Tag Archives: hackers

10Fold – Security Never Sleeps – 80

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Yesterday, research surfaced showing how Waze, the Google-owned driving assistance app, has a vulnerability that would let hackers track users’ whereabouts unbeknownst to them. Mobile and IoT devices are still not a factor in real-world data attacks, according to Verizon’s 2016 Data Breach Investigation Report (DBIR). Conficker, Ramnit malware found in German Nuclear Power Plant ‘harmless’ since the affected systems were not connected to the Internet. The Philippine central bank has foiled attempts to hack its website, its governor said on Thursday amid a warning from global financial network SWIFT about recent multiple cyber fraud incidents targeting its system.

Google’s Waze says, ‘Nope, hackers can’t stalk you on our app’ – Publication: Re/Code – Reporter name: Mark Bergan

The Google unit released a statement addressing what it calls “severe misconceptions” about the study, released by researchers at University of California Santa Barbara, and an unnamed “news article.” In its response, Waze notes that faux car icons are the norm — a way to make users feel like they’re not so alone in places where Waze is new. And it insisted that “a stranger cannot” find or follow you while using the app. Plus, there’s a hitch here, Waze countered: Hill wanted to be found. “The reporter in the article gave her location and username to the research team,” the post reads, “which greatly simplified the process of deducing sections of her route after the fact by using a system of ghost riders.”


Mobile, IoT yet to become data breach targets  – Publication: Business Insider- Reporter name: STAFF

The annual report, which looks at emerging trends and patterns in global data breaches found a similar story in 2015 to that of 2014. While web attacks surged and financial gain and espionage remained prominent motives, mobile and IoT devices are still low priority for attacks from malicious actors. Verizon drew from over 100,000 security incidents (more than 3,100 of which were actual data breaches), and included third-party data from around 65 global organizations, including the US Department of Homeland Security and security vendors.


German Nuclear Power Plant Infected With Malware – Publication: Dark Reading – Reporter name: STAFF

A German nuclear power plant near Munich reportedly was found infected with malware. RWE, the German utility that runs the facility, has confirmed that since the plant is cut off from the Internet, the malware infection did not affect or harm operations, according to Reuters. Conficker and W32.Ramnit malware was discovered in unit B of the Gundremmingen plant on the computer system that operates the tools that move nuclear fuel rods. Conficker is a worm that can spread quickly through networks, while W32.Ramnit steals files from computers and is spread through USB sticks, for instance.


Philippine central bank says foiled attempts to hack its website – Publication: Reuters – Reporter name: Karen Lema

SWIFT’S disclosure came as law enforcement authorities in Bangladesh and elsewhere investigated the February cyber theft of $81 million from the Bangladesh central bank account at the New York Federal Reserve Bank.”There were attempts, and I think this is a fact of life, but we have been able to turn them back,” Amando Tetangco told reporters. “Attempts are always there.” Tetangco stressed the hacking only involved its website and that it has been updating its cyber security systems. He did not say when the hacking attempts occurred.

10Fold – Security Never Sleeps – 79

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Netcraft researchers have discovered an extremely convincing Facebook phishing attack – the fraudsters made it look like the fake “Facebook Page Verification” form they’ve asked the victims to fill and submit is legitimate, as the page serving it is on a Facebook subdomain. One cyber underground group saw a golden opportunity and created Ran$umBin, a Dark Web service that acts as a one-stop shop for monetizing ransomware. As the Republican presidential contenders, Sen. Ted Cruz and Gov. John Kasich, battle over who can best protect America, at least two candidates are having trouble protecting potential voters’ personal information on their campaign apps. Hacking group “PLATINUM” used Windows’ own patching system against it, the unknown group has been attacking targets in South East Asia since at least 2009, with Malaysia being its biggest victim, with just over half the attacks, and Indonesia in second place.

Facebook made to serve phishing forms to users – Publication: Help Net Security – Reporter name: Zeljka Zorz

The phishers have registered Facebook apps, and have managed to load the form inside it via iframes. The form is hosted on the crooks’ own servers, which also uses HTTPS, so no warnings about unsecure connections will pop up. Another trick up the fraudsters’ sleeve is that they made the form return an “incorrect credentials” notification the first time the user submits them (whether they are correct or not). This trick is used to convince the most suspicious users, who might have inserted incorrect credentials on purpose, that the form works as it should and is legitimate.


