Tag Archives: orange county public relations

10Fold – Security Never Sleeps – 92

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Kansas Heart Hospital was hit with a ransomware attack. It paid the ransom, but then attackers tried to extort a second payment. A Critical Elevation of Privilege (EoP) vulnerability in the Qualcomm Secure Execution Environment (QSEE) affects around 60 percent of all Android devices around the world, despite being already fixed, researchers warn. Financial transaction network SWIFT called on its customers Friday to help it end a string of high-profile banking frauds perpetrated using its network. A manhunt is underway for criminals who looted millions from Japan’s cash machines nationwide in an hours-long heist, officials and reports said Monday.

Kansas Heart Hospital hit with ransomware; attackers demand two ransoms – Publication: NetworkWorld – Reporter name: Ms. Smith

Kansas Heart Hospital in Witchita was hit with ransomware last week. The ransomware attack occurred on Wednesday, and the KWCH 12 news video from Friday night said some files were still inaccessible by the hospital. Hospital President Dr. Greg Duick refused to disclose the ransom amount and the ransomware variant. He said, “I’m not at liberty because it’s an ongoing investigation, to say the actual exact amount. A small amount was made.”Yes, the hospital paid the ransom. No, the hackers didn’t decrypt the files—at least it was described as not returning “full access to the files.” Instead, the attackers asked for another ransom. This time the hospital refused to pay because it was no longer “a wise maneuver or strategy.”


Critical Vulnerability Plagues 60% of Android Devices – Publication: SecurityWeek – Reporter name: STAFF

The issue, discovered last year by Gal Beniamini, affects 75 percent of all Android devices powered by a Qualcomm processor, security firm Duo Security claims. According to Duo, around 80 percent of all Android devices have a Qualcomm processor inside, but just 25 percent of users have applied the patch, meaning that 60 percent of devices continue to be vulnerable.


SWIFT asks its customers to help it end a string of high-profile banking frauds – Publication: PCWorld – Reporter name: Peter Sayer

The SWIFT network itself is still secure, it insisted in a letter to banks and financial institutions. However, some of its customers have suffered security breaches in their own infrastructure, allowing attackers to fraudulently authorize transactions and send them over the SWIFT network, it said. SWIFT wants its customers to come forward with information about other fraudulent transfers made using their SWIFT credentials, to help it build a picture of how the attackers are working.


Manhunt After Millions Stolen in Hours-long Japan ATM Heist – Publication: Security Week – Reporter name: STAFF

Armed with fake credit card details from South Africa’s Standard Bank, the thieves hit 1,400 convenience store ATMs in a coordinated attack earlier this month. The international gang members, reportedly numbering around 100 people, each made a series of withdrawals in less than three hours, Japanese media said. Their haul totaled 1.4 billion yen ($13 million), according to the reports, with machines in Tokyo and Osaka among those targeted. It was not clear how the gang made off with the equivalent of millions of dollars so quickly as the cash machines usually limit withdrawals to 100,000 yen ($910) a day.

10Fold – Security Never Sleeps – 91

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: DNI head James Clapper told a Washington audience Wednesday that the intelligence community is grappling with the “internet of things” — devices and appliances that can be wirelessly connected to the web and can provide access for hackers or foreign spies. Updates released by Cisco for the AsyncOS operating system powering the company’s Web Security Appliance (WSA) address several high severity denial-of-service (DoS) vulnerabilities. Researchers at MIT and Oxford University have shown that the location stamps on just a handful of Twitter posts can be enough to let even a low-tech snooper find out where you live and work. A senior lawmaker Wednesday hinted that nations not doing enough to stop ransomware groups from operating within their countries should be treated in the same way that the US treats countries that sponsor terror groups.

Clapper: My hearing aids needed security clearance – Publication: CNN – Reporter name: Nicole Gauette

The intelligence community is trying to figure out how it should operate on a wireless basis, Clapper said, in ways that are secure. It’s a particular challenge “in terms of dealing with millennials who are quite used to that,” he added. “We’re trying to come up with a policy on this, some governance that is consistent across the enterprise, that at the same time will allow for latitude for technology to change — because it will,” he said. The country’s top intelligence official said that as the internet of things grows more common, the 10.3 billion end points now in existence are expected to mushroom to 29.5 billion by 2020 in an industry that will be worth $1.7 trillion.


