Tag Archives: data breach

Security Never Sleeps- FedEx, Iranian Hackers

Cyber attack, hurricane weigh on FedEx quarterly profit

“Concerning trends of large scale attacks on business”

Package delivery company FedEx Corp (FDX.N) said on Tuesday a June cyber attack on its Dutch unit slashed $300 million from its quarterly profit, and the company lowered its full-year earnings forecast. The company said the cyber attack slashed 79 cents per share from its profit – nearly 40 times the 2 cents per share caused by deadly Hurricane Harvey, which brought catastrophic flooding to southeastern Texas.

Personal details of up to 30,000 teachers at risk following cyberattack

“Union website breached”

Up to 30,000 teachers have been warned that their personal data may have been compromised after their organizations website was hacked in recent days. The Irish National Teachers’ Organisation has notified the teachers and retired staff who have completed courses on its learning website to warn that its security systems were breached.

1.9 Billion Data Records Exposed in First Half of 2017

“Data breaches are becoming far too common”

On average 122 records are exposed in breaches around the globe every second, a new report shows. And that’s doesn’t even include the new Equifax breach data. More than 10 million data records are pilfered or lost every day around the world, a rate of more than 7,000 per minute: and that’s only the numbers from breaches that go public.

NEW GROUP OF IRANIAN HACKERS LINKED TO DESTRUCTIVE MALWARE

“Continued state-sponsored hacking”

For more than five years, Iran has maintained a reputation as one of the most aggressive nations in the global arena of state-sponsored hacking, stealing data from corporate and government networks around the world, bombarding US banks with cyberattacks, and most brazen of all, unleashing multiple waves of computer-crippling malware that hit tens of thousands of PCs across the Middle East. But amidst that noisy mayhem, one Iranian group has managed to quietly penetrate a broad series of targets around the world, until now evading the public eye.

Enjoy your read? Check out our other content here.

10Fold – Security Never Sleeps – 80

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Yesterday, research surfaced showing how Waze, the Google-owned driving assistance app, has a vulnerability that would let hackers track users’ whereabouts unbeknownst to them. Mobile and IoT devices are still not a factor in real-world data attacks, according to Verizon’s 2016 Data Breach Investigation Report (DBIR). Conficker, Ramnit malware found in German Nuclear Power Plant ‘harmless’ since the affected systems were not connected to the Internet. The Philippine central bank has foiled attempts to hack its website, its governor said on Thursday amid a warning from global financial network SWIFT about recent multiple cyber fraud incidents targeting its system.

Google’s Waze says, ‘Nope, hackers can’t stalk you on our app’ – Publication: Re/Code – Reporter name: Mark Bergan

The Google unit released a statement addressing what it calls “severe misconceptions” about the study, released by researchers at University of California Santa Barbara, and an unnamed “news article.” In its response, Waze notes that faux car icons are the norm — a way to make users feel like they’re not so alone in places where Waze is new. And it insisted that “a stranger cannot” find or follow you while using the app. Plus, there’s a hitch here, Waze countered: Hill wanted to be found. “The reporter in the article gave her location and username to the research team,” the post reads, “which greatly simplified the process of deducing sections of her route after the fact by using a system of ghost riders.”


Mobile, IoT yet to become data breach targets  – Publication: Business Insider- Reporter name: STAFF

The annual report, which looks at emerging trends and patterns in global data breaches found a similar story in 2015 to that of 2014. While web attacks surged and financial gain and espionage remained prominent motives, mobile and IoT devices are still low priority for attacks from malicious actors. Verizon drew from over 100,000 security incidents (more than 3,100 of which were actual data breaches), and included third-party data from around 65 global organizations, including the US Department of Homeland Security and security vendors.


German Nuclear Power Plant Infected With Malware – Publication: Dark Reading – Reporter name: STAFF

A German nuclear power plant near Munich reportedly was found infected with malware. RWE, the German utility that runs the facility, has confirmed that since the plant is cut off from the Internet, the malware infection did not affect or harm operations, according to Reuters. Conficker and W32.Ramnit malware was discovered in unit B of the Gundremmingen plant on the computer system that operates the tools that move nuclear fuel rods. Conficker is a worm that can spread quickly through networks, while W32.Ramnit steals files from computers and is spread through USB sticks, for instance.


