We knew about data theft since February, dental group now says
Azril Annuar
http://m.themalaymailonline.com/malaysia/article/we-knew-about-data-theft-since-february-dental-group-now-says
Excerpt:
“The Malaysian Dental Association (MDA) disclosed today that it had been alerted to a security breach on its online information system containing private data of its members since February.”
46.2 Million Malaysian Mobile Phone Numbers Leaked From 2014 Data Breach
Vijandren
https://www.lowyat.net/2017/146339/46-2-million-mobile-phone-numbers-leaked-from-2014-data-breach/
Excerpt:
“Following up on our report on 19th October, we can now confirm that roughly 46.2 million mobile phone numbers from Malaysian telcos and mobile virtual network operators (MVNO) have been leaked online.”
'Combosquatting' attack hides in plain sight to trick computer users
https://phys.org/news/2017-10-combosquatting-plain-sight-users.html
Excerpt:
“To guard against unknowingly visiting malicious websites, computer users have been taught to double-check website URLs before they click on a link. But attackers are now taking advantage of that practice to trick users into visiting website domains that contain familiar trademarks—but with additional words that change the destination to an attack site.”
UK Government links the WannaCry attack that crippled NHS to North Korea
Pierluigi Paganini
http://securityaffairs.co/wordpress/64834/malware/north-korea-wannacry-attack.html
Excerpt:
“This attack, we believe quite strongly that it came from a foreign state,” Ben Wallace, a junior minister for security, told BBC Radio 4’s Today programme.”
Hacker Wants $50K From Hacker Forum or He'll Share Stolen Database With the Feds
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/hacker-wants-50k-from-hacker-forum-or-hell-share-stolen-database-with-the-feds/
Excerpt:
“Extortion can also be funny when it happens to the bad guys, and there's one extortion attempt going on right now that will put a big smile on your face.”
RBI Fines Yes Bank $1 Million for Tardy Breach Reporting
Suparna Goswami
https://www.bankinfosecurity.com/rbi-fines-yes-bank-1-million-for-tardy-breach-reporting-a-10403
Excerpt:
“The Reserve Bank of India has slapped a $1 million (U.S.) penalty on Yes Bank for failing to promptly notify the central bank of a 2016 data breach of its ATM network. This is reportedly the first such penalty imposed on a bank.”
Most SMBs are not worried about their business being hacked
https://www.helpnetsecurity.com/2017/10/27/smb-concern-cyber-threats/
Excerpt:
“America’s small business owners may want to consider placing a greater emphasis on cyber awareness and best practices year-round. According to a new survey by Paychex, 68 percent of small business owners are not worried about their business being hacked.”
Hackers hijack Coinhive cryptocurrency miner through an old password
Charlie Osborne
http://www.zdnet.com/article/hackers-hijack-coinhive-dns-server-through-an-old-password/
Excerpt:
“Coinhive has admitted to a security breach leading to hackers hijacking cryptocurrency mining scripts on legitimate websites.”
New wave of cyber attacks hits Russia, other nations
Pavel Polityuk, Jack Stubbs
http://www.reuters.com/article/us-ukraine-cyber/new-wave-of-cyber-attacks-hits-russia-other-nations-idUSKBN1CT21F?il=0
Excerpt:
“Cyber attacks using malware called “BadRabbit” hit Russia and other nations on Tuesday, affecting Russian Interfax news agency and causing flight delays at Ukraine’s Odessa airport.”
APNIC Whois-related problem led to accidental exposure of authentication data
Pierluigi Paganini
http://securityaffairs.co/wordpress/64692/data-breach/apnic-data-leak.html
Excerpt:
“The Asia-Pacific Network Information Centre (APNIC) is a non-profit organization that provides Internet addressing services in the Asia-Pacific region. The APNIC made the headlines because it was informed about a Whois-related security incident that led to the exposure of authentication data.”
LokiBot Banking Malware Triggers Ransomware if User Tries to Remove It
David Bisson
https://www.tripwire.com/state-of-security/latest-security-news/lokibot-banking-malware-activates-ransomware-victim-tries-remove/
Excerpt:
“A new variant of Android banking malware known as LokiBot triggers ransomware capabilities if a victim attempts to remove it from their infected device.”