Cisco Patches Serious Flaws in Web Security Appliance – Publication: SecurityWeek – Reporter name: Eduard Kovacs

One of the vulnerabilities (CVE-2016-1380) is caused by the lack of proper input validation for packets in an HTTP POST request. A remote, unauthenticated attacker can cause the appliance to reload by sending it a specially crafted HTTP POST request. The second security hole (CVE-2016-1383) is related to how the operating system handles certain HTTP response code. An unauthenticated attacker can remotely cause a DoS condition by sending a specially crafted HTTP request to the targeted device, causing it to run out of memory.


Got privacy? If you use Twitter or a smartphone, maybe not so much – Publication: CIO – Reporter name: Katherine Noyes

The researchers set out to fill what they consider knowledge gaps within the National Security Agency’s current phone metadata program. Currently, U.S. law gives more privacy protections to call content and makes it easier for government agencies to obtain metadata, in part because policymakers assume that it shouldn’t be possible to infer specific sensitive details about people based on metadata alone. This study, reported in the Proceedings of the National Academy of Sciences, suggests otherwise. Preliminary versions of the work have already played a role in federal surveillance policy debates and have been cited in litigation filings and letters to legislators in both the U.S. and abroad.


Time To Treat Sponsors Of Ransomware Campaigns As Terrorists, Lawmaker Says – Publication: Dark Reading – Reporter name: Jai Vijayan

Richard Downing, deputy attorney general at the US Department of Justice and one of the witnesses at the hearing, characterized the scope of the ransomware problem as “staggering.” One of his recommendations is for Congress to enact legislation that will close loopholes in existing laws and make it easier for FBI and law enforcement in general to pursue and prosecute those involved in ransomware schemes. Current statutes such as the Computer Fraud and Abuse Act (CFAA) already make it a crime for people to create botnets by breaking into computers or using a botnet to carry out ransomware attacks. But the law is less clear on the implications for people who might be renting or selling a botnet but are not actually using it, he said.

10Fold – Security Never Sleeps – 90

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Another data set from the 2012 LinkedIn hack, which contains over 100 million LinkedIn members’ emails and passwords, has now been released. Washington US District Judge Robert Bryan has thrown out Mozilla’s request for the security flaw’s details. Cybercriminals can call on an extensive network of specialists for “business” expertise, including people who train and recruit, launder money, and provide escrow services, according to HPE. RunKeeper announced Tuesday that it had found a bug in its Android code that resulted in the leaking of users’ location data to an unnamed third-party advertising service.

117 million LinkedIn emails and passwords from a 2012 hack just got posted online – Publication: TechCrunch- Reporter name: Sarah Perez

As you may or may not recall, given how much time has passed, hackers broke into LinkedIn’s network back in 2012, stole some 6.5 million encrypted passwords, and posted them onto a Russian hacker forum. Because the passwords were stored as unsalted SHA-1 hashes, hundreds of thousands were quickly cracked. Now, according to a new report from Motherboard, a hacker going by the name of “Peace” is trying to sell the emails and passwords of 117 million LinkedIn members on a dark web illegal marketplace for around $2,200, payable in bitcoin. In total, the data set includes 167 million accounts, but of those, only 117 million or so have both emails and encrypted passwords.


Mozilla fails to get the details on the FBI’s malware hack – Publication: Engadget – Reporter name: Mariella Moon

If you’ll recall, the FBI seized the server of a child porn website on the Tor network called Playpen in early 2015. They then used a flaw in the Tor browser, which is based on Mozilla Firefox, to install malware that pointed agents to users’ locations. They nabbed over a hundred people from that sting, including a defendant in one of Bryan’s cases. Mozilla asked for the vulnerability’s details when Bryan ordered prosecutors to disclose the flaw to that defendant’s lawyers.


Cybercriminals are launching their own HR departments – Publication: PC World- Reporter name: Grant Gross

Cybercriminals are increasingly taking a business-based approach toward their activities, with some organizations developing in-house training, disaster recovery, and other business functions, and others contracting for those services in the underground marketplace, said Shogo Cottrell, a security strategist with HPE Security. Cybercrime is maturing as a business model, he added. Some criminal hacking businesses offer 24-by-seven telephone support, others offer money-back guarantees on their products, Cottrell said.


RunKeeper acknowledges location data leak to ad service, pushes updates – Publication: Ars Technica – Reporter name: Cyrus Farivar

Like other Android apps, when the Runkeeper app is in the background, it can be awakened by the device when certain events occur (like when the device receives a Runkeeper push notification). When such events awakened the app, the bug inadvertently caused the app to send location data to the third-party service.

