Security news this week: hackers hit NASA before the holidays

The week started with bombshell Senate reports on the Russian campaign to influence the 2016 presidential election. We dived deep to explain how Russians used meme warfare to divide America, why Instagram was the Internet Research Agency’s go-to social media platform for spreading misinformation, and how Russians specifically targeted black Americans in an effort to exploit racial wounds.

FCA: Cyber Resilience a Top Concern for Financial Firms

The majority of financial firms rank cyber-resilience as their top concern, with people, visibility and third-party risk key challenges, according to the Financial Conduct Authority (FCA).

The UK regulator’s latest report, Cyber and Technology Resilience: Themes from cross-sector survey 2017 – 2018, is based on interviews with nearly 300 firms over the past 24 months.

The number of technology outages reported to the FCA over the past year increased 138%, with cyber-attacks accounting for 18% of operational incidents.

Congress Votes to Create Federal Cybersecurity Agency

The United States House of Representatives voted unanimously to pass legislation creating the Cybersecurity and Infrastructure Security Agency (CISA) within the Department of Homeland Security (DHS).  The CISA Act (H.R. 3359), which passed the Senate in October and now heads to the President’s desk to be signed into law, would reorganize DHS’ National Protection and Programs Directorate (NPPD) into a new agency and prioritize its mission as the Federal leader for cyber and physical infrastructure security.

“Today’s vote is a significant step to stand up a federal government cybersecurity agency,” said Secretary Kirstjen M. Nielsen. “The cyber threat landscape is constantly evolving, and we need to ensure we’re properly positioned to defend America’s infrastructure from threats digital and physical.  It was time to reorganize and operationalize NPPD into the Cybersecurity and Infrastructure Security Agency.  I thank Chairman Michael McCaul and Ranking Member Bennie Thompson for recognizing our critical role and both starting and completing this transformation in the House of Representatives.  I also thank Chairman Ron Johnson and Ranking Member Claire McCaskill for their tireless support of the CISA Act in the Senate.”

Biggest phish in the sea? These banks are growing targets

Phishing is the one cybersecurity issue that never seems to go away.

Despite the repeated warnings and efforts at raising customer awareness, cyberthieves continue to trick users with fake emails resembling legitimate ones, intended to direct them to a link where thieves can steal their credentials.

Perversely, cybercriminals are in fact exploiting that awareness, said Adrien Gendre, CEO of Vade Secure North America, which just released a report on phishing attempts via spoof emails in the third quarter.

9.4 million clients affected in massive Cathy Pacific hack

Cathay Pacific Airways, Asia’s biggest international carrier, said a hacker gained access to information on about 9.4 million passengers, the third major global airline to report a data breach this year. The stock fell to the lowest level in more than nine years.

The Hong Kong-based carrier discovered suspicious activity on its network in March and confirmed the unauthorised access to some personal data in May, it said late on Wednesday. There’s no evidence any information has been misused and flight safety hasn’t been compromised, it said.

THE TINY CHIP THAT POWERS UP PIXEL 3 SECURITY

THE GOOGLE PIXEL 3 has all the betterments you would expect from a flashy flagship smartphone: great camera, zippy processor, smarter AI. It also, though, comes with an unexpected bonus, one that works so deeply in the background you’ll likely never even know it’s there. The Titan M chip may be small and discreet, but it helps make the Pixel 3 and its beefier sibling, the Pixel 3 XL, among the most secure smartphones you can buy.

The Titan M draws inspiration from the Titan chip that helps safeguard Google servers, and while they differ some in the details—the Titan M draws much less power, for instance, so as not to tax your battery—they both share the task of protecting hardware against the most sophisticated, and devastating, attacks. And because it sits entirely apart from the Pixel 3's main processor, it helps cordon off the most sensitive data your smartphone holds.

How PSD2 and Open Banking will shape the future of payments

I have spent a lot of time at FinTech conferences over the last few years contemplating the impact of PayTech, RegTech, LendTech – and everything in between – on the future of the financial services industry.

While these conferences are often long on vision, they can sometimes be rather short on reality and it is usually at this point of confluence where the importance of good old regulation comes into play.

New Xbash Malware: A Deadly Fusion of Ransomware, Botnet, Cryptominer

With cryptocurrency once again making the headlines, a new malware called Xbash has been found at Palo Alto Networks by the researchers. The malware is reported to be a deadly fusion of botnet, ransomware and cryptocurrency mining software.

