Bulletin vulnerabilities exposed more than 27 million users’ records
Pierluigi Paganini
http://securityaffairs.co/wordpress/50593/data-breach/vbulletin-vulnerabilities-mail-ru.html
Excerpt:
“The Data breach monitoring service LeakedSource has disclosed 11 new data breaches. Security vulnerabilities in the vBulletin platform have exposed more than 27 million accounts, the majority of which belongs to three games on mail.ru.”
$378,000 Malware Attack Leads Thai Bank to Shut Down Half of Its ATMs
David Bisson
http://www.tripwire.com/state-of-security/latest-security-news/378000-malware-attack-leads-thai-bank-to-shut-down-half-of-its-atms/
Excerpt:
“The Government Savings Bank (GSB) of Thailand shut down nearly half of its ATMs following a malware attack that cost it 12 million baht, or about $378,000.”
Hackers can easily take over cellphone towers, researchers found
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/24/hackers-cellphone-towers/
Excerpt:
“Zimperium researchers have unearthed three critical vulnerabilities in widely used software running on base transceiver stations (BTS), i.e. the equipment that makes cellphone towers work.”
UK universities hit repeatedly with ransomware, one over 21 times!
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/24/uk-universities-ransomware/
Excerpt:
“63 percent of UK universities have been hit by ransomware – most of them multiple times, and Bournemouth University a total of 21 times in the last year, SentinelOne has found.”
Privileged user abuse and the insider threat
https://www.helpnetsecurity.com/2016/08/24/privileged-user-abuse-insider-threat/
Excerpt:
“Although insider leaks and attacks continue to multiply, a Ponemon Institute study found that 58 percent of IT operations and security managers believe their organizations are unnecessarily granting access to individuals beyond their roles or responsibilities with 91 percent predicting the risk of insider threats will continue to grow or stay the same.”
Cybercriminals select insiders to attack telecom providers
https://www.helpnetsecurity.com/2016/08/24/attack-telecom-providers/
Excerpt:
“Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these criminals are also recruiting disillusioned employees through underground channels and blackmailing staff using compromising information gathered from open sources.”
Russia's Central Bank introduces new mandatory cyber-security regulations
Eugene Gerden
http://www.scmagazineuk.com/russias-central-bank-introduces-new-mandatory-cyber-security-regulations/article/517638/
Excerpt:
“The Russian Central Bank has announced mandatory cyber-security regulations for domestic banks, according to a Central Bank spokesperson.”
Teen Avoids Jail Time After DDoSing Australia's Biggest Bank & E-Crime Portal
Catalin Cimpanu
http://news.softpedia.com/news/teen-avoids-jail-time-after-ddosing-australia-s-biggest-bank-e-crime-portal-507510.shtml
Excerpt:
“A judge at the Christies Beach Youth Court in Adelaide, Australia has sentenced a 15-year-old teenager to a "family conference" after the teen has launched DDoS attacks on his school, the Commonwealth Bank of Australia (CBA), and ACORN - the Australian Cybercrime Online Reporting Network portal.”
Banking customers hesitant to use mobile features due to security concerns
https://www.helpnetsecurity.com/2016/08/19/banking-customers-mobile/
Excerpt:
“Banking customers are hesitant to use mobile features due to fraud and security concerns, according to Kaspersky Lab and IDC Financial Insights. Their findings show that of those not using mobile banking at all today (36 percent), 74 percent cited security as the major reason, which could slow the overall adoption of mobile banking services during a time where mobile device usage is exploding.”
DOE Awards $34M in Funding to Help Bolster Power Grid Security
http://www.tripwire.com/state-of-security/latest-security-news/doe-awards-34m-in-funding-to-help-bolster-power-grid-security/
Excerpt:
“The United States Department of Energy (DOE) has awarded $34 million in funding for projects aimed to protect the U.S. power grid against digital attacks.”
The inner workings of the Cerber ransomware campaign
https://www.helpnetsecurity.com/2016/08/17/inner-workings-cerber-ransomware-campaign/
Excerpt:
“Check Point’s research team has analysed the inner workings of Cerber, the world’s biggest ransomware-as-a-service scheme.”
Hacking smart cities: Dangerous connections
Mirko Zorz
https://www.helpnetsecurity.com/2016/08/18/hacking-smart-cities/
Excerpt:
“Once just a curiosity for technology enthusiasts, the Internet of Things (IoT) has become mainstream. In fact, the IoT security market is estimated to grow from USD 7.90 billion in 2016 to USD 36.95 billion by 2021, at a CAGR of 36.1%, according to MarketsandMarkets.”
