Android Adware Infects 36.5M Devices via Google Play
Gabriela Vatu
http://news.softpedia.com/news/android-adware-infects-36-5m-devices-via-google-play-516109.shtml
Excerpt:
“What is believed to be one of the largest malware campaigns on Google Play Store has been discovered by security firm Checkpoint, which claims that around 36.5 million Android devices were infected with adware.
US DoJ asks Congress for power to serve international data warrants
Max Metzger
https://www.scmagazineuk.com/us-doj-asks-congress-for-power-to-serve-international-data-warrants/article/664217/
Excerpt:
“Data centres in the UK could soon find themselves served with warrants by US law enforcement authorities.The US Department of Justice is looking to free itself from the burdens of national jurisdiction, so it can effectively pursue international crime.”
Most people would pay a ransom to get their data back
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/26/pay-ransom-get-data-back/
Excerpt:
“The high-profile WannaCry attack was the first time that 57% of US consumers were exposed to how ransomware works, the results of a recent Carbon Black survey have revealed.
WannaCry Ransom Note Written by Chinese, English Speaking Authors
Michael Mimoso
https://threatpost.com/wannacry-ransom-note-written-by-chinese-english-speaking-authors/125906/
Excerpt:
“The WannaCry ransom note was likely written by Chinese- and English-speaking authors, adding more intrigue to the investigation into whether it was indeed a North Korean APT using stolen NSA exploits to spread ransomware worldwide.”
When Technology Takes Hostages: The Rise of 'Stalkerware'
Elle Armageddon
https://motherboard.vice.com/en_us/article/when-technology-takes-hostages-the-rise-of-stalkerware
Excerpt:
“NSA zero-days and sophisticated state surveillance tools get all the headlines. But we’re overlooking the dangerous, life-threatening, rise of “stalkerware,” which enables domestic violence.”
Man jailed for stealing images and details from more than 50 women
Lisa Vaas
https://nakedsecurity.sophos.com/2017/05/23/man-jailed-for-stealing-images-and-details-from-more-than-50-women/
Excerpt:
“Consider Kevin M Maldonado: he’s the reason to limit the personal information you put online, and he’s the reason why your password shouldn’t be your anniversary or your cat’s name. The 35-year-old man from the US state of Alabama has been sentenced to six months in federal prison and three years of supervised release after he pleaded guilty to spending two years hacking and tormenting at least 50 women.”
WannaCry Malware Profile
Alex Berry, Josh Homan, Randi Eitzman
https://www.fireeye.com/blog/threat-research/2017/05/wannacry-malware-profile.html
Excerpt:
“WannaCry (also known as WCry or WanaCryptor) malware is a self-propagating (worm-like) ransomware that spreads through internal networks and over the public internet by exploiting a vulnerability in Microsoft’s Server Message Block (SMB) protocol, MS17-010. The WannaCry malware consists of two distinct components, one that provides ransomware functionality and a component used for propagation, which contains functionality to enable SMB exploitation capabilities.”
SCADA systems plagued by insecure development and slow patching
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/23/scada-systems-insecure/
Excerpt:
““Behind most modern conveniences, there exists a SCADA system somewhere that controls them,” Trend Micro researchers pointed out in a new report that delves in the heart of vulnerabilities affecting SCADA systems’ Human Machine Interfaces (HMIs).”
More links between WannaCry and Lazarus group revealed
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/23/wannacry-lazarus-links/
Excerpt:
” Symantec researchers have found more links between WannaCry ransomworm and Lazarus, the hacking group believed to be behind the 2014 attack on Sony Pictures and the 2016 Bangladesh Central Bank heist.”
Hackers can use subtitles to take over millions of devices running VLC, Kodi, Popcorn Time and Stremio
https://www.helpnetsecurity.com/2017/05/23/subtitle-hack/
Excerpt:
“Check Point researchers revealed a new attack vector threatening millions of users of popular media players, including VLC, Kodi (XBMC), Popcorn Time and Stremio. By crafting malicious subtitle files for films and TV programmes, which are then downloaded by viewers, attackers can potentially take complete control of any device running the vulnerable platforms.”
