News – July 2016

Russia Says It Detected Malware on PCs at 20 Government Organizations
July 31, 2016
The Russian Federal Security Service (FSB) announced yesterday that it detected malware on the computer networks of 20 Russian government organizations.

Vietnam: Aviation security tightened following cyber attacks at airports
July 30, 2016
Airports across Vietnam have been ordered to tighten aviation security following cyber-attacks at Tan Son Nhat and Noi Bai international airports Friday afternoon, Vietnam News Agency (VNA) reports. 

Chinese Hacktivists Attack Vietnamese Airports
July 30, 2016
A group of Chinese hacktivists named China 1937CN Team have delayed operations at 21 Vietnamese airports and defaced the website of state-owned Vietnam Airlines.

Malware Used in DNC Hack Has Roots in Chinese Open-Source Tool
July 29, 2016
One of the malware variants used to infiltrate and hack the Democratic National Committee (DNC) back in April 2016 is based on an open source networking utility developed by a Chinese company in the early 2000s.

Over 10,000 Free Wi-Fi Kiosks Collecting Data on New Yorkers
July 29, 2016
Privacy advocacy groups are sounding the alarm on LinkNYC, a network of free Wi-Fi kiosks that have been installed across New York City in the past year by CityBridge…

Warning: Business Cloud Apps are not Security Compliant
July 29, 2016
A Blue Coat Systems` analysis of 15,000 cloud application came back with a shocking outcome.

The Chthonic Banking Trojan Propagated via PayPal
July 28, 2016
Hijacked or newly created PayPal accounts are being leveraged and embroiled in the Chthonic Banking Trojan distribution campaign, analysts from Proofpoint security company alarm.

Israel’s Energy Ministry wants cyber security lab
July 28, 2016
The new laboratory will act as a testing and simulation environment for industrial operations technologies, and can be used to examine the effectiveness of various protection systems.

Cybersecurity spending will exceed $100bn over the next 4-5 years, says Intel Security
July 27, 2016
A new collaborative research by John McAfee-founded Intel Security and the Washington-headquartered Center for Strategic and International Studies (CSIS) has detailed how the shortage of cybersecurity skills is the root cause for significant data loss, which damages finances and reputation of countries and businesses.

Experts: U.S. more prepared for cyber attack on paper than in reality
July 26, 2016
A discussion panel of cyber security and electrical industry stakeholders on Sunday examined what can be done to protect public utilities in the U.S. and other countries from cyber attacks.

New U.S. Cyber Security Policy Solidifies FBI as Key Cyber Leader
July 26, 2016
Presidential Policy Directive-41 on U.S. Cyber Incident Coordination Policy sets forth principles that will govern the federal government’s response to cyber incidents and designates certain federal agencies to take the lead in three different response areas—threat response, asset response, and intelligence support.

DISA gets injection of funding for small-business rapid innovation projects
July 25, 2016
The DOD funding will support development of cutting-edge cybersecurity technologies.

US Government to Pay $2 Million for Automatic Hacking and Patching System
July 25, 2016
Defense Advanced Research Projects Agency (DARPA) will be giving away a total of $4 million to seven teams participating in the Cyber Grand Challenge (CGC).

Ancient Hackhound Password Stealer Used in Industrial Espionage Campaign
July 25, 2016
Security researchers from McAfee have come across a compromised Web server meant to host C&C servers for different password stealers, which were used to target several companies as part of an industrial espionage campaign.

Cybersecurity to Get $15M Boost from DOE
July 25, 2016
The Department of Energy will provide the support in a three-year partnership with NRECA and the American Public Power Association.

DNC Emails from WikiLeaks Pose Massive Privacy Threat to Donors
July 24, 2016
The latest trove of leaked Democratic National Committee (DNC) emails are massive privacy threat to innocent people like the donors of Democratic party.

Before Hacking, The DNC Mocked A Report Questioning Its Cybersecurity
July 23, 2016
Just months before a trove of Democratic National Committee emails were hacked and published online, a DNC communications director mocked a BuzzFeed News report in May that questioned the effectiveness of its cybersecurity.

Cybersecurity: A vertical industry application?
July 22, 2016
Cybersecurity has actually become a boardroom issue and corporate boards understand industry-specific risks much better than technology gibberish about malware and exploits.

Cybersecurity company executives plead guilty to hacking rival firm
July 22, 2016
Not only did the Quadsys staff reportedly break into servers, they were caught doing it.

