May 2016

Spearheading cybersecurity for SMEs in Malaysia
Dr Amirudin Wahab
http://www.thestar.com.my/tech/tech-opinion/2016/03/31/spearheading-cyber-security-for-smes-in-malaysia/
Excerpt:
“Cyberattacks are increasing in frequency and scale, and they threaten all areas of economic activity. Industries and businesses are at risk.”
StanChart hires new cybersecurity chief from Symantec
http://www.thestar.com.my/tech/tech-news/2016/05/11/stanchart-hires-new-cyber-security-chief-from-symantec/
Excerpt:
“Standard Chartered has hired former Symantec Corp executive Cheri McGuire to be its new chief information security officer, the bank said, as lenders globally step up efforts to combat threats to cybersecurity.  “
US government worse than all major industries on cybersecurity
http://www.thestar.com.my/tech/tech-news/2016/04/16/us-government-worse-than-all-major-industries-on-cybersecurity/
Excerpt:
“US federal, state and local government agencies rank in last place in cyber security when compared against 17 major private industries, including transportation, retail and healthcare, according to a new report released Thursday.”
Hong Kong launches fresh plan to fortify cybersecurity after SWIFT heist
http://www.thestar.com.my/tech/tech-news/2016/05/19/hong-kong-launches-fresh-plan-to-fortify-cybersecurity-after-swift-heist/
Excerpt:
“Hong Kong's central bank has a launched a new program to strengthen lenders' ability to protect their critical technology systems after recent attacks by unidentified groups on a global messaging system used by the financial community“
SEC says cybersecurity biggest risk to financial system
http://www.thestar.com.my/tech/tech-news/2016/05/18/sec-says-cybersecurity-biggest-risk-to-financial-system/
Excerpt:
“Cybersecurity is the biggest risk facing the financial system, the chair of the US Securities and Exchange Commission (SEC) said, in one of the frankest assessments yet of the threat to Wall Street from digital attacks.”
UK banks ordered to review cybersecurity after SWIFT heist
http://www.thestar.com.my/tech/tech-news/2016/05/19/uk-banks-ordered-to-review-cyber-security-after-swift-heist/
Excerpt:
“The Bank of England ordered UK banks to detail steps taken to secure computers connected to the SWIFT bank messaging network about two months after a still-unidentified group used the system to steal US$81mil (RM329.6mil) from Bank Bangladesh, according to three people familiar with the effort.”
SC seeks public feedback on managing cyber security risk
http://www.thestar.com.my/business/business-news/2016/03/21/sc-seeks-public-feedback-on-managing-cyber-security-risk/
Excerpt:
“The Securities Commission (SC) on Monday published a consultation paper seeking public feedback on the proposed regulatory framework relating to the management of cyber security risk by capital market participants.”
 
Man Busted in Darkode Takedown Receives Jail Time
David Bisson
http://www.tripwire.com/state-of-security/latest-security-news/man-busted-in-darkode-takedown-receives-jail-time/
Excerpt:
“A man who was busted in the takedown of the hacking forum Darkode has received jail time for his online criminal activities.”
IoT security testing and certification program
https://www.helpnetsecurity.com/2016/05/26/iot-security-testing/
Excerpt:
“To help companies mitigate risks associated with an increasingly connected world, ICSA Labs, an independent division of Verizon, is rolling out a new security testing program to provide assurance testing for Internet of Things (IoT) devices and sensors.”
FBI warns about keyloggers disguised as USB device chargers
Zeljka Zorz
https://www.helpnetsecurity.com/2016/05/24/keyloggers-usb-device-chargers/
Excerpt:
“A private industry notification issued by the FBI in late April may indicate that keyloggers disguised as USB device chargers have been fund being used in the wild.”
Reputation damage and brand integrity: Top reasons for protecting data
https://www.helpnetsecurity.com/2016/05/25/protecting-data/
Excerpt:
“Vormetric announced the results of the European Edition of the 2016 Vormetric Data Threat Report. It focuses on responses from IT security leaders in European organisations, which detail IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances.”