Crowdsourcing The Dark Web: A One-Stop Ran$om Shop – Publication: Dark Reading- Reporter name: STAFF

The website is dedicated to criminals and victims alike: it lets criminals upload stolen data (embarrassing information, user credentials, credit data, stolen identities, and any other kind of cyber-loot), and lets victims pay for the removal of said stolen data from the Dark Web, where it could be bought by any cybercriminal who’s willing to pay. Ran$umBin has been active for under two months; it is very user-friendly and its business model is simple: hackers can upload stolen data and either sell it to other criminals or extort the data’s owner – while the site takes commission. The site’s cut is based on who the data owner is: criminals who want to buy data belonging to a pedophile would pay $100 and the site would take a 30% commission; if a criminal is looking for data belonging to a celebrity or a law enforcement representative, the price could be double and the commission would climb to 40%. Alternatively, the hacker who uploads the data can choose their own ransom demand and simply send their victim instructions on how to log in to Ran$umBin and pay. I’ve seen several Dox markets, but this one truly stands out: it’s a platform where any criminal can use what other criminals have stolen, like a cyber-ransom Uber or AirBnB.


 Cruz, Kasich campaign apps under scrutiny over security issues – Publication: Fox News – Reporter name: STAFF

The official apps for GOP candidates Sen. Ted Cruz and Gov. John Kasich have come under scrutiny after a Monday report from cybersecurity firm Symantec found users’ data was improperly secured and vulnerable to hackers. Symantec’s analysis used a test that collects unencrypted personal data being transmitted from phones running the campaigns’ apps. “The data may be going to a legitimate destination, but it could be intercepted by someone intercepting the traffic,” Symantec engineer Shaun Aimoto said. Cruz data director Chris Wilson on Monday denied the campaign’s app leaks data.


Hacking group “PLATINUM” used Windows’ own patching system against it – Publication: Ars Technica – Reporter name: Peter Bright

Microsoft’s Windows Defender Advanced Threat Hunting team works to track down and identify hacking groups that perpetrate attacks. The focus is on the groups that are the most selective about their targets and that work the hardest to stay undetected. Almost half of the attacks were aimed at government organizations of some kind, including intelligence and defense agencies, and a further quarter of the attacks were aimed at ISPs. The goal of these attacks does not appear to have been immediate financial gain—these hackers weren’t after credit cards and banking details—but rather broader economic espionage using stolen information.

10Fold – Security Never Sleeps – 76

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: New information surfaces around the Bangladesh Bank heist that lead police to believe that the bank had no firewall. Australia has pumped $230m into their cyber security efforts and claims to be able to hack their enemies “if necessary.” New research into the “Rowhammer” bug that resides in certain types of DDR memory chips raises a troubling new prospect: attacks that use Web applications or booby-trapped videos and documents to trigger so-called bitflipping exploits that allow hackers to take control of vulnerable computers. IT security stocks have soared after the seven big data breaches made public over the past three years, according to the Bessemer Venture Partners Cyber Index released Tuesday..  

Bangladesh Bank exposed to hackers by cheap switches, no firewall: police – Publication: Reuters- Reporter name: Serajul Quadir

Bangladesh’s central bank was vulnerable to hackers because it did not have a firewall and used second-hand, $10 switches to network computers connected to the SWIFT global payment network, an investigator into one of the world’s biggest cyber heists said. The shortcomings made it easier for hackers to break into the system earlier this year and attempt to siphon off nearly $1 billion using the bank’s SWIFT credentials, said Mohammad Shah Alam, head of the Forensic Training Institute of the Bangladesh police’s criminal investigation department.


