July 2018

Masing Graces CIPRA 2018

https://www.newsarawaktribune.com.my/news/masing-graces-cipra-2018/

Excerpt
“The Critical Infratructure Protection & Resilience Asia (CIPRA) 2018 marks its third year conference which is being held at The Waterfront Hotel here from 17 to 19 July.”
GDPR directly impacts Facebook, 1 million European users lost
Luana Pascu
https://hotforsecurity.bitdefender.com/blog/gdpr-directly-impacts-facebook-1-million-european-users-lost-20155.html
Excerpt
“It was likely that GDPR would have consequences on all companies whose business affects Europeans, but Facebook appears to be in a bit of a free fall after applying GDPR guidelines to its entire network.”
$14 Million Stolen by Hackers from UK Law Firms
TaRyn
https://latesthackingnews.com/2018/07/24/14-million-stolen-by-hackers-from-uk-law-firms/
Excerpt
“The National Cyber Security Centre or NCSC of the UK found that cybercriminals stole a total of over $14 million from legal firm clients in 2016 thru 2017. Last year, about 60% of the country’s law firms reported info security incidents. This was an increase from 2016 by nearly 20%.”
Hackers Breached Virginia Bank Twice in Eight Months, Stole $2.4M 
Brian Krebs
https://krebsonsecurity.com/2018/07/hackers-breached-virginia-bank-twice-in-eight-months-stole-2-4m/
Excerpt
“Hackers used phishing emails to break into a Virginia bank in two separate cyber intrusions over an eight-month period, making off with more than $2.4 million total. Now the financial institution is suing its insurance provider for refusing to fully cover the losses.”
Egyptian 'Fake News' Law Threatens Citizens with 5000-plus Followers
Swati Khandelwal
https://thehackernews.com/2018/07/social-media-fake-news-law.html
Excerpt
“Do you or someone you know lives in Egypt and holds an account on Facebook, Twitter, or/and other social media platforms with more than 5000 followers?”
Smart cities spending to reach $158 billion in 2022
https://www.helpnetsecurity.com/2018/07/25/smart-cities-spending/
Excerpt
“Smart City initiatives will attract technology investments of more than $81 billion globally in 2018, and spending is set to grow to $158 billion in 2022, according to IDC.”
Banking malware finds new life spreading data-stealing Trojan
Danny Palmer
https://www.zdnet.com/article/banking-malware-finds-new-life-spreading-data-stealing-trojan/
Excerpt
“The group behind a notorious banking trojan have expanded their operations and are now offering to deliver other forms of malware on behalf of other attackers.”
Hackers Breach Russian Bank and Steal $1 Million Due to Outdated Router
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/hackers-breach-russian-bank-and-steal-1-million-due-to-outdated-router/
Excerpt
“A notorious hacker group known as MoneyTaker has stolen roughly $1 million from a Russian bank after breaching its network via an outdated router.”
Hackers stole data of PM Lee and 1.5 million patients in 'major cyberattack' on SingHealth  
https://www.todayonline.com/singapore/hackers-stole-medical-data-pm-lee-and-15-million-patients-major-cyber-attack-singhealth
Excerpt
“In the biggest and most serious cyberattack yet on Singapore, hackers last month broke into SingHealth's IT systems to steal the data of 1.5 million patients and records of the outpatient medication given to Prime Minister Lee Hsien Loong, the authorities said on Friday (July 20).”
British Airways cancelled flights at Heathrow after ‘IT system issue’
Veronika Gallisova
https://www.welivesecurity.com/2018/07/19/british-airways-cancelled-flights-heathrow-system-issue/
Excerpt
“On Wednesday, British Airways passengers had their flights delayed and some even cancelled as a result of a yet to be specified IT system issue.”
Will this biz be poutine up the cash? Hackers demand dosh to not leak stolen patient records
John Leyden
https://www.theregister.co.uk/2018/07/18/carepartners_data_breach/
Excerpt
“Hackers say they will leak patient and employee records stolen from a Canadian healthcare provider unless they are paid off.”
Business Email Compromise Scams Have Netted $12.5 Billion, Says FBI
Graham Cluley
https://businessinsights.bitdefender.com/business-email-compromise-scams-netted-12.5-billion-fbi
Excerpt
“The FBI is once again warning businesses of the serious dangers posed by business email compromise (BEC) scams, saying that losses globally have risen by 136% since December 2016.”
Attention all passengers: Airport networks are putting you at risk!
https://www.helpnetsecurity.com/2018/07/19/cyber-insecure-airports/
Excerpt
“Coronet released a report identifying San Diego International Airport, John Wayne Airport-Orange County (CA) International Airport and Houston’s William P. Hobby International Airport as America’s most cyber insecure airports.”