US Navy Training a Group of "Ethical Hacking" Sailors
Catalin Cimpanu
http://news.softpedia.com/news/us-navy-training-a-group-of-ethical-hacking-sailors-504379.shtml
Excerpt:
“The US Navy has put out an ad soliciting bids for an educational program aimed at training sailors in ethical hacking techniques.”
'Digital Batman' hacktivist posts video of cyber-attack on Catalan police site
Bradley Barth
http://www.scmagazineuk.com/digital-batman-hacktivist-posts-video-of-cyber-attack-on-catalan-police-site/article/498081/
Excerpt:
“Just days after transferring £7,600 ($11,000) in stolen bitcoins to an anti-ISIS revolutionary group in Syria, hacktivist Phineas Fisher was at it again — not just defacing the website belonging to Spain's Catalan police union, but actually posting an online tutorial showing how it was done.”
Exclusive: In Ecuador cyber heist, thieves moved $9 million to 23 Hong Kong firms
Clare Baldwin and Nathan Layne
http://www.reuters.com/article/us-cyber-heist-hongkong-exclusive-idUSKCN0YG2W9
Excerpt:
“Cyber thieves who stole $12 million from an Ecuadorian bank in 2015 routed the funds through 23 companies registered in Hong Kong, some of them with no clear business activity, according to previously unreported court filings and judicial rulings.”
Anonymous Hackers Turned Stock Analysts Are Targeting US & Chinese Corporations
Catalin Cimpanu
http://news.softpedia.com/news/anonymous-hackers-turned-stock-analysts-are-targeting-us-chinese-corporations-504495.shtml
Excerpt:
“A relatively unknown division of the Anonymous hacker collective that goes by the name of Anonymous Analytics has been sabotaging companies on the stock market by revealing flaws in their financial statements, with catastrophic results.”
Targeted Attacks against Banks in the Middle East
Sudeep Singh
https://www.fireeye.com/blog/threat-research/2016/05/targeted_attacksaga.html
Excerpt:
“In the first week of May 2016, FireEye’s DTI identified a wave of emails containing malicious attachments being sent to multiple banks in the Middle East region. The threat actors appear to be performing initial reconnaissance against would-be targets, and the attacks caught our attention since they were using unique scripts not commonly seen in crimeware campaigns.”
Slovenia investigates foreigner over failed Vietnam cyber-heist
Marja Novak
http://www.reuters.com/article/us-cyber-heist-slovenia-idUSKCN0Y91KK
Excerpt:
“Slovenian police said on Wednesday they were investigating a foreigner over an attempted cyber-heist in which criminals unsuccessfully tried to send money from a Vietnamese bank to a Slovenian one in December.”
Anonymous Leaks Healthcare Records from 33 Turkish Hospitals
Catalin Cimpanu
http://news.softpedia.com/news/anonymous-leaks-healthcare-records-from-33-turkish-hospitals-504258.shtml
Excerpt:
“A hacker(s) claiming to be part of Anonymous posted online a link pointing to a 2GB archive containing personal records stolen from Turkish hospitals.”
The life of a social engineer: Hacking the human
Mirko Zorz
https://www.helpnetsecurity.com/2016/05/19/social-engineer/
Excerpt:
 
“A clean-cut guy with rimmed glasses and a warm smile, Jayson E. Street looks nothing like the stereotypical hacker regularly portrayed in movies (i.e. pale, grim and antisocial). But he is one – he just “hacks” humans.”
Fake Hacker Found Guilty of Gutsy Mitt Romney Extortion Scheme
Catalin Cimpanu
http://news.softpedia.com/news/fake-hacker-found-guilty-following-gutsy-mitt-romney-extortion-scheme-504132.shtml
Excerpt:
“Michael Mancil Brown, 37, of Franklin, Tennessee, faces up to thirty years in prison, a fine up to $250,000, and orders of restitution to victims, because of a daring stunt he pulled off in 2012 that involved fake hacking, the PricewaterhouseCoopers consulting firm, and US presidential candidate Mitt Romney.”