Automotive industry releases vehicle cybersecurity best practices
July 22, 2016
Members of the US Automotive Information Sharing and Analysis Center (Auto-ISAC) have released an overview of comprehensive Automotive Cybersecurity Best Practices.

Anonymous Dumps Database of Izmir Gaz to Protest Against Turkey and Erdogan
July 22, 2016
An unknown member of the Anonymous hacker collective has dumped a database online, claiming to belong to Izmir Gaz, a Turkish energy and natural gas provider based in the town of Izmir.

BlackMoon Banking Trojan Infected over 160,000 South Koreans
July 22, 2016
Over 100,000 South Koreans had their banking credentials stolen by crooks who leveraged the BlackMoon banking trojan, also detected as W32/Banbra.

Hacking Team Hacker Behind WikiLeaks Turkey AKP Emails Dump
July 21, 2016
Phineas Fisher, the hacker responsible for breaching the Hacking Team servers last year, has taken responsibility for hacking into the servers of the AKP, Turkey’s ruling party.

SEC Prepares for More Cybersecurity Oversight
July 21, 2016
Leading U.S. banks, and other publicly traded companies, should expect increased cybersecurity scrutiny from the Securities and Exchange Commission.

iPhone bug allows hackers to steal passwords with just a text message
July 21, 2016
Apple has fixed a major security hole that potentially allowed hackers to gain access to a user’s iPhone, potentially allowing them to steal sensitive data such as passwords.

Backdoor Account Found in Dell Network Security Products
July 20, 2016
Security researchers have discovered six serious security issues that plague several Dell SonicWall products, one of which is a hidden account with easy-to-guess credentials.

DDoS Attack Takes Down US Congress Website for Three Days
July 20, 2016
The US Congress has just recovered after a three-day DDoS attack that has crippled its online portal

Software flaw puts mobile phones and networks at risk of complete takeover
July 20, 2016
Code-execution vulnerability resides in ASN.1 code used in base stations, radios, basebands.

SCADAfence and Gigamon Partner to Provide Visibility and Cybersecurity for Industrial Networks
July 19, 2016
SCADAfence announced today it has joined Gigamon’s (GIMO) ecosystem partner program to provide a joint cybersecurity solution.

Cybersecurity: What to Consider for Real-Time Data Transfer
July 18, 2016
LOGIIC has released a detailed report to help its oil and gas members better understand essential considerations in data transfer products.

The TSA, Metadata And You: How Cybersecurity Techniques Can Avoid Security Theater
July 18, 2016
Just as weapons can make their way through airport security, cyber attackers can easily penetrate enterprise networks.

Call for government, industry to share more on cybersecurity threats
July 18, 2016
The federal government and industry have been urged to work together to share information on cyber security threats and attacks to counter the increasing sophistication of cyber adversaries.

Meet The General Who Positioned Israel To Win In $175 Billion Cybersecurity Market
July 18, 2016
Israeli companies exported $6.5 billion a year worth of cyberproducts, about 10% of the world market, based on data from Israel’s National Cyber Bureau.

UK Railway Network Suffered Four Cyber-Attacks in the Past Year
July 18, 2016
The attacks were only basic reconnaissance operations, intrusions to detect a network’s internal structure and to gather information for future attacks.

Hacker Selling Entire US Voters’ Registration Records on Dark Net
July 18, 2016
”DataDirect” is claiming to have full access to voter registration records of the citizens of the United States and offering buyers state by state voters’ records where the price for each state is 0.5 BTC (340.38 US Dollar).

Hacking 3D Printers Is Just Another Way to Destroy Modern Companies
July 17, 2016
A tiny change in the way 3D printers operate can have a massive impact.

Chinese Hackers Deface Two Philippines Government Websites
July 17, 2016
Hackers claiming to be Chinese have defaced official government portals for two local government units (LGUs) from the Philippines.

HSBC Website Suffers DDoS Attack
July 16, 2016
The official domain of HSBC (Hongkong and Shanghai Banking Corporation) came under massive distributed denial-of-service (DDoS) attack on 12July affecting domain in UK and the USA.

House bills seek to strengthen U.S.-Israel cybersecurity partnership
July 15, 2016
Legislation would lead to more collaboration between the two countries on R&D for global cybersecurity products.

Energy braces for online attacks
July 15, 2016
Power industry learns importance of cybersecurity.

