News – June 2016

Air Force set to launch cyber security center
June 30, 2016
Korea’s Air Force said Thursday it will establish a cyber security center this week to take charge of combating hacking attacks and preventing leaks of military secrets.

Data of 112K French Policemen Put Online in Password-Protected Google Drive File
June 30, 2016
A disgruntled former employee of a company that provides extra health insurance to French police has uploaded online the personal data of over 112,000 police officers.

Global Terrorism Database Leaked. Reveals 2.2 Million Suspected Terrorists
June 29, 2016
A massive database of terrorists and “heightened-risk individuals and entities” containing more than 2.2 Million records has reportedly leaked online.

Mining Sector Has Faced 17 Major Cyber-Incidents in the Past Six Years
June 29, 2016
A comprehensive report published yesterday by security firm Trend Micro revealed that threat groups are intensifying their efforts against companies activating in the mining sector.

Symantec Products Affected by Multiple “as Bad as It Gets” Vulnerabilities
June 29, 2016
Tavis Ormandy, a member of Google’s Project Zero initiative, has discovered a series of vulnerabilities in Symantec’s security products.

Security Firm Hijacks Cyber-Espionage Server Infrastructure from Iranian APT
June 29, 2016
US security firm Palo Alto Networks has managed to sinkhole the C&C server infrastructure of a threat group activating from Iran’s border that had focused on high-value targets all over the globe.

IBM announces national cybersecurity facility in Canberra
June 29, 2016
IBM has announced the creation of a cybersecurity centre in Canberra aimed to bring about greater cybersecurity resilience and collaboration between Australia’s governments and businesses on strategy and policy.

CEOs need better cyber security skills as half fall victim to phishing scams
June 28, 2016
More company-wide cyber security training is needed.

A hacker wants to sell 10 million patient records on the black market
June 28, 2016
A hacker claims to have stolen close to 10 million patient records and is selling them for about US$820,000.

Ukrainian bank cyber-heist: Hackers take off with $10m
June 27, 2016
Reports indicate banks across Russia and Ukraine are vulnerable to hacking attacks.

Bangladesh central bank ends contract with US cyber security firm to investigate theft of $81 million
June 27, 2016
Bangladesh entered into an investigation with Fire Eye cyber security firm to identify hackers who transferred $81 million from the central bank.

Cyber security focus of US exercise
June 27, 2016
New Zealand is finally catching up when it comes to cyber security.

UK Man Hacks US Brokerage Accounts for Stock Market Profit
June 26, 2016
The US Securities and Exchange Commission (SEC) announced that it launched a civil lawsuit against a UK man who hacked into several brokerage accounts belonging to US and international investors.

Focus on growing cyber threats to aviation: IATA
June 26, 2016
The recent hacking of Air India’s frequent flyer programme miles has brought to focus the cyber threats to the aviation industry which depends substantially on sharing of information over the Internet.

Lockheed Martin and Data security council of India launch cybersecurity program
June 26, 2016
Lockheed Martin and the Data Security Council of India announced the launch of a new cybersecurity education program for small and mid-size businesses.

Energy networks in catch-up mode on cyber security
June 26, 2016
Australia’s electricity networks are falling behind other industries and their peers in Europe and the US in their preparedness to counter cyber attacks just as the grid is becoming more vulnerable due to the addition of solar panels and batteries.

Cyber-Espionage Campaign Targeting Japan May Have Ties to 2012 Taiwan Attacks
June 24, 2016
PlugX and Elirks are two very rare malware families that were previously linked to cyber-espionage operations, usually attributed to Chinese entities.

HTML5 Ads Aren’t That Safe Compared to Flash, Experts Say
June 24, 2016
Switching to HTML5 ads won’t safeguard users from attacks because the vulnerabilities are in the ad platforms and advertising standards themselves.

Ukrainian Group May Be Behind New DELoader Malware
June 24, 2016
A joint effort from multiple infosec researchers has uncovered more details about a mysterious new malware variant that appeared during the past weeks.

GozNym Banking Trojan Hits the US with Redirection Attacks
June 24, 2016
Banking trojan borrows trick from Dyre and Dridex.

iOS 10 beta still encrypts user data, but not the kernel
June 23, 2016
Apple says it improves performance without putting user data at risk.

Defence and ANU join forces to boost cyber security workforce
June 23, 2016
The Department of Defence has announced $12 million in funding for a new purpose-built facility at the Australian National University (ANU) to shore up Australia’s cyber security.

New cyber security law in the offing for Singapore
June 23, 2016
Singapore government will table new Cyber Security Bill in 2017 to strengthen its online defences.

MoD searches for hidden cyber security skills
June 23, 2016
The Defence Cyber Aptitude Test, produced with IBM, has a number of challenges designed to measure individual’s abilities but not their prior technical knowledge.