Hackers are attacking power companies, stealing critical data: Here's how they are doing it
Steve Ranger
http://www.zdnet.com/article/hackers-are-attacking-power-companies-stealing-critical-data-heres-how-they-are-doing-it/
Excerpt:
“Hackers are continuing to attempt to gain access to the networks of nuclear power companies and others involved with critical national infrastructure, raising concerns about cyber-espionage and sabotage.”
Camera-based, single-step two-factor authentication resilient to pictionary, shoulder surfing attacks
Zeljka Zorz
https://www.helpnetsecurity.com/2017/10/24/single-step-two-factor-authentication/
Excerpt:
“A group of researchers from Florida International University and Bloomberg LP have created Pixie, a camera-based two-factor authentication system that could end up being a good alternative to passwords and biometrics-based 2FA options.”
Watch out, Aadhaar biometrics are an easy target for hackers
Ankush Johar
https://economictimes.indiatimes.com/tech/internet/watch-out-aadhar-biometrics-are-an-easy-target-for-hackers/articleshow/61183055.cms
Excerpt:
“Aadhaar is a 12-digit unique identification number issued by the Indian government to each Indian citizen. The Unique Identification Authority of India (UDAI), which functions under the Planning Commission of India, is responsible for managing Aadhaar numbers and Aadhaar identification cards. The purpose of Aadhaar cards is to have a single, unique identification document or number that links a consumer’s entire details including demographic and biometric information.”
Cybercriminals focus on the shipping and cloud storage sectors
https://www.helpnetsecurity.com/2017/10/23/cybercrime-shipping-cloud-storage/
Excerpt:
“The Anti-Phishing Working Group’s latest report found upticks in phishing attacks against companies in the Logistics & Shipping as well Cloud Storage & File Hosting sectors, mounted by cyber gangs against the accounts of both individuals and enterprises.”
The complex digital life of the modern family: Online safety and privacy concerns
https://www.helpnetsecurity.com/2017/10/20/complex-digital-life/
Excerpt:
“The National Cyber Security Alliance (NCSA) conducted a study to better understand teens and parents’ attitudes, concerns and knowledge base about online safety and privacy and how they view their own responsibility to keep themselves safe while on the Internet.”
Hackers can track, spoof locations and listen in on kids' smartwatches
John Leyden
https://www.theregister.co.uk/2017/10/18/child_smartwatch_privacy_peril/
Excerpt:
“Tests on smartwatches for children by security firm Mnemonic and the Norwegian Consumer Council have revealed them to be riddled with flaws.”
The Problem with Hacking Back: It Might Be Your Network
Teri Radichel
https://www.secplicity.org/2017/10/17/problem-hacking-back-might-network/
Excerpt:
“The US government is considering allowing companies to “hack back” against cyber attackers. The Active Cyber Defense Certainty Act (ACDC) amends the Computer Fraud and Abuse Act to allow limited retaliatory strikes against cyber attackers. The full PDF amendment is available online. As noted in some comments in an article on the UK Register there is some skepticism about this law and the potential consequences. Here are a few more pros and cons to consider.”
From Cybercrime to Cyberpropaganda
Daniel Lunghi
http://blog.trendmicro.com/trendlabs-security-intelligence/from-cybercrime-to-cyberpropaganda/
Excerpt:
“A couple of common questions that arise whenever cyberpropaganda and hacktivism issues come up: who engages in it? Where do the people acquire the tools, skills, and techniques used? As it turns out, in at least one case, it comes from the traditional world of cybercrime. We’ve come across a case where a cybercriminal based in Libya turned from cybercrime to cyberpropaganda.”
SMEs more vulnerable than ever to cyber attacks, survey shows
Warwick Ashford
http://www.computerweekly.com/news/450428246/SMEs-more-vulnerable-than-ever-to-cyber-attacks-survey-shows
Excerpt:
“The overwhelming majority of cyber attacks on small to medium-sized enterprises (SMEs) result from poor password management, a study of 1,000 UK and US SMEs by the Ponemon Institute shows.”
Bad passwords and weak security are making ships an easy target for hackers
Danny Palmer
http://www.zdnet.com/article/bad-passwords-and-weak-security-are-making-ships-an-easy-target-for-hackers/
Excerpt:
“Commercial shipping vessels have such poor cyber security it's possible to track them down and hack into them via poorly secured communications systems.”