The probable targets of Xbash are – servers running on Windows or Linux, it attacks poorly protected systems with weak passwords or devices functioning with unpatched known vulnerabilities.

Household appliance brand totally SHUTS DOWN following ‘targeted HACK’

A POPULAR Italian appliance brand revealed it was forced to “totally shut down systems” to safeguard customers after a “targeted hack”.

Smeg UK, a premium Italian brand, said it had a team of investigators working on the issue.

The company had urged its customers to be “patient” while they work to resolve the problem.

It is understood the cyber attack occurred earlier this week.

A statement from the company said: "Unfortunately we have been the victim of a targeted cyber attack and as such have taken immediate steps to totally shut our systems down to protect our customers and ourselves.

No.1 Adware Removal Tool On Apple App Store Caught Spying On Mac Users

A highly popular top-tier app in Apple's Mac App Store that's designed to protect its users from adware and malware threats has been, ironically, found surreptitiously stealing their browsing history without their consent, and sending it to a server in China.

What's more concerning? Even after Apple was warned a month ago, the company did not take any action against the app.

The app in question is "Adware Doctor," the Mac App Store No. 1 paid utility and also ranked as the fourth most popular paid app on the store, which sells for $4.99 and markets itself to be the "best app" to prevent "malware and malicious files from infecting your Mac."

Botnet activity in H1 2018: Multifunctional bots becoming more widespread

http://www.itnewsafrica.com/2018/08/botnet-activity-in-h1-2018-multifunctional-bots-becoming-more-widespread/?utm_source=dlvr.it&utm_medium=twitter

Kaspersky Lab researchers have published a report on botnet activity in the first half of 2018, analysing more than 150 malware families and their modifications circulating through 60,000 botnets around the world. One of the most remarkable things uncovered by the research was growing international demand for multifunctional malware that is not designed for specific purposes but is flexible enough to perform almost any task.

Botnets – nets of compromised devices used in criminal activity – are harnessed by criminals to spread malware and facilitate DDoS and spam attacks. Using Kaspersky Lab’s Botnet Tracking technology, the company’s researchers continuously monitor botnet activity to prevent forthcoming attacks, or to nip a new type of banker Trojan in the bud.  The technology works by emulating a compromised device, trapping the commands received from threat actors that are using the botnets to distribute malware.  This provides the researchers with valuable malware samples and statistics.

Eir’s Customer Data of 37,000 Clients Exposed After a Theft of a Laptop

he personal data of more than 37,000 Eir customers has been exposed includes the names, Email address, phones numbers and account numbers. Eir is a fixed, mobile, broadband telecommunications company based in Ireland.

According to a report released by the company, no financial data was exposed in the breach and the company has also reported to the Protection Commissioner. The stolen data was used by a third party in a targeted attack.

16-Year-Old Teen Hacked Apple Servers, Stole 90GB of Secure Files

Well, there's something quite embarrassing for Apple fans.

Though Apple servers are widely believed to be unhackable, a 16-year-old high school student proved that nothing is impossible.

The teenager from Melbourne, Australia, managed to break into Apple servers and downloaded some 90GB of secure files, including extremely secure authorized keys used to grant login access to users, as well as access multiple user accounts.

Belarus “shame scam” hits South Africa

A class of extortion scam which is known as the “Belarus Phishing Expedition” has reared its head in South Africa.

It attempts to trick people into paying money to prevent embarrassing information about them appearing online.

The scam requires a con-artist to trick you into believing that they have compromising information about you, and that they will send it to your friends and family unless you pay them.

The Dark Web Market: The Cost Of Malware, Exploits And Services

You may have an inkling about what goes on in the dark web. In case you do not know already, the dark web is the part of the internet not indexed by search engines. It therefore requires special software to access it’s content. The dark web market is a spot for the buying and selling of illicit materials. Forget drugs and weapons for now though, let’s focus on malicious software and services. Users with bad intent are trading these, and making a lot of money out of it.

A recent report by Positive Technologies, a security firm, highlights the flourishing dark web market. The report is based off 25 dark web trading platforms with over 3 million users. Over 10000 ads were analyzed. Interesting results were drawn.

University of Utah engineer received $2M grant to develop smarter tech to tackle power outages

A new research laboratory is being constructed in Utah. Funded by the U.S. Navy, it will develop microgrid technologies that can help communities maintain or restore their supply of electricity after a natural disaster or a cyber attack takes out the main power grid, an article in News Wise states.