How will Brexit affect cybersecurity in the UK? What the experts are saying about leaving the EU
June 23, 2016
Britain’s European Union referendum has the tech industry worried.

Export controls on cybersecurity products back on the agenda
June 20, 2016
Beginning today, the latest United States delegation is in Vienna for talks over export controls on hacking tools.

Accenture buys Israel’s Maglan, sets up cyber security R&D lab
June 20, 2016
Tel Aviv-area firm, sold for undisclosed sum, specializes in offensive cyber simulation, cyber forensics, malware defense.

MPs: Fine Firms For Cyber Security Failures
June 20, 2016
Companies should be fined if they fail to guard against cyber attacks, MPs have recommended in the wake of last year’s TalkTalk hack.

GoToMyPC Remote Desktop Service Under Attack, Resets User Passwords
June 19, 2016
GoToMyPC has decided to reset user passwords after attackers tried to hack into customer accounts over the weekend using what the company calls a “very sophisticated password attack.”

Latest Flash Zero-Day Abuses Windows DDE Protocol
June 19, 2016
Adobe patched a zero-day vulnerability (CVE-2016-4171) used in targeted cyber-espionage attacks, which abused the Windows DDE protocol to deliver malware.

Hacker Guccifer 2.0 Leaks More Files from Democratic Party Server
June 18, 2016
Guccifer 2.0, the hacker who took credit for the attack on the Democratic National Committee (DNC) servers, has leaked more files from the DNC servers, this time containing personally identifiable information (PII), along with more of the party’s financial records.

NATO Declares Cyber an Official Warfare Battleground, Next to Air, Sea and Land
June 17, 2016
The North Atlantic Trade Organization (NATO) has officially announced that “cyber” will become an official battleground for its members, which means that cyber-attacks on one country will trigger a collective military response from the entire alliance.

HACK: Is Cyber Security Ripe For Consolidation?
June 17, 2016
The cyber security and security stocks in general that operate to protect Americans here and abroad may be ripe for consolidation and buyout offers, as the area is fragmented with equity companies that can benefit from mergers of equals.

Thailand’s telecoms regulator, c. bank join forces to boost cyber security
June 17, 2016
Thailand’s telecoms regulator and central bank said on Friday they had agreed steps to improve cyber security for electronic transactions via mobile phones as the country pursues a goal to become a cashless society.

Examining the cybersecurity landscape of utilities and control systems
June 17, 2016
Seven attackers with links to the Iranian government executed cyberattacks against dozens of banks from 2011 to 2013 that disabled their websites and interfered with hundreds of thousands of customers’ ability to access their online accounts.

Bank launching plan to boost cyber security and data analysis
June 17, 2016
The Bank said it wants to work closer with FinTech firms – disruptive businesses at the forefront of payment technology – to boost areas such as data analysis and cyber security.

Europe Emerges as Global Leader in Cybersecurity Law Enforcement to Protect Critical Infrastructure
June 16, 2016
The European Union (EU) and countries connected to the Council of Europe and the European Economic Area, including Norway and Switzerland, have been most successful in implementing binding legal instruments in the area of cybercrime and cybersecurity.

Hire a hacker: Cyber security needs some fresh ideas
June 16, 2016
If you handsomely reward hackers who find a bug or issue with your software, it’s more likely they’ll flag the issue with you than sell the vulnerability to a malicious crime syndicate.

Private Sector Weighs In on Implementation of 2015 Cybersecurity Law
June 15, 2016
Private sector representatives on Wednesday told House lawmakers they’re pleased with implementation of the Cybersecurity Act of 2015.

Critical Adobe Flash bug under active attack currently has no patch
June 15, 2016
Exploit works against the most recent version; Adobe plans update later this week.

Chinese APT Targets Victims with Social Engineering and ShimRat Malware
June 15, 2016
Mofang is the name of a newly discovered cyber-espionage group that targeted various countries around the globe since February 2012.

Cyber-Espionage Group Targets US Government With New Malware Persistence Trick
June 14, 2016
Russian-linked cyber-espionage group sent a spear-phishing email to a US government official from an infected computer in the IT network of another country’s Ministry of Foreign Affairs.

Cybersecurity law for critical infrastructure welcomed by panel of MEPs
June 14, 2016
Internal market committee to greenlight Network and Information Security directive.

Korea to hold cyber security consultations with European countries
June 13, 2016
A senior foreign ministry official will leave for Europe this week to hold back-to-back policy consultation meetings to discuss global cooperation against the growing threat in cyberspace.