ANZ Bank staffers drop slick incident response tool for Mandiant mobs
July 15, 2016
Plugs hundreds of endpoints into ‘single pane of glass’

Hackers attempt to extort Polish Defence Ministry for $50,000 after stealing data
July 15, 2016
A hacking group called ‘Pravyy Sector’ is attempting to extort the Polish Defence Ministry for $50,000 (€45,000, £37,000) while threatening to release a number of sensitive files stolen from its computer networks if no payment is received.

JBA funds J$15m to cyber security campaign
July 14, 2016
The Government’s national cyber security public education and awareness campaign is being funded at a cost of over $15 million by the Jamaica Bankers Association (JBA).

Bulgarian Cabinet adopts cyber security policy
July 14, 2016
Bulgaria’s Cabinet adopted a national cyber security policy, entitled “Cyber Resilient Bulgaria 2020”, a step taken against a background of repeated cyber warfare attacks on state and government websites.

Infrastructure Cybersecurity Requires More Personnel
July 13, 2016
One of the major problems facing the cybersecurity of the nation’s critical infrastructure is a lack of personnel, according to witnesses at both the House Homeland Security Committee and the Senate Energy and Natural Resources Committee on Tuesday.

SFG malware discovered in European energy company
July 13, 2016
A new piece of malware has been discovered on the information networks of an unnamed European energy company.

Committee Releases Interim Report on FDIC Cybersecurity
July 13, 2016
U.S. House Science, Space, and Technology Committee today released an interim staff report with preliminary findings from the committee’s investigation of major data breaches at the Federal Deposit Insurance Corporation (FDIC).

Fiat Chrysler to Pay Hackers Who Find Cybersecurity Flaws
July 13, 2016
‘Bug bounty’ program comes a year after researchers took control of moving Jeep using laptop.

Singapore, the Netherlands ink agreement to strengthen cyber security cooperation
July 12, 2016
Cyber Security Agency of Singapore and the Netherlands’ National Cyber Security Center signed a Memorandum of Understanding on cyber security cooperation to formalize their commitment to work together to foster a secure cyber space.

Cybersecurity Consolidation May Be Heating Up
July 11, 2016
Market chatter and rumors have really picked up in recent weeks, a sign that a consolidation wave could be imminent.

SWIFT hires two cybersecurity firms in wake of digital heists
July 11, 2016
The Brussels-based Society for Worldwide Interbank Financial Telecommunication hired firms BAE Systems and Fox-IT to work alongside its own in-house cybersecurity team.

EU Adopts Cybersecurity Directive: What US Companies Need to Know
July 11, 2016
The European Parliament adopted the Network and Information Security (“NIS”) Directive in an effort to enhance cybersecurity and incident reporting at a national level across all of its member states.

YouTube Videos Contain Hidden Commands For Hacking Mobiles
July 11, 2016
A team of security researchers from the University of California, Berkeley, and Georgetown University has found a new method for hacking mobile devices by using hidden voice commands embedded in YouTube videos.

GootKit Banking Trojan Receives Massive Update
July 11, 2016
GootKit is a less-known banking trojan that appeared in 2014, and unlike most of its competition, it has never had its source code leaked online, nor has it been rented via a Malware-as-a-Service operation.

Credit Card Fraud Syndicate Dismantled Across Europe and Malaysia
July 11, 2016
Authorities arrested 29 suspects in Malaysia and another 76 in Europe.

CEO Hacking Wave Continues As Jack Dorsey, Marissa Mayer Fall Victims to OurMine
July 10, 2016
For about an hour on Saturday, a group of Saudi hackers were able to post tweets on the account of none other than Twitter’s CEO, according to Engadget.

Amazon Suffers Security Breach; 80,000 Login Credentials Leaked
July 10, 2016
A hacker going by the online handle of 0x2Taylor has claimed to breach the servers of electronic commerce giant Amazon ending up leaking login credentials of 80,000 users.

Ukrainian Hacker Hacks Polish Telecom Giant Netia; Leaks Massive Data
July 9, 2016
Ukrainian hacker going by the handle of Pravy Sektor has breached the servers of Poland’s telecom company Netia SA, stole a massive trove of data and posted it for public access on an underground forum.

Zero-Days in BMW Web Portal Let Hackers Tamper with Customer Cars
July 8, 2016
Two vulnerabilities exist in BMW’s ConnectedDrive Web portal that can allow an attacker to manipulate car settings related to its infotainment system.

Security industry largely welcomes NCA cyber crime report
July 8, 2016
Most information security professionals support the National Crime Agency’s call for help from businesses in pursuing cyber criminals.

