News – August 2017


  • Former Military Cybersecurity Platform to Be Applied in Money Services Business (MSB) Sector

    August 13, 2017

    Recent cyber attacks have increased awareness security on the net. The cyber security market is one of the fastest growing industries in the past few years, due to the increasing penetration of the internet and growing adoption of cloud computing. The global cyber security market is expected to reach $181.77 billion in 2021, according to a report ...

  • Cyberspies Are Using Leaked NSA Hacking Tools to Spy On Hotels Guests

    August 11, 2017

    An infamous Russian-linked cyber-espionage group has been found re-using the same leaked NSA hacking tool that was deployed in the WannaCry and NotPetya outbreaks—this time to target Wi-Fi networks to spy on hotel guests in several European countries. Security researchers at FireEye have uncovered an ongoing campaign that remotely steals credentials from high-value guests using Wi-Fi networks at European hotels ...

  • Many Factors Conspire in ICS/SCADA Attacks

    August 11, 2017

    Critical infrastructure operators can’t be blamed for a perpetual case of whiplash. They are mired between hackers targeting internet-facing and air-gapped systems with equal precision, and vendors and management unwilling to properly tackle security for fear of downtime and incompatibility. “The space of ICS/SCADA has not changed much, so you can find devices running old OSes ...

  • Juniper Issues Security Alert Tied to Routers and Switches

    August 10, 2017

    Juniper Networks warned customers Thursday of a high-risk vulnerability in the GD graphics library that could allow a remote attacker to take control of systems running certain versions of the Junos OS. The alert was in conjunction with a warning from the U.S. Computer Emergency Readiness Team (US-CERT) that said affected versions of the Junos OS ...

  • TalkTalk fined £100k for exposing personal sensitive info

    August 10, 2017

    Blighty’s Information Commissioner’s Office has whacked TalkTalk with a £100,000 fine after the data of the records of 21,000 people were exposed to fraudsters in an Indian call centre. The breach came to light in September 2014 when TalkTalk started getting complaints from customers that they were receiving scam calls. Typically, the scammers pretended they were ...

  • CouchPotato: CIA Hacking Tool to Remotely Spy On Video Streams in Real-Time

    August 10, 2017

    After disclosing CIA’s strategies to hijack and manipulate webcams and microphones to corrupt or delete recordings, WikiLeaks has now published another Vault 7 leak, revealing CIA’s ability to spy on video streams remotely in real-time. Dubbed ‘CouchPotato,’ document leaked from the CIA details how the CIA agents use a remote tool to stealthy collect RTSP/H.264 video streams. Real Time Streaming Protocol, or RTSP, ...

  • Salesforce sacks two top security engineers for their DEF CON talk

    August 10, 2017

    Salesforce fired two of its senior security engineers after they revealed details of an internal tool for testing IT defenses at DEF CON last month. Josh Schwartz, director of offensive security, and John Cramb, a senior offensive security engineer based in Australia, were sacked by a senior Salesforce executive minutes after giving a talk at the ...

  • SAP Patch Tuesday Update Resolves 19 Flaws, Three High Severity

    August 9, 2017

    SAP released 19 patches on Tuesday, fixing a trio of vulnerabilities marked high severity in its business management software. The most pressing fixes are for a directory traversal vulnerability in the company’s Netweaver AS Java Web Container, a code injection vulnerability in its Visual Composer design tool, and a cross-site AJAX request vulnerability in its BusinessObjects suite of applications. The ...

  • How Top Companies Accidentally Leaking Terabytes of Sensitive Data Online

    August 9, 2017

    An anti-malware detection service provider and premium security firm has been accused of leaking terabytes of confidential data from several Fortune 1000 companies, including customer credentials, financial records, network intelligence and other sensitive data. However, in response to the accusations, the security firm confirmed that they are not pulling sensitive files from its customers; instead, it’s ...

