Cybersecurity & Espionage Articles
Original Post at Wired.com
THE FIRST SIX months of 2017 have seen an inordinate number of cybersecurity meltdowns. And they weren't just your standard corporate breaches. It's only July, and already there's been viral, state-sponsored ransomware, leaks of spy tools from US intelligence agencies, and full-on campaign hacking. And that's just the beginning. Let this recap of 2017's biggest cyber-incidents so far serve as a reminder of just how chaotic things have already gotten–and the year's only halfway done.
0 Comments
Original Post at RealClearDefense.com
Pentagon contractors are racing to meet a Dec. 31 deadline to have in place tight controls on sensitive information and ensure weapons systems under their watch are safe from hacking and tampering. The measures are viewed as necessary at a time of heightened fears of cyberattacks and insider leaks. They are also causing widespread anxiety in the industry as the Pentagon shifts more of the security burden to suppliers, many of which are small businesses that lack resources to harden information networks and production facilities. https://www.csoonline.com/article/3202770/how-to-spot-and-prevent-insider-threats.html
In June, Netherlands-based web hosting provider Verelox had to completely shut down its services, preventing customers from accessing their data and virtual servers. Was this another example of ransomware? An outside hacker up to mischief? Nope. The company’s headaches were caused by a disgruntled ex-employee who “deleted all customer data and wiped most servers,” according to Verelox, as quoted in International Business Times. Fortunately, Verelox bounced back a few days later, without losing any important data. But many similar incidents don’t have such a positive outcome. And experts say the insider threat to corporate data is growing. Here’s what you need to know about detecting insider threats—and how to minimize the risks. Original Post at CBSNews.com
The Shadow Brokers, who have spent nearly a year publishing some of the American intelligence community's most closely guarded secrets, posted a new message to the user-driven news service Steemit on Wednesday carrying new threats, a new money-making scheme and nudge-nudge references to the ransomware explosion that continues to cause disruption from Pennsylvania to Tasmania. Original Article at HelpNetSecurity.com
Despite an overall drop in general malware detection for the quarter, Linux malware made up more than 36 percent of the top threats identified in Q1 2017. This attack pattern demonstrates the urgent need for heightened security measures to protect Linux servers and Linux-dependent IoT devices, according to WatchGuard Technologies. Original Post at HelpNetSecurity.com
South Korean banks are being threatened with crippling DDoS attacks unless they pay $315,000 in bitcoin. The attackers threatening them identified themselves as the Armada Collective. Choi Sang-Myung, a researcher at South Korean’s Hauri Labs, notedthat these latest threats might have been a consequence of the recent successful extortion attempt of South Korean web hosting provider Nayana. In any case, he said that the banks are well prepared to meet the onslaught, should it come. Original Post at TheHill.com
Businesses leaders expressed surprise that the Department of Justice (DOJ) is appealing a case about when law enforcement should have access to data stored in other countries. The case pits the DOJ against Microsoft over an issue both sides have indicated requires a legislative fix: whether or not a domestic warrant can require a company to retrieve data stored on a foreign server. Both chambers of Congress had taken up the issue with hearings involving the DOJ, industry and other stakeholders, and both chambers had expressed a sense of urgency to resolve the conflict. Original Post at NewYorkPost.com
I posted something on my personal Facebook page that my employer found offensive and I was subsequently fired. It wasn’t about the company and was done during my own time. Isn’t that an infringement on my First Amendment rights? Can they fire me for expressing myself just because they didn’t like my message? The First Amendment prohibits the government from abridging freedom of speech in most circumstances, but that does not apply to private employers. So the short answer is yes, in most circumstances an employer may fire you for what you write and say online and off. There are certain limitations — for example, you are protected by whistleblower laws if you are exposing unlawful or unethical activities within your company. Original Post at NewsWeek.com
The U.K. Parliament became the latest Western government to be targeted in a cyber attack Friday. Parliamentary officials said the attack was aimed at all parliamentary email accounts and hackers sought to identify weak passwords. It prompted parliament to temporarily block all remote access to the email accounts of MPs, members of the House of Lords and parliamentary staff. More than 10,000 Westminster staff were told to change their passwords after the “sustained and determined” effort. Original post at TheRegister.co.uk
