Cyber Attacks, Threats, and Vulnerabilities
11 Israeli Bank Websites Taken Down by Anonymous Tunisia and AnonGhost (Hack Read) Hacktivists going with the handles of Anonymous Tunisia and AnonGhost have taken down websites of 11 private Israeli banks in a DDoS attack. Anonymous Tunisia left a list of websites belonging to 11 different Israeli banks which were taken down few hours ago in support of Palestine. In a Tweet by Anonymous Tunisia, it was claimed that: This is just a just a beginning, this is just phase 1
Beware of counterfeit versions of top Android, iOS apps (Tech Hive) Cybercriminals are using third-party app sites to peddle reverse–engineered versions—essentially counterfeit or pirated—of almost all the most popular paid apps available on the Google Play and Apple App Stores, software firm Arxan has discovered
Attackers Wage Network Time Protocol–Based DDoS Attacks (Dark Reading) Attackers have begun exploiting an oft–forgotten network protocol in a new spin on distributed denial–of–service (DDoS) attacks, as researchers spotted a spike in so–called NTP reflection attacks this month
Thieves used USB sticks to infect ATMs, withdraw large amounts of cash (UPI Science News Via Acquire Media NewsEdge and TMC) Cyber thieves cut and drilled their way into European cash machines in order to infect them with malware this year, security researchers say
BBB warns job seekers of LinkedIn scams (Daily Journal) With many job seekers using LinkedIn to market themselves to potential employers, scammers also are finding ways to exploit the site by posing as recruiters, Better Business Bureau (BBB) warns
UPDATED: League of Legends, DOTA 2 and Other Servers Shut Down By Cyber Attack (Gamesided) UPDATE 7: 1:05am: After a long ordeal, all servers in League of Legends have been fully restored. The group has now taken down World of Tanks, however. Battle.net is also still having issues from Monday's event
Even tiny microSD cards have chips that can be hacked (BGR) Andrew "bunnie" Huang and Sean "xobs" Cross have discovered a way to hack even the small microSD cards that go inside current smartphones and tablets to increase their storage, as well as other flash–based memory solutions, presenting their findings at the Chaos Computer Congress (30C3). In a detailed blog post on bunnie:studios, Huang explained how the hack works, and why many flash cards are susceptible to being hacked and used for malicious purposes by people who are aware of this particular potentially serious security vulnerability
Another look at a cross–platform DDoS botnet (Semper Securus) I learned from a recent "Malware Must Die" post about a Linux malware sample that is associated with DNS amplification attacks. As mentioned in the MMD post, several researchers have posted on this, or similar malware. Since I'm particularly interested in Linux malware, especially if it has a DDoS component, I thought I'd also take a look
Barry University notifies patients records may have been hacked (Miami Herald) Barry University announced Monday night it is notifying patients of its Foot and Ankle Institute that their medical records and personal information may have been hacked
Employee sends info on 2,000 to personal email address, gets fired (SC Magazine) An employee with a private contractor for Colorado Medicaid was fired after sending an email to a personal account that contained sensitive information on almost 2,000 people
Mannix Marketing Acknowledges Data Breach (eSecurity Planet) Personal and credit card information for customers of Saratoga Sweets, Barkeater Chocolates, Olde Bryan Inn and Coffee Planet may have been exposed
7 sneak attacks used by today's most devious hackers (ComputerWorld) Most malware is mundane, but these innovative techniques are exploiting systems and networks of even the savviest users
UK CPNI Releases Spear Phishing Paper (US–CERT) The United Kingdom's Centre for the Protection of National Infrastructure (CPNI) has recently released a paper titled "Spear Phishing — Understanding the Threat;" this document provides guidance on how spear phishing attacks work, whether you are likely to be a target, and the steps organizations can take to manage the risks. CPNI is the UK's government authority for providing physical, personnel and information security advice to critical national infrastructure. US–CERT encourages users and administrators to review the CPNI document as well as US–CERT ST04-014, "Avoiding Social Engineering and Phishing Attacks"
Year of living dangerously — security breaches and scams of 2013 (Silicon Republic) The crushing impact of a cyber attack on individuals was brought to the public's attention on a number of occasions this year. In fact every year, the
Cyber Threats 2013: From Snowden to the Hunt for Red October (International Business Times) The last 12 months have seen the rise of mobile malware, the pernicious CryptoLocker ransomware and the emergence of Stuxnet's little sister. We look at 10 stories which encapsulate the turbulent and dramatic year that 2013 was in cyber security
Govt: Indonesia 'No. 1 Target' for Cyber Attacks (Jakarta Globe) The Communications and Information Technology Ministry has revealed that Indonesia was the world's most targeted country for cyber attack in 2013
