News – December 2015


FTC, FDA Countering Cybersecurity Risk Of Wearable Devices
December 29, 2015
Federal watchdog agencies are ratcheting up efforts to counter cybersecurity threats to devices and wearables connected to the Internet of Things (IoT), according to a security expert.


Adobe releases monthly updates early to patch Flash zero-day vulnerability
December 28, 2015
Adobe has patched a Flash zero-day vulnerability that may have already been exploited in limited targeted campaigns.


India signed two MoUs with Malaysia on Cyber Security
December 26, 2015
India signed two MoUs with Malaysia on Cooperation on Cyber Security and Cooperation in Project Delivery and an agreement on Cultural Exchange Programme for 2015-2020.


U.S. and EU struggling to reach aviation cybersecurity agreement
December 25, 2015
As the aviation industry struggles to adopt cybersecurity measures in an effort to keep airspace safe from hackers, authorities in the U.S. and European Union are reportedly failing to see eye to eye.


Juniper Backdoor Picture Getting Clearer
December 22, 2015
Juniper’s documentation for NetScreen and ScreenOS shows that it uses Dual_EC-DRBG in a non-conventional way to implement a random number generator used to encrypt VPN traffic.


Apple Takes Bite Out Of Snoopers’ Charter
December 22, 2015
The tech giant says the Investigatory Powers Bill will “put law-abiding citizens at risk – not criminals, hackers and terrorists”.


Cybersecurity’s Big Market Boom Reaches $75B
December 21, 2015
The size of the global cybersecurity market continues to skyrocket – and the latest research from Forbes shows there is no signs of it slowing down anytime soon.


Israel to invest NIS 100m in cyber-security fund Kidma
December 21, 2015
Kidma, the three-year-old government program aimed at promoting cybersecurity, is set to enter a new phase and see its budget expanded to NIS 100 million


Investcorp acquires cyber security firm SecureLink
December 21, 2015
Bahrain-based asset management firm Investcorp announced that it has acquired cyber security firm SecureLink for an undisclosed sum.


Personal data of 12+ million Dutch mobile customers open to hackers
December 20, 2015
Dutch citizens who own a mobile phone coud be at risk of attack due to poor security practices at the Phone House.


Newly discovered hack has U.S. fearing foreign infiltration
December 19, 2015
A major breach at computer network company Juniper Networks has U.S. officials worried that hackers working for a foreign government were able to spy on the encrypted communications of the U.S. government and private companies for the past three years.


ManTech Awarded $5 Billion MAC IDIQ Contract
December 18, 2015
ManTech International Corporation has been awarded a Cyber Security and Information Systems Technical Area Tasks (CS TAT) contract by the Defense Technical Information Center (DTIC) to provide advanced, full-scope cyber research and development to support multiple technical projects


Cyber security warning after National Crime Agency website targeted by hackers
December 18, 2015
A cyber security warning has been issued after the National Crime Agency website was targeted by hackers.


Banks told to get tough on cybersecurity in 2016
December 18, 2015
2016 New York state cybersecurity requirements for banks, expected to be applied country-wide, include multi-factor auth, regular audits and pentests, and exacting third-party vendor cybersecurity scrutiny.


Outlook “letterbomb” exploit could auto-open attacks in e-mail
December 17, 2015
Fixed by Microsoft’s latest patches, bug could be “enterprise killer,” says researcher.


Juniper Finds Backdoor that Decrypts VPN Traffic
December 17, 2015
Juniper Networks today has released an emergency patch that removes what it’s calling “unauthorized code” from ScreenOS that could allow attackers to decrypt VPN traffic from NetScreen devices.


Critical Flaws Found in Network Management Systems
December 17, 2015
Four leading network management system providers are busying patching and preparing fixes for a half-dozen critical cross-site scripting and SQL injection vulnerabilities disclosed Wednesday by Rapid7.


Deloitte supports cyber security MSc programme at DMU
December 17, 2015
Deloitte, Airbus, BT and Rolls-Royce will provide their expertise to students of the newly developed cyber security MSc from De Montfort University Leicester (DMU)


DefCamp 2015 – the sixth edition comes to an end
December 17, 2015
DefCamp 2015 comes to an end. The sixth edition of the largest cyber security & hacking conference from the Central Eastern Europe became a must-attend event in Bucharest, Romania.


NCA leads international cyber-crime exercise with FBI and Europol
December 16, 2015
Silver Shadow draws together authorities from eight countries to test response by US and European law enforcement to a large scale cyber-attack.


Massive Year-End Spending Bill Includes Cybersecurity Act
December 16, 2015
A massive year-end spending measure moving through Congress includes a provision that will encourage companies to share cyber threat information with the government while providing them with liability protections for not acting on information received.


F-35 cyber security testing delay prompts vulnerability concerns
December 16, 2015
The F-35 fighter jet could allegedly be vulnerable to cyber attacks, according to concerns raised in recent reports focusing on the potential vulnerability of the F-35 computer.