When Hurricane Maria slammed into Puerto Rico in September 2017, the island and the rest of the U.S. got a bitter taste of what happens when the power grid of a major metropolis goes down. As of April 2018, the territory is still plagued by power outages that stem in part from the months-long blackout caused by the hurricane.

Ecuador to Withdraw Asylum for Wikileaks Founder Julian Assange

After protecting WikiLeaks founder Julian Assange for almost six years, Ecuador is now planning to withdraw its political asylum, probably next week, and eject him from its London embassy—eventually would turn him over to the British authorities.

Lenín Moreno, the newly-elected President of Ecuador, has arrived in London this Friday to give a speech at Global Disability Summit on 24 July 2018.

However, media reports suggest the actual purpose of the President's visit is to finalize a deal with UK government to withdraw its asylum protection of Assange.

Hacker Sold Stolen U.S. Military Drone Documents On Dark Web For Just $200

You never know what you will find on the hidden Internet 'Dark Web.'

Just about an hour ago we reported about someone selling remote access linked to security systems at a major International airport for $10.

It has been reported that a hacker was found selling sensitive US Air Force documents on the dark web for between $150 and $200.

To Hackers, We’re Bambi in the Woods

If you’re worried about terrorism, here’s a bigger threat to lose sleep over: an all-out cyberattack.

Suddenly, the electricity goes out at the office. Cellphone networks and the internet have also gone black, along with subways and trains.

The roads are jammed because traffic lights aren’t working. Credit cards are now just worthless bits of plastic, and A.T.M.s are nothing but hunks of metal. Gas stations can’t pump gas.

Banks have lost records of depositors’ accounts. Dam floodgates mysteriously open. Water and sewage treatment plants stop working.

The IoT's Perplexing Security Problems

Worldwide spending on the Internet of Things will total nearly US$773 billion this year, IDC has predicted.

The IoT will sustain a compound annual growth rate of 14.4 percent, and spending will hit $1.1 trillion by 2021, according to the firm's forecast late last year.

Consumer IoT spending will total $62 billion this year, making it the fourth largest industry segment, after manufacturing, transportation and utilities. The leading consumer use cases will be related to the smart home, including home automation, security and smart appliances, IDC said.

Ex-CIA employee charged with leaking 'Vault 7' hacking tools to Wikileaks

A 29-year-old former CIA computer programmer who was charged with possession of child pornography last year has now been charged with masterminding the largest leak of classified information in the agency's history.

Joshua Adam Schulte, who once created malware for both the CIA and NSA to break into adversaries computers, was indicted Monday by the Department of Justice on 13 charges of allegedly stealing and transmitting thousands of classified CIA documents, software projects, and hacking utilities.

Schulte has also been suspected of leaking the stolen archive of documents to anti-secrecy organization WikiLeaks, who then began publishing the classified information in March 2017 in a series of leaks under the name "Vault 7."

Chinese Cyber-Espionage Group Hacked Government Data Center

A Chinese-linked cyber-espionage unit has hacked a data center belonging to a Central Asian country and has embedded malicious code on government sites.

The hack of the data center happened sometime in mid-November 2017, according to a report published by Kaspersky Lab earlier this week.

What Israel's crack majority-women Unit 8200 hackers can teach tech about diversity

Continuous education and training of personnel is of paramount importance. Ladies are no less good at cyber security, on the contrary.

Visa Card Payment System Crash – Services Now ‘Close To Normal’

If you have just faced an embarrassing failed payment through your Visa card, then don’t worry. You aren’t the only victim who apparently ‘ran out of balance’. In fact, millions of Visa customers faced the same annoying situation across Europe on Friday, when the Visa Card payment system crashed unexpectedly, meaning the users were unable to complete their payments. Apparently, the customers were declined in such a way as if they had insufficient funds in their accounts.

On Friday, at around 2.30 p.m., Visa customers across Europe starting facing major troubles while making their payments. They couldn’t complete their shopping or any other payments through their debit/credit cards as the Visa Card payment system crashed unexpectedly.

5 ways deception tech is disrupting cybersecurity

Enterprises and their Security Operations Centers (SOCs) are under siege. Security events are being triggered from all corners of the security stack – from the firewall, endpoints, and servers, from intrusion detection systems and other security solutions.

What’s more is that security teams do not have enough people or hours in a day to analyze the alerts that are coming in, and most ‘security events’ don’t even imply an attack in progress. They often are simply sharing information (failed connections, for example) or are what we call ‘false positives’ (when a solution thinks it has found a specific vulnerability, but in fact, it hasn’t.)