The settlement fund will be used to cover damage costs incurred by people who had personal information including their names, dates of birth, addresses, and medical ID numbers stolen when, in 2015, Anthem was hit by hackers. While credit card details and medical records were not accessed, the exposed personal information was serious enough that credit monitoring services have been given to affected customers. Original Post at TheRegister.co.uk
Russians hackers are trading the email addresses and passwords of top UK politicians and diplomats. The login credentials of thousands of British politicians, ambassadors and other top officials are getting traded on the dark net, The Times reports. Even though the data is old and in some ways past its sell-by date, it still presents a potential problem. An investigation by the paper found two massive lists of stolen credentials were put up for sale or traded on Russian-speaking hacking sites. The purloined cache included the log-in details of 1,000 British MPs and parliamentary staff, 7,000 police employees and over 1,000 Foreign Office officials. The purported details include key members of Parliament such as education secretary Justine Greening and business secretary Greg Clark. Original Post at Softpedia.com
Apple started a new cleaning process of the App Store, with a report claiming Cupertino has already removed no less that hundreds of thousands of apps that violated the guidelines, but which somehow made it to the store. TechCrunch writes that Apple is mostly looking to take down clones and spam apps, but at the same time, the company is also pulling apps that weren’t supposed to be there from the very beginning, as it’s the case of those created with a template or an app generation service. Original Post at HelpNetSecurity.com
If often happens to less prominent individuals, but this time it happened to a US State Supreme Court judge: scammers have managed trick her into wiring the money meant for buying an apartment to a bank account under their control. Original Post at HelpNetSecurity.com
Trustwave released the 2017 Trustwave Global Security Report which reveals the top cybercrime, data breach and security threat trends from 2016. The report demonstrates both good and bad news in the world of cybersecurity as intrusion detection and breach containment times were relatively better, but other threats like malvertisements became cheaper and malicious spam saw increases. Original Post at Softpedia.com
A report from Reuters reveals that WannaCry first reached Honda’s systems last week, nearly a month after the ransomware outburst started, but the company’s IT department put in place several protection systems that have in the end proved to be ineffective. The WannaCry ransomware is based on an exploit stolen by hacking group Shadow Brokers from the NSA last summer and posted online earlier this year. The exploit takes advantage of a vulnerability in the SMB service in Windows and affects all versions of Microsoft’s operating system. WannaCry encrypts files on a compromised system and requires the victim to pay between $300 and $600 for the decryption key. Microsoft delivered patches for supported Windows versions in March, while in mid-May the firm decided to roll out emergency updates for unsupported releases as well, including Windows XP. Original Post at Softpedia.com
Web hosting provider Nayana said the attack was recorded on June 10 when more than 3,40 business websites ended up encrypted with Erebus, a form of malware that was first spotted last year and which was updated to support Linux. Hackers originally demanded 550 Bitcoin to decrypt the infected files, but Nayana says after several rounds of negotiations, the ransom was reduced to 397.6 Bitcoin, which was the equivalent of a little over $1 million. In a statement posted on the official website, Nayana explains that the hackers pointed out the firm would be able to pay more than $1.6 million in ransom after estimating that each of the 40 employees receives an annual salary of $30,000. This means the firm makes at least $1.2 million every year, with hackers explaining that if Nayana does not afford to pay, it should take a loan or go bankrupt. Original Post at NewYorkPost.com
Hackers could use an electronic cigarette to crack into a computer and steal a victim’s most sensitive information. All crooks need to do is add a small chip to an e-cig to transform it into a digital lock-pick capable of prizing open a target’s systems. This tiny modification fools the computer into thinking a mouse or keyboard is attached, making the device drop its guard. Once plugged into a computer, the booby-trapped electronic cigarette can inject a piece of “malicious code” which could order the computer to download files -letting criminals steal all the private information on their victim’s system. Original Post at TechRepublic.com
|
Cyber-CyI find interesting articles on the web that are simple, down-to-earth, easy to understand, and (hopefully) informative for non-technical readers. Archives
November 2022
Categories |