Individuals at Risk
Cyber Privacy
Google Issues Patch as Android Qualcomm Vulnerability Impacts 60 Percent of Devices: A flaw in mobile chip maker Qualcomm’s mobile processor, used in 60 percent of Android devices, allows attackers to take control over a targeted phone or tablet under specific conditions. Researchers at Duo Labs said the vulnerability is tied to Android’s problem-plagued mediaserver, coupled with a security hole in Qualcomm’s Secure Execution Environment (QSEE). ThreatPost, May 19, 2016
Mobile App RunKeeper acknowledges sharing user geo-location data with advertisers, pushes updates: RunKeeper announced Tuesday that it had found a bug in its Android code that resulted in the leaking of users’ location data to an unnamed third-party advertising service. The blog post came four days after the Norwegian Consumer Council filed a complaint against the Boston company. ars technica, May 17, 2016
Cyber Warning
MALWARE-LACED PORN APPS BEHIND WAVE OF ANDROID LOCKSCREEN ATTACKS: Incidents of Android lockscreen malware masquerading as porn apps are a growing concern to security analysts who are forecasting an uptick in attacks. Once infected, Android users bitten by this malware appear to be locked out of their device and are forced to undergo a complex extraction of the app to win back control of their phone or tablet. ThreatPost, May 14, 2016
Cyber Update
INSTAGRAM PATCHES BRUTE-FORCE AUTHENTICATION FLAWS: Facebook on Thursday patched a pair of vulnerabilities that enabled brute-force attacks against Instagram passwords, and also hardened its password policy. ThreatPost, May 20, 2016
Apple patches 67 bugs in OS El Capitan, refreshes Safari and iTunes: Apple yesterday updated OS X El Capitan to version 10.11.5, patching nearly 70 vulnerabilities as it began to wind down changes prior to the next iteration launching later this year. ITWorld, May 17, 2016
Information Security Management in the Organization
Cyber Security Management – C Suite
Too much time spent on compliance paperwork rather than on cybersecurity management: The need to protect corporate and personal information from unauthorized and possibly nefarious eyes was front and center this week at the MIT Sloan CIO Symposium in Cambridge, Mass.. But experts failed to agree about whether the forces of good are prevailing against the bad guys or even whether breaches are increasing—or are just more public than in the past. Fortune, May 20, 2016
Berkeley’s Center for Long-Term Cybersecurity: Five 2020 Scenarios Suggest Bleak Future: Cybersecurity is a fast-morphing technology, meaning that making any assumptions about what will be needed six months from now is difficult at best. Yet, a group of researchers at the University of California, Berkeley’s Center for Long-Term Cybersecurity (CLTC) are looking even further ahead to the year 2020. TechRepublic, May 17, 2016
Cyber Crime
Noodles & Company Probes Breach Claims: Noodles & Company [NASDAQ: NDLS], a fast-casual restaurant chain with more than 500 stores in 35 U.S. states, says it has hired outside investigators to probe reports of a credit card breach at some locations. KrebsOnSecurity, May 19, 2016
Then there were 117 million. LinkedIn password breach much bigger than thought: Login credentials for as many as 117 million LinkedIn accounts have been put up for sale online by someone who is seeking more than $2,200 for the haul, a security researcher said. ars technica, May 18, 2016
Cyber Defense
5 Reasons Enterprises Still Worry About Cloud Security: The notion that the cloud is less secure than traditional networks and infrastructure is still a fear for many despite a recent survey that found that 55% of respondents had not experienced a cloud-related security incident in the last 12 months (survey was conducted from March – April 2016). DarkReading, May 19, 2016
The gravest dangers for CMS-based websites: Over a third of all websites on the Internet are powered by one of these four key open source platforms: WordPress, Joomla!, Drupal and Magento. HelpNetSecurity, May 19, 2016
PROTECTING CLOUD APIS CRITICAL TO MITIGATING TOTAL COMPROMISE: When it comes to cloud computing, APIs more or less drive everything, but in the eyes of some researchers, existing security controls around them haven’t kept pace. ThreatPost, May 19, 2016
Master Key to TeslaCrypt Released by Ransomware Gang: There’s rarely good news in the world of cybercrime. But for victims of the TeslaCrypt ransomware, there’s been a surprising twist, and one that provides relief. BankInfoSecurity, May 19, 2016
Microsoft Disables Dangerous Wi-Fi Sense on Windows 10: Microsoft has disabled its controversial Wi-Fi Sense feature, a component embedded in Windows 10 devices that shares access to WiFi networks to which you connect with any contacts you may have listed in Outlook and Skype — and, with an opt-in — your Facebook friends. KrebsOnSecurity, May 18, 2016
Google Ending Automatic Chrome Support For Flash: Google’s Chrome browser will begin to display HTML5 video and animation, when they’re available, on all but 10 websites starting in the fourth quarter of this year. It’s another serious blow to the Adobe Flash platform. InformationWeek, May 16, 2016
Researchers crack new version of CryptXXX ransomware: Researchers from Kaspersky Lab have developed a method of decrypting files affected with the latest version of CryptXXX, a malware program that combines ransomware and information-stealing capabilities. CIO, May 16, 2016
Cyber Security in Society
Cyber Privacy
