News – October 2016

Google discloses Critical Windows Zero-Day that makes all Windows Users Vulnerable
October 31, 2016
Google has once again publicly disclosed a zero-day vulnerability in current versions of Windows operating system before Microsoft has a patch ready.

Shadow Brokers reveals list of Servers Hacked by the NSA
October 31, 2016
The hacker group calling itself the Shadow Brokers, who previously claimed to have leaked a portion of the NSA’s hacking tools and exploits, is back with a Bang.

Controversial Chinese cybersecurity law enters home stretch for approval
October 31, 2016
A controversial Chinese cybersecurity law that has sparked protests from foreign governments and business groups neared approval on Monday as parliament held the third reading of the draft bill.

New W3C Web Bluetooth API Is a Privacy Nightmare
October 30, 2016
The World Wide Web Consortium’s (W3C) new Web Bluetooth API is riddled with potential security holes which, if left unaddressed during the specification’s drafting, will open the door for user fingerprinting and potentially IoT equipment hacking.

Ukrainian Hackers Leak Sensitive Emails from Kremlin Official
October 28, 2016
A group of hackers that goes by the name of CyberHunta has leaked 2,337 emails, which they claim came from the email account of Vladislav Surkov, advisor to President Vladimir Putin

Blackgear Cyber-Espionage Campaign Now Targets Japan
October 28, 2016
Blackgear, a cyber-espionage campaign that has historically gone after Taiwanese targets, has now shifted its gaze to its neighboring country, Japan.

Cyber security firm Cylance to create 150 jobs in Cork
October 28, 2016
US-headquartered company opens new office in city to support customers across EMEA

USNA Breaks Ground at New Cyber Security Studies Center to Prepare Future Navy Cyber Warriors
October 27, 2016
The U.S. Naval Academy (USNA) held a groundbreaking ceremony for its new $106-million Center for Cyber Security Studies Oct. 21

Payments Firm Suspects Fraud, Tells Banks to Block & Replace over 100,000 Cards
October 27, 2016
Nets A/S, a European company that handles financial transactions, has recommended to Danish banks that they block and then replace over 100,000 payment cards.

Botnet of 100,000 IoT Devices Behind Dyn DDoS Attack
October 27, 2016
Scott Hilton, EVP of Product for Dyn, issued a statement today disclosing that a botnet of around 100,000 bots, all IoT devices infected with the Mirai malware, had been the predominant force behind the DDoS attacks on his company.

Chinese Hackers won $215,000 for Hacking iPhone and Google Nexus at Mobile Pwn2Own
October 27, 2016
The Tencent Keen Security Lab Team from China has won a total prize money of $215,000 in the 2016 Mobile Pwn2Own contest run by Trend Micro’s Zero Day Initiative (ZDI) in Tokyo, Japan.

Adobe Patches Flash Zero-Day Discovered by Google and Used in Live Attacks
October 26, 2016
Adobe released today Flash Player version that fixes a critical security flaw discovered by two Google engineers, which they say was used in attacks against Windows users in the wild.

Moonlight APT Uses H-Worm Backdoor to Spy on Middle Eastern Targets
October 26, 2016
An APT group operating out of the Middle East, and most likely out of Palestine, has been engaged in a cyber-espionage campaign that has taken aim at various Middle Eastern and African countries in the Mediterranean Basin.

Nuclear plants leak critical alerts in unencrypted pager messages
October 26, 2016
A surprisingly large number of critical infrastructure participants – including chemical manufacturers, nuclear and electric plants, defense contractors, building operators and chip makers – rely on unsecured wireless pagers to automate their industrial control systems..

Hacking Firmware from Mobile Phone Hacking Company Leaked Online
October 25, 2016
The Israeli firm Cellebrite, which provides digital forensics tools and software to help law enforcement access mobile phones in investigations, has had its firmware and software leaked online.

U.S. calls on automakers to make cyber security a priority
October 24, 2016
Automakers should make shielding the electronic and computer systems of vehicles from hackers a priority, developing layers of protection that can secure a vehicle throughout its life, U.S. regulators said on Monday.

Singapore university partners Singtel to launch $30M cybersecurity lab
October 24, 2016
New S$42.8 million (US$30.8 million) facility will see National University of Singapore and the local carrier jointly conduct research and develop security tools, tapping data analytics and “secure by design” concept

Connected devices create millions of cyber security weak spots
October 23, 2016
‘Internet of Things’ excitement marred by vulnerability to hacking attacks

Ransomware Reaches the Malware Top 3 for the First Time
October 23, 2016
According to statistics gathered by Check Point, for the first time ever, ransomware has entered the top 3 of today’s most dangerous malware.

Microsoft Opens Cybersecurity Engagement Centre in India
October 23, 2016
At a time when governments the world over are struggling to tackle cyber-attacks and data breach, technology giant Microsoft India on Friday launched a full-scale Cybersecurity Engagement Centre (CSEC) in India.

Pakistan Government Officials Targeted with RATs in Cyber-Espionage Campaign
October 21, 2016
Pakistan government officials are the target of a recent cyber-espionage campaign from an unknown source, which has been distributing Remote Access Trojans in the hope of infecting targets and stealing sensitive documents.

