10Fold – Security Never Sleeps – 43

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerPalo Alto Networks found a backdoor malware that monitors and saves everything you do in Skype. Russian hackers accessed the Russian regional bank and moved the ruble-dollar rate more than 15%. A EU-US data transfer framework agreement called Privacy Shield emerged last week which cost $260B in transatlantic trade and could soon be replaced by Safe Harbor. After a nationwide search for the next smart city, 77 cities submitted proposals.

T9000 Skype backdoor malware steals audio, video, chats, screenshots, documents Publication: NetworkWorld Reporter name: Ms. Smith

The first plugin runs multiple threads, taking screenshots of the desktop, monitoring the foreground window every 20 seconds, and collecting information from Skype. If Skype is running and the victim is logged in, then the target will see a dialog box asking to allow explorer.exe to access Skype. If a victim did allow access, then T9000 also sets out to steal other files, such as documents, presentations, and spreadsheets – even those on a removable drive – including the file types: .doc, .ppt, .xls, .docx, .pptx, .xlsx. The FlaskDiskThief plugin allows the attacker to “collect files that are being passed around from one machine to another via removable drives.”


Russian Hackers Moved Ruble Rate With Malware, Group-IB Says Publication: Bloomberg Reporter name: Jake Rudnitsky & Ilya Khrennikov

Hackers used malware to penetrate the defenses of a Russian regional bank and move the ruble-dollar rate more than 15 percent in minutes, according to a Moscow-based cyber-security firm hired to investigate the attack. Russian-language hackers deployed a virus known as the Corkow Trojan to infect Kazan-based Energobank and place more than $500 million in orders at non-market rates in February 2015, Group-IB told Bloomberg, without identifying individuals behind the attack. The resulting rate swing prompted a Russian central bank investigation into potential market manipulation.


Cryptic Safe Harbor Pact ‘Privacy Shield’: Public, Possibly Soon Publication: Forbes Reporter name:  Lisa Brownlee

A cryptic EU-US data transfers framework agreement called Privacy Shield was announced last week with fanfare and obfuscation. Secrecy surrounding this pact is throwing $260 billion in transatlantic trade into deeper turmoil. However, this secret Privacy Shield replacement Safe Harbor pact could be made public, possibly soon.


The feds are ‘blown away’ by Smart City Challenge submissions Publication: CNet Reporter name: Andrew Krok

As of this writing, 77 cities submitted proposals, and 300 companies are trying to get involved through those different cities as well. “We knew there was pent-up demand out there for innovative, forward-looking efforts such as this,” Secretary of Transportation Anthony Foxx said.