How AI and machine learning are redefining cybersecurity

We are now a connected global community where many digital natives cannot remember a time before the iPhone. The rise of smart homes means that we are increasingly attaching our lighting, door locks, cameras, thermostats, and even toasters to our home networks. Managing our home automation through mobile apps or our voice illustrates how far we have evolved over the last few years.

However, in our quest for the cool and convenient, many have not stopped to consider their cybersecurity responsibilities. The device with the weakest security could allow hackers to exploit vulnerabilities on our network and access our home. But this is just the tip of the proverbial iceberg.

Cybersecurity Training and Certifications

Cyber-criminals and hackers are in the headlines almost every week. They can ruin a company's reputation and destroy the business. And the threat is increasing rapidly. This is why cybersecurity is becoming one of the world’s fastest growing business components.

But to be truly effective, cybersecurity shouldn't be just an application that comes in a box. It also must include expert teams of highly trained and qualified professionals who know how to secure every facet of the organization.

Top Cybersecurity Threats Active in the Education Sector Today – and Why You Should Care

Educational institution networks continue to be a favorite playground for cybercriminals. Because of the age and interests of the majority of educational users, these networks tend to incorporate cutting edge technologies and strategies. And at the same time, those students also tend to push hard against network restrictions, looking for workarounds to access data and applications that IT administrators may have restricted. To do that, a disproportionate number of users begin cutting their teeth on things like hacking.

Harvard Undergraduate Council Website Hacked By Iran Cyber Security Group

On Thursday evening, the Undergraduate Council website was briefly hacked by a group that calls itself “Iran Cyber Security Group” The website was restored by Friday morning by UC Vice President Nicholas D. Boucher.

The outcome of the hack upon visiting the website presented visitors with a cartoon of President Donald Trump being punched in the chin by an individual. The individual’s face was not depicted however it wore a wristband that had stripes on, the color of the stripes were similar to the color of the Iranian flag: green, white and red.

Students caught hacking teacher's email account for exam papers after returning 'near perfect' papers

Five students have been disciplined after hacking a teacher's email account in order to cheat in an exam.

The teens managed to log into the account and stole the answers for the maths test.

But they were caught - when teachers noticed all five managed to get exceptional scores in the preliminary exams.

How to Find Out Everything Facebook Knows About You

Facebook CEO Mark Zuckerberg will testify before Congress this week to explain how his company collects and handles users' personal information.

The past few weeks have been difficult for Facebook over concerns that the data of millions of users has been breached.

Facebook stores details of almost every action you have taken and interaction you have engaged in on its platform.

Finland's 3rd Largest Data Breach Exposes 130,000 Users' Plaintext Passwords

Over 130,000 Finnish citizens have had their credentials compromised in what appears to be third largest data breach ever faced by the country, local media reports.

Finnish Communications Regulatory Authority (FICORA) is warning users of a large-scale data breach in a website maintained by the New Business Center in Helsinki ("Helsingin Uusyrityskeskus"), a company that provides business advice to entrepreneurs and help them create right business plans.

Unknown attackers managed to hack the website (http://liiketoimintasuunnitelma.com) and stole over 130,000 users’ login usernames and passwords, which were stored on the site in plain-text without using any cryptographic hash.

Apple macOS Bug Reveals Passwords for APFS Encrypted Volumes in Plaintext

A severe programming bug has been found in APFS file system for macOS High Sierra operating system that exposes passwords of encrypted external drives in plain text.

Introduced two years ago, APFS (Apple File System) is an optimized file system for flash and SSD-based storage solutions running MacOS, iOS, tvOS or WatchOS, and promises strong encryption and better performance.

Facebook and Cambridge Analytica – What's Happened So Far

Top Story— Facebook has just lost over $60 billion in market value over the past two days—that's more than Tesla's entire market capitalisation and almost three times that of Snapchat.

Facebook shares plunge over revelations that personal data of 50 million users was obtained and misused by British data analytics firm 'Cambridge Analytica,' who reportedly helped Donald Trump win the US presidency in 2016.

Memcrashed – Memcached DDoS Exploit Tool

Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.

This is related to the recent record-breaking Memcached DDoS attacks that are likely to plague 2018 with over 100,000 vulnerable Memcached servers showing up in Shodan.

ISPs Caught Injecting Cryptocurrency Miners and Spyware In Some Countries

Governments in Turkey and Syria have been caught hijacking local internet users' connections to secretly inject surveillance malware, while the same mass interception technology has been found secretly injecting browser-based cryptocurrency mining scripts into users' web traffic in Egypt.