Philippine central bank says foiled attempts to hack its website – Publication: Reuters – Reporter name: Karen Lema

SWIFT’S disclosure came as law enforcement authorities in Bangladesh and elsewhere investigated the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank.”There were attempts, and I think this is a fact of life, but we have been able to turn them back,” Amando Tetangco told reporters. “Attempts are always there.” Tetangco stressed the hacking only involved its website and that it has been updating its cyber security systems. He did not say when the hacking attempts occurred.

10Fold – Security Never Sleeps – 76

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: New information surfaces around the Bangladesh Bank heist that lead police to believe that the bank had no firewall. Australia has pumped $230m into their cyber security efforts and claims to be able to hack their enemies “if necessary.” New research into the “Rowhammer” bug that resides in certain types of DDR memory chips raises a troubling new prospect: attacks that use Web applications or booby-trapped videos and documents to trigger so-called bitflipping exploits that allow hackers to take control of vulnerable computers. IT security stocks have soared after the seven big data breaches made public over the past three years, according to the Bessemer Venture Partners Cyber Index released Tuesday..  

Bangladesh Bank exposed to hackers by cheap switches, no firewall: police – Publication: Reuters- Reporter name: Serajul Quadir

Bangladesh’s central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world’s biggest cyber heists said. The shortcomings made it easier for hackers to break into the system earlier this year and attempt to siphon off nearly $1 billion using the bank’s SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department.


Australia says it can hack enemies as it invests $230 million in cyber security – Publication: Mashable- Reporter name: Jenni Ryall

The Australian government is watching and has the means to launch a cyber attack. On Thursday, Prime Minister Malcolm Turnbull introduced a massive A$230 million cash injection to arm the country for cyber security issues and deal with online threats it is facing, including cyber war and internal whistleblowers. Within the new Internet strategy, pushed down to page 28, the government also makes clear it has the capabilities to launch a cyber attack if necessary. “Australia’s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack,” the report reads. “Any measure used by Australia in deterring and responding to malicious cyber activities would be consistent with our support for the international rules based order and our obligations under international law.”


 DRAM bitflipping exploits that hijack computers just got easier – Publication: Ars Technica – Reporter name: Dan Goodin

The scenario is based on a finding that the Rowhammer vulnerability can be triggered by what’s known as non-temporal code instructions. That opens vulnerable machines to several types of exploits that haven’t been discussed in previous research papers. For instance, malicious Web applications could use non-temporal code to cause code to break out of browser security sandboxes and access sensitive parts of an operating system. Another example: attackers could take advantage of media players, file readers, file compression utilities, or other apps already installed on Rowhammer-susceptible machines and cause the apps to trigger the attacks


Huge data breaches have been good for security stocks – Publication: CNBC – Reporter name: Harriet Taylor

IT security stocks have soared after the seven big data breaches made public over the past three years, according to the Bessemer Venture Partners Cyber Index released Tuesday. The BVP Cyber Index tracked the capital-weighted performance since Jan. 1, 2011, of 29 public companies whose primary business is cybersecurity. Almost half of those companies are valued at more than a billion dollars. The public IT security sector outperformed the stock market by more than two times during that time, and outperformed the market by about five times the month after those breaches were made public.

10Fold – Security Never Sleeps – 70

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  Adobe Systems released a security update for Flash Player to fix 24 critical vulnerabilities, including one that hackers have been exploiting to infect computers with ransomware over the past week. Yesterday, news broke that The National Childbirth Trust has apologized to their 15,000 new and expectant parents after their registration details were accessed in a “data breach” where email addresses, usernames and passwords were “compromised.” At this very moment in New York City, you can walk up to one of 65 futuristic kiosks, punch in an email address on your phone and instantly receive a wireless Internet connection that follows you around town. While most of the reported incidents of data being held hostage have purportedly involved a careless click by an individual on an e-mail attachment, an emerging class of criminals with slightly greater skill has turned ransomware into a sure way to cash in on just about any network intrusion.