Attention Skeptics: Why B2B Marketers Should Worship the World of Mobile Marketing

By Sophorn Chhay

In the infinitely interesting words of industry experts, mobile marketing movement is inevitable, so says industry experts. We’re all moving onward together towards digital excellence, but as the march continues, there are those who are sprinting forward and others who are falling behind. Why? It all comes down to confidence in and understanding of the world of mobile marketing. Are you on board? Here’s why you should be:

Customers Demand It

The old adage “the customer is always right” is just about annoying as it is, well, correct, but it’s not so much about cowering at the feet of demanding clients as it is simply giving the people what they want. And what do the people want? In short, they want convenience. They want access to products and services that solve their problems, they want that access to be easy and intuitive, and they don’t want to have to break their stride – or their budgets – in order to get it. Check this out:

10 FOLD ICON 15x15 An impressive 90 percent of mobile users enrolled in SMS rewards programs said their participation was beneficial.

10 FOLD ICON 15x15 SMS coupons are redeemed 10 times more often than print coupons – probably because no one can remember where they put that little slip of paper they cut out from the Sunday inserts and almost everyone can remember exactly where they put their phone. Well, eventually, anyways.

10 FOLD ICON 15x15 Of all the text messages people receive, only 10 percent are considered (by the consumers themselves) to be spam.

Numbers don’t lie. There is real value in mobile marketing, and you don’t want to be the only company still protesting that you can’t see it.

SMS is Everything, More or Less

 

First, text revolutionized how we talk to our friends and loved ones. Now, it’s doing the same thing for how we communicate with businesses, both from a B2C and B2B point of view. Who wants to sit on hold for an hour just to get the answer to a simple question like “When is my order going to be delivered?” or “Are we still on for that meeting on Friday? And where is it again?” SMS is simple, efficient, immediate, and it doesn’t even have to be completely text based anymore. You can send coupons via text, links to your weekly blogs, automated information regarding scheduling updates or order confirmations – the possibilities are practically (if not literally) endless.

In fact, a text sent right after a phone conversation increases your chance for a conversion by 40%.

Text is revolutionizing customer service, too. Did you know that 52 percent of those surveyed preferred communicating with customer support via text than by email or phone? If that isn’t enough, consider that it’s a heck of a lot cheaper to set up a mobile marketing automation system than it is to staff an office full of customer service agents.

It’s the Very Best Way to Connect

Everywhere you go, there’s your cell phone. A (not-so) shocking 75 percent of people confess to bringing their phone in the bathroom with them – what other advertising method gets you so up close and personal with current and prospective customers alike? Don’t waste a golden opportunity; approach consumers from a variety of channels, be active on social media, develop killer content, and constantly encourage client feedback. It’s the only way, and it truly works.

We believe that you have something totally worthwhile to sell, and if you could sit down and have a face-to-face with every potential customer in the world, you’d probably have a decent conversion rate, but that’s simply not possible.

Don’t waste a golden opportunity; approach consumers from a variety of channels, be active on social media, develop killer content, and constantly encourage client feedback.

What you can do is reach an incredibly diverse and far-flung array of consumers wherever they happen to be, and the only way you can do that is by figuring out your winning mobile marketing strategy and joining the march forward.

What’s Next?

How do you ensure that your customer is getting the best mobile experience possible when interacting with your brand? Make sure to share them with us in the comments below. I would love to read them.

Author Biography

Sophorn Chhay

Sophorn is the marketing guy at  Trumpia, the most complete SMS software with mass text messaging, smart targeting and automation.

10 FOLD ICON 15x15 Follow Sophorn on Twitter(@Trumpia), LinkedIn, Facebook and Google+

10 FOLD ICON 15x15 Jumpstart your business by grabbing your free copy of his powerful Mobile Marketing Success Kit.

10 FOLD ICON 15x15 Watch Trumpia’s 5-Minute Demo on how to execute an effective mobile marketing strategy.

10Fold – Security Never Sleeps – 89

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: SWIFT, the global financial messaging network that banks use to move billions of dollars every day, warned on Thursday of a second malware attack similar to the one that led to February’s $81 million cyberheist at the Bangladesh central bank. Germany has blamed Russia for a huge cyber attack last year on its parliament and has said that Moscow could be planning further assaults on its institutions. Offices of German chancellor Angela Merkel among those targeted in recent attacks, Trend Micro says. Vormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR).

