10Fold – Security Never Sleeps – 76

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: New information surfaces around the Bangladesh Bank heist that lead police to believe that the bank had no firewall. Australia has pumped $230m into their cyber security efforts and claims to be able to hack their enemies “if necessary.” New research into the “Rowhammer” bug that resides in certain types of DDR memory chips raises a troubling new prospect: attacks that use Web applications or booby-trapped videos and documents to trigger so-called bitflipping exploits that allow hackers to take control of vulnerable computers. IT security stocks have soared after the seven big data breaches made public over the past three years, according to the Bessemer Venture Partners Cyber Index released Tuesday..  

Bangladesh Bank exposed to hackers by cheap switches, no firewall: police – Publication: Reuters- Reporter name: Serajul Quadir

Bangladesh’s central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world’s biggest cyber heists said. The shortcomings made it easier for hackers to break into the system earlier this year and attempt to siphon off nearly $1 billion using the bank’s SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department.


Australia says it can hack enemies as it invests $230 million in cyber security – Publication: Mashable- Reporter name: Jenni Ryall

The Australian government is watching and has the means to launch a cyber attack. On Thursday, Prime Minister Malcolm Turnbull introduced a massive A$230 million cash injection to arm the country for cyber security issues and deal with online threats it is facing, including cyber war and internal whistleblowers. Within the new Internet strategy, pushed down to page 28, the government also makes clear it has the capabilities to launch a cyber attack if necessary. “Australia’s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack,” the report reads. “Any measure used by Australia in deterring and responding to malicious cyber activities would be consistent with our support for the international rules based order and our obligations under international law.”


 DRAM bitflipping exploits that hijack computers just got easier – Publication: Ars Technica – Reporter name: Dan Goodin

The scenario is based on a finding that the Rowhammer vulnerability can be triggered by what’s known as non-temporal code instructions. That opens vulnerable machines to several types of exploits that haven’t been discussed in previous research papers. For instance, malicious Web applications could use non-temporal code to cause code to break out of browser security sandboxes and access sensitive parts of an operating system. Another example: attackers could take advantage of media players, file readers, file compression utilities, or other apps already installed on Rowhammer-susceptible machines and cause the apps to trigger the attacks


Huge data breaches have been good for security stocks – Publication: CNBC – Reporter name: Harriet Taylor

IT security stocks have soared after the seven big data breaches made public over the past three years, according to the Bessemer Venture Partners Cyber Index released Tuesday. The BVP Cyber Index tracked the capital-weighted performance since Jan. 1, 2011, of 29 public companies whose primary business is cybersecurity. Almost half of those companies are valued at more than a billion dollars. The public IT security sector outperformed the stock market by more than two times during that time, and outperformed the market by about five times the month after those breaches were made public.