10Fold – Security Never Sleeps – 80

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Yesterday, research surfaced showing how Waze, the Google-owned driving assistance app, has a vulnerability that would let hackers track users’ whereabouts unbeknownst to them. Mobile and IoT devices are still not a factor in real-world data attacks, according to Verizon’s 2016 Data Breach Investigation Report (DBIR). Conficker, Ramnit malware found in German Nuclear Power Plant ‘harmless’ since the affected systems were not connected to the Internet. The Philippine central bank has foiled attempts to hack its website, its governor said on Thursday amid a warning from global financial network SWIFT about recent multiple cyber fraud incidents targeting its system.

Google’s Waze says, ‘Nope, hackers can’t stalk you on our app’ – Publication: Re/Code – Reporter name: Mark Bergan

The Google unit released a statement addressing what it calls “severe misconceptions” about the study, released by researchers at University of California Santa Barbara, and an unnamed “news article.” In its response, Waze notes that faux car icons are the norm — a way to make users feel like they’re not so alone in places where Waze is new. And it insisted that “a stranger cannot” find or follow you while using the app. Plus, there’s a hitch here, Waze countered: Hill wanted to be found. “The reporter in the article gave her location and username to the research team,” the post reads, “which greatly simplified the process of deducing sections of her route after the fact by using a system of ghost riders.”


Mobile, IoT yet to become data breach targets  – Publication: Business Insider- Reporter name: STAFF

The annual report, which looks at emerging trends and patterns in global data breaches found a similar story in 2015 to that of 2014. While web attacks surged and financial gain and espionage remained prominent motives, mobile and IoT devices are still low priority for attacks from malicious actors. Verizon drew from over 100,000 security incidents (more than 3,100 of which were actual data breaches), and included third-party data from around 65 global organizations, including the US Department of Homeland Security and security vendors.


German Nuclear Power Plant Infected With Malware – Publication: Dark Reading – Reporter name: STAFF

A German nuclear power plant near Munich reportedly was found infected with malware. RWE, the German utility that runs the facility, has confirmed that since the plant is cut off from the Internet, the malware infection did not affect or harm operations, according to Reuters. Conficker and W32.Ramnit malware was discovered in unit B of the Gundremmingen plant on the computer system that operates the tools that move nuclear fuel rods. Conficker is a worm that can spread quickly through networks, while W32.Ramnit steals files from computers and is spread through USB sticks, for instance.


Philippine central bank says foiled attempts to hack its website – Publication: Reuters – Reporter name: Karen Lema

SWIFT’S disclosure came as law enforcement authorities in Bangladesh and elsewhere investigated the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank.”There were attempts, and I think this is a fact of life, but we have been able to turn them back,” Amando Tetangco told reporters. “Attempts are always there.” Tetangco stressed the hacking only involved its website and that it has been updating its cyber security systems. He did not say when the hacking attempts occurred.