Australia says it can hack enemies as it invests $230 million in cyber security – Publication: Mashable- Reporter name: Jenni Ryall

The Australian government is watching and has the means to launch a cyber attack. On Thursday, Prime Minister Malcolm Turnbull introduced a massive A$230 million cash injection to arm the country for cyber security issues and deal with online threats it is facing, including cyber war and internal whistleblowers. Within the new Internet strategy, pushed down to page 28, the government also makes clear it has the capabilities to launch a cyber attack if necessary. “Australia’s defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack,” the report reads. “Any measure used by Australia in deterring and responding to malicious cyber activities would be consistent with our support for the international rules based order and our obligations under international law.”


 DRAM bitflipping exploits that hijack computers just got easier – Publication: Ars Technica – Reporter name: Dan Goodin

The scenario is based on a finding that the Rowhammer vulnerability can be triggered by what’s known as non-temporal code instructions. That opens vulnerable machines to several types of exploits that haven’t been discussed in previous research papers. For instance, malicious Web applications could use non-temporal code to cause code to break out of browser security sandboxes and access sensitive parts of an operating system. Another example: attackers could take advantage of media players, file readers, file compression utilities, or other apps already installed on Rowhammer-susceptible machines and cause the apps to trigger the attacks


Huge data breaches have been good for security stocks – Publication: CNBC – Reporter name: Harriet Taylor

IT security stocks have soared after the seven big data breaches made public over the past three years, according to the Bessemer Venture Partners Cyber Index released Tuesday. The BVP Cyber Index tracked the capital-weighted performance since Jan. 1, 2011, of 29 public companies whose primary business is cybersecurity. Almost half of those companies are valued at more than a billion dollars. The public IT security sector outperformed the stock market by more than two times during that time, and outperformed the market by about five times the month after those breaches were made public.

10Fold – Security Never Sleeps – 74

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: A new brand of malware called GozNym, is targeting business accounts at banks rather than the bank itself. New artificial intelligence platform offers 3x detection capabilities with 5x fewer false positives – Dubbed AI2, the technology has shown the capability to offer three times more predictive capabilities and drastically fewer false positive than today’s analytics methods. Real-life whaling attempts show the intricate changes perpetrators try to make to trick a CEO. “60 Minutes” highlights iPhone vulnerability by showcasing how they tapped into a congressman’s calls.

New “Double-Headed” Malware Has Stolen $4 Million From U.S. and Canadian Banks – Publication: Fortune- Reporter name: Clay Dillow

Meet GozNym, the hybrid malware robbing your business account. A new breed of malicious software has stolen roughly $4 million from 24 U.S. and Canadian banks over the first several days of April, IBM cybersecurity researchers report. The malware—known by the portmanteau GozNym—is a hybrid of two strains of known malware “that takes the best of both,” according to a blog post by IBM’s X-Force, part of IBM’s security division. The program is largely targeting business accounts, mostly in the U.S., and mostly via credit unions and “popular e-commerce platforms.” IBM didn’t name the specific institutions but says they have been notified.


MIT AI Researchers Make Breakthrough on Threat Detection – Publication: DarkReading – Reporter name: Ericka Chickowski

CSAIL gave a sneak peek into AI2 in a presentation to the academic community last week at the IEEE International Conference on Big Data Security, which detailed the specifics of a paper released to the public this morning. The driving force behind AI2 is its blending of artificial intelligence with what researchers at CSAIL call “analyst intuition,” essentially finding an effective way to continuously model data with unsupervised machine learning while layering in periodic human feedback from skilled analysts to inform a supervised learning model.


 10 whaling emails that could get by an unsuspecting CEO – Publication: NetworkWorld – Reporter name: Ryan Francis

Whaling threats or CEO fraud continues to grow with 70 percent of firms seeing an increase in these email-based attacks designed to extort money. There has been an uptick of activity lately as fraudsters spend the first few months of the year taking advantage of tax season, targeting finance departments with emails that look like they are coming from a company’s senior executive. Case in point are Snapchat and Seagate as companies that inadvertently gave up employees’ personal information. Email security company Mimecast has shared a handful of real-life examples of fraud attempts targeted at the person in the corner office.