India among six countries most affected by Bitcoin malware (NDTV) Bitcoin craze is turning into a fertile ground for cyber fraudsters as thousands
9 Notorious Hackers Of 2013 (InformationWeek) This year's hacking hall of shame includes members of Anonymous and the Blackhole cybercrime gang, plus state–sponsored groups
More companies file EAGLE II protests (Federal Times) The Department of Homeland Security's seven–year, $22 billion Eagle 2 information technology contract is getting buried under vendor protests, according to the Government Accountability Office
Air Force seeks better intelligence architectures (C4ISR & Networks) The Air Force is looking for assured cyber architectures technologies to improve the Defense Intelligence Information Enterprise
Encryption Technology: A Growing Need at Midsize Firms (Midsize Insider) This latest news is an example of the need for cryptographic technologies to protect corporate data. IT professionals at midsize firms who are
David Wolf, Fiona Barshow Named DNC Federal Civilian VPs (GovConWire) David Wolf, a 20-year project management veteran, has been appointed to serve as vice president of federal civilian programs at Data Networks Corp. Wolf will be responsible for executing business programs and growth strategies and overseeing customer satisfaction in federal civilian markets, DNC said
The Next Big Thing You Missed: Watchdox Builds Personal Bodyguard for Your Sensitive Files (Wired) With Dropbox exploding in popularity, Watchdox is betting people will want a highly protective and secure alternative
The Color of Money: Take action after Target breach (The Columbus Dispatch) One of the best parts of my job is helping address readers' financial concerns. The data breach at Target has a lot of people really worried
Don't Want Your Laptop Tampered With? Just Add Glitter Nail Polish (Wired) If you're traveling overseas, across borders or anywhere you're afraid your laptop or other equipment might be tampered with or examined, you've got a new secret weapon to improve security. Glitter nail polish
Software–Defined Networking Rises Above The Hype (InformationWeek) SDN earned plenty of hype in 2013, but the ability to program networks improves network performance and security in a more systematic and automatic fashion
Top ten SDN news stories of 2013: Cisco ACI, VMware NSX and more (Networking Digest) In 2013, the top ten SDN news stories were driven by two central themes: the rise of open networking and hardware vendors going software
Beginners' Guide To PGP (Bitcoin not Bombs) If you are new to Bitcoin it's likely you've heard some terms thrown around by Bitcoiners that you have no idea what they mean—PGP, Tor, VPN, OTR, etc. In most cases these are referring to various technologies that people use to protect their data and communications
Opinion: How infosec training is changing to stay ahead (TechTarget) Dr. Lynne Williams of Kaplan University shares her view on how infosec education is changing to keep pace with evolving attacks
Fearful of Cyber Attacks, Military Tightens Control Over Data Networks (National Defense Magazine (blog)) The Air Force's cyber command center so far has fused 120 network entry points into 16 gateways. "This already has improved our ability to secure the
Ex–NSA chief calls for Obama to reject recommendations (USA Today) Retired general Michael Hayden, former director of the National Security Agency and the Central Intelligence Agency, called on President Obama Monday to show "some political courage" and reject many of the recommendations of the commission he appointed to rein in NSA surveillance operations
What proof should be needed to show collecting intelligence that violates freedoms is worth it? (The Jerusalem Post) A perpetual battle in both the US and Israel over balancing fighting terror with violating privacy rights/freedoms has hit a crescendo this past week in the political and legal wars over the US NSA's (National Security Agency) electronic spying programs
Cyber spying? China points finger at US (The Hill) Congress is doubling down on its criticism of alleged Chinese cyber attacks despite recent revelations that the U.S. is engaged in massive spying of its own
U.S. Senator Issues Letter To Top 5 Wireless Carriers Urging Kill Switch Adoption (TechCrunch) U.S. Senator Amy Klobuchar of Minnesota has today taken up the battle cry of numerous legislators before her, calling for wireless carriers to enable new anti–theft technology on handsets. According to the Senator, one–third of robberies involve cell phone theft, resulting in an estimated $30 billion in lost or stolen phones. That said, Klobuchar has written a letter to the heads of the
Target Breach: Senators Seek Hearing (BankInfoSecurity) Three Democratic senators are calling on the Senate Banking Committee to examine whether stronger cybersecurity standards are needed to protect consumer data following a breach at Target stores that affected as many as 40 million debit and credit cards
Texas City Secretary Indicted for Insider Breach (eSecurity Planet) Lisa Moravitz allegedly forwarded Cuero Police Department e-mails to 'people who shouldn't have [them]'