modify 3D Computer Tomography scans to add or remove evidence of a serious illness, including cancers.”
Consumer routers targeted by DNS hijacking attackers
https://www.helpnetsecurity.com/2019/04/05/consumer-routers-dns-hijacking/
Zeljka Zorz
Excerpt:
“Owners of a slew of D-Link, ARGtek, DSLink, Secutech, TOTOLINK and Cisco consumer routers are urged to update their device’s firmware, lest they fall prey to ongoing DNS hijacking campaigns and device hijacking attacks.”
As fraud attacks grow more sophisticated, a need for contextual detection strategies increases
https://www.helpnetsecurity.com/2019/04/04/contextual-detection-strategies/
Excerpt:
” Fraudsters are using a complex array of tools to build armies of fake accounts, 74% of all fraudulent accounts are created from desktops, and cloud service provider IP ranges are at a higher risk.”
Attackers fighting back against security teams while also targeting supply chains
https://www.helpnetsecurity.com/2019/04/04/attackers-fighting-back-against-security-teams/
Excerpt:
“According to the world’s leading IR professionals, increasingly sophisticated attacks involving instances of “island hopping,” counter incident response (IR), and lateral movement within a network are quickly becoming the new normal.”
Woman illegally entered Mar-a-Lago with thumb drive full of malware, prosecutors say
Greg Otto
https://www.cyberscoop.com/mar-a-lago-malware-yujing-zhang-china-secret-service/
Excerpt:
“A Chinese woman who briefly entered President Donald Trump’s Mar-a-Lago residence last week had two Chinese passports and numerous electronic devices in her possession, including a thumb drive carrying malware, according to federal prosecutors.”
Securing your home increasingly means securing all of your IoT devices
https://www.helpnetsecurity.com/2019/04/03/securing-your-iot-devices/
Excerpt:
“The Internet of Things explosion has proven controversial due to the insufficient security measures in many of these internet-connected devices.”
Georgia Tech data breach: 1.3M students and staff potentially affected
Zeljka Zorz
https://www.helpnetsecurity.com/2019/04/03/georgia-tech-data-breach/
Excerpt:
“The Georgia Institute of Technology, commonly referred to as Georgia Tech, has suffered yet another data breach. This time, the number of affected individuals may have reached 1.3 million.”
How to Marie Kondo your data
Jason Wang
https://www.helpnetsecurity.com/2019/04/01/how-to-marie-kondo-your-data/
Excerpt:
“By now you’ve heard about Marie Kondo, the author of New York Times bestseller, The Life Changing Magic of Tidying Up, and star of Tidying Up, the new Netflix show that puts her principles of organization and decluttering into practice in family homes throughout Los Angeles.”
3.1 million customer records possibly stolen in Toyota hack
Zeljka Zorz
https://www.helpnetsecurity.com/2019/04/01/toyota-hack/
Excerpt:
“Personal information of some 3.1 million Toyota customers may have been leaked outside the company, the Toyota Motor Corporation (TMC) announced on Friday.”
Read full article
