Security in the News – Week of October 21

Information Security

Computerworld

Researchers Attack Ship Tracking Systems for Fun and Profit

October 21

Hackers have proven that pretty much anything can be hacked, especially when protocols are designed without any thought to security.

 

EU to Suspend Data Sharing Deal with US

October 23

Parliament votes to suspend the terrorist finance tracking program over the NSA spy scandal.

 

Detroit Free Press

How FBI Brought Down Cyber-Underworld Site Silk Road

October 22

Computer experts suspect the government simply beat the cyber-pirates at their own game: hacking.

 

Help Net Security

Data Visualization of Global DDoS Attacks

October 22

Arbor Networks collaborats with Google Ideas to create a data visualization that maps global DDoS attacks.

 

Top US Cities for Online Fraud Origination

October 23

Santa Clara, CA, is nation’s top spot for online fraudsters, followed by San Jose, CA, Chesterfield, MO, New York, NY and Atlanta, GA.

 

SC Magazine

Must Haves to Make the Framework for Cyber Security Useful

October 21

NIST to release Cybersecurity Framework – standards, methodologies, procedures, processes, guidelines to help businesses address risks, develop plan to improve security posture.

 

Despite Apple’s Claims, iMessage is Vulnerable to Decryption

October 21

Researchers discovered Apple’s popular iMessage instant messaging system is not as encrypted as the iOS-producing company led users to believe.

 

US Enterprises in Path of Data-Hijacking Sazoora Campaign

October 22

Researchers detected new variant of Sazoora malware, a data-hijacking trojan currently targeting US users as part of an international campaign.

 

Security Affairs

How a Simple Bug Could Cause a Disaster

October 22

Researcher discovered a serious vulnerability in Verizon Wireless’s customer portal that enabled anyone to download user’s SMS message history.

 

Security Dark Reading

Catching Mobile Malware In The Corporate Network

October 23

As more malicious mobile apps arrive, security firms roll out different methods of detecting the malware inside business networks.

 

State of Security

VP Cheney’s Heart Defibrillator Tweaked to Thwart Attacks

October 21

VP Cheney had adjustments to implanted heart defibrillator to disable device’s wireless functions as precaution against potentially fatal hacker attack.

 

Threat Post

Fake Dropbox Password Reset Spam Leads to Malware

October 21

New spam aimed to users of Dropbox; emails purport to come from service, but lead those who click to malware landing page.

 

We Live Security

Cyberattacks Against Major Firms Double in One Year

October 21

Cyber-attacks doubled in 2012-2013, according to report released by investigators Kroll – and third of large companies still do not invest in security.

 

Over Risky Behavior of Under-12s Online – Parents Need to Take Action

October 21

Nearly 1 in 5 9-11 year olds having physically met strangers encountered online.

 

Half of PC Users Ignore Virus Alerts – Middle-aged are Worst Culprits

October 22

35-44 are twice as likely to disregard warnings about attack websites as two years ago; one in five users ignore warning and visit websites anyway.

 

Is This How Indonesia Topped Malicious Traffic Charts?

October 23

Content delivery network provider Akamai released its State of the Internet report for second quarter of 2013.

 

Security and Crisis Management

ABC News

3 Killed in Latest Bangladesh Protests

October 25

3 killed and more than 60 people hurt when security officials clashed with opposition supporters trying to defy ban on protests, days before planned national general strike.

 

Miami Herald

Iraq Attacks Kill 10,

Including TV Camera Man

October 24

Bombings and shootings across Iraq, killing of television cameraman, left 10 dead as a wave of violent attacks.

 

Reuters

Pirates Kidnap Two US Sailors off Nigerian Coast

October 24

Pirates attacked oil supply vessel off Nigerian coast, kidnapped captain and chief engineer, both US citizens.

Security in the News – Week of October 14

Information Security

Computerworld

Brazil to Fortify Government Email Due to NSA Revelations

October 14

Federal Data Processing Service has been tasked with making a secure email system for federal government.

 

Hackers Attack PR Newswire, Get User Data

October 17

Stolen data includes account customer credentials and contact information.

 

Dark Reading

The Long Shadow Of Saudi Aramco

October 14

New threats, realities of targeted attacks forcing oil and gas companies to rethink and drill down on security.

 

Help Net Security

Researchers Crack Vessel Tracking System

October 16

Automated Identification Systems (AIS) can be easily hacked in order to do some real damage.

 

DDoS Attack Size Accelerating Rapidly

October 17

Global  attack trends show DDoS continues to be a global threat, with alarming increases in attack size this year.

 

InfoWorld

Hackers use Botnet to Scrape Google for Vulnerable Sites

October 15

Hackers using botnet to scour Google for websites that use vulnerable installations of the vBulletin forum software.

 

InfoSecurity

Google-Backed File-Sharing Service Spreads Chinese Malware

October 14

Xunlei has hundreds of millions of users in China. And, it was recently found to be distributing a signed malware known as KanKan.

 

Hackers Target Mandiant CEO Via Limo Service

October 15

CEO famously highlighted Chinese cyber-espionage efforts earlier may be feeling effect of retaliation.

 

PC Magazine

Indonesia Tops China as Cyber Attack Capital

October 16

Indonesia accounting for 38 percent of attacks, China with 33 percent and U.S. with 6.9 percent.

 

State of Security

Gartner: Configuration Hardening Required for Security and Compliance

October 14

Security config management is an effective security control to implement, and foundational to many regulatory standards and security frameworks.