Even basic phone logs can reveal deeply personal information, researchers find: The mass collection of telephone records by government surveillance programs poses a clear threat to the personal privacy of ordinary citizens, according to US researchers who used basic phone logs to identify people and uncover confidential information about their lives. TheGuardian, May 16, 2016
Who Will Own Your Data If the Tech Bubble Bursts?: Imagine that Silicon Valley’s nightmare comes true: The bubble bursts. Unicorns fall to their knees. The tech giants that once fought to attract talented developers with mini-golf and craft beer scramble to put out fires. TheAtlantic, May 13, 2016
Cyber Attack
Ubiquiti Networks Gear Used by ISPs Targeted By Worm: ISP equipment maker Ubiquiti Networks is fending off a stubborn worm targeting its networking equipment running outdated AirOS firmware. According to security experts, the worm is already being blamed for crippling networking gear in the Argentina, Brazil, Spain and the United States. ThreatPost, May 19, 2016
Cyber Espionage
Cyber espionage malware discovered in Ukraine: ESET researchers have discovered malware that has eluded the attention of anti-malware researchers since at least 2008. Detected by ESET as Win32/Prikormka, the malware is being used to carry out cyber-espionage activities in Ukraine, primarily targeting anti-government separatists in the self-declared Donetsk and Luhansk People’s Republics. ITProPortal, May 20, 2016
Cyber Underworld
Nuclear Exploit Kit: $100K monthly revenue installing Locky Ransomware on vulnerable computers: The Check Point Research team has uncovered the entire operation of one of the world’s largest attack infrastructures. Exploit Kits are a major part of the Malware-as-a-Service industry, which facilitate the execution of ransomware and banking trojans, among others. Their creators rent them to cybercriminals who use them to attack unsuspecting users. Nuclear is one of the top Exploit Kits, both in complexity and in spread. CheckPoint, May 17, 2016
Cybercriminal business model vulnerable to intervention: Cybercrime may be booming but its business model is vulnerable on many fronts, according to a new report. ITWorld, May 17, 2016
Cyber Readiness
Japan on Olympian hacking mission to test utilities, trains, telcos for 2020 Olympics: Japan will from next year conduct mock hacking exercises with governments including the United States and private sector organisations ahead of the 2020 Olympic games. TheRegister, May 20, 2016
Industry guru Tom Kellermann says cybersecurity vendors unable to morph with cybercrime problem: Today’s threat actors are more focused, funded and disruptive than ever. But the cybersecurity defense industry is not built to respond appropriately, says thought leader Tom Kellermann. What are security leaders overlooking? BankInfoSecurity, May 19, 2016
Cyber Gov
One Year After OPM Breach, KPMG Report Shows Federal Cybersecurity Continues to Struggle: Despite repeated high-profile breaches, federal government continues to struggle with its job of keeping personal data and public infrastructure safe. GovernmentTechnology, May 19, 2016
Cyber Politics
U.S. intelligence: Foreign hackers spying on campaigns: WASHINGTON — The United States sees evidence of hackers, possibly working for foreign governments, snooping on the presidential candidates, the nation’s intelligence chief said Wednesday. Government officials are assisting the campaigns tighten security as the race for the White House intensifies. FederalTimes, May 19, 2016
Financial Cyber Security
Ecuador Bank Says It Lost $12 Million in Swift 2015 Cyber Hack; Sues Wells Fargo for Loss: Cyber-criminals stole about $12 million from an Ecuadorean bank in a 2015 heist that bears all the hallmarks of later attacks against Bangladesh’s central bank and a small Vietnamese lender. Bloomberg, May 20, 2016
Old ATM malware is back and infecting machines everywhere: An old piece of ATM malware is back, and reportedly more dangerous and harder to detect than ever. According to security researchers from Kaspersky Labs, an updated piece of malware dubbed Skimer has infected numerous Windows-based ATMs across all corners of the globe. BGR, May 19, 2016
Banks, Regulators React to SWIFT Hack: Banks and regulators have begun reviewing SWIFT-related information security practices following the online heist of $81 million from Bangladesh Bank. Authorities say much of that money is still missing. BankInfoSecurity, May 19, 2016
SEC Chair Says Cybersecurity Is No. 1 Risk Facing Financial System: Cybersecurity is the biggest risk facing the financial system, says Mary Jo White, chair of the U.S. Securities and Exchange Commission. BankInfoSecurity, May 18, 2016
Secure the Village
How threat intelligence sharing can help deal with cybersecurity challenges: In the ever-shifting landscape of cyberthreats and attacks, having access to timely information and intelligence is vital and can make a big difference in protecting organizations and firms against data breaches and security incidents. TechCrunch, May 15, 2016
World Economic Forum: Fight Cybercrime Through Increased Public-Private Collaboration: The rising incidents of cybercrime could be easily checked if the private and public sectors learnt to trust each other and share relevant information regarding combating the vice, experts have said. The New Times, May 14, 2016
Cyber Miscellany
Cybersecurity investment to reach $400 million due to IoT threats: The cybersecurity industry could see a boost in venture capital, thanks to new threats the Internet of Things (IoT) provide to smart homes, autonomous cars, and future factories. ReadWrite, May 19, 2016