Inside look at lifecycle of stolen credentials and extent of data breach damage
https://www.helpnetsecurity.com/2018/07/19/credential-spill-report/
Excerpt
“Shape Security released its Credential Spill Report, shedding light on the extent to which the consumer banking, retail, airline and hospitality industries are impacted by credential stuffing attacks and account takeover. The report analyzes attacks that took place in 2017 and reveals 2.3 billion account credentials were compromised as a result of 51 independent credential spill incidents.”
Microsoft tops list of brands impersonated by phishers
Zeljka Zorz
https://www.helpnetsecurity.com/2018/07/18/phishers-impersonate-microsoft/
Excerpt
“The number one brand spoofed by phishers in Q2 2018 in North America was Microsoft, says email security company Vade Secure. The company credits the surging of adoption of Microsoft Office 365 for this unfortunate statistic.”
Only 20% of companies have fully completed their GDPR implementations
https://www.helpnetsecurity.com/2018/07/16/complete-gdpr-implementation/
Excerpt
“Key findings from a survey conducted by Dimensional Research highlight that only 20% of companies surveyed believe they are GDPR compliant, while 53% are in the implementation phase and 27% have not yet started their implementation.”
Beware of Extortion Scams Stating They Have Video of You on Adult Sites
Lawrence Abrams
https://www.bleepingcomputer.com/news/security/beware-of-extortion-scams-stating-they-have-video-of-you-on-adult-sites/
Excerpt
“Reports are coming in about a new extortion scam where scammers email you stating that they know the recipient's password, have installed malware on the computer, created videos of the recipient using adult web sites through their webcam, and have stolen the recipient's contacts.”
Deceased Patient Data Being Sold on Dark Web
Oren Koriat
https://threatpost.com/deceased-patient-data-being-sold-on-dark-web/133871/
Excerpt
“It is no shocker medical records are a prime target for cybercriminals. But less intuitive is the market for medical records of the deceased on the dark web. We took a closer look at the reason behind this strange trend. Here is what we found.”
A curious tale of the priest, the broker, the hacked newswires, and $100m of insider trades
Iain Thomson
https://www.theregister.co.uk/2018/07/11/priest_broker_100m_hack/
Excerpt
“Two former investment bankers, one of whom is also a priest, have been found guilty of an elaborate scam – hacking newswires to read press releases prior to publication, and trade millions using this insider information.”
Three Arrests Made in Largest Hack in Lebanon's History
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/three-arrests-made-in-largest-hack-in-lebanons-history/
Excerpt
“Beirut officials have arrested three suspects believed to be behind what local authorities are calling the biggest hack in Lebanon's history.”
42% of organizations globally hit by cryptomining attacks
https://www.helpnetsecurity.com/2018/07/13/global-cryptomining-attacks/
Excerpt:
“Cybercriminals are aggressively targeting organizations using cryptomining malware to develop illegal revenue streams, according to Check Point. Meanwhile, cloud infrastructures appear to be the growing target among threat actors.”
IoT security spend to reach $6 billion by 2023
https://www.helpnetsecurity.com/2018/07/13/iot-security-spend/
Excerpt:
“A new study from Juniper Research found that spending on IoT cybersecurity solutions is set to reach over $6 billion globally by 2023. It highlighted rapid growth, with spending by product and service providers (in consumer markets) and end-customers (in industrial and public services markets) to rise nearly 300% over the forecast period.”
Facebook Fined £500,000 by ICO for Cambridge Analytica Data Scandal
David Bisson
https://www.tripwire.com/state-of-security/latest-security-news/facebook-fined-500000-by-ico-for-cambridge-analytica-data-scandal/
Excerpt:
“The Information Commissioner’s Office (ICO) announced its plan to fine Facebook £500,000 over the Cambridge Analytica data scandal.”
Hacker Steals Military Docs Because Someone Didn’t Change a Default FTP Password
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/hacker-steals-military-docs-because-someone-didn-t-change-a-default-ftp-password/
Excerpt:
“A hacker is selling sensitive military documents on online hacking forums, a security firm has discovered.”
Cost of data breaches rises, mega breaches cost up to $350 million
https://www.helpnetsecurity.com/2018/07/12/2018-cost-of-a-data-breach-study/
Excerpt:
“Hidden costs in data breaches – such as lost business, negative impact on reputation and employee time spent on recovery – are difficult and expensive to manage. For example, a new study found that one-third of the cost of mega breaches (over 1 million lost records) were derived from lost business.”
Security Firm Sued for Failing to Detect Malware That Caused a 2009 Breach
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/security-firm-sued-for-failing-to-detect-malware-that-caused-a-2009-breach/
Excerpt:
“Two insurance companies are suing a cyber-security firm to recover insurance fees paid to a customer after the security firm failed to detect malware on the client's network for months, an issue that led to one of the biggest security breaches of the 2000s. The security firms says the lawsuit is meritless.”