An Army of Million Hacked IoT Devices Almost Broke the Internet
October 21, 2016
A massive DDoS attack against Dyn, a major domain name system (DNS) provider, broke large portions of the Internet on Friday, causing a significant outage to websites and services, including Twitter, GitHub, PayPal, Amazon, Reddit, Netflix, and Spotify.

How Podesta became a cybersecurity poster child
October 21, 2016
Hillary Clinton’s campaign chairman joins the roster of senior government officials and political operatives who have failed to take basic protections for their sensitive data.

UK’s new cyber security centre to debunk scare tactics and lead by example
October 21, 2016
The UK government has had enough of clichéd cyber dementor imagery, scary-sounding industry rhetoric and impossible security advice that the average consumer has no hope of following.

Ex-NSA Contractor Stole 50 TB of Classified Data; Includes Top-Secret Hacking Tools
October 20, 2016
Almost two months ago, the FBI quietly arrested NSA contractor Harold Thomas Martin III for stealing an enormous number of top secret documents from the intelligence agency.

Bahrain to host international defence exhibition & conference
October 19, 2016
Bahrain will host one of the leading international defence exhibitions next year, bringing together the key players from the region and across the world, it was announced on Wednesday.

Russian Hacker Responsible for LinkedIn Data Breach Arrested by FBI
October 19, 2016
The alleged Russian hacker arrested by the FBI in collaboration with the Czech police is none other than the hacker who was allegedly responsible for massive 2012 data breach at LinkedIn, which affected nearly 117 Million user accounts.

US, UK Cybersecurity Officials: Destructive Hacks are Coming
October 19, 2016
The world should brace itself for more physically destructive hacks, two senior cybersecurity officials said Wednesday, warning that a more dangerous era of hacking was already upon us.

Federal Regulators Want Banks to Follow Better Cybersecurity Practices
October 19, 2016
U.S. bank regulators on Wednesday outlined cyber security standards meant to protect financial markets and consumers from online attacks against the nation’s leading financial firms.

Hacks could cost British businesses £122 billion by 2018
October 17, 2016
Businesses in the UK could face up to £122 billion in fines for cybersecurity breaches in 2018, according to new findings from the Payment Card Industry Security Standards Council (PCI).

Aviation Officials Step Up Cybersecurity Checks of Older Messaging System
October 16, 2016
Concerns that decades-old data-transmission network is vulnerable to hacking fuel movement to modernize

Crack for Charity — GCHQ launches ‘Puzzle Book’ Challenge for Cryptographers
October 15, 2016
The UK’s Signals Intelligence and Cyber Security agency GCHQ has launched its first ever puzzle book, challenging researchers and cryptographers to crack codes for charity.

EU prepares for ‘dark scenario’ of cyber attacks that could devastate power and communication networks
October 14, 2016
Since April, more than 700 security experts have been battling a fictional cyber security crisis as part of the EU’s biggest defence exercise to date. Featuring power cuts, drones and ransomware, the series of fictional attacks has targeted European digital networks.

Classified U.S. Defense Network Outage Hits Air Force’s Secret Drone Operations
October 12, 2016
The Air Force is investigating the connection between the failure of its classified network, dubbed SIPRNet, at Creech Air Force Base and a series of high-profile airstrikes that went terribly wrong in September this year.

OffensiveWare Sold on Hacking Forums as Exploit Builder and Next-Gen Keylogger
October 12, 2016
The latest addition to the malware scene is a new set of hacking tools advertised under the OffensiveWare brand, available as rentable MaaS (Malware-as-a-Service) toolkits, and sold on hacking forums.

Third JPMorgan Hacker Detained in Moscow
October 12, 2016
Joshua Samuel Aaron, 32, a US citizen suspected of several high-profile hacks, has been detained by Russian authorities since May 2016, after violating the conditions of his visa.

Researchers Demonstrated How NSA Broke Trillions of Encrypted Connections
October 12, 2016
Researchers from University of Pennsylvania, INRIA, CNRS and Université de Lorraine have practically proved how the NSA broke the most widespread encryption used on the Internet.

Nuclear Power Plant Disrupted by Cyber Attack
October 11, 2016
The head of an international nuclear energy consortium said this week that a cyber attack caused a “disruption” at a nuclear power plant at some point during the last several years.

Facebook, Twitter and Instagram Share Data with Location-based Social Media Surveillance Startup
October 11, 2016
Facebook, Instagram, Twitter, VK, Google’s Picasa and Youtube were handing over user data access to a Chicago-based Startup — the developer of a social media monitoring tool — which then sold this data to law enforcement agencies for surveillance purposes.

New Odinaff Trojan Targeting Banking Sector Linked to Carbanak Gang
October 11, 2016
Symantec has discovered evidence that a new trojan that’s predominantly targeting the banking sector has ties with Carbanak, a cybercrime gang responsible for stealing more than $1 billion from 100 banks across 30 countries in 2013 and 2014.

