10Fold – Security Never Sleeps – 57

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: The Obama Administration has announced that Iranian hackers were responsible for the cyber-attack against the New York dam. Adobe has released an emergency patch for the Flash media player that fixes two dozen critical vulnerabilities. An ISIS flash drive was stolen and the 22,000 personal files of IS fighters were exposed. An ex-employee of OFcom has released significant amount of stolen information to their current employer.

First on CNN: U.S. Plans To Publicly Blame Iran For Dam Cyber Breach – Publication: CNN – Reporter name: Evan Perez and Shimon Prokupecz

The Obama administration is preparing to publicly attribute a 2013 cyber attack against a New York dam to Iranian hackers, according to U.S. officials familiar with the investigation. The Justice Department has prepared an indictment against people thought to be behind the attack, according to the officials. An announcement could come in the next week.


Adobe Issues Emergency Patch For Actively Exploited Code-Execution Bug – Publication: Ars Technica – Reporter name: Dan Goodin

Adobe has issued an emergency update for its Flash media player that patches almost two dozen critical vulnerabilities, including one that’s being maliciously exploited in the wild. CVE-2016-1010 is the common vulnerabilities and exposures designation for an integer overflow vulnerability that allows attackers to remotely execute malicious code on vulnerable computers. Adobe credited Anton Ivanov of Kaspersky Lab with discovering the zero-day vulnerability but provided no additional details.


ISIS Data Breach: Money, Misinformation Or Mutiny? – Publication: ZDNet – Reporter name: Charlie Osborne

This week, law enforcement, intelligence agencies and journalists alike rejoiced at the revelation that a store of sensitive Islamic State information had been stolen from under its nose from a bitter defector. Sky originally reported that the personal information of 22,000 IS fighters were exposed in the cache of documents, given to the outlet by a man called Abu Hamed, an alleged former Islamic State convert and Free Syrian Army member. “The files were passed to Sky News on a memory stick stolen from the head of Islamic State’s internal security police, an organization described by insiders as the group’s SS,” the publication declared. “He had been entrusted to protect the organization’s core secrets and he rarely parted with the drive.”


Ex-Employee Leaks Six Year’s Worth Of Ofcom’s Sensitive Data – Publication: Information Age – Reporter name: Chloe Green

It has come to light that Ofcom, the media regulator, has suffered the largest data breach in its history after a former employee offered a significant amount of sensitive information about various TV companies to his new employer, a major broadcaster. It has not yet emerged what the sensitive data contained, only that it could help give competitive advantage over rivals. Companies like Ofcom hold huge quantities of confidential data and this will no doubt be a big wake-up call for the communications regulator, and for other companies that hold hoards of sensitive information.