Most organizations can’t protect digital information in the long-term
https://www.helpnetsecurity.com/2016/05/17/protect-digital-information/
Excerpt:
“New research has revealed that the majority of organizations do not have a coherent long-term strategy for their vital digital information even though virtually all of them (98%) are required to keep information for ten years or longer.”
Bangladesh heist linked to attack on Sony: BAE researchers
Jim Finkle
http://www.reuters.com/article/us-usa-fed-bangladesh-malware-idUSKCN0Y40MC
Excerpt:
“Malicious software used in February's $81 million heist at Bangladesh Bank is linked to other cyber attacks, including the high-profile 2014 attack on Sony's Hollywood studio, according to a new report from cyber security firm BAE Systems”
UK court rejects demands for Lauri Love to hand over encryption keys
Julia Gregory and Bill Goodwin
http://www.computerweekly.com/news/450295965/UK-court-rejects-demands-for-Lauri-Love-to-hand-over-encryption-keys
Excerpt:
“A court has ruled against an attempt by the National Crime Agency to force an activist to disclose encryption keys by bypassing the Regulation of Investigatory Powers Act.”
Anonymous Attacks Eight More Banks Part of OpIcarus
Catalin Cimpanu
http://news.softpedia.com/news/anonymous-attacks-eight-more-banks-part-of-opicarus-503826.shtml
Excerpt:
“The Anonymous campaign OpIcarus launched against the banking sector seems to be ramping up, with eight more financial institutions suffering DDoS attacks during the past few days, ever since the campaign was publicly announced.”
The Scariest Hack So Far
Jane Brown
http://www.jdsupra.com/legalnews/the-scariest-hack-so-far-81151/
Excerpt:
“Hackers have upped the ante. Data controllers wax fondly about the good old days when data was outright stolen. Back then, in 2013, there was a sense of fair play. Trolls did troll things. Assuming the victim implemented and maintained a “comprehensive information security program”[1] to protect the type of data that was compromised, its insurance carrier may have provided coverage and the issue was resolved. Now, ransomware, extortion and data sabotage may lead to ongoing issues for data controllers. Each of these types of cyberattacks is evolving in ways that are truly devious.”
Liberty Reserve founder sentenced to 20 years for money laundering
https://www.helpnetsecurity.com/2016/05/09/liberty-reserve-founder-sentenced/
Excerpt:
“Arthur Budovsky was sentenced in the Southern District of New York to 20 years imprisonment for running a massive money laundering enterprise through his company Liberty Reserve, a virtual currency once used by cybercriminals around the world to launder the proceeds of their illegal activity. He was also ordered to pay a $500,000 fine.”
Panama Papers source breaks silence over 'scale of injustices'
Luke Harding
http://www.theguardian.com/news/2016/may/06/panama-papers-source-breaks-silence-over-scale-of-injustices
Excerpt:
“The whistleblower behind the Panama Papers broke their silence on Friday to explain in detail how the injustices of offshore tax havens drove them to the biggest data leak in history.”
IoT and virtual reality: What’s next?
Geoff Webb
https://www.helpnetsecurity.com/2016/05/06/iot-virtual-reality/
Excerpt:
“Smart doorbells, clever fridges, talking TVs, intelligent manufacturing, self-driving cars – all pretty cool. The IoT, in fact, is chock full of potentially very cool things, many of which we should expect to see becoming the norm within the next couple of years, if not sooner.”
Russian Hacker Selling 1.17 Billion Stolen Records for Less than $1
Catalin Cimpanu
http://news.softpedia.com/news/russian-hacker-selling-1-17-billion-stolen-credentials-for-less-than-1-503713.shtml
Excerpt:
“A Russian hacker nicknamed "The Collector" is selling a stash of 1.17 billion stolen email addresses, some of which come with login credentials, for only 50 Rubles, which is approximately 76 US cents.”
Android banking malware may start using adware tricks
Zeljka Zorz
https://www.helpnetsecurity.com/2016/05/05/android-banking-malware-adware/
Excerpt:
“Android banking and credential-stealing malware with screen overlay capabilities is on the rise, but for it to be effective, it must detect when banking, email, social media apps are opened, identify them, and show the appropriate pop up intended to harvest sensitive data.”
