News – May 2017


  • Donald Trump signs executive order on cybersecurity

    May 13, 2017

    President Donald Trump has signed an executive order to increase the White House’s role in the nation’s cybersecurity. The order assigns responsibility for protecting federal networks and critical infrastructure to the executive branch of government. The executive order declares that the heads of executive departments and agencies are to be held accountable for managing the cybersecurity risk ...

  • NSA Admits They’re Reviewing Government Use of Kaspersky Software

    May 13, 2017

    Kaspersky Lab is stuck in the middle of a rather nasty fight between Washington and Moscow as the Russian-based anti-virus provider is being investigated by the US intelligence agencies. Following news that US officials were more and more concerned about how Russian spies could use Kaspersky’s software to spy on Americans and sabotage US systems, the ...

  • Europol News Article on Wannacry Ransomware: recent cyber-attack

    May 13, 2017

    The European Cybercrime Centre, EC3, at Europol is working closely with affected countries cybercrime units and key industry partners to mitigate the threat and assist victims. The recent attack is at an unprecedented level and will require a complex international investigation to identify the culprits. The Joint Cybercrime Action Taskforce (JCAT), at EC3 is a ...

  • UK hospital meltdown after ransomware worm uses NSA vulnerability to raid IT

    May 12, 2017

    UK hospitals have effectively shut down and are turning away non-emergency patients after ransomware ransacked its networks. Some 16 NHS organizations across Blighty – including several hospital trusts such as NHS Mid-Essex CCG and East and North Hertfordshire – have had their files scrambled by a variant of the WannaCrypt, aka WanaCrypt aka Wcry, nasty. Users ...

  • Taiwan government to block Google’s public DNS in favor of HiNet’s

    May 11, 2017

    The Taiwanese government intends to block Google’s public DNS service, citing cybersecurity concerns. The question is whether those concerns are the government’s or its citizens’, with the government pushing its own DNS service – a setup that is typically used to spy on people’s internet communications. The announcement comes, somewhat unusually, in the form of a PDF ...

  • Cyber security: an ‘indigestion problem’ in healthcare industry

    May 11, 2017

    In August 2011, Marc Andreessen famously wrote an essay in The Wall Street Journal, “Why Software is Eating the World”. It talked about the growing significance of software in business across a wide swathe of industries. Fast forward to the present day in 2017 and we can safely say that the process of eating is ...

  • Cisco Finally Patches 0-Day Exploit Disclosed In Wikileaks-CIA Leak

    May 10, 2017

    Cisco Systems has finally released an update for its IOS and IOS XE software to address a critical vulnerability, disclosed nearly two months back in the CIA Vault 7 leak, that affects more than 300 of its switch models. The company identified the vulnerability in its product while analyzing “Vault 7” dump — thousands of documents ...

  • Cyber Security Will Generate £60m In Salaries In Northern Ireland

    May 9, 2017

    Cyber security looks to be a strong career choice in Northern Ireland, as the sector is on course to generate £60 million in salaries per annum. That’s according to Queen’s University’s Professor Sir John McCanny, who highlighted that the growth of cyber security companies and the positive economic impact they bring it top of the agenda of ...

  • FBI: Whaling now a US$ 5 billion business as execs targeted

    May 9, 2017

    The US Federal Bureau of Investigation (FBI) has reported the continuing explosion of Business Email Compromise (BEC) attacks as the practice becomes a US$ 5 billion (£3.86 billion) business. Between October 2013 and 2016 the total international reported loss from such scams is US$ 5,302,890,449 (£4,100 million), with US bodies taking up nearly US$ 1.6 billion ...

  • ‘Crazy bad’ bug in Microsoft’s Windows malware scanner can be used to install malware

    May 9, 2017

    Miscreants can turn the tables on Microsoft and use its own antivirus engine against Windows users – by abusing it to install malware on vulnerable machines. A particularly nasty security flaw exists in Redmond’s anti-malware software, which is packaged and marketed in various forms: Windows Defender, Windows Intune Endpoint Protection, Microsoft Security Essentials, Microsoft System Center ...

