Uber fined nearly $1.2 Million by Dutch and UK Data Protection Authorities over data breach
Pierluigi Paganini
https://securityaffairs.co/wordpress/78483/laws-and-regulations/uber-fines-data-breach.html
Excerpt
“British and Dutch data protection regulators fined the ride-sharing company Uber with $1,170,892 for the 2016 data breach.”
FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation
Swati Khandelwal
https://thehackernews.com/2018/11/3ve-ad-fraud-google.html
Excerpt
“Google, the FBI, ad-fraud fighting company WhiteOps and a collection of cyber security companies worked together to shut down one of the largest and most sophisticated digital ad-fraud schemes that infected over 1.7 million computers to generate fake clicks used to defraud online advertisers for years and made tens of millions of dollars in revenue.”
UK cops won't go after researcher who reported security issue to York city officials
Catalin Cimpanu
https://www.zdnet.com/article/uk-cops-wont-go-after-researcher-who-reported-security-issue-to-york-city-officials/
Excerpt
“North Yorkshire Police said today they're not pursuing a criminal case against the researcher who found a vulnerability in a mobile app developed by the York city council.”
Bulgarian Prosecutors Detain Three Hackers Allegedly Involved in $5 Million Crypto Theft
Helen Partz
https://cointelegraph.com/news/bulgarian-prosecutors-detain-three-hackers-allegedly-involved-in-5-million-crypto-theft
Excerpt
“Bulgarian Gendarmerie forces and specialized prosecutors have arrested three hackers allegedly involved in stealing $5 million in crypto, Sofia-based newspaper 24 Chasa reports Monday, Nov. 26.”
Brazil's largest professional association suffers massive data leak
Angelica Mari
https://www.zdnet.com/article/brazils-largest-professional-association-suffers-massive-data-leak/
Excerpt
“Brazil's Federation of Industries of the State of São Paulo (FIESP) is being accused of exposing millions of personal data records from three of its databases online.”
ATM attackers strike again: Are you at risk?
David Byrne
https://www.helpnetsecurity.com/2018/11/27/atm-attackers/
Excerpt
“The United States National ATM Council recently released information about a series of ATM attacks using rogue network devices. The criminals opened the upper half of the ATM and installed the device, most likely into the Ethernet switch. The device then intercepted the ATM’s network traffic and changed the bank’s “withdraw denied” response to “withdraw approved,” presumably only for the criminals’ cards.”
GDPR’s impact: The first six months
Gary Southwell
https://www.helpnetsecurity.com/2018/11/26/gdpr-impact/
Excerpt
GDPR is now six months old – it’s time to take an assessment of the regulation’s impact so far. At first blush it would appear very little has changed. There are no well-publicized actions being taken against offenders. No large fines levied. So does this mean its yet another regulation that will be ignored? Actually nothing could be farther from the truth.”
How voice biometrics catches fraudsters
Cliff Saran
https://www.computerweekly.com/news/252452936/How-voice-biometrics-catches-fraudsters
Excerpt
“An estimated £310.2m of e-commerce fraud took place on cards in 2017, accounting for 55% of all card fraud and 76% of total remote purchase fraud, according to the Fraud the facts report from UK Finance.”
Two hackers involved in the TalkTalk hack sentenced to prison
Pierluigi Paganini
https://securityaffairs.co/wordpress/78245/cyber-crime/talktalk-hackers-sentenced.html
Excerpt
“Two men, Connor Allsopp, 21, and Matthew Hanley, 23, pleaded guilty to charges of hacking. Allsopp has been sentenced to 8 months in jail and Hanley to 12 months.”
Conficker: A 10-year retrospective on a legendary worm
Ziv Mador
https://www.helpnetsecurity.com/2018/11/21/conficker/
Excerpt
“This November marked the 10-year anniversary of Conficker, a fast-spreading worm targeting Microsoft systems that went on to claim one of the highest levels of infection in history. Millions of computers were eventually infected by the worm, including hospitals across Europe as well as ordinary consumers.”
