News – July 2018


  • Thousands of U.S. Voter Personal Records Leaked by Robocall Firm

    July 18, 2018

    The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company. Researchers have discovered yet another misconfigured repository bucket – this time leaking the information of U.S. voters. The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company called Robocent. Kromtech Security researchers, ...

  • Indictments Against 12 Russians Show How Hackers Were Hacked

    July 18, 2018

    Hi everybody, Jordan Robertson here. I cover cybersecurity in Washington, D.C. Today’s newsletter is about Special Counsel Robert Mueller’s indictment this week of 12 Russian military officers for allegedly orchestrating the hacks of the 2016 U.S. presidential election. The indictment, which I encourage you to read if you’re interested in technical details about how the hacks worked, is remarkable in a number ...

  • EU fines Google $5 billion over Android antitrust abuse

    July 18, 2018

    European Union regulators have slapped Alphabet-owned Google with a record 4.34 billion euro ($5 billion) antitrust fine for abusing the dominance of its Android mobile operating system, which is by far the most popular smartphone OS in the world. Google said in a statement that it would appeal the ruling, arguing against the EU’s view that its software is restrictive of fair competition. European ...

  • DDoS Attacks Get Bigger, Smarter and More Diverse

    July 17, 2018

    DDoS attacks are relentless. New techniques, new targets and a new class of attackers continue to reinvigorate one of the internet’s oldest nemeses. Distributed denial of service attacks, bent on taking websites offline by overwhelming domains or specific application infrastructure with massive traffic flows, continue to pose a major challenge to businesses of all stripes. Being ...

  • Microsoft Offers $100,000 Bounty for Finding Bugs in Its Identity Services

    July 17, 2018

    Microsoft today launched a new bug bounty program for bug hunters and researchers finding security vulnerabilities in its “identity services.” Hacking into networks and stealing data have become common and easier than ever but not all data holds the same business value or carries the same risk. Since new security today depends on the collaborative communication of ...

  • Investigation reveals elaborate technology terror web

    July 16, 2018

    In late December 2015 a uniformed Pentagon spokesman, Colonel Steve Warren, made a video announcement about “Operation Inherent Resolve”, the US military’s campaign against the so-called Islamic State (IS) group in Iraq and Syria. The spokesman gave details about 10 senior IS figures who had been targeted and killed, many in drone strikes, over the course ...

  • Hackers Used Malicious MDM Solution to Spy On ‘Highly Targeted’ iPhone Users

    July 13, 2018

    Security researchers have uncovered a “highly targeted” mobile malware campaign that has been operating since August 2015 and found spying on 13 selected iPhones in India. The attackers, who are also believed to be operating from India, were found abusing mobile device management (MDM) protocol—a type of security software used by large enterprises to control and ...

  • Milipol Qatar – the region’s leading international event dedicated to homeland security and civil defence in the Middle East

    July 13, 2018

    Milipol Qatar, the region’s leading international event dedicated to homeland security and civil defence in the Middle East returns for its 12th edition from 29-31 October at Doha Exhibition and Convention Center (DECC) and will be held under the patronage of H.H the Emir of Qatar Sheikh Tamim bin Hamad Al-Thani. Bringing together thousands of ...

  • Hackers are caught selling codes to access airport security systems on the dark web for just £7

    July 12, 2018

    Criminals have been caught selling codes to access an airport’s security systems on the dark web for just £7 ($10), according to a new investigation. The stolen passwords could allow anyone to access the airport’s remote desktop protocol (RDP). This allows employees to work access airport systems outside the local network. Had the codes fallen into the wrong ...

  • 6-Year-Old Dorkbot Banking Malware Resurfaces as Big Threat

    July 12, 2018

    Old banking malware called Dorkbot has reemerged in 2018 to become a serious threat. The banking malware called Dorkbot is back. Samples of the 6-year-old malware are now ranked the second biggest banking malware headache in 2018 so far, according to new data from Check Point. “Dorkbot, known malware that dates back to 2012, has entered back the ...