Iran Investigates If Series of Oil Industry Accidents Were Caused by Cyber Attack
Kay Armin Serjoie/Tehran
http://time.com/4450433/iran-investigates-if-series-of-oil-industry-accidents-were-caused-by-cyber-attack/
Excerpt:
“After weeks of speculation on the cause of an unprecedented string of fires and explosions in major Iranian oil and gas facilities, Iran’s Supreme National Cyberspace Council has said that it is looking into cyber-attacks as a possible cause. “Special teams will be sent to the afflicted sites to study the possibility of cyber systems having a role in the recent fires,” said Abolhasan Firoozabadi, secretary of the council according to local media on Wednesday.”
Shark Ransomware-as-a-Service: A real threat, a scam, or both?
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/16/shark-ransomware/
Excerpt:
“A new Ransomware-as-a-Service project has sprung up, and the “service providers” are allowing others to use it for free, but take a 20 percent cut out of every ransom that gets paid by the victims. The ransomware is called Shark.”
Russian pizza restaurant 'hacker' faces US trial
http://www.bbc.co.uk/news/technology-37083764
Excerpt:
“The trial of a Russian man accused of orchestrating a hacking scheme that targeted US pizza restaurants is due to begin this week. Prosecutors allege that Roman Seleznev, the son of a Russian MP, was a "master hacker" behind a plan which led to $170m (£131m) of fraudulent purchases.”
Text scam victimises parents, claiming kids have been in an accident
Danielle Correa
http://www.scmagazineuk.com/text-scam-victimises-parents-claiming-kids-have-been-in-an-accident/article/516034/
Excerpt:
“Fraudsters have stooped to a new low by alerting parents with scam text messages that claim to be from loved ones that have been injured in an accident to trick them into replying and sending money.”
Pakistan passes controversial cyber-crime law
Mehreen Zahra-Malik
http://www.reuters.com/article/us-pakistan-internet-idUSKCN10N0ST
Excerpt:
“Pakistan has adopted a much-criticized cyber security law that grants sweeping powers to regulators to block private information they deem illegal”
Hundreds of millions of cars can be easily unlocked by attackers
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/11/cars-easily-unlocked-attackers/
Excerpt:
“Security researchers have come up with a way to unlock cars manufactured by vendors around the world, and are set to present their findings on Friday at the Usenix security conference in Austin, Texas.”
Financial malware attacks increase as malware creators join forces
https://www.helpnetsecurity.com/2016/08/12/financial-malware-attacks-increase-malware-creators-join-forces/
Excerpt:
“Kaspersky Lab blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company’s IT threat evolution report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware.”
Millions of Russians' personal data may be put at risk
Eugene Gerden
http://www.scmagazineuk.com/millions-of-russians-personal-data-may-be-put-at-risk/article/515114/
Excerpt:
“Leading Russian cyber-security analysts have criticised recently announced government plans to create a single national database containing the personal data of all Russian citizens, expected to be the largest electronic archive in Russia.”
Philippine bank says it preserves ties with big U.S. banks despite heist role
Krishna N. Das and Karen Lema
http://www.reuters.com/article/us-cyber-heist-bangladesh-philippines-idUSKCN10L0EA
Excerpt:
“Rizal Commercial Banking Corp (RCBC) officials say they have preserved ties with major U.S. banks despite the use of one of its branches in Manila by cyber criminals to funnel $81 million stolen from the Bangladesh central bank’s account at the Federal Reserve Bank of New York.”
Man Charged with Selling Stolen Bank Accounts on Dark Web
David Bisson
http://www.tripwire.com/state-of-security/latest-security-news/man-charged-with-selling-stolen-bank-accounts-on-dark-web/
Excerpt:
“A federal grand jury has charged a man with selling access to bank customers’ stolen account logins on a dark web marketplace.”
Banner Health cyber attack sees 3.7 million customer records accessed
Dan Worth
http://www.v3.co.uk/v3-uk/news/2467136/banner-health-cyber-attack-sees-37-million-customer-records-accessed
Excerpt:
“US health insurance giant Banner Health has said that details of up to 3.7 million patients and staff were accessed during a cyber incident at the company.”