Most ATMs can be hacked in under 20 minutes
Catalin Cimpanu
https://www.zdnet.com/article/most-atms-can-be-hacked-in-under-20-minutes/
Excerpt
“An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks.”
Using social media to weaken impact of terrorist attacks
http://www.homelandsecuritynewswire.com/dr20181116-using-social-media-to-weaken-impact-of-terrorist-attacks
Excerpt
“Governments and police forces around the world need to beware of the harm caused by mass and social media following terror events. In a new report, leading counter-terrorism experts from around the world offer guidance to authorities to better manage the impacts of terror attacks by harnessing media communication. “People only know what they see or read, so the immediate panic social media – and then on the news – perpetuates rumors and creates fear. This is exactly what terrorists want,” says one expert.”
Two hacker groups attacked Russian banks posing as the Central Bank of Russia
Pierluigi Paganini
https://securityaffairs.co/wordpress/78068/hacking/two-hacker-groups-attacked-russian-banks-posing-as-the-central-bank-of-russia.html
Excerpt
“Group-IB has detected massive campaigns targeting Russian financial institutions posing as the Central Bank of Russia.”
Suspected Russian cybercriminal arrested in Bulgaria at U.S. request, lawyer says
Jeff Stone
https://www.cyberscoop.com/suspected-russian-cybercriminal-arrested-in-bulgaria-at-u-s-request-lawyer-says/
Excerpt
“Bulgarian authorities last week arrested an accused Russian cybercriminal based on an Interpol warrant that originated with prosecutors from the Eastern District of New York, a lawyer familiar with the case told CyberScoop.”
Ransomware is the leading cyber threat experienced by SMBs
https://www.helpnetsecurity.com/2018/11/14/ransomware-smb/
Excerpt
“Ransomware continues to be the leading cyber attack experienced by SMBs over viruses and spyware, according to Datto. Their report surveyed 2,400 MSPs that support the IT needs of nearly half a million SMBs around the globe.”
Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server
Catalin Cimpanu
https://www.zdnet.com/article/data-of-nearly-700000-amex-india-customers-exposed-via-unsecured-mongodb-server/
Excerpt
“The personal details of nearly 700,000 American Express (Amex) India customers have been accidentally left exposed online via an unsecured MongoDB server.”
Spammer scum hack 100,000 home routers via UPnP vulns to craft email-flinging botnet
Richard Chirgwin
https://www.theregister.co.uk/2018/11/08/upnp_spam_botnet_broadcom/
Excerpt
“Once again, a hundred thousand or more home routers have been press-ganged into a spam-spewing botnet, this time via Universal Plug and Play (UPnP).”
20,000 Pakistani debit card details surface on the dark web
Ivan Mehta
https://thenextweb.com/security/2018/11/07/20000-pakistani-debit-card-details-surface-on-the-dark-web/
Excerpt
“On Tuesday, Pakistan’s Federal Investigation Agency (FIA) said that major banks in the country have suffered a cyber attack affecting more than 20,000 users.”
Dutch cops hope to cuff 'hundreds' of suspects after snatching server, snooping on 250,000+ encrypted chat texts
Richard Chirgwin
https://www.theregister.co.uk/2018/11/07/dutch_police_black_box/
Excerpt
“Dutch police claim to have snooped on more than a quarter of a million encrypted messages sent between alleged miscreants using BlackBox IronPhones.”
New attack by Anonymous Italy: personal data from ministries and police have been released online
Pierluigi Paganini
https://securityaffairs.co/wordpress/77717/hacktivism/anonymous-italy-attacks.html
Excerpt
“New attack by Anonymous Italy: personal data from ministries and police have been released online. The site of Fratelli d’Italia, a post-fascist party, has been defaced”
HSBC Bank notifies customers after hacking incident (updated)
Dissent
https://www.databreaches.net/hsbc-bank-notifies-customers-after-hacking-incident/
Excerpt
“On November 2, HSBC sent letters to an undisclosed number of customers concerning a breach of their accounts. A template of the letter was submitted to the California Attorney General’s Office.”
