News – January 2016

HSBC cyber attack brings Internet banking to its knees
January 29, 2016
HSBC has been hit by a cyber attack causing its personal banking website and mobile application to shut down, only weeks after a systems failure that left thousands of its customers without access to digital services.

Industrial control systems a growing target for cyber attack
January 29, 2016
Attackers with increasing capabilities have strong financial motivation to go after critical infrastructure and manufacturing firms.

BlackEnergy APT Group Spreading Malware via Tainted Word Docs
January 28,2016
Attackers have begun using rigged Microsoft Word documents propagated via spearphishing emails to spread the BlackEnergy Trojan.

CERT-In signs cyber security pacts with 3 nations
January 28, 2016
The Indian Computer Emergency Response Team (CERT-In) has signed cooperation pacts with its counterparts in Malaysia, Singapore and Japan for cyber security.

Oracle to Kill Java Browser Plugin
January 28, 2016
Oracle has announced its intent to deprecate the plugin in JDK 9 and JRE in a future Java SE release.

Israel’s electric authority hit by “severe” hack attack
January 27, 2016
Israel’s Electricity Authority experienced a serious hack attack that officials are still working to repel, the country’s energy minister said Tuesday.

MiniUPnP Vulnerability Clears Way for Stack Smashing Attack
January 27, 2016
The Internet of Things security challenge is twofold: finding bugs, and more urgent – fixing them.

Mozilla Patches Critical Vulnerabilities in Firefox 44
January 27, 2016
Mozilla has patched a number of critical vulnerabilities in Firefox 44 and Firefox Extended Release 38.6, which were released this week.

Last chance to register for IET Cyber Security for Industrial Control Systems Conference, 3-4 February, London

Bank of America’s Unlimited Cybersecurity Budget Sums Up Spending Plans In A War Against Hackers
January 27, 2016
The U.S. federal government, big banks, and big businesses are spending big bucks in a war against hackers and cyber criminals.

Government Agencies Audit for Juniper Backdoor
January 26, 2016
Most U.S. government agencies have until Feb. 4 to audit their IT infrastructure for the use of backdoored Juniper Networks’ Netscreen firewalls.

Bug in Magento puts millions of e-commerce merchants at risk of takeover
January 26, 2016
Exploits are as easy as embedding malicious JavaScript in registration forms.

UK Government announces cybersecurity startup support scheme
January 26, 2016
The UK Government has announced a new scheme that seeks to help cyber security startups develop new technical solutions that will serve to protect the country from attacks.

Surge in launches of Israeli cyber security companies
January 26, 2016
Founders of country’s start-ups are no longer just former veterans of elite military units.

NIST Kicks Off Wireless Infusion Pump Cybersecurity Project
January 25, 2016
The National Institute of Standards and Technology (NIST) is launching a project to improve the cybersecurity of wireless infusion pumps.

PwC buys Edinburgh cyber-security firm Praxism
January 25, 2016
Accountancy major PwC is expanding its cyber-security practice with the acquisition of Praxism, an Edinburgh-based consultancy specialising in identity and access management.

Japan to add 40 officials for cybersecurity
January 25, 2016
The government will add 40 officials to the office in charge fending off cyberattacks against government-related agencies.

Venture Capitalists Chase Rising Cybersecurity Spending
January 25, 2016
Investors have been pouring money into companies selling “next-generation” security products.

Nuclear Cybersecurity: Why We Should Worry
January 25, 2016
The Nuclear Threat Initiative’s security index rightly criticizes other countries for failing to address the threat of cyberattack against their nuclear facilities but overlooks the failings of our own country.

British cyber start-ups targeted by $350m investment fund
January 24, 2016
British cyber security start-ups are being targeted by American venture capitalist Paladin as it seeks to invest $350m.

Secret SSH backdoor in Fortinet hardware found in more products
January 23, 2016
Company warns customers to remove undocumented authentication feature ASAP.

Media devices sold to US feds have hidden backdoor with sniffing functions
January 22, 2016`
Highly privileged account could be used to hack customers’ networks, researchers warn.

Global mass injection affects thousands of websites worldwide
January 22, 2016
Attackers compromise over 3,500 public servers in possible reconnaissance drive for future attacks.

Cyber security pros say boards, CEOs and CFOs don’t ‘get’ cyber security risk
January 21, 2016
Forty-five per cent of cyber security professionals believe their board of directors have a major gap in their understanding of cyber risk, or don’t understand the risk at all, according to the research.