Israeli hacker breaches systems of Iranian ISP
Roi Perez
http://www.scmagazineuk.com/israeli-hacker-breaches-systems-of-iranian-isp/article/513455/
Excerpt:
“An Israeli hacker has breached the website of Iranian Internet Service Provider (ISP) Daba and is claiming to have leaked the details of 52,000 registered users.”
Yahoo 'Aware' Hacker Is Advertising 200 Million Supposed Accounts on Dark Web
Joseph Cox
https://motherboard.vice.com/read/yahoo-supposed-data-breach-200-million-credentials-dark-web
Excerpt:
“A notorious cybercriminal is advertising 200 million of alleged Yahoo user credentials on the dark web, and the company has said it is “aware” of the hacker’s claims, but has not confirmed nor denied the legitimacy of the data.”
Data of 200 million Yahoo users offered for sale
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/02/data-yahoo-users-sale/
Excerpt:
“Data of some 200 million Yahoo users has been offered for sale on the TheRealDeal dark web market by “peace_of_mind” (aka “Peace”).”
South Korea Says North Korea Hacked Email Accounts of 56 State Officials
Catalin Cimpanu
http://news.softpedia.com/news/south-korea-says-north-korea-hacked-email-accounts-of-56-state-officials-506851.shtml
Excerpt:
“South Korean investigators revealed this morning that they detected over 90 attempts to hack the email accounts of various state officials, of which 56 were successful.”
Russian government admits agencies were hacked
Max Metzger
http://www.scmagazineuk.com/russian-government-admits-agencies-were-hacked/article/512969/
Excerpt:
” The Russian government has announced that 20 different bodies within Russia, many of them government agencies, have been found with espionage malware lurking in their networks”
Interpol arrests Nigerian scam mastermind who stole $60 million
https://www.helpnetsecurity.com/2016/08/01/scam-mastermind-arrested/
Excerpt:
“The head of an international criminal network behind thousands of online frauds has been arrested in a joint operation by INTERPOL and the Nigerian Economic and Financial Crime Commission (EFCC).”
Read full article
Pierluigi Paganini
http://securityaffairs.co/wordpress/50593/data-breach/vbulletin-vulnerabilities-mail-ru.html
Excerpt:
“The Data breach monitoring service LeakedSource has disclosed 11 new data breaches. Security vulnerabilities in the vBulletin platform have exposed more than 27 million accounts, the majority of which belongs to three games on mail.ru.”
$378,000 Malware Attack Leads Thai Bank to Shut Down Half of Its ATMs
David Bisson
http://www.tripwire.com/state-of-security/latest-security-news/378000-malware-attack-leads-thai-bank-to-shut-down-half-of-its-atms/
Excerpt:
“The Government Savings Bank (GSB) of Thailand shut down nearly half of its ATMs following a malware attack that cost it 12 million baht, or about $378,000.”
Hackers can easily take over cellphone towers, researchers found
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/24/hackers-cellphone-towers/
Excerpt:
“Zimperium researchers have unearthed three critical vulnerabilities in widely used software running on base transceiver stations (BTS), i.e. the equipment that makes cellphone towers work.”
UK universities hit repeatedly with ransomware, one over 21 times!
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/24/uk-universities-ransomware/
Excerpt:
“63 percent of UK universities have been hit by ransomware – most of them multiple times, and Bournemouth University a total of 21 times in the last year, SentinelOne has found.”
Privileged user abuse and the insider threat
https://www.helpnetsecurity.com/2016/08/24/privileged-user-abuse-insider-threat/
Excerpt:
“Although insider leaks and attacks continue to multiply, a Ponemon Institute study found that 58 percent of IT operations and security managers believe their organizations are unnecessarily granting access to individuals beyond their roles or responsibilities with 91 percent predicting the risk of insider threats will continue to grow or stay the same.”
Cybercriminals select insiders to attack telecom providers
https://www.helpnetsecurity.com/2016/08/24/attack-telecom-providers/
Excerpt:
“Cybercriminals are using insiders to gain access to telecommunications networks and subscriber data, according to Kaspersky Lab. In addition, these criminals are also recruiting disillusioned employees through underground channels and blackmailing staff using compromising information gathered from open sources.”
Russia's Central Bank introduces new mandatory cyber-security regulations
Eugene Gerden
http://www.scmagazineuk.com/russias-central-bank-introduces-new-mandatory-cyber-security-regulations/article/517638/
Excerpt:
“The Russian Central Bank has announced mandatory cyber-security regulations for domestic banks, according to a Central Bank spokesperson.”