SWIFT says commercial bank hit by malware attack like $81M Bangladesh hack – Publication: CNBC- Reporter name: STAFF

News of a second case comes as law enforcement authorities in Bangladesh and elsewhere investigate the February cyber theft from the Bangladesh central bank account at the New York Federal Reserve Bank. SWIFT has acknowledged that that scheme involved altering SWIFT software to hide evidence of fraudulent transfers, but that its core messaging system was not harmed. SWIFT had previously acknowledged that the Bangladesh Bank attack was not an isolated incident but one of a number of recent criminal schemes aimed at its messaging platform, which is used by 11,000 financial institutions globally.


Germany points finger at Kremlin for cyber attack on the Bundestag – Publication: Financial Times – Reporter name: Stefan Wagstyl

While Russian connections to cyber attacks on German targets are not new — in January 2015, CyberBerkut, a group linked to Ukraine’s pro-Russia separatists, broke into several German government websites — it is rare for Berlin to point the finger so directly at the Kremlin. A draft defense paper, due to be published in the summer, ranks cyber security second only to global terrorism in a list of 10 threats facing Germany. The tools for cyber attacks are so accessible that individuals and private groups, as well as states, can carry out such offensives, the paper says.


‘Pawn Storm’ APT Campaign Rolls On With Attacks in Germany, Turkey – Publication: Dark Reading- Reporter name: Jai Vijayan

The latest evidence that the group is still alive and operating is an attack last month targeting German chancellor Angela Merkel’s Christian Democratic Union (CDU) party website. As part of the campaign, the threat actors set up a fake webmail server in Latvia designed to look like the CDU’s main webmail server in an apparent attempt to steal the email credentials of party members.  The attackers also set up three separate phishing domains to try and grab the personal email credentials of targeted and high profile users of two German free email service providers.


Security spending rises in areas ineffective against multi-stage attacks – Publication: Help Net Security – Reporter name: Mirko

Vormetric announced the results of the Financial Services Edition of the 2016 Vormetric Data Threat Report (DTR). This edition extends earlier findings of the global report, focusing on responses from IT security leaders in financial services, which details IT security spending plans, perceptions of threats to data, rates of data breach failures and data security stances.

10Fold – Security Never Sleeps – 88

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Hackers are already exploiting a new critical vulnerability in Flash Player, and Adobe Systems is still working on the patch. Brian Krebs reported that Wendy’s investigation into a credit card breach uncovered malicious software on point-of-sale systems in 5 percent of their restaurants–the source of the breach was compromised third party credentials. Symantec has reported that Internet Explorer zero-day vulnerability is being exploited to attack South Korea. PerezHilton.com was under a malvertising attack as discovered by Cyphort.

Hackers are exploiting an unpatched Flash Player vulnerability, Adobe warns – Publication: PCWorld – Reporter name: Lucian Constantin

Adobe Systems is working on a patch for a critical vulnerability in Flash Player that hackers are already exploiting in attacks. In the meantime, the company has released other security patches for Reader, Acrobat, and ColdFusion.


Wendy’s: Breach Affected 5% of Restaurants – Publication: Krebs on Security – Reporter name: Brian Krebs

Wendy’s said today that an investigation into a credit card breach at the nationwide fast-food chain uncovered malicious software on point-of-sale systems at fewer than 300 of the company’s 5,500 franchised stores. The company says the investigation into the breach is continuing, but that the malware has been removed from all affected locations.


​South Korea victim of Internet Explorer zero-day vulnerability – Publication: ZDNet- Reporter name: Asha Barbaschow

Security firm Symantec has reported that South Korea has been affected by targeted attacks that exploited an Internet Explorer zero-day vulnerability.


PerezHilton.com Hit by Malvertising – Publication: InfoSecurity Magazine – Reporter name: Tara Seals

Visitors to pop culture website PerezHilton.com have been redirected to an Angler Exploit Kit variant as a result of a malvertising attack. Researchers at Cyphort have discovered that the EK, dubbed som.barkisdesign.com, is automatically downloaded to website visitors’ computers without any interaction triggers. PerezHilton.com sees a half-million visitors per day, looking for celebrity gossip.

10Fold – Security Never Sleeps – 87

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Vanguard Cybersecurity owner David Michael Levin was charged with three counts of unauthorized access to a computer, network, or electronic device of a Florida county and released on $15,000 bond–the reason for this is because he leveraged pilfered credentials of the county’s supervisor of elections to show security concerns of the county’s elections website. Researchers at security firm Check Point discovered a new Android malware that will automatically join the smartphone to a botnet which disguise ad clicks to generate money. Investigations by the FBI has led to evidence that at least one employee of Bangladesh’s central bank was involved in the theft of $81 million from the bank. However, bank officials still partly blame the SWIFT financial network that allegedly left loopholes for hackers.

