News – February 2017


  • Yahoo offers new details on breaches to Senate committee

    February 28, 2017

    Since Yahoo disclosed two mega-breaches late last year, its executives have met almost daily with CEO Marissa Mayer for working sessions focused on improving the company’s cybersecurity posture. Employees have also received weekly security presentations from Yahoo CISO Bob Lord at the company’s all-hands meetings. The new working sessions and briefings are part of an ...

  • Google Discloses Another ‘High Severity’ Microsoft Bug

    February 27, 2017

    Google Project Zero disclosed Monday a “high severity” vulnerability it found in Microsoft’s Edge and Internet Explorer browsers that could allow remote attackers to execute arbitrary code. The revelation adds yet another vulnerability to a growing list of known bugs Microsoft has been warned about, but is leaving unpatched, this month as it grapples with ...

  • Even bakeries get hit by hackers, top insurer warns ‘ill-equipped’ small businesses

    February 27, 2017

    Bakers are not immune from the hacking epidemic spreading across Europe, a top insurer has warned. Hiscox boss Bronek Masojada said small businesses faced just as much risk as large ones from cyber crime – but many did not have the resources to combat it. He said that in one case, a German bakery was targeted by ...

  • Boeing Notifies 36,000 Employees Following Breach

    February 27, 2017

    A Boeing employee inadvertently leaked the personal information of 36,000 of his co-workers late last year when he emailed a company spreadsheet to his non-Boeing spouse. News of the breach surfaced earlier this month after a letter (.PDF) from Boeing’s Deputy Chief Privacy Officer Marie Olson, to the Attorney General for the state of Washington Bob ...

  • Treason charges against Russian cyber experts linked to seven-year-old accusation

    February 26, 2017

    Treason charges brought in December against two Russian state security officers and a cyber-security expert in Moscow relate to allegations made by a Russian businessman seven years ago, according to the businessman and a source connected with the investigation. They said the arrests concern allegations that the suspects passed secrets to U.S. firm Verisign and other ...

  • Could cybersecurity sink your next M&A?

    February 26, 2017

    Most CFOs don’t expect to see cybersecurity on their due diligence checklist for mergers and acquisitions. Yet cybersecurity – or a lack thereof – has massive implications for any deal: after all, the average data breach now costs organisations in the ballpark of $4 million, not to mention the potential damage to reputation and revenues when ...

  • Cloudbleed: How to Protect Yourself After the Data Leak

    February 25, 2017

    Cloudflare revealed a bug in its code caused sensitive data to leak from major websites that use its services, including big names such as Uber, Fitbit, 1Password, and OkCupid. There are an estimated 4.2 million domains using Cloudflare, which may have leaked data, including crypto keys, passwords, user sensitive information, and so on. The list is ...

  • NSA snoops told: Get your checkbooks and pens ready for a cyber-weapon shopping spree

    February 25, 2017

    NSA and US Cyber Command boss Mike Rogers has revealed the future direction of his two agencies – and for the private sector, this masterplan can be summarized in one word. Kerching! Speaking at the West 2017 Navy conference on Friday, Rogers said he is mulling buying up more infosec tools from corporations to attack and infiltrate ...

  • NATO Warns Cyber Attacks Are a Threat to Democracy Itself

    February 24, 2017

    NATO is showing concern about the impact of cyber attacks, considering that they are a threat to individuals and organizations, but also to the fundamental nature of democracy. According to Jamie Shea, deputy assistant secretary general for emerging security challenges at NATO, cyber is facilitating more advanced and more effective psychological warfare, information operations, coercion and ...

  • Security researchers announce “first practical” SHA-1 collision attack

    February 23, 2017

    Security researchers at the CWI institute in Amsterdam working with a team from Google Research say they have found a faster way to compromise the SHA-1 hash algorithm — announcing what they describe as “the first practical technique for generating a SHA-1 collision” in a blog post today. A ‘collision’ here refers to being able to ...

