News – July 2017


  • Bank of America Customers Under Attack, Phishing Site Hosted on Russian Server

    July 24, 2017

    You might be tempted to believe that hackers are getting tired of using phishing scams to target bank clients across the globe, but as Bank of America customers might find out the hard way, this doesn’t seem to be the case just yet. HackRead has come across a new major phishing attack aimed at BoA clients, ...

  • Smart fridges and TVs should carry security rating, police chief says

    July 24, 2017

    Televisions, fridges and other internet-connected home appliances should carry cyber security ratings alongside energy efficiency ratings, a police chief has suggested. Durham chief constable Mike Barton said customers should be given the at-a-glance information for internet-ready equipment in the same way fridges, freezers, TVs and other appliances have to display their energy efficiency ratings before sale. Barton, ...

  • Motivation Mystery Behind WannaCry, ExPetr

    July 21, 2017

    If two is a coincidence and three is a trend, maybe we’re not quite there yet in officially calling WannaCry and ExPetr a new movement among APT attacks. But for now, it’s close enough. Researchers are starting to examine the real motivations behind each global outbreak and whether these attacks truly signal a shift of direction ...

  • Massive blow to criminal Dark Web activities after globally coordinated operation

    July 20, 2017

    Two major law enforcement operations, led by the Federal Bureau of Investigation (FBI), the US Drug Enforcement Agency (DEA) and the Dutch National Police, with the support of Europol, have shut down the infrastructure of an underground criminal economy responsible for the trading of over 350 000 illicit commodities including drugs, firearms and cybercrime malware. ...

  • Quantum Computing Would Make Today’s Encryption Obsolete

    July 20, 2017

    Quantum computing offers processing power so vast it may soon make today’s supercomputers look as crude as 1980s PCs. There’s a downside—the technology might also render the most secure encryption systems obsolete, cracking codes in a matter of minutes rather than months or years. Gregoire Ribordy says he has a solution. And it’s selling fast ...

  • Ansip plans new EU cybersecurity centre

    July 20, 2017

    EU digital chief Andrus Ansip wants to set up a new office to certify the cybersecurity level of technology products — which would make them more competitive globally — as part of an overhaul of the bloc’s rules in September. A network of new cybersecurity centres spread across the Union would be “even better” than only ...

  • Critical Code Injection Flaw In Gnome File Manager Leaves Linux Users Open to Hacking

    July 19, 2017

    A security researcher has discovered a code injection vulnerability in the thumbnail handler component of GNOME Files file manager that could allow hackers to execute malicious code on targeted Linux machines. Dubbed Bad Taste, the vulnerability (CVE-2017-11421) was discovered by German researcher Nils Dagsson Moskopp, who also released proof-of-concept code on his blog to demonstrate the ...

  • Oracle Releases Biggest Update Ever: 308 Vulnerabilities Patched

    July 18, 2017

    Oracle admins are today staring down the barrel of the biggest quarterly Critical Patch Update ever. The numbers are gory: 308 vulnerabilities patched, 165 of which are remotely exploitable, across more than 90 products. So far in 2017, Oracle has patched 878 vulnerabilities through three CPUs. System and network admins have never been taxed from a patching ...

  • Senator Asks DHS To Enable Email Security Feature to Prevent Phishing

    July 18, 2017

    A senator who’s been pushing US government agencies to adopt better cybersecurity hygiene is calling out the Department of Homeland Security for not using a standard technology that would protect people who receive emails from DHS from fraud, spam, and phishing attempts. The technology in question is known as DMARC (Domain-based Message Authentication, Reporting and Conformance) ...

  • Remotely Exploitable Flaw Puts Millions of Internet-Connected Devices at Risk

    July 18, 2017

    Security researchers have discovered a critical remotely exploitable vulnerability in an open-source software development library used by major manufacturers of the Internet-of-Thing devices that eventually left millions of devices vulnerable to hacking. The vulnerability (CVE-2017-9765), discovered by researchers at the IoT-focused security firm Senrio, resides in the software development library called gSOAP toolkit (Simple Object Access ...