Adobe patches actively exploited Flash Player vulnerability in 24 flaw fix – Publication: PC World – Reporter name: Lucian Constantin

Adobe Systems released a security update for Flash Player to fix 24 critical vulnerabilities, including one that hackers have been exploiting to infect computers with ransomware over the past week. The company advised users Thursday to upgrade to the newly released Flash Player on Windows and Mac and Flash Player on Linux. The Flash Player was build bundled with Google Chrome on all platforms, Microsoft Edge and Internet Explorer. Twenty-two of the newly patched vulnerabilities can result in remote code execution on users’ computers, one can lead to a security feature bypass and one can be used to bypass the memory layout randomization mitigation that’s supposed to make exploitation harder in general.


National Childbirth Trust data breach: Industry reaction – Publication: ITProPortal – Reporter name: Sam Pudwell

Yesterday, news broke that The National Childbirth Trust has apologized to their 15,000 new and expectant parents after their registration details were accessed in a “data breach” where email addresses, usernames and passwords were “compromised.” Various industry professionals have offered their analysis and insight into yet another example of the security landscape threatening organizations all over the world. Simon Crosby, CTO and co-founder of Bromium said, “When we hear about attacks that have persisted on a compromised system for weeks or even months before detection, it is unlikely that hackers were waiting to take advantage of the breach, but far more likely that existing detection-based systems failed to properly respond to the attack.”


The tremendous ambitions behind New York City’s free WiFi – Publication: The Washington Post – Reporter name: Brian Fung

At this very moment in New York City, you can walk up to one of 65 futuristic kiosks, punch in an email address on your phone and instantly receive a wireless Internet connection that follows you around town. In a city of more than 8 million, that might not sound like much. But the WiFi kiosks, known individually as Links, offer a proof-of-concept for a wider planned network of some 7,500 hotspots across the city. Imagine if you switched them all on at once. This public connectivity could someday wind up supplementing — if not replacing — some New Yorkers’ existing Internet subscriptions, said Intersection’s chief innovation officer, Colin O’Donnell. Instead of browsing the Web through your home WiFi or 4G LTE, just pop onto the nearest Link’s WiFi signal.  The sheer volume of information gathered by this powerful network will create a massive database of information that will present attractive opportunities for hackers.


Ok, panic – newly evolved ransomware is bad news for everyone – Publication: Ars Technica – Reporter name: Sean Gallagher

While most of the reported incidents of data being held hostage have purportedly involved a careless click by an individual on an e-mail attachment, an emerging class of criminals with slightly greater skill has turned ransomware into a sure way to cash in on just about any network intrusion. And that means that there’s now a financial incentive for going after just about anything. While the payoff of going after businesses’ networks used to depend on the long play—working deep into the network, finding and packaging data, smuggling it back out—ransomware attacks don’t require that level of sophistication today. It’s now much easier to convert hacks into cash. This week’s randomware attack at Maryland’s MedStar Health hospital network is a prime example. For more than a week, 10 hospitals operated without access to their central networks, because the Windows servers controlling MedStar’s domains were locked down by the ransomware variant known as Samsam.

10Fold – Security Never Sleeps – 67

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  Trump luxury hotels have suffered a potential mass data breach. Details from the Panama Papers investigation revealed that all of the stolen data is now being hosted in the Amazon cloud. The White House, US department of Homeland Security and industry experts created a certification program for IoT devices. Osterman Research consultants revealed that 18% of companies have suffered malware infections because of social networks.

Some Trump hotels hit by data breach: Report– Publication: CNBC – Reporter name: Jacob Pramuk

A line of luxury hotels linked to businessman and Republican presidential contender Donald Trump is investigating a possible credit card breach, Krebs on Security reported Monday, citing sources. The cyber security news site said financial industry sources noticed a string of fraud on customer credit cards used at the Trump Hotel Collection. The activity appeared on cards used in the past two to three months at properties including the Trump International Hotel New York, Trump Hotel Waikiki in Honolulu and the Trump International Hotel & Tower in Toronto, sources told the outlet.


