News – June 2017


  • US Secretary of State: Я буду работать с Россией по вопросам кибербезопасности

    June 23, 2017

    US Secretary of State Rex Tillerson has expressed a willingness to work directly with Russia on cybersecurity and other issues. The proposed partnership is surprising, given the continued controversy over allegations that the Russians interfered with last year’s US presidential election – a serious accusation at the center of an ongoing Congressional inquiry. Secretary of State Tillerson ...

  • Brutal Kangaroo: CIA-developed Malware for Hacking Air-Gapped Networks Covertly

    June 22, 2017

    WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a tool suite – which is being used by the CIA for Microsoft Windows that targets “closed networks by air gap jumping using thumb drives,” mainly implemented in enterprises and critical infrastructures. Air-gapped computers that are isolated from the Internet or ...

  • Breach at UK.gov’s Cyber Essentials scheme exposes users to phishing attacks

    June 21, 2017

    The operation behind the UK government’s Cyber Essentials scheme has suffered a breach exposing the email addresses of registered consultancies, it told them today. The scheme’s badges are required by all suppliers bidding for “certain sensitive and personal information-handling contracts”. Companies were notified of the problem, which leaves them at greater risk of phishing attack, through ...

  • Cybersecurity Demands a Military Mindset

    June 21, 2017

    American corporations have a high degree of cybersecurity risk awareness, and yet many enterprises, especially in non-regulated sectors, fall short in their cybersecurity stance.  This is mainly because executives see security as an ROI-less investment mandated by regulation. Even worse, executives suffer from two psychological biases: “We haven’t suffered a breach this year, so no need ...

  • Microsoft to Remove SMBv1 Protocol in Next Windows 10 Version (RedStone 3)

    June 20, 2017

    The Server Message Block version 1 (SMBv1) — a 30-year-old file sharing protocol which came to light last month after the devastating WannaCry outbreak — will be removed from the upcoming Windows 10 (1709) Redstone 3 Update. The SMBv1 is one of the internet’s most ancient networking protocols that allows the operating systems and applications to ...

  • FIN10 Extorting Canadian Mining Companies, Casinos

    June 20, 2017

    Cybercriminals targeting casinos and mining firms in North America have extorted as much as $620,000 per theft during a four-year run in which they threaten victims with the destruction or public release of stolen data. Between 2013 and 2016, mostly Canadian firms were hit with nearly a dozen seemingly unrelated hacks, but after an analysis of the ...

  • WebSites Found Collecting Data from Online Forms Even Before You Click Submit

    June 20, 2017

    ‘Do I really need to give this website so much about me?’ That’s exactly what I usually think after filling but before submitting a web form online asking for my personal details to continue. I am sure most of you would either close the whole tab or would edit already typed details (or filled up by browser’s ...

  • Call for investment in NHS cybersecurity

    June 20, 2017

    A “massive” increase in spending is needed to prevent another “avoidable” cyber attack on NHS computer systems, an expert has warned. A ransomware attack hit 11 health boards in Scotland last month, as well as many other organisations worldwide. Prof Bill Buchanan told MSPs the attack should act as a “wake-up call” to the government and health ...

  • Militaries and Industry Seek to Solve Cybersecurity Conundrum

    June 20, 2017

    For at least the whole of the current century, militaries have understood the critical role cyberdefense plays in every aspect of operations. Yet most military organizations appear reluctant to train for network defense outside of specialist cyber units. Unlike with land, sea, air and space, cyberwarfare cannot be conducted only by specialists. Mistakes in configuration or ...

  • Targeting the Energy Sector

    June 19, 2017

    When we think about critical infrastructures, we tend to think about energy. Whether electric power lines or supplies to oil and gas, cut off access to energy, and our worlds go dark. Though you can certainly argue that other industries are just as critical—pharmaceuticals, food supply and others—it is the energy sector that seems to ...