Vawtrack Banking Trojan Is Alive and Well, v2 Recently Discovered
June 13, 2016
Security researchers from SophosLabs have detected Vawtrack v2 in a series of attacks that targeted banks in countries where the trojan hadn’t previously been active.

Symantec to buy cybersecurity firm Blue Coat in $4.65 billion deal
June 12, 2016
Symantec Corp. plans to buy Blue Coat Systems Inc. in a $4.65 billion deal that will give the computer-security company a new portfolio of cyberdefense technologies along with a new chief executive.

Hacker Puts Up for Sale 290,000 US Driver’s License Records
June 12, 2016
A hacker who uses the name of NSA has put up for sale on the Dark Web a dataset that contains the personal details and driver’s license information of over 290,000 US citizens.

North Korea Stole F-15 Jet Blueprints During 2014 Cyber-Attack on South Korea
June 11, 2016
South Korean police has said today that North Korea was behind cyber-attacks that started as early as July 2014 and breached two of the country’s telecom giants.

Twitter forces password reset on millions of accounts, denies hack
June 10, 2016
Data breaches from other sites are challenging for everyone, says Twitter infosec bod.

Terrorist groups acquiring the cyber capability to bring major cities to a standstill, warns GCHQ chief
June 9, 2016
Terrorists and rogue states are gaining the capability to bring a major city to a standstill with the click of a button.

Malicious Macros in Office Documents Find New Tricks to Evade Detection
June 9, 2016
New campaign of improved macros started at the end of May.

Infosec is a sham: The reality of IT security
June 9, 2016
Op-ed. Infosec numbers don’t add up: we need better training, standards, accountability.

Morgan Stanley pays $1 mln U.S. SEC fine over stolen customer data
June 9, 2016
The settlement resolves allegations related to Galen Marsh’s unauthorized transfers from 2011 to 2014 of data from about 730,000 accounts to his home computer.

32 Million Twitter Passwords May Have Been Hacked and Leaked
June 8, 2016
Login credentials of more than 32 Million Twitter users are now being sold on the dark web marketplace for 10 Bitcoins (over $5,800).

U.S. Visa Applicants Targets of Espionage Campaign with Qarallax RAT
June 7, 2016
Threat actors used RAT bought off the Internet.

U.S. Cyber Command struggles to retain top cybersecurity talent
June 7, 2016
Top official in Defense Department’s cybersecurity unit says organization is doing an ‘effective job’ at recruiting, but keeping up with the evolving threat landscape remains a challenge.

Android Spyware Targets Saudi Military and Government Security Personnel
June 6, 2016
Victims were infected with a spyware named Android/SpyChat.

Angler Exploit Kit Finds a Method to Escape Microsoft’s EMET Security Toolkit
June 6, 2016
Security researchers say they’ve found Angler exploit kit installations capable of evading some of the security protections provided by the Microsoft EMET toolkit on Windows 7. HACKED! 100 Million Clear Text Passwords Leaked Online
June 6, 2016
Another day, another Data Breach! Now, Russia’s biggest social networking site is the latest in the line of historical data breaches targeting social networking websites.

Pakistan Resumes Cyber-Espionage Operations Against India
June 5, 2016
Indian officials have been receiving a wave of spear-phishing emails masked as news items from a Times of India look-alike domain.

TeamViewer users are being hacked in bulk, and we still don’t know how
June 4, 2016
Service blames password reuse for attacks used to drain financial accounts.

New Dridex Version Poses as PFX Certificate File
June 3, 2016
Dridex, the most infamous banking trojans of them all, received a major upgrade in the month of May, which could allow it to bypass security software with greater ease.

Stuxnet-like IRONGATE Malware Found Targeting SCADA Equipment
June 2, 2016
Security Firm claims to have discovered a new type of ICS/SCADA targeting malware that uses some of the same Stuxnet features.

Researchers Find 5,275 Login Credentials for Top 100 Companies on the Dark Web
June 2, 2016
5,000 login credentials can allow hackers access to various sections of an IT network belonging to the world’s top 100 companies.

Cluster of “megabreaches” compromise a whopping 642 million passwords
June 1, 2016
MySpace, Tumblr, and Fling are the latest services to join discredited LinkedIn.

FTSE 100 companies rife with cyber security vulnerabilities warns new report
June 1, 2016
FTSE 100 companies are increasingly vulnerable to cyber attacks according to a new report by the leading threat intelligence provider.

US Has No Plans to Discuss Cybersecurity at Military Level With Russia
June 1, 2016
The United States is not considering any discussions on military level with Russia regarding cybersecurity issues.

Federal Reserve Records Show Dozens of Cybersecurity Breaches
June 1, 2016
The U.S. Federal Reserve detected more than 50 cyber breaches between 2011 and 2015, with several incidents described internally as “espionage.”