The privacy threat of IoT device traffic rate metadata
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/22/iot-device-traffic-rate-metadata/
Excerpt:
“Even though many IoT devices for smart homes encrypt their traffic, a passive network observer – e.g. an ISP, or a neighborhood WiFi eavesdropper – can infer consumer behavior and sensitive details about users from IoT device-associated traffic rate metadata.”
Protecting your cloud from ransomware
Tim Prendergast
https://www.helpnetsecurity.com/2017/05/22/protecting-cloud-ransomware/
Excerpt:
“For enterprises that use the cloud, the key to being protected starts with understanding the layers that make up the components of their cloud stack. These different layers create multiple potential targets, and for the informed, they each represent a piece of the cloud environment that can be secured against potential threats.
There’s now a WannaCry decryptor tool for most Windows versions
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/20/wannacry-decryptor-wanakiwi/
Excerpt:
“As the criminals behind the WannaCry ransomware are trying to make it work again, security researchers have created tools for decrypting files encrypted by it.”
A Windows XP bug makes it possible to recover files encrypted by WannaCry
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/19/recover-files-encrypted-wannacry/
Excerpt:
“In an unusual turn of events, a Windows bug has been found to work in favor of victims instead of attackers, allowing WannaCry victims that run Windows XP to decrypt the files encrypted by the ransomware.”
New Loki Variant Can Steal Credentials from 100+ Software Tools
David Bisson
https://www.tripwire.com/state-of-security/latest-security-news/new-loki-variant-capable-stealing-credentials-100-software-tools/
Excerpt:
“A new variant of Loki Bot is capable of stealing credentials from over 100 software tools assuming they are installed on an infected machine.”
Zomato Hacked; 17 Million Accounts Sold on Dark Web
Waqas
https://www.hackread.com/zomato-hacked-17-million-accounts-sold-on-dark-web/
Excerpt:
“Since 2015 the Dark Web marketplaces have been flourishing. From drugs, weapons, databases, fake documents to all sorts of illegal stuff are available for anyone at anytime. Recently, HackRead found out a vendor going by the online handle of “nclay” is claiming to have hacked Zomato and selling the data of its 17 million registered users on a popular Dark Web marketplace.
TM Black Box attacks: 27 arrested all over Europe
https://www.helpnetsecurity.com/2017/05/18/black-box-attacks/
Excerpt:
The efforts of a number of EU Member States and Norway, supported by Europol’s European Cybercrime Centre (EC3) and the Joint Cybercrime Action Taskforce (J-CAT), culminated in the arrest of 27 individuals linked with so-called ATM Black Box attacks across Europe.
Healthcare organizations still complacent about cybersecurity
https://www.helpnetsecurity.com/2017/05/19/healthcare-complacent-cybersecurity/
Excerpt:
“The rapid fire spread of the WannaCry ransomware, which infected thousands of organizations globally, is one of the most significant cyberattacks in recent digital history. The impact was particularly damaging to the healthcare sector, with the UK’s National Health Service (NHS) being one of the first and most adversely affected victims, causing numerous patient services to be shut down, including emergency services.”
WannaCry and IoT: Vendors react
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/17/wannacry-iot/
Excerpt:
“Among the organizations most gravely affected by the WannaCry ransomware was the UK National Health Service.”
3 in 5 companies expect to be breached in 2017
https://www.helpnetsecurity.com/2017/05/18/expect-breach/
Excerpt:
“New research found that of the 50 percent who reported being breached in 2016, the average material impact to the business was $4 million.”
WannaCry: Smaller businesses are at great risk
Andrew Stuart
https://www.helpnetsecurity.com/2017/05/18/wannacry-smb-risk/
Excerpt:
“Last week saw a widespread attack with more than 10,000 organisations across 150 countries – including 48 NHS trusts in the UK – almost simultaneously hit by the ransomware strain WannaCry. With data encrypted, the impacted businesses and other institutions experienced significant downtime as they were unable to continue with normal operations. The hospitals, for example, were forced to postpone non-urgent procedures and people were asked not to visit Accident & Emergency.”
WannaCry: Who’s behind it? Who’s to blame?
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/16/wannacry-blame/
Excerpt:
“As the amount of money in the three bitcoin addresses associated with the WannaCry attack slowly continues to rise, the question of who is behind the ransomware is still without answer.”