Hackers Track Your Phone No Matter What Security Measures You Take – Publication: Fortune – Reporter name: Aaron Pressman

“60 Minutes” taps congressman’s calls in demo. A flaw in one part of the global cellphone network allows hackers to track phone locations and listen in on calls and text messages, 60 Minutes reported Sunday. Hackers in Germany used the weakness in Signaling System Seven, or SS7, which carriers use to exchange billing information for roaming customers, in a demonstration to track and tap the calls of U.S. Rep. Ted Lieu (D-Calif.). 60 Minutes arranged the demonstration and Lieu knew hackers would be trying to tap his iPhone

10Fold – Security Never Sleeps – 66

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider:  Leaked documents dubbed the “Panama Papers” revealed financial schemes and offshore financing from some of the world’s most powerful people. The FBI has now promised to help unlock iPhones across the country, although not guaranteeing it will be able to use the same method that successful unlocked the San Bernardino terrorist phone. The investigation into MedStar Health continues as experts look into how to better protect hospitals. A study found that 90 percent of corporate executives said they don’t know how to read a cybersecurity report and 40 said they don’t feel responsible for the repercussions of hacking.

World figures deny wrongdoing as ‘Panama Papers’ turn spotlight on tax evasion – Publication: Reuters – Reporter name: Kylie Maclellan & Elida Moreno

Governments across the world began investigating possible financial wrongdoing by the rich and powerful on Monday following a leak of documents from a Panamanian law firm which allegedly showed how clients avoided tax or laundered money. The documents detailed schemes involving an array of figures from friends of Russian President Vladimir Putin to relatives of the prime ministers of Britain, Iceland and Pakistan and as well as the president of Ukraine, journalists who received them said. While the “Panama Papers” detail complex financial arrangements benefiting the world’s elite, they do not necessarily mean the schemes were all illegal.


FBI will help US agencies with tools to unlock encrypted devices – Publication: CIO – Reporter name: John Riberiro

The FBI has promised to help local law enforcement authorities crack encrypted devices, in a letter that refers to the federal agency’s success in accessing the data on an iPhone 5c running iOS 9 that was used by one of the San Bernardino terrorists. The agency did not, however, explicitly promise investigators that it would deploy the same tool, said to have been developed by an outside organization, on other iPhones.


Under pressure to digitize everything, hospitals are hackers’ biggest new target – Publication: The Washington Post – Reporter name: Carolyn Y. Johnson & Matt Zapotosky

In some ways, health care is an easy target: Its security systems tend to be less mature than those of other industries, such as banking and tech, and its doctors and nurses depend on data to perform time-sensitive, life-saving work. Where a financial-services firm might spend a third of its budget on information technology, hospitals spend only about 2 to 3 percent, said John Halamka, the chief information officer of Beth Israel Deaconess Medical Center in Boston. “If you’re a hacker… would you go to Fidelity or an underfunded hospital?” Halamka said. “You’re going to go where the money is and the safe is easiest to open.”


Execs: We’re not responsible for cybersecurity – Publication: CNBC – Reporter name: Tom DiChristopher

More than 90 percent of corporate executives said they cannot read a cybersecurity report and are not prepared to handle a major attack, according to a new survey. More distressing is that 40 percent of executives said they don’t feel responsible for the repercussions of hackings, said Dave Damato, chief security officer at Tanium, which commissioned the survey with the Nasdaq. The findings come at a time when companies around the world are losing $445 billion due to cybercrime last year, according to an estimate by the Center for Strategic and International Studies.

10Fold – Security Never Sleeps – 64

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerHackers broke into the networks of the country’s top law firms who represent fortune 500 companies and Wall Street banks; no confirmation of what data has been stolen, but expert warn this could result in insider trading.  CNBC published a story on password security with a tool on the page that allowed readers to enter their password to see if it was secure, security researchers determined that this tool actually kept all of the passwords and then sold them to third party advertisers. The National Institute of Standards and Technology (NIST) published a new computer security standard that could potentially secure credit card numbers and healthcare records by various methods of format-preserving encryption. MedStar Health has now been forced to turn patients away due to the ransomware cyberattack, without paying the ransom the healthcare network is forced to operate without any patient records.