  • Updates to Sofacy, Turla Highlight 2017 Q2 APT Activity

    August 8, 2017

    Attackers behind advanced persistent threat campaigns have kept busy over the past several months, adding new ways to bypass detection, crafting new payloads to drop, and identifying new zero days and backdoors to help them infect users and maintain persistence on machines. Juan Andres Guerrero-Saade and Brian Bartholomew, members of Kaspersky Lab’s Global Research and Analysis Team, described ...

  • Self-Driving Cars Can Be Hacked By Just Putting Stickers On Street Signs

    August 8, 2017

    Car Hacking is a hot topic, though it’s not new for researchers to hack cars. Previously they had demonstrated how to hijack a car remotely, how to disable car’s crucial functions like airbags, and even how to steal cars. But the latest car hacking trick doesn’t require any extra ordinary skills to accomplished. All it takes is a simple sticker onto ...

  • UK organisations could face huge fines for cyber security failures

    August 8, 2017

    British organisations could face fines of up to £17m, or 4% of global turnover, if they fail to take measures to prevent cyber-attacks that could result in major disruption to services such as transport, health or electricity networks. But the proposals, which are being considered as part of a government consultation launched on Tuesday, say that ...

  • UK Government issues cyber security guidelines for driverless cars

    August 7, 2017

    As vehicles get smarter, cyber security in the automotive industry is becoming an increasing concern. As a result, the UK government has issued new, relevant cyber security guidelines for connected and driverless cars. Cars are now becoming connected Wi-Fi hotspots, and are well on their way to autonomy. But, this leaves them vulnerable to hacking and ...

  • Web law offers ‘right to be forgotten’ online

    August 7, 2017

    Social media firms will have to erase personal information on individuals when asked under laws allowing people the “right to be forgotten” online. The Data Protection Bill will make it simpler for people to control how companies use their personal details, including requesting that posts or pictures be deleted. The information watchdog has been given extra powers ...

  • UK intelligence agencies turn to start-ups on cyber security

    August 6, 2017

    At 44 years old, Dan Brett is not a typical candidate for a tech accelerator. However, after a decade spent developing cyber security technology for banks, the entrepreneur threw his hat into the ring when he heard GCHQ was launching a centre for start-ups near its headquarters in Cheltenham. “I’m not your young, sexy start-up ...

  • Exploits Available for Siemens Molecular Imaging Vulnerabilities

    August 4, 2017

    Siemens is readying patches for a number of vulnerabilities in its molecular imaging products, including some where public exploits are available. Advisories published Thursday by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) indicate that the flaws are remotely exploitable. “Siemens is preparing updates for the affected products and recommends protecting network access to the Molecular ...

  • WannaCrypt victims paid out over $140k in Bitcoin to get files unscrambled

    August 3, 2017

    More than $140,000 (£105,000) in Bitcoin has been paid out by victims of the global WannaCrypt ransomware outbreak from May. The money was removed from the online wallets at 4am UTC on Thursday. The Bitcoin activity was noticed by a Twitter bot set up by Quartzjournalist Keith Collins. The attack swept across at least 74 countries, and the UK’s ...

  • Cisco Fixes DoS, Authentication Bypass Vulnerabilities, OSPF Bug

    August 3, 2017

    Cisco fixed 15 vulnerabilities this week in more than a dozen products, including two high severity vulnerabilities that could have let an attacker trigger a denial of service condition or bypass local authentication. The more severe bugs fixed on Wednesday exist in the company’s Identity Services Engine and its Videoscape Distribution Suite. The bypass, which exists ...

  • New Virus Called “Invisible Man” Going After Android Users

    August 3, 2017

    Security researchers warn that a new form of malware is targeting Android devices, posing as a Flash update that needs to be installed as soon as possible. SophosLabs, however, warns not only that this is fake update, but also that it includes a form of malware known as Invisible Man and officially flagged as Andr/Banker-GUA. The ...

  • WannaCry Hero Charged With Creating $7,000 Banking Malware

    August 3, 2017

    In an astonishing turn of events, the man who stopped the spread of the WannaCry ransomware earlier this year has been arrested and charged with creating a banking malware known as Kronos. Marcus Hutchins, also known as MalwareTech, was held in Nevada, just as he was getting ready to head home from the Las Vegas-based hacker conferences ...