WPA2 weakness allows attackers to extract sensitive info from Wi-Fi traffic
Zeljka Zorz
https://www.helpnetsecurity.com/2017/10/16/wpa2-weakness/
Excerpt:
“WPA2, a protocol that secures modern protected Wi-Fi networks, sports serious weaknesses that can allow attackers to read and capture information that users believe to be encrypted (e.g. passwords, payment card numbers, etc.).”
Almost half of non-IT and data pros don’t understand blockchain
https://www.helpnetsecurity.com/2017/10/16/understand-blockchain/
Excerpt:
“A survey of over 200 board level UK executives has found that while over half of businesses sampled are planning blockchain initiatives, less than 1 in 10 believe they have the required skill sets in place within their organisations. At the same time, more than 40 per cent of non-IT/data senior executives admit to not fully understanding blockchain technology.”
DDoS Attacks Cause Train Delays Across Sweden
Catalin Cimpanu
https://www.bleepingcomputer.com/news/security/ddos-attacks-cause-train-delays-across-sweden/
Excerpt:
“DDoS attacks on two separate days have brought down several IT systems employed by Sweden's transport agencies, causing train delays in some cases.”
Post-Soviet Bank Heists: A Hybrid Cybercrime Study
Thanassis Diogos
https://www.trustwave.com/Resources/SpiderLabs-Blog/Post-Soviet-Bank-Heists---A-Hybrid-Cybercrime-Study/
Excerpt:
“Today we are publishing a SpiderLabs Advanced Threat Report that details a major cyberattack targeting banks mainly located in post-Soviet states. All the attacks share a common profile and the finely tuned orchestration of the entire operation shows an innovative new technique for stealing money.”
Republican polling firm's database was hacked, exposing donor records
Zack Whittaker
http://www.zdnet.com/article/republican-polling-firm-hacked-exposing-donor-records/
Excerpt:
“A Republican phone polling firm has been hacked, exposing data on hundreds of thousands of Americans who submitted donations to political campaigns, ZDNet has learned.”
Malaysian companies need to be better prepared against cyber attacks: Madius
Aiezat Fadzell
http://www.thesundaily.my/news/2017/10/10/malaysian-companies-need-be-better-prepared-against-cyber-attacks-madius
Excerpt:
“CyberSecurity Malaysia has recorded 6,274 cases relating to cyber attacks as of September this year. Science, Technology and Innovation (MOSTI) Minister Datuk Seri Wilfred Madius Tangau said these cases include denial of service, fraud, intrusion, malicious codes, spam, as well as cyber harassment.”
Hackers steal $60 million from Taiwanese bank using bespoke malware
Graham Cluley
https://www.tripwire.com/state-of-security/security-data-protection/hackers-steal-60-million-from-taiwanese-bank-using-bespoke-malware/
Excerpt:
“Last week, a hacking gang abused the SWIFT banking network to steal $60 million after planting malware on a Taiwanese bank’s servers.”
Inventive cyber gang steals millions from East European banks
Zeljka Zorz
https://www.helpnetsecurity.com/2017/10/12/cybercrime-east-european-banks/
Excerpt:
“Trustwave researchers have uncovered a series of ingenious bank heists that cost several Eastern European and Russian banks up to $10 millions each, and they believe financial institutions in European, North American, Asian and Australian regions could be targeted with the same within the next year.”
FIN7 Hackers Change Attack Techniques
Ionut Arghire
http://www.securityweek.com/fin7-hackers-change-attack-techniques
Excerpt:
“The financially-motivated FIN7 hacking group recently switched to a new delivery technique and has been employing a different malware obfuscation method, ICEBRG security researchers reveal.”
Man in the Middle attacks
Walid Salame
http://www.kalitut.com/2017/10/man-in-middle-attacks.html
Excerpt:
“Man in the middle attacks are methods (which have been discussed since 1995), in which the attacker latches into a communication link, and then sits in the middle between the two communication endpoints.”
Sri Lanka police arrest two men over cyber theft at the Taiwan Bank
Pierluigi Paganini
http://securityaffairs.co/wordpress/64034/cyber-crime/taiwan-bank-cyber-heist.html
Excerpt:
“The Sri Lanka authorities have arrested two men allegedly involved in cyber heist at an unnamed Taiwan bank that occurred last week.”