Hackers Breach Law Firms, Including Cravath and Weil Gotshal – Publication: The Wall Street Journal – Reporter name: Nicole Hong & Robin Sidel

Hackers broke into the computer networks at some of the country’s most prestigious law firms, and federal investigators are exploring whether they stole confidential information for the purpose of insider trading, according to people familiar with the matter. The firms include Cravath Swaine & Moore LLP and Weil Gotshal & Manges LLP, which represent Wall Street banks and Fortune 500 companies in everything from lawsuits to multibillion-dollar merger negotiations. Other law firms also were breached, the people said, and hackers, in postings on the Internet, are threatening to attack more.


CNBC just collected your password and shared it with marketers – Publication: CSO – Reporter name: Jeremy Kirk

CNBC inadvertently exposed peoples’ passwords after it ran an article Tuesday that ironically was intended to promote secure password practices. The story was removed from CNBC’s website shortly after it ran following a flurry of criticism from security experts. Vice’s Motherboard posted a link to the archived version. Embedded within the story was a tool in which people could enter their passwords. The tool would then evaluate a password and estimate how long it would take to crack it.  A note said the tool was for “entertainment and educational purposes” and would not store the passwords. That turned out not to be accurate, as well as having other problems. Adrienne Porter Felt, a software engineer with Google’s Chrome security team, spotted that the article wasn’t delivered using SSL/TLS (Secure Socket Layer/Transport Layer Security) encryption. SSL/TLS encrypts the connection between a user and a website, scrambling the data that is sent back and forth. Without SSL/TLS, someone one the same network can see data in clear text and, in this case, any password sent to CNBC.


New NIST Security Standard Can Protect Credit Cards, Health Information – Publication: National Institute of Standards and Technology – Reporter name: Chad Boutin

For many years, when you swiped your credit card, your number would be stored on the card reader, making encryption difficult to implement. Now, after nearly a decade of collaboration with industry, a new computer security standard published by the National Institute of Standards and Technology (NIST) not only will support sound methods that vendors have introduced to protect your card number, but the method could help keep your personal health information secure as well. Recommendation for Block Cipher Modes of Operation: Methods for Format-Preserving Encryption, specifies two techniques for “format-preserving encryption,” or FPE. The publication addresses a longstanding issue in many software packages that handle financial data and other forms of sensitive information: How do you transform a string of digits such as a credit card number so that it is indecipherable to hackers, but still has the same length and look—in other words, preserves the format—of the original number, as the software expects?


MedStar Health turns away patients after likely ransomware cyberattack – Publication: The Washington Post – Reporter name: John Woodrow Cox

MedStar Health patients were being turned away or treated without important computer records Tuesday as the health-care giant worked to restore online systems crippled by a virus. By Tuesday evening, MedStar staff could read — but not update — thousands of patient records in its central database, though other systems remained dark, a spokeswoman said. MedStar officials have refused to characterize the attack as “ransomware,” a virus used to hold systems hostage until victims pay for a key to regain access. But a number of employees reported seeing a pop-up message on their computer screens seeking payment in bitcoins, an Internet currency. One woman who works at MedStar Southern Maryland Hospital Center sent The Washington Post an image of the ransom note, which demanded that the $5 billion health-care provider pays 45 bitcoins — equivalent to about $19,000 — in exchange for the digital key that would release the data.

10Fold – Security Never Sleeps – 52

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerThe top cybersecurity officer in the federal Office of Personnel Management resigned Monday, just two days before she was scheduled to testify before a House panel that is continuing to investigate last year’s massive OPM data breach in which hackers compromised the personal data of more than 20 million federal employees. BlackBerry said on Wednesday that it has acquired U.K.-based cyber security consultancy Encription, moving the company deeper into the services business as it continues to morph into a more software-focused entity amid its ongoing turnaround. Prominent security researcher Troy Hunt reveals that a flaw in the Nissan Leaf can create vulnerabilities and compromise the driver’s recent journeys data. After Sony Pictures Entertainment was hacked shortly before Thanksgiving of 2014, the attackers went quiet- but now researchers say they’ve linked the attackers to the Lazarus Group.