Teen Avoids Jail Time After DDoSing Australia's Biggest Bank & E-Crime Portal
Catalin Cimpanu
http://news.softpedia.com/news/teen-avoids-jail-time-after-ddosing-australia-s-biggest-bank-e-crime-portal-507510.shtml
Excerpt:
“A judge at the Christies Beach Youth Court in Adelaide, Australia has sentenced a 15-year-old teenager to a "family conference" after the teen has launched DDoS attacks on his school, the Commonwealth Bank of Australia (CBA), and ACORN - the Australian Cybercrime Online Reporting Network portal.”
Banking customers hesitant to use mobile features due to security concerns
https://www.helpnetsecurity.com/2016/08/19/banking-customers-mobile/
Excerpt:
“Banking customers are hesitant to use mobile features due to fraud and security concerns, according to Kaspersky Lab and IDC Financial Insights. Their findings show that of those not using mobile banking at all today (36 percent), 74 percent cited security as the major reason, which could slow the overall adoption of mobile banking services during a time where mobile device usage is exploding.”
DOE Awards $34M in Funding to Help Bolster Power Grid Security
http://www.tripwire.com/state-of-security/latest-security-news/doe-awards-34m-in-funding-to-help-bolster-power-grid-security/
Excerpt:
“The United States Department of Energy (DOE) has awarded $34 million in funding for projects aimed to protect the U.S. power grid against digital attacks.”
The inner workings of the Cerber ransomware campaign
https://www.helpnetsecurity.com/2016/08/17/inner-workings-cerber-ransomware-campaign/
Excerpt:
“Check Point’s research team has analysed the inner workings of Cerber, the world’s biggest ransomware-as-a-service scheme.”
Hacking smart cities: Dangerous connections
Mirko Zorz
https://www.helpnetsecurity.com/2016/08/18/hacking-smart-cities/
Excerpt:
“Once just a curiosity for technology enthusiasts, the Internet of Things (IoT) has become mainstream. In fact, the IoT security market is estimated to grow from USD 7.90 billion in 2016 to USD 36.95 billion by 2021, at a CAGR of 36.1%, according to MarketsandMarkets.”
Iran Investigates If Series of Oil Industry Accidents Were Caused by Cyber Attack
Kay Armin Serjoie/Tehran
http://time.com/4450433/iran-investigates-if-series-of-oil-industry-accidents-were-caused-by-cyber-attack/
Excerpt:
“After weeks of speculation on the cause of an unprecedented string of fires and explosions in major Iranian oil and gas facilities, Iran’s Supreme National Cyberspace Council has said that it is looking into cyber-attacks as a possible cause. “Special teams will be sent to the afflicted sites to study the possibility of cyber systems having a role in the recent fires,” said Abolhasan Firoozabadi, secretary of the council according to local media on Wednesday.”
Shark Ransomware-as-a-Service: A real threat, a scam, or both?
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/16/shark-ransomware/
Excerpt:
“A new Ransomware-as-a-Service project has sprung up, and the “service providers” are allowing others to use it for free, but take a 20 percent cut out of every ransom that gets paid by the victims. The ransomware is called Shark.”
Russian pizza restaurant 'hacker' faces US trial
http://www.bbc.co.uk/news/technology-37083764
Excerpt:
“The trial of a Russian man accused of orchestrating a hacking scheme that targeted US pizza restaurants is due to begin this week. Prosecutors allege that Roman Seleznev, the son of a Russian MP, was a "master hacker" behind a plan which led to $170m (£131m) of fraudulent purchases.”
Text scam victimises parents, claiming kids have been in an accident
Danielle Correa
http://www.scmagazineuk.com/text-scam-victimises-parents-claiming-kids-have-been-in-an-accident/article/516034/
Excerpt:
“Fraudsters have stooped to a new low by alerting parents with scam text messages that claim to be from loved ones that have been injured in an accident to trick them into replying and sending money.”
Pakistan passes controversial cyber-crime law
Mehreen Zahra-Malik
http://www.reuters.com/article/us-pakistan-internet-idUSKCN10N0ST
Excerpt:
“Pakistan has adopted a much-criticized cyber security law that grants sweeping powers to regulators to block private information they deem illegal”
Hundreds of millions of cars can be easily unlocked by attackers
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/11/cars-easily-unlocked-attackers/
Excerpt:
“Security researchers have come up with a way to unlock cars manufactured by vendors around the world, and are set to present their findings on Friday at the Usenix security conference in Austin, Texas.”