Just using a $39 device it is possible to defeat new iOS USB Restricted Mode
Pierluigi Paganini
https://securityaffairs.co/wordpress/74332/hacking/usb-restricted-mode-bypass.html
Excerpt:
“Recently Apple released the iOS 11.4.1 that introduced a new security feature, dubbed USB Restricted Mode, designed to protect your devices against USB accessories used by forensics experts and law enforcement agencies to analyze iPhone or iPad.”
UK govt announces specialized cybercrime court in London
Zeljka Zorz
https://www.helpnetsecurity.com/2018/07/09/cybercrime-court-uk/
Excerpt:
“It is just a matter of time until specialized courts for cybercrime cases pop up, and the UK is already working on one. The new court will be located in the heart of the City of London, in a new building that is expected to be completed by 2025.
Businesses collect more data than they can handle, only half know where sensitive data is stored
https://www.helpnetsecurity.com/2018/07/10/business-data-collection/
Excerpt:
“With pressure to ensure consumer data is protected mounting, Gemalto today released the results of a global study which reveals that 65% are unable to analyze all the data they collect and only 54% of companies know where all of their sensitive data is stored.”
Cyber-Espionage Group Returns With New Attacks After One Year
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/cyber-espionage-group-returns-with-new-attacks-after-one-year/
Excerpt:
“A cyber-espionage group that has targeted Palestinian law enforcement last year is now back in action targeting Palestinian government officials.”
Timehop data breach, data from 21 million users exposed
Pierluigi Paganini
https://securityaffairs.co/wordpress/74297/data-breach/timehop-data-breach.html
Excerpt:
“Timehop, the service that aims to help people in finding new ways to connect with each other by analyzing past activities, has been hacked.”
Phone apps aren't secretly listening to your calls: But what they do is still 'alarming'
Liam Tung
https://www.zdnet.com/article/phone-apps-arent-secretly-listening-to-your-calls-but-what-they-do-is-still-alarming/
Excerpt:
“For years people have suspected apps on their phone are listening to what they say after suddenly seeing ads for things they only spoke of but never searched for.”
Global revenue from the IoT and analytics for utilities market is expected to grow
https://www.helpnetsecurity.com/2018/07/06/iot-analytics-utilities-market-revenue/
Excerpt:
“The utilities industry is attempting to leverage a plethora of generating assets, transmission and distribution system equipment, and smart meters connected to the grid, creating large amounts of data. However, the IoT has invaded their space, according to Navigant Research.”
Dramatic increase in cryptocurrency money laundering
https://www.helpnetsecurity.com/2018/07/06/cryptocurrency-money-laundering/
Excerpt:
“Three times more cryptocurrency was stolen from exchanges in the first half of 2018 than in all of 2017, according to CipherTrace. These dirty funds all need to be “laundered,” which results in a multi-billion-dollar and growing cryptocurrency money laundering problem that is attracting the attention of regulators globally.”
New insider attack steals passwords by reading thermal energy from keyboards
https://www.helpnetsecurity.com/2018/07/06/thermanator/
Excerpt:
“After entering a password, your regular computer keyboard might appear to look the same as always, but a new approach harvesting thermal energy can illuminate the recently pressed keys, revealing that keyboard-based password entry is even less secure than previously thought.”
Are privacy and personal identity impossible to protect?
https://www.helpnetsecurity.com/2018/07/02/protect-privacy-identity/
Excerpt:
“While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security professionals don’t believe that individuals will be able to protect their privacy and online identity, even with precautionary measures and new regulations such as GDPR.”
New LTE attacks can reveal accessed websites, direct victims to malicious sites
Zeljka Zorz
https://www.helpnetsecurity.com/2018/07/03/lte-attacks-data-link-layer/
Excerpt:
“Three new attacks against the LTE 4G wireless data communications technology have been pinpointed by researchers from Ruhr-University Bochum and New York University Abu Dhabi.”
Glimpse Inside IoT-Triggered DDoS Attacks and Securing IT Infrastructures
Andrei Klubnikin
https://dzone.com/articles/a-glimpse-inside-iot-triggered-ddos-attacks-amp-ho
Excerpt:
“Why do IoT devices get involved in DDoS attacks? How are these attacks executed and what consequences do they lead to? Is it possible to secure connected devices and web applications within an enterprise network in the Internet of Things era? This post will attempt to answer those questions.”
Are privacy and personal identity impossible to protect?
https://www.helpnetsecurity.com/2018/07/02/protect-privacy-identity/
Excerpt:
“While consumers and businesses expand their use of social media and electronic services to record levels, many of America’s most knowledgeable security professionals don’t believe that individuals will be able to protect their privacy and online identity, even with precautionary measures and new regulations such as GDPR.
Read full article