North Korean cyber gangs blitz Irish companies with 'almost daily' attacks
Ralph Riegel
http://www.independent.ie/irish-news/north-korean-cyber-gangs-blitz-irish-companies-with-almost-daily-attacks-36208986.html
Excerpt:
“North Korean state-sponsored cyber gangs are launching almost daily attacks on Irish companies, banks and utilities as it emerged a syndicate associated with the Pyongyang regime is the chief suspect in the €4.3m cyber raid on Meath County Council last year.”
Alleged cyberstalker unmasked by VPN logs
Zeljka Zorz
https://www.helpnetsecurity.com/2017/10/09/cyberstalker-unmasked-purevpn/
Excerpt:
“A Massachusetts man was arrested on cyberstalking charges after the online activities he tried to hide through VPN use were revealed by logs provided by PureVPN.”
Leaving employees to manage their own password security is a mistake
https://www.helpnetsecurity.com/2017/10/06/manage-password-security/
Excerpt:
“Despite the clear and present danger that weak passwords pose to organizations, many remain focused on implementing technology based on policy, not the user, to address the problem.”
A forum on DarkNet is selling data stolen from over 6,000 Indian businesses including ISPs: QuickHeal
http://www.firstpost.com/tech/news-analysis/a-forum-on-darknet-is-selling-data-stolen-from-over-6000-indian-businesses-including-isps-quickheal-4106715.html
Excerpt:
“Global IT security firm Quick Heal's Enterprise Security brand Seqrite has discovered an advertisement on DarkNet forum that claims to have access to data of over 6,000 Indian businesses that include Internet Service Providers (ISPs), some of the key government organisations, banks and enterprises.”
2013 Yahoo Breach Affected All 3 Billion Accounts
Michael Mimoso
https://threatpost.com/2013-yahoo-breach-affected-all-3-billion-accounts/128259/
Excerpt:
“A massive breach of Yahoo’s systems in 2013 impacted every account in existence at the time, the company said last night in a new filing with the Securities and Exchange Commission.”
Equifax hack affected 145.5 million individuals, 2.5M more than originally stated
Pierluigi Paganini
http://securityaffairs.co/wordpress/63772/hacking/equifax-hack-145-5m-affected.html
Excerpt:
“Equifax data breach may affect 2.5 million more customers than originally stated, the overall number of exposed individuals reached 145.5 million.”
Most companies are unprepared for DNS attacks
https://www.helpnetsecurity.com/2017/10/03/companies-unprepared-dns-attacks/
Excerpt:
“DNS security is often overlooked when it comes to cybersecurity strategy, with most companies inadequately prepared to defend against DNS attacks.”
Cost of Africa's internet shutdowns? $1m a day – quarter of a billion total
Kieren McCarthy
https://www.theregister.co.uk/2017/10/02/cost_of_africas_internet_shutdowns/
Excerpt:
“A new report estimates the cost to African countries routinely pulling the plug on their citizens' internet access is around $1m a day.”
Want to prevent ransomware attacks? Prepare.
Robert Abel
https://www.scmagazine.com/want-to-prevent-ransomware-attacks-prepare/article/696200/
Excerpt:
“The threat is huge. The response? Not so much. Or at least the response isn't on par with the threat when it comes to ransomware.
UK asks for ways to destroy contraband drones heading to prisons
Charlie Osborne
http://www.zdnet.com/article/uk-asks-you-to-destroy-contraband-drones-heading-to-prisons/
Excerpt:
“The UK Ministry of Justice (MOJ) has launched a competition asking for ideas to stop drones from dropping contraband into prisons.”
How attackers can take advantage of encrypted tunnels
https://www.helpnetsecurity.com/2017/10/02/take-advantage-encrypted-tunnels/
Excerpt:
“Many organizations are not actively examining the encrypted traffic in their network. According to a Venafi survey, roughly a quarter (23%) of security professionals don’t know how much of their encrypted traffic is decrypted and inspected.”
The global impact of huge cyber security events
https://www.helpnetsecurity.com/2017/10/02/impact-huge-cyber-security-events/
Excerpt:
“The past 12 months have seen a number of unprecedented cyber-attacks in terms of their global scale, impact and rate of spread. Already causing widespread public concern, these attacks only represent a small sample of the wide array of cyber threats we now face.”
Read full article
