Your daily digest of “All Things Security” gathered, collected and researched by your very own 10Fold Security Practice team.
Big items to consider: Time Warner Cable says up to 320,000 passwords may have been stolen through a phishing attack that infected their system with malware. A research project funded in 2013 found out that attacks on only 9 power grids across the states would cause a blackout across the entire country; this has since been followed up by group of researcher trying to find out if that information could be sought by free and public source information, which is can – easily. Uber settled with New York Attorney General for a mere $20,000 in response to Uber violating the privacy rights of drivers and passengers. Further information surfaces over the Ukrainian power outage leading officials to believe the planned attack should have been much bigger but officials were able to intervene before the outage spread further; the entire power outage was due to a piece of malware called the BlackEnergy Trojan.
Time Warner Cable Inc said on Wednesday up to 320,000 customers may have had their email passwords stolen. The company said email and password details were likely gathered either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored Time Warner Cable’s customer information, including email addresses. The company said it has not yet determined how the information was obtained, but there were no indications that Time Warner Cable’s systems were breached.
Remember that million-dollar Federal Energy Regulatory Commission (FERC) study in 2013 that found that attacks on just nine electric substations in the US could cause a blackout across the entire grid? Well, a group of researchers decided to see just what it would take for a small group of domestic terrorists to identify the US’s most critical substations — using only free and public sources of information.
After a 14-month long investigation, New York Attorney General Eric Schneiderman is expected to announce on Thursday a settlement involving ride-hailing app Uber’s privacy practices, according to a report from BuzzFeed. The inquiry began after a series of BuzzFeed reports that revealed that Uber’s New York manager, Josh Mohrer, had accessed information about reporters’ use of the service without their permission, including through the company’s “God View” tool. The tool shows an aerial view of all passengers and drivers in a particular area.
More specifics came from the Bratislava-based cyber-security firm ESET. The firm hedged its bets a little — that’s always wise in hacker attack analysis — but it essentially tied the Ivano-Frankivsk outage to a known piece of malware, the BlackEnergy trojan. In previous cases, it was used to steal sensitive information from infected computers. In 2014, however, the U.S. government’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) discovered a variant of BlackEnergy that could be used to compromise industrial control systems, such as those running power grids.