Governments, or agencies linked to it, and ISPs in the three countries are using Deep Packet Inspection technology from Sandvine (which merged with Procera Networks last year), to intercept and alter Internet users' web traffic.

Biggest-Ever DDoS Attack (1.35 Tbs) Hits Github Website

On Wednesday, February 28, 2018, GitHub's code hosting website hit with the largest-ever distributed denial of service (DDoS) attack that peaked at record 1.35 Tbps.

Interestingly, attackers did not use any botnet network, instead weaponized misconfigured Memcached servers to amplify the DDoS attack.

Earlier this week we published a report detailing how attackers could abuse Memcached, popular open-source and easily deployable distributed caching system, to launch over 51,000 times powerful DDoS attack than its original strength.

The Air Force requested $30M to develop a ‘cyber carrier’

Much like traditional military capabilities have platforms from which to launch attacks, Cyber Command and the services’ cyber components need a comparable platform.

This effort underway is called the unified platform, which some have equated to a “cyber carrier,” and the Department of Defense’s budget request for fiscal 2019 describes a plan to develop such a program.

Cybercrime is on the rise - Rise to the challenge

Because of the threat to online safety and national security, cyber security specialists are needed on a large scale to help combat everything from terror attacks to financial disasters. If you think you have the stuff to help prevent and predict these attacks, why not begin investigating cyber security education programs specially designed to help you succeed in this in-demand field?

Cybersecurity Conferences in Israel 2017 – 2018

Why Is Israel Such A Major Player in Cybersecurity?

Everyone working in Cybersecurity will agree that Israel is a big player with regards to pioneering and implementing Information IT Security. Period.

Point in case: Israel has the world’s second-largest cyber market, second only to the United States.

The obvious answer why Israel is a heavy-hitter in the Cybersecurity Conference scene as well as in the Global Industry is because of the necessity they have to protect themselves.

The State of Israel has had to be continually vigilant to handle enemies and cyber threats, and, hardly surprising, protecting Israel is an ongoing major focus of Israeli governmental strategy. As a result, the Israeli military invests places significant investment in computing technologies, particularly in the intelligence branches and within cyberterrorism. For those that are interested in the Israeli Governments drive to counter cyberterror go ahead and take a look at Israel’s legendary elite cyber intelligence unit: 8200.

Get the Ultimate 2018 Hacker Bundle – Pay What You Want

Due to the growing number of threats in the computer world, ethical hackers have become the most important player for not only governments but also private companies and IT firms in order to safeguard their systems and networks from hackers trying to infiltrate them.

By 2020, employment in all information technology occupations is expected to increase by 22 percent, where demand for ethical hackers and IT security engineers will be the strongest. So, it's high time that you should start preparing yourself in the field of ethical hacking.

Cybersecurity at Johns Hopkins Universuty

Johns Hopkins University (JHU), a world leader in teaching and research*, can provide you with the technical foundation and knowledge you need to meet our nation’s growing demand for highly skilled professionals in the fields of information security and information assurance.

With full- and part-time opportunities, evening and weekend classes at campuses throughout the Baltimore-Washington, D.C. area, and online, we provide degree and certificate programs designed to meet your personal needs and professional goals.

Iran’s Teaching Hacking in High School

Courses in computer hacking will be added to the senior high school curriculum in Iran. The announcement was made in mid-August, in order, I assume, to drum up interest and excitement. The Iranians want to enlist high school students to hack foreign drones. I kid you not, this is real.

The announcement came from FARS, a semi official media outlet that is the voice of the Iranian Republican Guard Corp (IRGC). General Ali Fazali the acting commander of the Basij militia gave the course a name. He explained that the new study is to be called “Defensive Readiness.”

Cyber Security Academic Programs

When you sign up for one of our cyber security programs at University of Maryland University College, you join an elite group poised to take advantage of a fast-growing job market offering high-paying careers.

Cybersecurity Studies - Master of Science

This Master of Science in Cybersecurity Studies takes a broad, multi-disciplinary approach to preventing and responding to large-scale cyber threats and cyber attacks. The first half of this program provides you with a foundation in network security, information assurance, cybercrime, and digital forensics. The second half of this program focuses on the issues, policies, practices, and perspectives of various sectors, critical infrastructures, agencies, and disciplines, such as national security, intelligence, criminal justice, and emergency management. Cyber threats can have an adverse effect on public confidence, stock markets, economic sectors, and other critical infrastructures. The need for trained experts in this field who can prevent, detect, and eliminate such threats is critical to our national security.