GPU side channel attacks can enable spying on web activity, password stealing
https://www.helpnetsecurity.com/2018/11/06/gpu-side-channel-attacks/
Excerpt
“Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications.”
Cisco security appliances under attack, still no patch available
Zeljka Zorz
https://www.helpnetsecurity.com/2018/11/02/cve-2018-15454/
Excerpt
“A vulnerability (CVE-2018-15454) affecting a slew Cisco security appliances, modules and firewalls is being exploited in the wild to crash and reload the devices, the company has warned on Thursday.”
Stuxnet is back, Iran admits
Adam Shepherd
https://www.itpro.co.uk/security/32264/stuxnet-is-back-iran-admits
Excerpt
“A new version of the infamous Stuxnet worm has been used to attack Iranian government networks, according to reports.”
Most CIOs say IoT will become a major burden
https://www.helpnetsecurity.com/2018/11/02/iot-burden/
Excerpt
“Dynatrace announced the findings of an independent global survey of 800 CIOs, which reveals that 74% of IT leaders are concerned that IoT performance problems could directly impact business operations and significantly damage revenues.”
New techniques expose your browsing history to attackers
https://www.helpnetsecurity.com/2018/11/02/expose-your-browsing-history-to-attackers/
Excerpt
“Security researchers at UC San Diego and Stanford have discovered four new ways to expose Internet users’ browsing histories. These techniques could be used by hackers to learn which websites users have visited as they surf the web.”
Read full article
Pierluigi Paganini
https://securityaffairs.co/wordpress/78483/laws-and-regulations/uber-fines-data-breach.html
Excerpt
“British and Dutch data protection regulators fined the ride-sharing company Uber with $1,170,892 for the 2016 data breach.”
FBI Shuts Down Multimillion Dollar – 3ve – Ad Fraud Operation
Swati Khandelwal
https://thehackernews.com/2018/11/3ve-ad-fraud-google.html
Excerpt
“Google, the FBI, ad-fraud fighting company WhiteOps and a collection of cyber security companies worked together to shut down one of the largest and most sophisticated digital ad-fraud schemes that infected over 1.7 million computers to generate fake clicks used to defraud online advertisers for years and made tens of millions of dollars in revenue.”
UK cops won't go after researcher who reported security issue to York city officials
Catalin Cimpanu
https://www.zdnet.com/article/uk-cops-wont-go-after-researcher-who-reported-security-issue-to-york-city-officials/
Excerpt
“North Yorkshire Police said today they're not pursuing a criminal case against the researcher who found a vulnerability in a mobile app developed by the York city council.”
Bulgarian Prosecutors Detain Three Hackers Allegedly Involved in $5 Million Crypto Theft
Helen Partz
https://cointelegraph.com/news/bulgarian-prosecutors-detain-three-hackers-allegedly-involved-in-5-million-crypto-theft
Excerpt
“Bulgarian Gendarmerie forces and specialized prosecutors have arrested three hackers allegedly involved in stealing $5 million in crypto, Sofia-based newspaper 24 Chasa reports Monday, Nov. 26.”
Brazil's largest professional association suffers massive data leak
Angelica Mari
https://www.zdnet.com/article/brazils-largest-professional-association-suffers-massive-data-leak/
Excerpt
“Brazil's Federation of Industries of the State of São Paulo (FIESP) is being accused of exposing millions of personal data records from three of its databases online.”
ATM attackers strike again: Are you at risk?