OPM’s cybersecurity chief resigns in wake of massive data breach Publication: USA Today Reporter name: Erin Kelly

The top cybersecurity officer in the federal Office of Personnel Management resigned Monday, just two days before she was scheduled to testify before a House panel that is continuing to investigate last year’s massive OPM data breach in which hackers compromised the personal data of more than 20 million federal employees. Donna Seymour, OPM’s chief information officer, wrote in an email to her colleagues that she decided to leave so that her presence “does not distract from the great work this team does every single day for this agency and the American people.”


BlackBerry buys cybersecurity consultancy; moves deeper into services Publication: Reuters Reporter name: Harro Ten Wolde and Euan Rocha

BlackBerry said on Wednesday that it has acquired U.K.-based cyber security consultancy Encription, moving the company deeper into the services business as it continues to morph into a more software-focused entity amid its ongoing turnaround. The acquisition will bring a team of about 40 cyber security professionals, who have helped test network vulnerabilities for both government agencies and large corporate entities, into the BlackBerry fold.


API Vulnerability In Nissan Leaf Electric Vehicles Leaves Them Prone To Hacking Publication: Tech Times Reporter name: Staff

Prominent security researcher Troy Hunt reveals that a flaw in the Nissan Leaf can create vulnerabilities and compromise the driver’s recent journeys data. According to Hunt, the root of the issue is based on how the NissanConnect EV app would only require the car’s vehicle identification number (VIN) in order for anyone to take control of some settings. These include heating, air-conditioning system and even the driver’s recent journeys.


The hackers that took down Sony Pictures are still on the attack, researchers say Publication: Washington Post Reporter name: Andrea Peterson and Ellen Nakashima

After Sony Pictures Entertainment was hacked shortly before Thanksgiving of 2014, the attackers went quiet. But now researchers say they’ve linked the attackers – whom the U.S. government has said were directed by North Korea — to a chameleon-like group active since at least 2009 and still on the digital warpath, attacking systems in South Korea and elsewhere in Asia. A new report from cybersecurity firm Novetta dubs the attackers the “Lazarus Group.” AlienVault and Kaspersky Lab, say they’ve pieced together evidence that suggests the Lazarus Group was behind the Sony attack along with a string of other attacks, including a 2013 campaign against South Korean television stations and financial institutions. The Lazarus Group appears to have created monikers for previous unknown hacking groups including “NewRomanic Cyber Army Team,” the “WhoIs Team,” and “IsOne” to claim credit for hacks in the past, according to the report. But they were just as ephemeral as “Guardians of Peace.”

10Fold – Security Never Sleeps – 50

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerA new Android Trojan named Xbot, is capable of stealing banking information and remotely locking the device and then requesting a ransom to release the data from external storage. Linux mint forum users who downloaded and installed a copy of the software on Saturday could potentially be compromised by hackers. Companies are now paying for data mining on their own employees healthcare data. Comodo Internet Security suite has found flaws in the VNC server that allows hackers to remotely run different sandboxes throughout the operating system.

New Trojan Xbot A Swiss-Army Knife Of Malicious Features Publication: Dark Reading Reporter name: Jai Vijayan

The creators of a new Android Trojan dubbed Xbot that has begun targeting victims in Australia and Russia appear to have thrown in everything but the kitchen sink into the malware. Security vendor Palo Alto Networks, which sounded the alert on it this week, described Xbot as capable of taking a variety of malicious actions, including stealing banking credentials and credit card data, remotely locking Android devices, encrypting data on external storage, and asking for ransom. Xbot can also steal SMS messages and contact information from Android devices that it infects, intercept SMS messages before they hit the device, and extract the mobile transaction authentication numbers that banks sometimes require when logging into accounts.