How a security pro’s ill-advised hack of a Florida elections site backfired – Publication: Ars Technica – Reporter name: Dan Goodin

A Florida man has been slapped with felony criminal hacking charges after gaining unauthorized access to poorly secured computer systems belonging to a Florida county elections supervisor.


New Android malware poses as popular game, but enlists phones into botnet – Publication: ZDNet – Reporter name: Zack Whittaker

Tens of thousands of Android users are thought to have fallen victim to a newly-discovered malware, which enlists devices as part of a hacker-controlled botnet. The malware is dubbed “Viking Horde,” after one of the popular apps it poses as. The sophisticated malware campaign consists of a number of games and apps that are readily available through Google Play, the app store for Android devices.


Bangladesh central bank hack may be an insider job, says FBI – Publication: ComputerWorld – Reporter name: John Ribeiro

The U.S. Federal Bureau of Investigation has found evidence that at least one employee of Bangladesh’s central bank was involved in the theft of $81 million from the bank through a complex hack, according to a newspaper report.

How Home Technology Will Change the Future

By Kaitlin Krull

Twenty-first-century life is dictated by technology in practically every way. From industry to education, from science to the arts, it’s ever present. One of the most fascinating things about technology is that it is always developing—and home technology is no different. By the time we wrap our minds around the latest gadgets and products for our homes, scientific advancements change the game.

One of the most fascinating things about technology is that it is always developing—and home technology is no different.

Although we can’t predict the future, over at Modernize we have a few ideas as to how exactly home technology is going to alter the course of our lives and change the future.

100% connectivity

Generations to come will never know a world without the Internet and constant connectivity. Current home technology products such as WiFi and Bluetooth are commonplace in virtually all developed countries, and these technologies are only going to expand and improve. By the time we have retired, connectivity will not be an issue for anyone. All of our home electronics (and appliances, and machinery) will be linked all the time, anywhere, automatically.

Automated homes

Connectivity on mobile devicesHome automation is something that most of us thought was only possible in cartoons like the Jetsons, but it’s now a reality for many homes already. A thing of the present rather than the future, smart home automation technologies allow virtually your entire home to be controlled remotely via panels, smartphones, and other devices. As connectivity increases, these devices will be standard in new homes and markedly improved in time.

Increased convenience

Most people would argue that the point of technology is to make life simpler. While millennials are criticized for wanting everything to be available to them instantly, technology is really to blame here. Smartphone apps in particular, give us the opportunity to learn, communicate, purchase, and do anything else we might possibly need to do, instantly.Not too far in the future, everything will become available to all of us at home with the touch of a button.

Smartphone apps in particular, give us the opportunity to learn, communicate, purchase, and do anything else we might possibly need to do, instantly.

Coffee? Clothes? Shower? Phone? Ride to work? Done. Now.

Decreased energy use

Smart energy products such as thermostats are taking off in energy conscious (and technologically advanced) countries throughout the world because they can monitor, track, and adjust your home’s energy use with minimal effort from you. But these kinds of products are just the beginning. We imagine that technologies that tell us exactly when to turn off appliances in order to make our homes as efficient as possible are not far around the corner. Furthermore, developing technologies behind renewable energy sources will decrease our carbon footprint even further than they are now, saving us tons of energy (and money).

Current futuristic technologies

While we can’t possibly know for sure whether our technological predictions will come to fruition, there are quite a few current home products already out there that give us a glimpse into our future. Hydroflooring, smart glass, 3D televisions, and giant touch screen coffee tables are just a few of the current gadgets that make us think that our future home lives might not actually be that far removed from the Jetsons (or even Iron Man, for that matter). In all seriousness, these products point to a technological future of self-sufficiency for homes everywhere.

 

10Fold – Security Never Sleeps – 86

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Starting today Google will start sending out notifications to employees about a data breach that occurred at a third party company that they do business with for their benefit management services. Babycare retailer Kiddicare has warned customers that personal data shared with the store has been stolen by hackers. Cyber Security Breaches Survey 2016 reveals that of those hit by cyberattacks, a quarter experience a repeated breach at least one a month. Experts are skeptical over the alleged 272 million credentials that were discovered last week, both Google and a Russia-based e-mail service unveiled analyses that call into question the validity of the security firm’s entire report.