David Byrne
https://www.helpnetsecurity.com/2018/11/27/atm-attackers/
Excerpt
“The United States National ATM Council recently released information about a series of ATM attacks using rogue network devices. The criminals opened the upper half of the ATM and installed the device, most likely into the Ethernet switch. The device then intercepted the ATM’s network traffic and changed the bank’s “withdraw denied” response to “withdraw approved,” presumably only for the criminals’ cards.”
GDPR’s impact: The first six months
Gary Southwell
https://www.helpnetsecurity.com/2018/11/26/gdpr-impact/
Excerpt
GDPR is now six months old – it’s time to take an assessment of the regulation’s impact so far. At first blush it would appear very little has changed. There are no well-publicized actions being taken against offenders. No large fines levied. So does this mean its yet another regulation that will be ignored? Actually nothing could be farther from the truth.”
How voice biometrics catches fraudsters
Cliff Saran
https://www.computerweekly.com/news/252452936/How-voice-biometrics-catches-fraudsters
Excerpt
“An estimated £310.2m of e-commerce fraud took place on cards in 2017, accounting for 55% of all card fraud and 76% of total remote purchase fraud, according to the Fraud the facts report from UK Finance.”
Two hackers involved in the TalkTalk hack sentenced to prison
Pierluigi Paganini
https://securityaffairs.co/wordpress/78245/cyber-crime/talktalk-hackers-sentenced.html
Excerpt
“Two men, Connor Allsopp, 21, and Matthew Hanley, 23, pleaded guilty to charges of hacking. Allsopp has been sentenced to 8 months in jail and Hanley to 12 months.”
Conficker: A 10-year retrospective on a legendary worm
Ziv Mador
https://www.helpnetsecurity.com/2018/11/21/conficker/
Excerpt
“This November marked the 10-year anniversary of Conficker, a fast-spreading worm targeting Microsoft systems that went on to claim one of the highest levels of infection in history. Millions of computers were eventually infected by the worm, including hospitals across Europe as well as ordinary consumers.”
Most ATMs can be hacked in under 20 minutes
Catalin Cimpanu
https://www.zdnet.com/article/most-atms-can-be-hacked-in-under-20-minutes/
Excerpt
“An extensive testing session carried out by bank security experts at Positive Technologies has revealed that most ATMs can be hacked in under 20 minutes, and even less, in certain types of attacks.”
Using social media to weaken impact of terrorist attacks
http://www.homelandsecuritynewswire.com/dr20181116-using-social-media-to-weaken-impact-of-terrorist-attacks
Excerpt
“Governments and police forces around the world need to beware of the harm caused by mass and social media following terror events. In a new report, leading counter-terrorism experts from around the world offer guidance to authorities to better manage the impacts of terror attacks by harnessing media communication. “People only know what they see or read, so the immediate panic social media – and then on the news – perpetuates rumors and creates fear. This is exactly what terrorists want,” says one expert.”
Two hacker groups attacked Russian banks posing as the Central Bank of Russia
Pierluigi Paganini
https://securityaffairs.co/wordpress/78068/hacking/two-hacker-groups-attacked-russian-banks-posing-as-the-central-bank-of-russia.html
Excerpt
“Group-IB has detected massive campaigns targeting Russian financial institutions posing as the Central Bank of Russia.”
Suspected Russian cybercriminal arrested in Bulgaria at U.S. request, lawyer says
Jeff Stone
https://www.cyberscoop.com/suspected-russian-cybercriminal-arrested-in-bulgaria-at-u-s-request-lawyer-says/
Excerpt
“Bulgarian authorities last week arrested an accused Russian cybercriminal based on an Interpol warrant that originated with prosecutors from the Eastern District of New York, a lawyer familiar with the case told CyberScoop.”
Ransomware is the leading cyber threat experienced by SMBs
https://www.helpnetsecurity.com/2018/11/14/ransomware-smb/
Excerpt
“Ransomware continues to be the leading cyber attack experienced by SMBs over viruses and spyware, according to Datto. Their report surveyed 2,400 MSPs that support the IT needs of nearly half a million SMBs around the globe.”