Linux Mint hit by malware infection on its website, forum after hack attack Publication: Ars Technica Reporter name: Kelly Fiveash

Linux Mint forum users, and anyone who downloaded and installed a copy of the 17.3 Cinnamon edition on Saturday have probably been compromised by hackers and need to take action immediately, the distro’s creator has warned. Clem Lefebvre, confirmed in a blog post that the “intrusion” had taken place over the weekend. He said: “Hackers made a modified Linux Mint ISO, with a backdoor in it, and managed to hack our website to point to it.” The resultant malware infection had only affected ISOs downloaded from the Linux Mint site on Saturday, February 20. “As far as we know, the only compromised edition was Linux Mint 17.3 Cinnamon edition,” Lefebvre said. However, by Sunday it was a different story, with Linux Mint confirming that its forums database had also been targeted in the hack of its systems.


Security This Week: Employers Are Paying Data Firms to Predict Your Health Risks Publication: Wired Reporter name: Yael Grauer

Employee wellness firms and insurers are working with companies to mine sensitive health data about workers like you: such as which prescription drugs you use, whether you vote, how you shop—all in order to predict your health needs and risks. If that isn’t unsettling enough for you, one wellness firm can predict impending pregnancies by looking at when a woman fills—or stops filling—her birth control prescriptions, her age, and the age of any children she already has.


More insecure security software: Comodo’s on-by-default VNC app Publication: Ars Technica Reporter name: Peter Bright

Comodo Internet Security is a security suite that includes anti-virus, firewalling, and sandboxing to allow applications to be run in a notionally secure unprivileged environment. By default, it also includes a component called GeekBuddy. GeekBuddy is a VNC server, providing full remote access to your system. In May of 2015 it was pointed out that this VNC server was running without a password—yes, really—providing, at the very least, local privilege escalation. Sandboxed applications such as Google Chrome, or even those running in Comodo’s own sandbox, could connect to this VNC server and have full access to your system. With the right (or rather, in this case, wrong) network configuration, the VNC server might even be exposed to remote attackers.

10Fold – Security Never Sleeps – 45

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerThe private health information of more than 91,000 Medicaid clients were compromised when an investigation found a data breach that involved two state employees in Washington. Camtasia, uTorrent, and a large number of other Mac apps are susceptible to man-in-the-middle attacks that install malicious code, thanks to a vulnerability in Sparkle, the third-party software framework the apps use to receive updates.  Security researchers have lifted the lid on the Poseidon Group, a global cyber-espionage gang in operation since at least 2005. Microsoft has released its latest update for Windows 10 and for the first time is giving details of what specific changes are made each time one updates their Operating System (OS).

Data Breach Compromises Personal Data, Health Information of 91,000 Medicaid Clients Publication: Tech Times Reporter name: Katherine Derla

The private health information of more than 91,000 Medicaid clients were compromised when an investigation found a data breach that involved two state employees. The employees – a brother and sister – swapped emails containing personal data and health information of Medicaid clients for almost two years. The affected clients are currently enrolled in the Apple Health Medicaid Program in the state of Washington. Their emails, which were sent from 2013 and 2015, enclosed the Medicaid clients’ date of birth, Social Security numbers, Apple Health identification numbers and other private health data.


“Huge” number of Mac apps vulnerable to hijacking, and a fix is elusive Publication: ARS Technica Reporter name: Dan Goodin

Camtasia, uTorrent, and a large number of other Mac apps are susceptible to man-in-the-middle attacks that install malicious code, thanks to a vulnerability in Sparkle, the third-party software framework the apps use to receive updates. The vulnerability is the result of apps that use a vulnerable version of Sparkle along with an unencrypted HTTP channel to receive data from update servers. As a result, attackers with the ability to manipulate the traffic passing between the end user and the server—say, an adversary on the same Wi-Fi network—can inject malicious code into the communication.


Sophisticated malware-as-a-racket fraudsters have been scamming businesses for 10 years Publication: The Register Reporter name: John Leyden

Security researchers have lifted the lid on the Poseidon Group, a global cyber-espionage gang in operation since at least 2005. Poseidon’s weapon of choice is custom malware, digitally signed with rogue certificates to bypass security checks and designed to steal sensitive data from infected systems. The code is written to hijack English- and Brazilian-Portuguese-language Windows PCs, a first in malware created by a gang for targeted attacks, according to security researchers at Kaspersky Lab. Once a computer is compromised, the malware reports to the command-and-control servers before rifling through the network. This phase will often involve automatically and aggressively collecting a wide array of information including login credentials, group management policies, and system logs to fine tune follow-up attacks. The hacking crew targets financial institutions as well as telecommunications, manufacturing, energy and media companies. Victims of this group have been found in the the United States, France, India and Russia, but the vast majority of marks are located in Brazil.