Apple Fixes Cookie Theft Bug in iOS 9.2.1
January 21, 2016
When Apple pushed out iOS 9.2.1 earlier this week, it fixed a nasty bug that lingered in the wild for nearly three years and could have let an attacker steal cookies and impersonate victims.

Scammers impersonate India’s Income Tax Department to deliver malware
January 21, 2016
India, USA, UK, and other countries are being targeted with fraudulent “tax deduction” emails containing information-stealing malware.

Cyber-security threat could cause ‘Fukushima-like disaster’
January 20, 2016
A new report has warned of the dangers of bad cyber-security when it comes to nuclear power, handing out ‘0’ ratings to tens of countries around the world and warning of a Fukushima-scale threat.

Dridex Borrows Tricks From Dyre, Targets U.K. Users
January 20, 2016
Attackers behind the Dridex Trojan have narrowed their sights on banks based in the United Kingdom frequented by high-value business accounts, researchers claim.

Linux bug imperils tens of millions of PCs, servers, and Android phones
January 20, 2016
Vulnerability allows restricted users and apps to gain unfettered root access.

Apple Releases Patches for iOS, OS X and Safari
January 20, 2016
The patches come less than a week after a ShmooCon presentation by Synack director of research Patrick Wardle revealed that Apple’s Gatekeeper security feature in OS X can be bypassed by an attacker with network-level access.

US government urges cyber security sharing for connected car threats
January 18, 2016
The US Department of Transportation has urged the automotive industry to share information and work with researchers to tackle potential car hack attacks.

New Head Of Europol’s European Cybercrime Centre
January 18, 2016
Mr Steven Wilson has taken up his duties as the new Head of Europol’s European Cybercrime Centre (EC3).

FDA Issues Guidelines on Medical Device Cybersecurity
January 18, 2016
The Food and Drug Administration (FDA) issued a new set of draft guidelines on Friday in hopes that medical device manufacturers not only address cybersecurity risks before they design products, but also during the maintenance of those products.

Securities and Exchange Commission gets tough on cyber security
January 17, 2016
US regulator signals that prevention is the centrepiece of its strategy

Cyber Crime Costs Projected To Reach $2 Trillion by 2019
January 17, 2016
‘Crime wave’ is an understatement when you consider the costs that businesses are suffering as a result of cyber crime.

Cyber Attacks Threatening Oil and Gas Sector Severely Now Than Ever Before
January 17, 2016
It is being reported that the oil and gas sectors have suddenly become more vulnerable to cyber threats.

Trustwave failed to spot casino hackers right under its nose
January 16, 2016
IT security biz Trustwave is being sued by a Las Vegas casino operator for allegedly bungling a hacking investigation. Trustwave denies any wrongdoing.

Anonymous Exposes 1GB Data Belonging to Thailand’s Supreme Court
January 16, 2016
The Blink Hacker Group, which is among the many divisions of Anonymous, accidentally stumbled upon this massive wealth of data while attempting to deface Thailand Supreme Court website.

New OpenSSH bug could leak encryption keys to attackers
January 15, 2016
Users advised to patch vulnerability which affects many Linux-based operating systems.

Apple’s anti-malware Gatekeeper still useless
January 15, 2016
Apple has flubbed attempts to patch flaws in OS X’s anti-malware system Gatekeeper, leaving the defenses still easy to bypass.

Cisco Patches Hardcoded Password, DoS Vulnerabilities in Software, Devices
January 14, 2016
Cisco patched a handful of issues across its software line this week, including two critical vulnerabilities that could lead to the complete compromise of any devices running the software, and a hardcoded password that exists in some access points made by the company.

Cyber security rules backed by EU committee
January 14, 2016
Firms supplying essential services will have to take action to improve their ability to withstand cyber attacks under new rules approved by members of European Parliament on the Internal Market Committee.

Singapore: National cybersecurity R&D laboratory to be ready by end-2016
January 14, 2016
The laboratory is a shared national research infrastructure which can be used by the local research community and industry.

Watchdog urges US nuclear agency to close cyber security gaps
January 13, 2016
An audit report has called on the US nuclear agency to revise its IT contracts to ensure better cyber security

Hacker Attacks Could Derail Train, Cybersecurity Researchers Say
January 12, 2016
According to SecurityWeek, the supervisory control and data acquisition network (SCADA) systems used by many rail companies are vulnerable to hacker attacks.