ShadowBrokers Planning Monthly Exploit, Data Dump Service
Michael Mimoso
https://threatpost.com/shadowbrokers-planning-monthly-exploit-data-dump-service/125710/
Excerpt:
“Popcorn in hand, the ShadowBrokers say they’re taking in the WannaCry outbreak from the sidelines before starting in June a subscription service for new exploits and stolen data akin to a wine of the month club.”
Mixed reaction to Trump’s cyber security executive order
Warwick Ashford
http://www.computerweekly.com/news/450418684/Mixed-reaction-to-Trumps-cyber-security-executive-order
Excerpt:
“The latest US presidential executive order on cyber security has been met mainly with praise, but critics say there is nothing really new and takes no decisive action”
US to expand carry-on laptop ban to flights from Europe
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/11/laptop-ban-flights-europe/
Excerpt:
“The Department of Homeland Security is planning to ban US-bound air travelers from Europe and the UK from carrying laptops and other large electronic devices in their hand luggage.”
Chinese hackers ordered to pay $9 million over insider trading
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/11/hackers-insider-trading/
Excerpt:
“Three Chinese citizens, who have obtained millions from illicit stock trades based on insider information they stole from two US law firms by hacking, have been ordered to give back the money (including money given to Hong’s mother) and pay over $5 million in civil penalties.”
Security awareness is good, but good security culture is better
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/08/build-security-culture/
Excerpt:
“As an efficient mechanism to influence employee behavior, security culture is one of the most important, yet most overlooked, aspects of organizational security.”
Turla gets ready to target Mac users
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/05/turla-macs/
Excerpt:
“The cyber espionage group deploying the Turla (aka Snake, Uroburos, or Agent.BTZ) malware framework is expected to be able to target Mac users soon.”
Malware framework using legitimate utilities lobbed at government agencies
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/05/netrepser-malware-framework/
Excerpt:
“Bitdefender researchers have unearthed a previously unknown malware framework that, unlike those used by most APTs, contains many legitimate utilities.
The FBI Director Thinks a Law Against Encryption Is Possible Under Trump
Lorenzo Franceschi-Bicchierai
https://motherboard.vice.com/en_us/article/fbi-director-comey-law-against-encryption-trump
Excerpt:
“The director of the FBI James Comey once again leaves the door open for a law that forces tech companies to put backdoors into their products.”
Attackers exploited SS7 flaws to empty Germans’ bank accounts
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/04/ss7-vulnerabilities-exploited/
Excerpt:
“Cyber criminals have started exploiting a long-known security vulnerabilities in the SS7 protocols to bypass German banks’ two-factor authentication and drain their customers’ bank accounts.”
Critical RCE flaw in ATM security software found
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/04/rce-flaw-atm-security-software/
Excerpt:
“Researchers from Positive Technologies have unearthed a critical vulnerability (CVE-2017-6968) in Checker ATM Security by Spanish corporate group GMV Innovating Solutions.”
Bondnet botnet goes after vulnerable Windows servers
Zeljka Zorz
https://www.helpnetsecurity.com/2017/05/04/compromised-windows-servers/
Excerpt:
“A botnet consisting of some 2,000 compromised servers has been mining cryptocurrency for its master for several months now, “earning” him around $1,000 per day.”
Who’s responsible for secure Internet access?
https://www.helpnetsecurity.com/2017/05/05/secure-internet-access/
Excerpt:
“Americans are divided on key issues around Internet access and responsibility for online privacy, according to AnchorFree.”
Three cybersecurity threat trends that organizations should address today
Stephen Coty
https://www.helpnetsecurity.com/2017/05/05/three-cybersecurity-threat-trends/
Excerpt:
“The cybersecurity landscape grows seemingly more complex – and dangerous – by the day: Hackers and other bad actors unleash increasingly intricate and formidable attacks, on more mission critical systems. Yet, organizations attempt to counter their threats with the same limited resources. In fact, many industry veterans need to return to the ranks as practitioners and researchers to supplement gaps within security teams. We’re also seeing cybersecurity personnel shortfalls at the executive and board levels.”
Healthcare breaches: Is your data at rest or at risk?
https://www.helpnetsecurity.com/2017/05/05/healthcare-breaches/
Excerpt:
“In 2016 healthcare breaches hit an all-time high (328), surpassing the previous record set in 2015 (268), according to Bitglass.”
Read full article