Microsoft Patches Five Zero Days Under Attack
October 11, 2016
Microsoft today patched a handful of zero-day vulnerabilities that have been publicly attacked in Internet Explorer, Edge, Windows and Office products

Singapore launches S$10m programme to help boost ASEAN cybersecurity know-how
October 11, 2016
The Republic on Tuesday (Oct 11) announced the launch of its S$10 million ASEAN Cyber Capacity Programme aimed at enhancing the cybersecurity resources and know-how among fellow Southeast Asian member states

Adobe Patches 12 Critical Security Flaws and Keeps Flash Safe for One More Month
October 10, 2016
While many security experts say that Adobe should just discontinue Flash and save us all a world of trouble, the company seems entrenched in its decision to support Flash whatever it takes and has issued today another security patch, which this month has fixed 12 critical-level security flaws.

Challenge! WIN $50,000 for Finding Non-traditional Ways to Detect Vulnerable IoT Devices
October 10, 2016
If you are concerned about the insecurity of Internet of Things, have good hands at programming and know how to hack smart devices, then you can grab an opportunity to earn $50,000 in prize money for discovering the non-traditional ways to secure IoT devices.

HHS Funnels Funding Into Cybersecurity For Health Sector
October 10, 2016
A total of $350,000 in awards will help strengthen cybersecurity response in healthcare.

Super funds targeted in cyber attacks: APRA
October 10, 2016
Australia’s $2.1 trillion pool of retirement savings is being targeted disproportionately in serious cyber attacks on the financial sector, official figures suggest.

Xi Pushes for Homegrown Network Technology to Improve National Cybersecurity
October 10, 2016
President Xi Jinping called on Sunday for greater efforts to develop homegrown network technology to improve cybersecurity, amid a lingering spat between China and the United States over hacking allegations.

Israel ready to assist India with a comprehensive and effective cyber security plan
October 7, 2016
Israel is ready to assist India with a comprehensive and effective cyber security plan to counter threats from industrial hackers as well as extremist groups, according to Col Ram Dor

NZ businesses lag behind in cyber security
October 7, 2016
Research has found New Zealand businesses are lagging behind the rest of the world when it comes to protecting themselves from cyber attacks.

Cybersecurity Expert: Hackers “Will Abuse” Your Brain Waves
October 7, 2016
Keep your thoughts to yourself if you don’t want to get hacked.

Hack warnings prompt cyber ‘security fatigue’
October 6, 2016
Relentless cybersecurity warnings have given people “security fatigue” that stops them keeping themselves safe, suggests a study.

ATM Malware Gang Slowly Dismantled by British Police
October 6, 2016
London Police is slowly dismantling an ATM malware gang operating out of Romania, which authorities say is responsible for stealing £1.6 million ($2 million) from UK cash machines.

NSA government contractor ‘stole classified files’
October 5, 2016
A National Security Agency contractor has been arrested, accused of taking top secret information, officials say.

TalkTalk fined £400,000 for theft of customer details
October 5, 2016
TalkTalk has been fined a record £400,000 for poor website security which led to the theft of the personal data of nearly 157,000 customers.

Yahoo Built a Secret Tool to Scan Your Email Content for US Spy Agency
October 4, 2016
Yahoo might have provided your personal data to United States intelligence agency when required.

Russian cybersecurity firms greenlit to hack Viber, WhatsApp encryption – report
October 4, 2016
Russian cybersecurity companies have a greenlight to decrypt traffic of such popular communication tools as Viber, WhatsApp, Skype and Facebook Messenger.

Insulin Pump Security Flaws Could Be Used to Set Off Hypoglycemic Reactions
October 4, 2016
People with diabetes that use OneTouch Ping insulin pumps made by Animas, a Johnson & Johnson subsidiary, might want to check their mail in the upcoming days for instructions on how to secure their device against remote hacking.

Download: 68 Million Hacked Dropbox Accounts are Just a Click Away!
October 3, 2016
Over a month ago, The Hacker News reported about the Dropbox Hack, where hackers had managed to steal more than 68 Million Dropbox accounts in a data breach that was initially disclosed by the online cloud storage platform in 2012.

A major Internet of Things hack has shown the importance of cybersecurity
October 3, 2016
Hackers were recently able to obtain access to a wide variety of connected devices, prompting new concerns over the security of the IoT, The Wall Street Journal reports.

DNV Partners With Oil, NatGas Sector to Buffer Cybersecurity Challenges
October 3, 2016
To protect oil and natural gas installations against cybersecurity threats, DNV GL is partnering with Royal Dutch Shell plc, Statoil ASA and others to develop an industry best practice.

Russia stresses importance of cybersecurity cooperation with Indonesia
October 3, 2016
Cybersecurity threats are an acute problem for the international community, requiring stronger intergovernmental cooperation to tackle, a top Russian diplomat has said.

Source Code for IoT botnet responsible for World’s largest DDoS Attack released Online
October 3, 2016
With rapidly growing Internet of Thing (IoT) devices, they have become a much more attractive target for cybercriminals.

Billion-dollar cyber security start-up Tanium to float
October 2, 2016
California company valued at $3.5bn plans filing in next few months