Google suffers data breach via benefits provider – Publication: CSO – Reporter name: Dave Lewis

In the Google case, the whoops factor was curtailed and the damage was limited. There were names and Social Insurance Numbers in the document in question but, that didn’t leak beyond that immediate parties according to the breach notification letter which is due out today. Even though the issue was contained, Google is providing credit monitoring for affected parties.


Babycare e-tailer Kiddicare admits customer data breach – Publication: The Register – Reporter name: John Leyden

The compromised data is restricted to name, delivery address, telephone number and email address, according to Kiddicare, which is keen to stress that customer payment details or credit/debit card information has not been accessed.


Two thirds of large businesses have suffered a data breach in the past year – Publication: ZDNet- Reporter name: Danny Palmer

The proportion of businesses that have suffered a breach declines as the organization gets smaller: 51 percent of medium firms said they’d been the victim of an attack, compared to 33 percent of small firms, while just 17 percent of micro firms say they’d suffered a data breach. This could be because smaller firms are less attractive targets to hackers, or perhaps because they lack the skills to recognize a breach has taken place.


Garbage in, garbage out: Why Ars ignored this week’s massive password breach – Publication: Ars Technica – Reporter name: Dan Goodin

What has been clear all along to anyone paying attention is that the plaintext credentials recovered by Hold Security almost certainly didn’t come from hacks on the e-mail providers. Instead, they most likely were collected by hackers who hit dozens, hundreds or thousands of third-party Web services over the years and dumped the account databases into a single list.

10Fold – Security Never Sleeps – 85

Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.

Big items to consider: Cybersecurity professionals warn that anyone with a personal email account might want to change their passwords following revelations of a massive cache of stolen usernames and passwords being offered for sale on the Internet. Fiat Chrysler Automobiles Chief Executive Sergio Marchionne said Friday FCA and Alphabet Inc’s Google have yet to determine who will own data collected in their collaboration on testing self-driving vehicles. Hackers caused disruption to a Locky campaign after they breached one of the attackers’ server and replaced the real ransomware with a harmless file containing the string “Stupid Locky.” For the past five years, a vulnerability in many Android phones has left users’ text messages, call histories, and possibly other sensitive data open to snooping, security researchers said Thursday.

Cyber Experts: Change Passwords After Massive Hack – Publication: NBC News – Reporter name: Tom Costello

The thefts involved some of the biggest email providers in the world such as Google, Yahoo, Hotmail and Microsoft. The bulk of the stolen accounts—some 272.3 million—include Russia’s Mail.ru users, according to Alex Holden, founder and chief information security officer of Hold Security who discovered the theft. “We know he’s a young man in central Russia who collected this information from multiple sources,” Holden told NBC News. “We don’t know the way he did it or the reason why he did it.” The user names and passwords were being offered for sale on the so-called “dark web” where hackers hock their goods.


Fiat Chrysler CEO: Data ownership unclear in working with Google – Publication: Reuters- Reporter name: Bernie Woodall

Earlier this week, FCA and Google announced that they would align to fit 100 of the Pacifica minivans made at Windsor for Google’s self-driving test fleet. Marchionne said there are many aspects of the project with Google that have yet to be determined, such as whether the two will develop an open-source software platform that could be shared with others. Marchionne said that what has been agreed so far with Google is limited, but he suggested that the alliance could evolve.


Hackers Disrupt Locky Ransomware Campaign – Publication: SecurityWeek – Reporter name: Eduard Kovacs

According to Avira researcher Sven Carlsen, the attack started with a spam email designed to trick recipients into opening an attachment by informing them of an unpaid fine. The attached file is actually a malware downloader configured to fetch the Locky ransomware from a server whose location is determined based on a domain generation algorithm (DGA). The downloader then executes the file. However, in the attack analyzed by Avira, the downloader did not fetch Locky and instead it downloaded a 12Kb executable containing the message “STUPID LOCKY.” Since the file did not have a valid structure, the downloader failed to execute it, resulting in an error message being displayed.


Critical Qualcomm security bug leaves many phones open to attack – Publication: Ars Technica – Reporter name: Dan Goodin

The flaw, which is most severe in Android versions 4.3 and earlier, allows low-privileged apps to access sensitive data that’s supposed to be off-limits, according to a blog post published by security firm FireEye. But instead, the data is available by invoking permissions that are already requested by millions of apps available in Google Play. Company researchers said the vulnerability can also be exploited by adversaries who gain physical access to an unlocked handset. Indexed as CVE-2016-2060, the bug was first introduced when mobile chipmaker Qualcomm released a set of programming interfaces for a system service known as the “network_manager” and later the “netd” daemon.