  • Fresh Malware with No Known Family Discovered in Targeted Attack

    May 9, 2017

    A new freshly compiled piece of malicious code was discovered in the wild and the security company that found it can’t even place it in a known malware family. Cylance named it the Infostealer Paipeu. Security company Cylance recently discovered such a sample after one of its prevention products quarantined a threat in the System32 directory ...

  • Deloitte and Dragos Partner on Industrial Cybersecurity

    May 9, 2017

    The industrial control system cybersecurity space continues to attract new investments, partnerships and companies. To say that the industrial cybersecurity industry has changed dramatically over the past few years would be a major understatement—not only because the changes have been so significant, but because the evolution is still underway. Just in the past few months we’ve ...

  • UK businesses concerned about cyber-risks linked to smart energy tech

    May 8, 2017

    The latest PwC B2B Energy Survey found that 65 percent of UK businesses are significantly concerned about the issue of cyber-risks and over half (51 percent) are worried that their client data isn’t handled with enough security by their energy supplier. The research included responses from more than 500 UK businesses. If their energy supplier fell victim ...

  • Are Cross-Protocol Attacks The Next Big Cybersecurity Danger?

    May 8, 2017

    In the digital world we live in, technologies are rapidly evolving. Cyber threats are not lagging behind. While developers build more and more complex programs, hackers find new, smarter ways to attack. New threats can break connections that were considered highly secure until recently. One specific and recent example are the so-called cross–protocol attacks. They make it ...

  • Intel Chip Vulnerability Worse than Thought, Lets Hackers Hijack Fleets of PCs

    May 8, 2017

    That vulnerability that Intel discovered and disclosed last week after going undetected for almost a decade is much worse than originally thought as it allows hackers to remotely gain full control over affected PCs running Windows, without even needing a password.  As announced by Intel, the bug affects Intel’s Active Management Technology (AMT) which allows IT ...

  • Investigatory Powers Act: Back doors, black boxes, and tech capability regs

    May 8, 2017

    The Home Office has launched an under-the-radar consultation on a critical step in the implementation of the Investigatory Powers Act (IP Act): the regulations on technical capability notices. The Open Rights Group has recently revealed details of the proposed regulations. Under the IP Act, a technical capability notice can be issued to a telecommunications operator by the secretary of state ...

  • Snake and Proton Malware Found Targeting Mac Users

    May 8, 2017

    Two malware targeting Mac-run machines recently surfaced in the wild: Snake (a.k.a. Turla, Uroburos, and Agent.BTZ, and detected by Trend Micro as OSX_TURLA.A) and Proton (OSX_PROTON.A). Both are remote access Trojans that can grant attackers unauthorized remote access to the system, consequently enabling them to steal files, data, and credentials stored in the affected system, ...

  • Hackers emit 9GB of stolen Macron ’emails’ two days before French presidential election

    May 6, 2017

    Emmanuel Macron, the front-runner in France’s presidential election, has condemned the online leakage of what’s alleged to be his campaign staff’s emails. A 9GB cache of internal documents was dumped onto the Magnet file-sharing network on Friday night, less than two days before the French people go to the polls on Sunday. These archives landed just before ...

  • Ultrasonic Beacons Are Tracking Your Every Movement

    May 5, 2017

    More than 200 Android mobile applications listen surreptitiously for ultrasonic beacons embedded in audio that are used to track users and serve them with targeted advertising. Academics from Technische Universitat Braunschweig in Germany recently published a paper in which they describe their research into the practice of using these beacons to monitor a consumer’s shopping and ...

  • Microsoft says: Lock down your software supply chain before the malware scum get in

    May 5, 2017

    Microsoft’s security team is urging developers to shore up their software update systems – after catching miscreants hijacking an editing application’s download channels to inject malware into victims’ PCs. In a security advisory, Redmond’s infosec gurus describe Operation WilySupply: their mission to find, isolate and destroy an unusual and highly targeted form of malicious code that ...