Financial malware attacks increase as malware creators join forces
https://www.helpnetsecurity.com/2016/08/12/financial-malware-attacks-increase-malware-creators-join-forces/
Excerpt:
“Kaspersky Lab blocked 1,132,031 financial malware attacks on users, a rise of 15.6 percent compared to the previous quarter, according to the results of the company’s IT threat evolution report for Q2. One of the reasons for the rise appears to be the collaboration between the authors of two leading banking Trojans: Gozi Trojan and Nymaim Trojan, pushing both into the top 10 ranking of financial malware.”
Millions of Russians' personal data may be put at risk
Eugene Gerden
http://www.scmagazineuk.com/millions-of-russians-personal-data-may-be-put-at-risk/article/515114/
Excerpt:
“Leading Russian cyber-security analysts have criticised recently announced government plans to create a single national database containing the personal data of all Russian citizens, expected to be the largest electronic archive in Russia.”
Philippine bank says it preserves ties with big U.S. banks despite heist role
Krishna N. Das and Karen Lema
http://www.reuters.com/article/us-cyber-heist-bangladesh-philippines-idUSKCN10L0EA
Excerpt:
“Rizal Commercial Banking Corp (RCBC) officials say they have preserved ties with major U.S. banks despite the use of one of its branches in Manila by cyber criminals to funnel $81 million stolen from the Bangladesh central bank’s account at the Federal Reserve Bank of New York.”
Man Charged with Selling Stolen Bank Accounts on Dark Web
David Bisson
http://www.tripwire.com/state-of-security/latest-security-news/man-charged-with-selling-stolen-bank-accounts-on-dark-web/
Excerpt:
“A federal grand jury has charged a man with selling access to bank customers’ stolen account logins on a dark web marketplace.”
Banner Health cyber attack sees 3.7 million customer records accessed
Dan Worth
http://www.v3.co.uk/v3-uk/news/2467136/banner-health-cyber-attack-sees-37-million-customer-records-accessed
Excerpt:
“US health insurance giant Banner Health has said that details of up to 3.7 million patients and staff were accessed during a cyber incident at the company.”
Israeli hacker breaches systems of Iranian ISP
Roi Perez
http://www.scmagazineuk.com/israeli-hacker-breaches-systems-of-iranian-isp/article/513455/
Excerpt:
“An Israeli hacker has breached the website of Iranian Internet Service Provider (ISP) Daba and is claiming to have leaked the details of 52,000 registered users.”
Yahoo 'Aware' Hacker Is Advertising 200 Million Supposed Accounts on Dark Web
Joseph Cox
https://motherboard.vice.com/read/yahoo-supposed-data-breach-200-million-credentials-dark-web
Excerpt:
“A notorious cybercriminal is advertising 200 million of alleged Yahoo user credentials on the dark web, and the company has said it is “aware” of the hacker’s claims, but has not confirmed nor denied the legitimacy of the data.”
Data of 200 million Yahoo users offered for sale
Zeljka Zorz
https://www.helpnetsecurity.com/2016/08/02/data-yahoo-users-sale/
Excerpt:
“Data of some 200 million Yahoo users has been offered for sale on the TheRealDeal dark web market by “peace_of_mind” (aka “Peace”).”
South Korea Says North Korea Hacked Email Accounts of 56 State Officials
Catalin Cimpanu
http://news.softpedia.com/news/south-korea-says-north-korea-hacked-email-accounts-of-56-state-officials-506851.shtml
Excerpt:
“South Korean investigators revealed this morning that they detected over 90 attempts to hack the email accounts of various state officials, of which 56 were successful.”
Russian government admits agencies were hacked
Max Metzger
http://www.scmagazineuk.com/russian-government-admits-agencies-were-hacked/article/512969/
Excerpt:
” The Russian government has announced that 20 different bodies within Russia, many of them government agencies, have been found with espionage malware lurking in their networks”
Interpol arrests Nigerian scam mastermind who stole $60 million
https://www.helpnetsecurity.com/2016/08/01/scam-mastermind-arrested/
Excerpt:
“The head of an international criminal network behind thousands of online frauds has been arrested in a joint operation by INTERPOL and the Nigerian Economic and Financial Crime Commission (EFCC).”
Read full article