Cybersecurity firms step up intel sharing despite issues of trust
July 8, 2016
The collaboration has been protecting companies from the latest cyber attacks.

New “Patchwork” Cyber-Espionage Group Uses Copy-Pasted Malware for Its Attacks
July 7, 2016
Since December 2015, a new cyber-espionage group has been launching attacks aimed at several governments and other related organizations working on military and political assignments linked to issues surrounding Southeast Asia and the South China Sea.

EU Parliament Approves New Cybersecurity Rules
July 7, 2016
The European Union (EU) parliament on July 6 approved the first community-wide rules designed to bolster cybersecurity throughout the EU.

Microsoft releases a cybersecurity checklist for Government agencies
July 7, 2016
Since the Government agencies have a sensitive database which might contain crucial information about the countries armed forces it just becomes more appealing for the attackers.

Avast Announces Plans to Buy AVG for $1.3 Billion
July 7, 2016
Avast Software, the company behind the Avast Antivirus, has announced today plans to buy AVG Technologies, the business that owns the AVG Antivirus.

BEBLOH Banking Trojan Outbreak Leads to National Security Alert in Japan
July 6, 2016
Authorities in Japan have issued a national alert after detecting a surge in banking trojans targeting the country’s citizens, among which a key role played the rising wave of BEBLOH infections.

New Mac Malware for OS X Allows Hackers to Remotely Access Your System`
July 6, 2016
The technical name of the newly-found threat is Backdoor.MAC.Eleanor, and its creators are delivering it to victims as EasyDoc Converter – a Mac app that allows users to convert files by dragging them over a small window.

SBDH Toolkit Attacks Government Organizations In Europe
July 6, 2016
Infections have been spotted in many countries, including the Czech Republic, Hungary, Poland and Slovakia, and Ukraine.

European Commission approves new cyber security initiative and funding
July 5, 2016
The European Commission wants EU member states to work together on cyber security.

Big banks back fintech and cybersecurity accelerator
July 5, 2016
Startupbootcamp is to run a combined fintech and cybersecurity accelerator programme in Amsterdam with the backing of Rabobank, ING, ABN Amro, SNS Bank, PwC, NN Group, Delta Lloyd and Athlon.

Police forces reveal data breaches
July 5, 2016
A freedom of information request from the campaign group Big Brother Watch revealed the number of times confidential data was accessed with no specific policing reason.

Technology Minister Reaffirms Commitment to Cybersecurity
July 5, 2016
Minister of Science, Energy and Technology, Dr. the Hon. Andrew Wheatley, has reaffirmed Government’s commitment to strengthen its cybersecurity capacity to protect sensitive information held on public-sector information technology (IT) platforms.

Facebook Trojan Hits 10,000 Victims In 48 Hours
July 5, 2016
For 48 hours the virus hijacked user accounts to perform various operations, such as giving likes and sharing unwanted content.

Summer 2016 edition of the Cyber Security Review magazine is now available to read online and in print
July 4, 2016
The latest industry trends, in-depth analysis and insights from top industry experts and policymakers from NATO ESCD, MoD UK, National Cyber Security Centre of Czech Republic, Columbia University, Barclays, Control Risks, IAI, Torsion.

CISSP certification: Are multiple choice tests the best way to hire infosec pros?
July 4, 2016
Focus on skills instead of certifications like the CISSP, experts argue.

6 Banking Trojans Hit Canada: Dridex, Gootkit, Kronos, Ursnif, Vawtrak, and Zeus
July 1, 2016
Spam links, macro malware, and OLE objects used to deliver payloads.

AITEC and AIMA launch cyber security DDQ
July 1, 2016
AITEC and the Alternative Investment Management Association (AIMA), the global representative for alternative asset managers, have launched a co-branded Illustrative Questionnaire for Due Diligence of Vendor Cyber Security.

Firmware exploit can defeat new Windows security features on Lenovo ThinkPads
July 1, 2016
A newly released exploit can disable the write protection of critical firmware areas in Lenovo ThinkPads and possibly laptops from other vendors as well.

Google Finds 16 Bugs, 2 Zero-Days, in Windows Kernel Font Handling
July 1, 2016
Project Zero researchers revealed this week that they helped Microsoft patch 16 security issues relating to how font processing operations are handled in the Windows kernel.

Cyber-security is a problem, extra training the solution
July 1, 2016
The ever-increasing threat of cyber-attacks against businesses is leaving many vulnerable, as they are simply not reacting fast enough.