Melbourne to become regional cyber-security hub
December 15, 2015
Victoria is ramping up efforts to become a cyber-security hub as part of a global push to prevent terrorists, organised criminals, spies and hackers from infiltrating the computer systems of businesses and governments.


Surge in demand for cybersecurity
December 14, 2015
The products and services delivered by specialist cybersecurity firms are in high demand as spending by governments and corporations in the area rises.


Researchers spot stealthy LATENTBOT, undetected since 2013
December 14, 2015
“LATENTBOT” targets the financial services, insurance sector as well several other industries in the U.S., U.K., South Korea, Brazil, United Arab Emirates, Singapore, Canada, Peru and Poland.


European Space Agency records leaked for amusement, attackers say
December 14, 2015
In all, 8,107 names, email addresses, and passwords were posted to the Web


Hong Kong banks caught in dilemma on sharing cyber data
December 13, 2015
The spotless results from a recent sector-wide crisis management test show banks still reluctant to share cyber data.


J.P. Morgan, Bank of America, Citibank And Wells Fargo Spending $1.5 Billion To Battle Cyber Crime
December 12, 2015
There’s a showdown going down between a global network of cyber criminals and the world’s largest corporations, governments and cybersecurity companies.


For cyber security, machine learning offers hope beyond the hype
December 11, 2015
High profile breaches this year raise the question of whether the cyber security industry can come up with a powerful new tool to frustrate the bad guys.


Illinois chosen for National Guard cybersecurity squadron
December 10, 2015
A new cyber-security squadron will be headquartered with the Illinois National Guard.


Banking Malware Moving Over Facebook Hosted in Cloud
December 10, 2015
A new run of Spy Banker banking malware infections has been targeting Portuguese-speaking victims in Brazil.


Cisco Warning of Vulnerabilities in Routers, Data Center Platforms
December 9, 2015
Cisco is warning users that several of its products – routers, gateways, and data center platforms, including a critical vulnerability in its Prime Collaboration Assurance software


NHS research reveals worrying lack of cyber security training
December 9, 2015
NHS Trusts across England do not have adequate training programmes in place to ensure their employees are guarded against cyber threats.


UK and US Bankers fear cyber attack more than economic crisis
December 8, 2015
UK and US bankers said organised cyber attacks are the biggest threat to the safety of banks.


Microsoft, Law Enforcement Collaborate in Dorkbot Takedown
December 8, 2015
A coalition of law enforcement agencies worked together recently to disrupt Dorkbot, a botnet that’s managed to infect more than one million machines in 190 countries during the last year.


Apple Patches 50 Vulnerabilities Across iOS, OS X, Safari
December 8, 2015
Apple has piled on the patches already released by Adobe and Microsoft today, and pushed out updates for iOS, OS X, Apple TV, Safari, and it’s watch-based operating system watchOS.


Cybersecurity experts ‘charge £10,000 a day to protect UK’s top firms’
December 8, 2015
Manpower survey reveals soaring costs following high profile attacks on Sony, TalkTalk and JD Wetherspoon


Cybercrime: Finance workers most likely to ignore cybersecurity protection
December 7, 2015
Finance workers are most likely to circumvent their company’s cybersecurity protection – despite also being the industry that’s hit hardest by cybercrime.


EU lawmakers, countries agree on bloc’s first cyber-security law
December 7, 2015
EU lawmakers and member states struck a deal on the bloc’s first cyber-security law that will require Internet firms such as Google and Amazon to report serious breaches or face sanctions.


Persistent Financial Malware ‘Nemesis’ Targets Boot Record
December 7, 2015
A group of attackers are behind a strain of payment card malware that has bootkit functionality, something that makes it very difficult to detect, much less remove.


Iran-based attackers use back door threats to spy on Middle Eastern targets
December 7, 2015
Two teams of Iran-based attackers have been using back door threats to conduct targeted surveillance of domestic and international targets.

Relentless Sofacy APT Attacks Armed With Zero Days, New Backdoors
December 4, 2015
A new analysis of the Sofacy APT gang, a Russian-speaking group carrying out targeted attacks against military and government offices for close to a decade, shows a relentless wave of intrusions peaking this summer against victims in a number of NATO countries and the Ukraine.


China blamed for ‘massive’ cyber attack on Australian government
December 2, 2015
A major cyber-attack against Australia’s Bureau of Meteorology that may have compromised potentially sensitive national security information is being blamed on China, the Australian Broadcasting Corp.


How to calculate ROI and justify your cybersecurity budget
December 1, 2015
Almost eight years ago, Bruce Schneier wrote a great article about the problems of ROI calculation for cybersecurity spending within organizations.

European Commission: Cyber security crisis ‘a big business opportunity’
December 1, 2015
The European Commission’s innovation adviser, Robert Madelin, has described the growing need for cyber security as “a big business opportunity”, describing it as a “billion-euro opportunity” for the private sector.