From Encrypted Drives To Amazon’s Cloud — The Amazing Flight Of The Panama Papers – Publication: Forbes – Reporter name: Thomas Fox-Brewster

It was an epic haul. Whoever caused the Panama Papers breach at tax avoidance and offshore company specialist Mossack Fonseca leaked an astonishing 11 million documents and 2.6 terabytes of data, the largest of all time. Where’s all of that data stored now? In an Amazon cloud data center, accessible to anyone who knows the URL and has a password. The journey of those files, from the leaks to the revelations, is an astonishing example of developers working with journalists to keep whistleblowers and the information they supply safe and, just as crucially, usable. With the extra kicker: it was largely done using free, open source technology.


‘CyberUL’ Launched For IoT, Critical Infrastructure Device Security – Publication: Dark Reading – Reporter name: Kelly Jackson Higgins

Internet of Things (IoT) devices and industrial systems used in critical infrastructure networks now have an official UL (United Laboratories) certification program – for cybersecurity. UL today rolled out its anticipated—and voluntary–Cybersecurity Assurance Program (UL CAP), which uses a newly created set of standards for IoT and critical infrastructure vendors to use for assessing security vulnerably and weaknesses in their products. The UL CAP was created in conjunction with the White House, the US Department of Homeland Security, industry, and academia, and falls under President Obama’s recently unveiled Cybersecurity National Action Plan (CNAP) as a way of testing and certifying networked devices in IoT and critical infrastructure.


One out of five businesses are infected by Malware through Social Media – Publication: Panda Security – Reporter name: STAFF

What at first seems an unimportant habit, can have serious repercussions.  Yes, an employee risks the chance of being caught in the act, but what about the company? Osterman Research consultants have confirmed in their latest report that 18% of companies have suffered malware infections because of social networks.  Employees aren’t the only ones using these platforms, though.  Companies often have business profiles which make it more difficult to detect the source of the problem. According to this document, 73% use Facebook for work purposes, 64% use LinkedIn and 56% use Twitter.  Companies are also showing interest in collaborative platforms designed for them such as Microsoft SharePoint, different Cisco products, the Salesforce Chatter software solution and Connections, a platform developed by IBM.

10Fold – Security Never Sleeps – 58

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerThe US DoJ is now pressuring WhatsApp for access to a series of encrypted messages. Security professionals are being urged to look into how to better use their security solutions. As more and more healthcare organizations are suffering data breaches and ransomware attacks, security professionals are being held responsible for securing privacy and making steps to improve the process.

WhatsApp Faces Standoff With Feds Over Its Message Encryption – Publication: CNet – Reporter name: Lance Whitney

WhatsApp, the Facebook-owned maker of an instant-messaging app, may face the same legal conundrum as Apple in a case that centers on the thorny issue of privacy versus security. The US Department of Justice is eager to view a series of WhatsApp messages for a criminal investigation, a move that has been given the go-ahead by a federal judge, The New York Times reported Saturday. But the messages are encrypted, meaning no one, not even WhatsApp, can unscramble them so that they’re readable.


Defense In Depth: Stop Spending, Start Consolidating – Publication: CSO – Reporter name: Kacy Zurkus

When it comes to layered defense and security tools, less is often more just as more can sometimes be less. The average enterprise uses 75 security products to secure their network. That’s a lot of noise and a lot of monitoring and testing for security practitioners. To make sure that the security tools not only work but work in harmony with each other, some security professionals recommend taking a closer look at the layers of the security ecosystem to eliminate redundancies that contribute to alert overload.