Cyber activists from 42 countries issue open letter against software ‘backdoors’
January 11, 2016
Nearly 200 experts, companies and advocacy groups urge governments to end efforts to ‘mandate insecure encryption’ amid surveillance concerns

Questions Linger as Juniper Removes Backdoored Dual_EC RNG
January 11, 2016
Juniper Networks announced late Friday it was removing the suspicious Dual_EC_DRBG random number generator from its ScreenOS operating system.

Authorities Arrest Eight in Tyupkin ATM Malware Takedown
January 11, 2016
European authorities dismantled a cybercrime ring last week responsible for a series of ATM attacks that ultimately led to substantial financial losses across Europe.

 26-Year-Old Hacker Sentenced to Record 334 Years in Prison
January 11, 2016
Onur Kopçak was arrested in 2013 for operating a phishing website that impersonated bank site, tricking victims into providing their bank details including credit card information.

Top Cyber Security Salaries In U.S. Metros Hit $380,000
January 9, 2016
According to the IT job board DICE, the top IT security salaries go to lead software security engineers who earn an average of $233,333.

602 Gbps! This May Have Been the Largest DDoS Attack in History
January 8, 2016
Cyber attacks are getting evil and worst nightmare for companies day-by-day, and the Distributed Denial of Service (DDoS) attack is one of the favorite weapon for hackers to temporarily suspend services of a host connected to the Internet.

Older IE Versions Losing Security Support on Tuesday
January 8, 2016
Next Tuesday will bring the first batch of Microsoft security bulletins for 2016 and it will also herald the end of security support for Internet Explorer versions 8, 9 and 10.

GM embraces white-hats with public vulnerability disclosure program
January 8, 2016
On January 5, General Motors quietly flipped the switch on Detroit’s first public security vulnerability disclosure program, launched in partnership with the bug bounty and disclosure portal provider HackerOne.

Firefox’s ban of SHA-1 certs causing some security issues, Mozilla warns
January 7, 2016
Mozilla has warned Firefox users that its decision to reject SHA-1 certificates has caused an unfortunate side effect: some man-in-the-middle devices, such as security scanners and antivirus products, are failing to connect to HTTPS sites.

Top cybersecurity mistakes health organisations make
January 7, 2016
Despite healthcare organisations’ best attempts at maintaining patient confidentiality, the industry regularly accounts for a staggering number of data breaches.

Silent Circle Patches Modem Flaw That Exposes Blackphone to Attack
January 6, 2016
Silent Circle, makers of the security and privacy focused Blackphone, have patched a vulnerability that could allow a malicious mobile application or remote attacker to access the device’s modem and perform any number of actions.

Destructive Disakil malware linked to Ukraine power outages also used against media organisations
January 6, 2016
A highly destructive Trojan reportedly used in recent attacks against the Ukrainian energy sector, was also earlier used against media targets in the same country.

Zerodium Offers $100K for Adobe Flash Heap Isolation Bypasses
January 5, 2016
Exploit acquisition company Zerodium announced via its Twitter account that it would run a month long bounty program, paying as much as $100,000 for exploit code bypassing the heap isolation mitigation in Flash Player.

Dutch Government Embraces Encryption, Denounces Backdoors
January 5, 2016
Government officials in the Netherlands this week released a statement that actually calls for stronger encryption and rejects backdoors entirely.

New JavaScript Ransomware Sold as a Service
January 4, 2016
Researchers this week turned up a new ransomware-as-a-service operation that pushes the first ransomware coded entirely in JavaScript.

BIMCO, together with other leading shipping organisations launched Cyber security guidelines for ships
January 4, 2016
BIMCO, together with other leading shipping organisations, launched a set of guidelines to help the global shipping industry prevent major safety, environmental and commercial issues that could result from a cyber incident onboard a ship.

Department of Defense Nudges Contractors to Patch Juniper Backdoor
January 2, 2016
Juniper Networks, found “unauthorized” code in its ScreenOS software which would allow an attacker to take total control of Juniper NetScreen firewalls

Anti-IS group claims cyber-attack on BBC
January 2, 2016
A group of computer hackers that wants to target Islamic State has claimed it was behind a cyber attack on the BBC which it intended as a test of its own capabilities.

Cyber Security Agency looking to strengthen online security in every sector
January 1, 2016
The Singapore Cyber Security Agency is planning set up a Security Operation Centre in every sector, so that information can be shared and responses coordinated in the event of an cyber attack.