  • Aussie big business CEOs investing more in cyber than global counterparts: KPMG

    June 19, 2017

    Australia’s top chief executives are more concerned about cyber security threats and are spending more money to defend against them than their global counterparts, according to new research from KPMG. Figures extracted from the big four accounting firm’s latest Global CEO Outlook study showed that 71 per cent of Australian business leaders running companies turning over more than $500 ...

  • How to make your employees care about cybersecurity: 10 tips

    June 19, 2017

    Employees are a company’s greatest asset, but also its greatest security risk. “If we look at security breaches over the last five to seven years, it’s pretty clear that people, whether it’s through accidental or intentional introduction of malware, represent the single most important point of failure in terms of security vulnerabilities,” said Eddie Schwartz, chair ...

  • Banks to be forced to reveal all cyber security breaches to the European Central Bank

    June 19, 2017

    All banks regulated by the European Central Bank (ECB) will be forced to reveal all major cyber security breaches, according to one of the supervisor’s bosses. Starting this summer, banks directly supervised by the ECB will have to “report all significant cyber incidents”, said Sabine Lautenschlaeger, a member of the ECB’s executive board. At a speech in ...

  • University College London Suffers Major Ransomware Attack

    June 16, 2017

    The University College London (UCL) has been hit by a major ransomware attack on June 15, with the infection reaching personal and shared drives in the network. UCL admins explained in updates posted on the official website that the infection was most likely possible because of a zero-day, pointing out that antivirus systems failed to detect ...

  • U.S. Government Embraces Automated Cybersecurity

    June 16, 2017

    Agencies in the federal government are working to develop tools and software that would automate cybersecurity – essentially, an effort to remove human error from the equation. A new report out by NextGovdetails the automation effort, and why these tools aren’t yet ready for government-wide deployment. Much of the cybersecurity efforts in government currently, revolve around ...

  • Brit hacker admits he siphoned info from US military satellite network

    June 16, 2017

    A UK-based computer hacker has admitted stealing hundreds of usernames and email addresses from a US military communications system. Sean Caffrey, 25, of Sutton Coldfield in the West Midlands, broke in and pinched the ranks, usernames and email addresses of more than 800 users of a satellite communications system and of about 30,000 satellite phones, back ...

  • Banks could be stung for €5bn under GDPR, screams latest report on industry readiness

    June 15, 2017

    European banks could face fines totalling €4.7bn in the three years after General Data Protection Regulation comes into force, according to a report from data security solutions firm AllClear ID. The latest in a string of sales pitches reports on businesses’ preparedness for GDPR to land in The Reg‘s inbox says that banks are not properly ...

  • Wikileaks Unveils ‘Cherry Blossom’ — Wireless Hacking System Used by CIA

    June 15, 2017

    WikiLeaks has published a new batch of the ongoing Vault 7 leak, this time detailing a framework – which is being used by the CIA for monitoring the Internet activity of the targeted systems by exploiting vulnerabilities in Wi-Fi devices. Dubbed “Cherry Blossom,” the framework was allegedly designed by the Central Intelligence Agency (CIA) with the ...

  • Microsoft Issues Updates for 96 Vulnerabilities You Need to Patch this Month

    June 14, 2017

    As part of June’s Patch Tuesday, Microsoft has released security patches for a total of 96 security vulnerabilities across its products, including fixes for two vulnerabilities being actively exploited in the wild. This month’s patch release also includes emergency patches for unsupported versions of Windows platform the company no longer officially supports to fix three Windows ...

  • US Warns of ‘DeltaCharlie’ – A North Korean DDoS Botnet Malware

    June 14, 2017

    The United States government has released a rare alert about an ongoing, eight-year-long North Korean state-sponsored hacking operation. The joint report from the FBI and U.S. Department of Homeland Security (DHS) provided details on “DeltaCharlie,” a malware variant used by “Hidden Cobra” hacking group to infect hundreds of thousands of computers globally as part of its ...