10Fold – Security Never Sleeps – 52

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerThe top cybersecurity officer in the federal Office of Personnel Management resigned Monday, just two days before she was scheduled to testify before a House panel that is continuing to investigate last year’s massive OPM data breach in which hackers compromised the personal data of more than 20 million federal employees. BlackBerry said on Wednesday that it has acquired U.K.-based cyber security consultancy Encription, moving the company deeper into the services business as it continues to morph into a more software-focused entity amid its ongoing turnaround. Prominent security researcher Troy Hunt reveals that a flaw in the Nissan Leaf can create vulnerabilities and compromise the driver’s recent journeys data. After Sony Pictures Entertainment was hacked shortly before Thanksgiving of 2014, the attackers went quiet- but now researchers say they’ve linked the attackers to the Lazarus Group.

OPM’s cybersecurity chief resigns in wake of massive data breach Publication: USA Today Reporter name: Erin Kelly

The top cybersecurity officer in the federal Office of Personnel Management resigned Monday, just two days before she was scheduled to testify before a House panel that is continuing to investigate last year’s massive OPM data breach in which hackers compromised the personal data of more than 20 million federal employees. Donna Seymour, OPM’s chief information officer, wrote in an email to her colleagues that she decided to leave so that her presence “does not distract from the great work this team does every single day for this agency and the American people.”


BlackBerry buys cybersecurity consultancy; moves deeper into services Publication: Reuters Reporter name: Harro Ten Wolde and Euan Rocha

BlackBerry said on Wednesday that it has acquired U.K.-based cyber security consultancy Encription, moving the company deeper into the services business as it continues to morph into a more software-focused entity amid its ongoing turnaround. The acquisition will bring a team of about 40 cyber security professionals, who have helped test network vulnerabilities for both government agencies and large corporate entities, into the BlackBerry fold.


API Vulnerability In Nissan Leaf Electric Vehicles Leaves Them Prone To Hacking Publication: Tech Times Reporter name: Staff

Prominent security researcher Troy Hunt reveals that a flaw in the Nissan Leaf can create vulnerabilities and compromise the driver’s recent journeys data. According to Hunt, the root of the issue is based on how the NissanConnect EV app would only require the car’s vehicle identification number (VIN) in order for anyone to take control of some settings. These include heating, air-conditioning system and even the driver’s recent journeys.


The hackers that took down Sony Pictures are still on the attack, researchers say Publication: Washington Post Reporter name: Andrea Peterson and Ellen Nakashima

After Sony Pictures Entertainment was hacked shortly before Thanksgiving of 2014, the attackers went quiet. But now researchers say they’ve linked the attackers – whom the U.S. government has said were directed by North Korea — to a chameleon-like group active since at least 2009 and still on the digital warpath, attacking systems in South Korea and elsewhere in Asia. A new report from cybersecurity firm Novetta dubs the attackers the “Lazarus Group.” AlienVault and Kaspersky Lab, say they’ve pieced together evidence that suggests the Lazarus Group was behind the Sony attack along with a string of other attacks, including a 2013 campaign against South Korean television stations and financial institutions. The Lazarus Group appears to have created monikers for previous unknown hacking groups including “NewRomanic Cyber Army Team,” the “WhoIs Team,” and “IsOne” to claim credit for hacks in the past, according to the report. But they were just as ephemeral as “Guardians of Peace.”