  • Hacker Uses A Simple Trick to Steal $7 Million Worth of Ethereum Within 3 Minutes

    July 17, 2017

    All it took was just 3 minutes and ‘a simple trick‘ for a hacker to steal more than $7 Million worth of Ethereum in a recent blow to the crypto currency market. The heist happened after an Israeli blockchain technology startup project for the trading of Ether, called CoinDash, launched an Initial Coin Offering (ICO), allowing ...

  • Critical RCE Vulnerability Found in Cisco WebEx Extensions, Again — Patch Now!

    July 17, 2017

    A highly critical vulnerability has been discovered in the Cisco Systems’ WebEx browser extension for Chrome and Firefox, for the second time in this year, which could allow attackers to remotely execute malicious code on a victim’s computer. Cisco WebEx is a popular communication tool for online events, including meetings, webinars and video conferences that help ...

  • Lloyd’s says cyber-attack could cost $120bn, same as Hurricane Katrina

    July 17, 2017

    Lloyd’s of London has warned that a serious cyber-attack could cost the global economy more than $120bn (£92bn) – as much as catastrophic natural disasters such as Hurricanes Katrina and Sandy. Published two months after a ransomware cyber-attack that hobbled NHS hospitals and hit nearly 100 countries, a 56-page report from the world’s oldest insurance market ...

  • Melbourne accelerator program seeks APAC cybersecurity startups

    July 17, 2017

    A new cybersecurity accelerator program is set to launch in Melbourne this month, thanks to an incubator partnership between Deakin University and Dimension Data. The program, CyRise, is now looking for early-stage cybersecurity entrepreneurs and professionals from across Australia, New Zealand and APAC to apply for the six-month program. Participants will be based in Melbourne CBD coworking ...

  • Hacking cars: cybersecurity regulations needed for new vehicles

    July 16, 2017

    Imagine driving your pickup truck off-road and suddenly having your airbags and seat belts malfunction because of an object striking the undercarriage. That causes a software error in your smart vehicle, causing the computer to incorrectly turn off critical equipment that protects you. Sounds far fetched? It shouldn’t. It’s part of a recall notice that affected more than 200,000 ...

  • Hackers target Irish energy networks amid fears of further cyber attacks on UK’s crucial infrastructure

    July 15, 2017

    Hackers have targeted Irish energy networks amid warnings over the potential impact of intensifying cyber attacks on crucial infrastructure. Senior engineers at the Electricity Supply Board (ESB), which supplies both Northern Ireland and the Republic, were sent personalised emails containing malicious software by a group linked to Russia’s GRU intelligence agency, The Times reported. Analysts told the newspaper ...

  • Siemens Patches Authentication Bypass Flaw in SiPass Server

    July 14, 2017

    A handful of vulnerabilities in Siemens’ SiPass integrated server have been patched, including one that allows an attacker to bypass authentication on the box. SiPass is the company’s integrated access control server managing physical access in a number of industries and use cases. The product supports card readers and integrates with video surveillance equipment, among other ...

  • Two New Platforms Found Offering Cybercrime-as-a-Service to ‘Wannabe Hackers’

    July 14, 2017

    Cybercrime has continued to evolve and today exists in a highly organised form. Cybercrime has increasingly been commercialised, and itself become big business by renting out an expanded range of hacking tools and technologies, from exploit kits to ransomware, to help anyone build threats and launch attacks. In past few years, we have witnessed the increase in ...

  • Defence minister opens £3m cyber security centre in Gloucester

    July 14, 2017

    UK minister for defence procurement has opened Lockheed Martin’s job-creating cyber security centre aimed at boosting UK cyber defence capability and skills A new facility designed to help tackle cyber crime in the UK has opened in Gloucester as part of a £3m investment by Lockheed Martin. The Cyber Works centre, which employs 90 people, will enable Lockheed Martin ...

  • Industrial control security practitioners ‘working blind’ to protect their network

    July 14, 2017

    Four out of 10 industrial control security practitioners don’t have proper visibility into their ICS networks. This is according to a new study by the SANS Institute. Based on a poll of ICS practitioners and cybersecurity stakeholders across various verticals, including energy, manufacturing, oil and gas, the report says that 40 percent of defenders are actually ...