  • A guided tour of the cybercrime underground

    February 23, 2017

    One of the strange features of cybercrime is how much of it is public. A quick search will turn up forums and sites where stolen goods, credit cards and data are openly traded. But a glance into those places may not give you much idea about what is going on. “Everyone can join as long as you speak ...

  • UK crime agency arrests suspect in Deutsche Telekom cyber attack

    February 23, 2017

    British authorities have arrested a suspect in connection with a cyber attack that infected nearly 1 million routers used to access Deutsche Telekom’s (DTEGn.DE) internet service, German federal police said on Thursday. Britain’s National Crime Agency detained the 29-year-old Briton at one of London’s airports on Wednesday, the police said in a statement. Deutsche Telekom welcomed the ...

  • Serious Bug Exposes Sensitive Data From Millions Sites Sitting Behind CloudFlare

    February 22, 2017

    A severe security vulnerability has been discovered in the CloudFlare content delivery network that has caused big-name websites to expose private session keys and other sensitive data. CloudFlare, a content delivery network (CDN) and web security provider that helps optimize safety and performance of over 5.5 Million websites on the Internet, is warning its customers of ...

  • INTERPOL World 2017 builds up momentum with strong support from public and private sectors

    February 21, 2017

    SINGAPORE – The second edition of INTERPOL World has garnered strong support from public and private sectors, both locally and on the international front. Owned by INTERPOL, the world’s largest police organization with 190 member countries, the event is supported by Singapore’s Ministry of Home Affairs (MHA), the World Economic Forum and CyberSecurity Malaysia, an ...

  • How to Bury a Major Breach Notification

    February 21, 2017

    Amid the hustle and bustle of the RSA Security Conference in San Francisco last week, researchers at RSA released a startling report that received very little press coverage relative to its overall importance. The report detailed a malware campaign that piggybacked on a popular piece of software used by system administrators at some of the ...

  • Unpatched Python and Java Flaws Let Hackers Bypass Firewall Using FTP Injection

    February 21, 2017

    This newly discovered bugs in Java and Python is a big deal today. The two popular programming languages, Java and Python, contain similar security flaws that can be exploited to send unauthorized emails and bypass any firewall defenses. And since both the flaws remain unpatched, hackers can take advantage to design potential cyber attack operations against critical ...

  • Malware Attack on Polish Banks Uses Russian as False Flag, Linked to Lazarus

    February 21, 2017

    Hackers involved in the attack on Polish banks seem to have faked some of the code lines, making it seem as if they were Russians. The truth is, however, the lines don’t make sense to native speakers and an online translator may have been used. A recent sophisticated attack campaign targeted financial organizations from many countries, ...

  • Got Effective Cybersecurity Practices? Be Aware: The FTC Is Watching You

    February 20, 2017

    Following a July ruling against medical testing laboratory LabMD (which is now out of business), the Federal Trade Commission has emerged as a central regulator of cybersecurity practices for U.S. businesses. The FTC’s mandate to act on “unfair or deceptive” business practices that could harm consumers is being interpreted in a way that means any ...

  • States vie for Israeli cyber security investment as CyberGym heads downunder

    February 20, 2017

    State governments are jostling to win a major cyber security investment from the multibillion-dollar Israeli government-owned electricity company, as the business implications of Prime Minister Benjamin Netanyahu’s first Australian visit begin to take shape. Ofer Bloch, chief executive of the Israel Electric Corporation (IEC), was in Australia with the Prime Minister’s accompanying delegation of business leaders ...

  • Malware Hijacks Microphones to Spy On Ukrainian Businesses, Scientists and Media

    February 20, 2017

    Ukraine has once again been a target of a potential hacking attack that infected computer systems from dozens of Ukrainian businesses with highly sophisticated malware, allowing hackers to exfiltrate sensitive data and eavesdrop on their network. Late last year, the country also suffered a power outage caused by the same group of hackers that targeted Ukraine’s ...