Data of nearly 700,000 Amex India customers exposed via unsecured MongoDB server
Catalin Cimpanu
https://www.zdnet.com/article/data-of-nearly-700000-amex-india-customers-exposed-via-unsecured-mongodb-server/
Excerpt
“The personal details of nearly 700,000 American Express (Amex) India customers have been accidentally left exposed online via an unsecured MongoDB server.”
Spammer scum hack 100,000 home routers via UPnP vulns to craft email-flinging botnet
Richard Chirgwin
https://www.theregister.co.uk/2018/11/08/upnp_spam_botnet_broadcom/
Excerpt
“Once again, a hundred thousand or more home routers have been press-ganged into a spam-spewing botnet, this time via Universal Plug and Play (UPnP).”
20,000 Pakistani debit card details surface on the dark web
Ivan Mehta
https://thenextweb.com/security/2018/11/07/20000-pakistani-debit-card-details-surface-on-the-dark-web/
Excerpt
“On Tuesday, Pakistan’s Federal Investigation Agency (FIA) said that major banks in the country have suffered a cyber attack affecting more than 20,000 users.”
Dutch cops hope to cuff 'hundreds' of suspects after snatching server, snooping on 250,000+ encrypted chat texts
Richard Chirgwin
https://www.theregister.co.uk/2018/11/07/dutch_police_black_box/
Excerpt
“Dutch police claim to have snooped on more than a quarter of a million encrypted messages sent between alleged miscreants using BlackBox IronPhones.”
New attack by Anonymous Italy: personal data from ministries and police have been released online
Pierluigi Paganini
https://securityaffairs.co/wordpress/77717/hacktivism/anonymous-italy-attacks.html
Excerpt
“New attack by Anonymous Italy: personal data from ministries and police have been released online. The site of Fratelli d’Italia, a post-fascist party, has been defaced”
HSBC Bank notifies customers after hacking incident (updated)
Dissent
https://www.databreaches.net/hsbc-bank-notifies-customers-after-hacking-incident/
Excerpt
“On November 2, HSBC sent letters to an undisclosed number of customers concerning a breach of their accounts. A template of the letter was submitted to the California Attorney General’s Office.”
GPU side channel attacks can enable spying on web activity, password stealing
https://www.helpnetsecurity.com/2018/11/06/gpu-side-channel-attacks/
Excerpt
“Computer scientists at the University of California, Riverside have revealed for the first time how easily attackers can use a computer’s graphics processing unit, or GPU, to spy on web activity, steal passwords, and break into cloud-based applications.”
Cisco security appliances under attack, still no patch available
Zeljka Zorz
https://www.helpnetsecurity.com/2018/11/02/cve-2018-15454/
Excerpt
“A vulnerability (CVE-2018-15454) affecting a slew Cisco security appliances, modules and firewalls is being exploited in the wild to crash and reload the devices, the company has warned on Thursday.”
Stuxnet is back, Iran admits
Adam Shepherd
https://www.itpro.co.uk/security/32264/stuxnet-is-back-iran-admits
Excerpt
“A new version of the infamous Stuxnet worm has been used to attack Iranian government networks, according to reports.”
Most CIOs say IoT will become a major burden
https://www.helpnetsecurity.com/2018/11/02/iot-burden/
Excerpt
“Dynatrace announced the findings of an independent global survey of 800 CIOs, which reveals that 74% of IT leaders are concerned that IoT performance problems could directly impact business operations and significantly damage revenues.”
New techniques expose your browsing history to attackers
https://www.helpnetsecurity.com/2018/11/02/expose-your-browsing-history-to-attackers/
Excerpt
“Security researchers at UC San Diego and Stanford have discovered four new ways to expose Internet users’ browsing histories. These techniques could be used by hackers to learn which websites users have visited as they surf the web.”
Read full article