Jaku botnet hides targeted attacks within generic botnet noise
Zeljka Zorz
https://www.helpnetsecurity.com/2016/05/05/jaku-botnet-targeted-attacks/
Excerpt:
“Botnets are usually created by cyber criminals that use them to launch DDoS attacks, deliver spam, effect click fraud. The recently discovered Jaku botnet can effectively do all those things, if its botmaster(s) choose to do so, but it seems that they have other things in mind.”
Rising threats to boost government IT security spending
https://www.helpnetsecurity.com/2016/05/05/government-it-security-spending/
Excerpt:
“Technavio analysts expect global government IT security spending to exceed USD 42 billion by 2020, growing at a CAGR of over 9%.”
Fraudsters Steal Tax, Salary Data From ADP
Brian Krebs
http://krebsonsecurity.com/2016/05/fraudsters-steal-tax-salary-data-from-adp/
Excerpt:
“Identity thieves stole tax and salary data from payroll giant ADP by registering accounts in the names of employees at more than a dozen customer firms, KrebsOnSecurity has learned. ADP says the incidents occurred because the victim companies all mistakenly published sensitive ADP account information online that made those firms easy targets for tax fraudsters.”
Medical Equipment Crashes During Heart Procedure Because of Antivirus Scan
Catalin Cimpanu
http://news.softpedia.com/news/medical-equipment-crashes-during-heart-procedure-because-of-antivirus-scan-503642.shtml
Excerpt:
“A critical medical equipment crashed during a heart procedure due to a timely scan triggered by the antivirus software installed on the PC to which the said device was sending data for logging and monitoring.”
Cybercriminals filtering out victims by location
https://www.helpnetsecurity.com/2016/05/03/cybercriminals-filtering-victims/
Excerpt:
“There’s a growing trend among cybercriminals to target and even filter out specific countries when designing ransomware, according to SophosLabs.”
Gozi malware creator sentenced to time served
https://www.helpnetsecurity.com/2016/05/03/gozi-malware-creator-sentenced/
Excerpt:
“Nikita Kuzmin, the creator of the Gozi malware, was sentenced on Monday in Manhattan federal court to time served (37 months). He was also ordered to pay nearly $7 million in restitution.”
Samsung’s smart home platform flaws let attackers fiddle with your doors
Zeljka Zorz
https://www.helpnetsecurity.com/2016/05/03/samsungs-smart-home-platform-flaws-let-attackers-fiddle-doors-home/
Excerpt:
“Researchers have managed to exploit design flaws in the Samsung SmartThings smart home programming platform and successfully mount a series of attacks that could result in smart homes being entered, burglarized, and generally made insecure by attackers via malicious apps.”
Online transaction fraud to reach $25 billion by 2020
https://www.helpnetsecurity.com/2016/05/04/online-transaction-fraud-25-billion/
Excerpt:
“Online transaction fraud is expected to reach $25.6 billion by 2020, up from $10.7 billion last year, according to Juniper Research. This means that by the end of the decade, $4 in every $1,000 of online payments will be fraudulent.
Flaws in Samsung’s ‘Smart’ Home Let Hackers Unlock Doors and Set Off Fire Alarms
Andy Greenberg
https://www.wired.com/2016/05/flaws-samsungs-smart-home-let-hackers-unlock-doors-set-off-fire-alarms/
Excerpt:
“A smoke detector that sends you a text alert when your house is on fire seems like a good idea. An internet-connected door lock with a PIN that can be programmed from your smartphone sounds convenient, too. But when a piece of malware can trigger that fire alarm at four in the morning or unlock your front door for a stranger, your “smart home” suddenly seems pretty dumb.”
Anonymous Ghost Squad Hackers Take Down Black Lives Matter Website
Catalin Cimpanu
http://news.softpedia.com/news/anonymous-ghost-squad-hackers-take-down-black-lives-matter-website-503579.shtml
Excerpt:
“In a surprising turn of events, Ghost Squad Hackers, one of the Anonymous subdivisions carrying out DDoS attacks against KKK members, had a change of heart this past weekend and launched similar attacks against the Black Lives Matter movement.”
Read full article