 

More Than One-in-Three Breaches Due to Insiders

October 15

Forrester report indicates more than one-third of reported data breaches involved insider, whether maliciously or errant data handling.

 

Social Engineering Key to Metasploit DNS Hijacking Attack

October 16

Key mechanism for attack against Metasploit and Rapid7 is believed to be social engineering of an employee at Registrar.com by a pro-Palestine hacker group called KDMS.

 

We Live Security

Five New Tricks used by Cybercriminals

October 15

Latest traps laid by cybercriminals.

 

Wired

Researchers Uncover Holes That Open Power Stations to Hacking

October 16

Vulnerabilities discovered in products used in critical infrastructure systems to allow attackers to crash or hijack the servers controlling electric substations and water systems.

 

Security and Crisis Management

BBC

Syrian Intelligence Chief Killed in Deir al-Zour

October 18

State television reported that Gen Jamaa died while “carrying out his national duties” and “pursuing terrorists” in Deir al-Zour.

 

International New York Times

Myanmar: More Mysterious Explosions

October 17

Three small bombs went off in eastern Myanmar, killing one and wounding six, the latest in a series of unexplained explosions.

 

Radio Free Europe

IED Explodes Near Caucasus Mosque, Human Remains Found

October 18

Police in Russian Republic of Kabardino-Balkaria are investigating deadly blast near village mosque that appears to have been a bomb that exploded prematurely.

 

Reuters

Pirate Attacks by Heavily Armed Gangs Surge off Nigerian Coast

October 17

Pirate attacks off Nigeria’s coast have jumped by a third this year with ships passing through West Africa’s Gulf of Guinea, a major commodities hub.

 

The Washington Post

Indonesian Police Kill Suspected Militant, Arrest 2 in Anti-Terror Raid

October 17

Indonesia’s elite anti-terrorism squad shot and killed one suspect and arrested two others, seizing weapons and fertilizer allegedly for bomb making from group suspected of planning terrorist attacks.

Security in the News – Week of October 7

Information Security

Computerworld

The Practicality of the Cyber Kill Chain Approach to Security

October 7

Cyber Kill Chain approach, and whether it might be a good fit for your organization.

 

Chinese Hackers Miss Google Network, But Checks Go On

October 7

Google exec says US government networks are in danger because no one is there during the shutdown to stop hackers.

 

New NIST Cybersecurity Standards Could Pose Liability Risks

October

Once passed, standard will become benchmark to measure critical infrastructure security programs.

 

CSO

Maker of Black Hole Exploit Kit Arrested in Russia

October 8

Researchers claim person behind one of the greatest scourges of Internet had been arrest, details remain vague with no official word from authorities in Russia.

 

Krebs on Security

Bulletproof Hoster Santrex Calls It Quits

October 9

Web hosting provider courted cybercrime forums and created haven for nest of malicious sites, is shutting its doors citing internal network issues and recent downtime.

 

Network World

The Autonomous Hackable Car

October 9

It is time to start thinking of your car as another mobile device.

 

Toll of Enterprise Cybercrime: $11.8 Million Per Year; 122 Attacks Per Week

October 8

Ponemon Institute survived 60 large companies and found the toll of cybercrime is growing.

 

SC Magazine

Gameover Trojan Hides Activity in Encrypted SSL Connections to Defraud Victims

October 7

Saboteurs spreading the Gameover banking trojan are hosting Zeus variant on number of infected sites and using encrypted SSL connection to remain undetected.

 

Alleged Anonymous Members Indicted Led Unassuming Lives

October 9

Dozen men belonging to Anonymous and indicted on charges of launching DDoS against major sites are proving hacker stereotypes are the farthest thing from truth.

 

Nearly 50k Patient Credit Cards Compromised by Insider

October 9

46K patients of Scottsdale Dermatology may have had personal information compromised, one suspect an employee of the medical practice’s billing firm.

 

Facebook Phishing Attack Preys on Users Desiring to Know Profile Viewers

October 10

Want to know who is visiting your Facebook page?

 

Security Affairs

2013 Norton Report, the Impact of Cybercrime According Symantec

October 9

Annual research study which examines the consumers’ online behaviors, the dangers and financial cost of cybercrime.

 

TripWire

Enterprises are Failing to Mitigate Insider Threats

October 8

Report on mitigation efforts within enterprise reveals majority of organizations are failing to take necessary steps to counter potential losses due to insider threats.

 

USA Today

Google Chrome’s Cache Exposes Personal Data

October 10

Major security flaw in Google’s popular Chrome browser was exposed by data management firm Identity Finder.

 

We Live Security

Banks to Face Biggest Cyber War Game Ever in UK

October 8

Cyber war game will test Britain’s financial system to its limits in a virtual attack to test defenses of banks, markets and payments systems against a simulated attacks.

 

EU Cyber Agency Warns of Outdated Systems in Power Plants

October 9

Cyber-attacks against Industrial Control Systems pose risk to power plants and other critical infrastructure, and action is needed to ensure nations stay safe.

 

Security and Crisis Management

Al Arabiya

Car Bomb Set off Near Swedish Consulate in Libya’s Benghazi

October 11

Car bomb explodes outside Swedish consulate in Benghazi, damaging front of building and nearby houses.

 

Reuters

France Says its Forces Kill 10 Islamist Militants in Mali

October 10

French Special Forces killed 10 militants in northern Mali this month, as simmering violence threatens security at November elections and will delay French troop withdrawal.