Windows 10 updates still largely opaque Publication: ZD Net Reporter name: Larry Seltzer

Microsoft has released its latest update for Windows 10 and for the first time is giving details of what specific changes are made each time one updates their Operating System (OS) . The Windows Update KB 3135173 also addresses a security problem in Edge along with the Internet Explorer 11 that allows dubious websites to run malicious codes and install malware. Some examples of the updates include: fixed issue that delayed the availability of songs added to the Groove Music app in Windows 10 Mobile, improved security in the Windows kernel, improved Silverlight performance, and fixed issue that didn’t allow a Windows 10 PC to remotely configure a server. That bulletin file and its associated KB file have a lot more information on the bug, reported to Microsoft by Rohit Mothe of VeriSign iDefense Labs, and on the update, such as what versions of Windows it affects, prior updates it replaces, whether there are workarounds and the specific files included in the update.

10Fold – Security Never Sleeps – 44

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to considerA state-sponsored hack has published contact info for 20,000 FBI employees after making a public threat on twitter. A new bank hack allows attackers to make unlimited ATM withdrawals. Paris Uber has blacked out its service for four hours today in protest of the government. Java-based malware has given a backdoor into most operating systems, the malware was identified and taken down in 2015 but has since resurfaced with a new name and slightly different strain of malware.

Hackers publish contact info of 20,000 FBI employees Publication: CNN Reporter name: Mary Kay Mallonee

Hackers, making good on a threat, published contact information for 20,000 FBI employees Monday afternoon, just one day after posting similar data on almost 10,000 Department of Homeland Security employees. The hackers, tweeting from the account @DotGovs, claim they obtained the details by hacking into a Department of Justice database. The hackers boasted on Twitter, “FBI and DHS info is dropped and that’s all we came to do, so now its time to go, bye folks! #FreePalestine.”


Clever bank hack allowed crooks to make unlimited ATM withdrawals Publication: Ars Technica Reporter name: Dan Goodin

“As a result, each time when criminals picked up the money from a card of the compromised bank in an ATM of another bank, [the] infected system automatically rolled back the transactions,” security researchers with Kaspersky Lab, the security firm that uncovered the Metel attack platform, wrote in a blog post published Monday. “That’s why the balance on the cards remained the same, allowing the cybercriminal to withdraw money limited only by the amount of cash in the ATM. The criminals made similar cash-outs at different ATM machines.”


Uber blacks out app in Paris to protest government, taxi opposition Publication: CNet Reporter name: Katie Collins

Ride-hailing service Uber shut down its Paris operations for four hours today and asked customers to publicize its fight with a French government showing support for the traditional taxi business. The company, standing behind drivers’ opposition to the French prime minister’s plans to crack down on its business, shut down its car service between 11 a.m. and 3 p.m. local time on Tuesday. “We understand that this can be very annoying for many of you, and please excuse us,” Uber said in an email to users in the French capital. “But the prime minister’s decision would lead to 10,000 drivers unemployed.”


Java “RAT-as-a-Service” backdoor openly sold through website to scammers Publication: Ars Technica Reporter name: Sean Gallagher

A family of Java-based malware that has given attackers a backdoor into Windows, Linux, Mac OS X, and Android devices since 2013 has risen from the dead once again as a “commercial” backdoor-as-a-service. It was recently detected in an attack on a Singapore bank employee. Previously known as AlienSpy or Adawind, the malware was all but shut down in 2015 after the domains associated with its command and control network were suspended by GoDaddy. But according to Vitaly Kamluk, the director of Kaspersky Lab’s Asia/Pacific research and analysis team, the malware has been modified, rebranded, and is open for service again to customers ranging from Nigerian scam operators to possible nation-state actors. Ars has confirmed that the service is offered openly through a website on the public Internet.