Cancer Center Breach Another Symptom Of Healthcare’s Growing Epidemic – Publication: Dark Reading – Reporter name: Kelly Jackson Higgins

Healthcare organizations suffer about one cyberattack per month on average as well as the loss or exposure of patient data, according to a new Ponemon Group report published last week. About 13% of healthcare organizations in the US don’t know for sure how many attacks they have experienced, the report found. A recent analysis by Trend Micro of 10 years of data breaches catalogued by nonprofit Privacy Rights Clearinghouse found that more than one-fourth of all reported data breaches since 2005 came from healthcare organizations. And those are only the ones that were reported; experts believe this is only the tip of the iceberg today in healthcare, where patient financial and insurance information is financially lucrative for the bad guys.


North Korea Slams Seoul’s Cyber-Attack Accusations – Publication: Security Week – Reporter name: STAFF

North Korea on Sunday blasted Seoul’s accusation that Pyongyang had launched a series of cyber attacks targeting South Korean government officials, calling the allegation a “bullshit” fabrication. Seoul’s National Intelligence Service (NIS) last week accused North Korean agents of hacking into the smartphones of dozens of key South Korean officials, stealing phone numbers and texts. The accusation follow claims earlier this year from the NIS that North Korean hackers sent phishing emails to the South’s state railway authorities in preparation for cyber terror attacks on traffic control systems. The North’s state-run Rodong Sinmun newspaper lashed out at the hacking accusations, saying they were cooked up by Seoul to shore up support for controversial surveillance legislation.

10Fold – Security Never Sleeps – 41

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerTop lawmakers are concerned that the IRS outage might have been caused by a hacker. 20 million accounts on Alibaba’s site have been exposed to potential attackers. According to a new survey, the riskiest mobile users are actually businessmen. University of Central Florida has been hacked and 63,000 student and employee social security numbers have been leaked.

Oversight chairman: IRS outage ‘may be a hack’ – Publication: The Hill – Reporter name: Cory Bennett

A top House lawmaker on Thursday suggested hackers had caused the Internal Revenue Service’s hardware failure. Late Wednesday night, a number of the IRS’s tax processing systems went down because of technical problems, the agency said. “My initial gut reaction is that may be a hack,” said House Oversight Committee Chairman Jason Chaffetz (R-Utah) on Fox Business Network’s “Mornings With Maria.”

“You just don’t have systems collapse and people can’t use the systems online,” he added. “It’s not like they run out of batteries or something. It really does smell like a hack.” The hardware failure rendered several services available, including the IRS’s modernized e-filing system, several taxpayer and practitioner tools and portions of the IRS website.


Hackers attack 20 mln accounts on Alibaba’s Taobao shopping site – Publication: Reuters – Reporter name: Staff

Feb 4 Hackers in China attempted to access over 20 million active accounts on Alibaba Group Holding Ltd’s Taobao e-commerce website using Alibaba’s own cloud computing service, according to a state media report posted on the Internet regulator’s website. Analysts said the report from The Paper led to the price of Alibaba’s U.S.-listed shares falling as much as 3.7 percent in late Wednesday trade. An Alibaba spokesman on Thursday said the company detected the attack in “the first instance”, reminded users to change passwords, and worked closely with the police investigation.


The #1 Riskiest Mobile Users Wear Suits – Publication: Dark Reading – Reporter name: Erick Chickowski

As mobile malware continues to grow into a legitimate threat, some users are proving more prone than others to being subject to attack. According to a new survey out this week, the demographic most likely to routinely engage in risky mobile behavior isn’t youngsters on Snapchat or ‘digitally hooked’ users who consume vast quantities of mobile video and entertainment. Instead, the most risky users are businesspeople.


UCF hack: 63,000 Social Security numbers stolen from students, staff – Publication: Orlando Sentinel – Reporter name: Gabrielle Russon

In an unprecedented data breach at UCF, about 63,000 Social Security numbers and names of former and current students and UCF employees were hacked, officials revealed Thursday. The people whose information has been compromised have not been notified yet. The university will alert them by letters that are expected to be sent Friday, officials said. The school has set up a call-in phone center and a website that went live this morning with details of what happened and what people should do to as a precaution. People who are affected will also receive one year of free credit monitoring and identity-protection services.