  • Ticketmaster breach ‘part of massive card-skimming campaign’

    July 12, 2018

    The Ticketmaster breach was not a one-off, but part of a massive digital credit card-skimming campaign. Threat intel firm RiskIQ reckons the hacking group Magecart hit Ticketmaster only as part of a massive credit card card hacking campaign affecting more than 800 ecommerce sites. Magecart has evolved tactically from hacking sites directly, to targeting widely used third-party ...

  • Deceased Patient Data Being Sold on Dark Web

    July 11, 2018

    Why are hackers selling medical records of deceased patients? It is no shocker medical records are a prime target for cybercriminals. But less intuitive is the market for medical records of the deceased on the dark web. We took a closer look at the reason behind this strange trend. Here is what we found. First off, despite ...

  • Two New Spectre-Class CPU Flaws Discovered—Intel Pays $100K Bounty

    July 11, 2018

    Intel has paid out a $100,000 bug bounty for new processor vulnerabilities that are related to Spectre variant one (CVE-2017-5753). The new Spectre-class variants are tracked as Spectre 1.1 (CVE-2018-3693) and Spectre 1.2, of which Spectre 1.1 described as a bounds-check bypass store attack has been considered as more dangerous. Earlier this year, Google Project Zero researchers ...

  • China-based hackers take an interest in Cambodia’s elections

    July 11, 2018

    A US-based security researcher has accused China of interfering in Cambodia’s forthcoming national election. Security vendor FireEye says it has spotted a large-scale Chinese phishing, intrusion, remote access trojan (RAT), and data exfiltration operation targeting the poll. FireEye attributed the activity to a group dubbed “TEMP.Periscope”, previously more closely associated with targeting American engineering and maritime operations. The FireEye post ...

  • Hacker Sold Stolen U.S. Military Drone Documents On Dark Web For Just $200

    July 11, 2018

    You never know what you will find on the hidden Internet ‘Dark Web.’ Just about an hour ago we reported about someone selling remote access linked to security systems at a major International airport for $10. It has been reported that a hacker was found selling sensitive US Air Force documents on the dark web for between $150 ...

  • AT&T buys threat intelligence company AlienVault

    July 10, 2018

    AT&T said it plans to continue investing in and building on AlienVault’s key platforms, and will integrate the technology into its suite of managed cybersecurity offerings. Fresh off of its $85 billion acquisition of Time Warner, AT&T said Tuesday that it’s buying AlienVault, a cybersecurity and threat intelligence company. Financial terms were not disclosed. Based in San Mateo, California, AlienVault ...

  • Timehop breach hits 21 million users due to a lack of 2FA on cloud services

    July 9, 2018

    Timehop, a service that surfaces a user’s past social media content, has revealed a security breach that hit the company on July 4, and resulted in a database of 21 million users hit. As a result, the company has voided all social media authorisation tokens it held, and is alerting its users. Around 4.7 million phone numbers were breached, ...

  • Fitness app Polar exposed locations of spies and military personnel

    July 8, 2018

    A popular fitness app that tracks the activity data on millions of users has inadvertently revealed the locations of personnel working at military bases and intelligence services. The app, Polar Flow, built by its eponymous company Polar, a Finnish-based fitness tracking giant with offices in New York, allowed anyone to access a user’s fitness activities over ...

  • Mastercard: Biometrics use set to skyrocket

    July 6, 2018

    Biometric technology is set to become an integral part of all online shopping as the need for greater security increases, a new report has claimed. Research from Mastercard claims that one in four online transactions will need a greater level of authentication and security within the next 12 months. New EU regulations governing online fraud are set to come ...

  • Ex-NSO Employee Caught Selling Stolen Phone Hacking Tool For $50 Million

    July 5, 2018

    A former employee of one of the world’s most powerful hacking companies NSO Group has been arrested and charged with stealing phone hacking tools from the company and trying to sell it for $50 million on the Darknet secretly. Israeli hacking firm NSO Group is mostly known for selling high-tech malware capable of remotely cracking into ...