1. Suspected
cyberespionage - Uber checks connections between hacker and Lyft: Uber
and Lyft are fierce competitors with hugely different valuations. Uber is
valued at $51 billion while Lyft is at $2.5 billion. Uber was hacked 8 months
ago and 50,000 records of drivers' names and license numbers was stolen, now
uber is focusing its legal efforts on identifying the hacker, which according
to sources can be traced to the CTO of Lyft.
2. Suspected Iran-based hacker group creates
network of fake LinkedIn profiles:
Researchers uncovered a network of fake LinkedIn profiles, these convincing
profiles form a self-referenced network of seemingly established LinkedIn
users. Researchers believe the purpose of this network is to target potential
victims through social engineering. Most of the legitimate LinkedIn accounts
associated with the fake accounts belong to individuals in the Middle East, who
could have been the potential victims. The level of detail in the profiles
suggests that the threat actors invested substantial time and effort into
creating and maintaining these personas. The photos used in the fake accounts
are likely of innocent individuals who have no connection with the hacker
group.
3. Scottrade
suffers hack; 4.6M customers notified of breach: The brokerage firm confirmed the attack, but said the
focus of the attack was client contact details rather than financial
information. Although Social Security numbers, email addresses and other
sensitive data were contained in the system that were accessed, it appears that
contact information was the focus of the incident - the company statement read.
4. HTC says
monthly Android security updates are unrealistic: The recent Stagefright vulnerability that could affect
every Android device may have been a blessing in disguise for Android users.
Responding to the situation, Google announced monthly security update
availability for its Nexus phones. Samsung also committed to ‘near monthly’
updates and LG has followed suit. However HTC, has not. The company said it
will push for them, but unrealistic for anyone to say guaranteed updates every month.
The Android eco-system (Google, Hardware maker and Telcos) will have to sooner
or later put together regular updates to keep pace with modern day security.
5. Cost of
cybercrimes climbs to $6.8m per firm in Japan, $3.4m in Australia: The average cost of cybercrime per organization a year
across seven countries (Japan, Australia, Germany, Brazil, US, UK, and Russian)
has increased to $7.7 million in 2015, with companies taking 46 days to resolve
a cyber-attack. According to a study, the average annualized cost of
cybercrimes in Japan - climbed 14 percent to an estimated $6.81 million. In
Australia, this figure increased 13 percent to $3.47 million, revealed the
annual study. As organizations increasingly invest in new technologies like
mobile, cloud, and the Internet of Things, the attack surface for more
sophisticated adversaries continues to expand.
6. Report finds
many nuclear power plant systems 'insecure by design': A study of the information security measures at civilian
nuclear energy facilities around the world found a wide range of problems at
many facilities that could leave them vulnerable to attacks on industrial
control systems-potentially causing interruptions in electrical power or even
damage to the reactors themselves. The study found that many nuclear power
plants' systems were "insecure by design" and vulnerable to attacks that
could have wide-ranging impacts in the physical world-including the disruption
of the electrical power grid and the release of "significant quantities of
ionizing radiation.
7. Samsung says
customer payment data not affected by hack attack: LoopPay (a mobile-payments technology startup), which
Samsung acquired in February to set up its payment system, was hit by a hacking
incident. Samsung has said that customers who use the payments system weren't
hurt by the hack attack. A government-affiliated Chinese hacker group known as
the Codoso Group or Sunshock Group was responsible for the attack, The New York
Times said. LoopPay believes the hackers were trying to steal the company's
magnetic strip technology -- the primary reason Samsung bought the company.
8. Who is
responsible for a driverless car accident?
Tech firm Google, Mercedes & Volvo say they will accept full liability for
accidents involving its driverless cars as in this case the manufacturer of the
technology is the driver. However, they would only accept liability for an
accident if it was the result of a flaw in the car's design. If the customer
used the technology in an inappropriate way then the user will be liable and if
a third party vehicle causes the crash, then it would be liable. The critical
question would be who would be responsible when a crash is due to a cyber-attack?
9. Cybersecurity
skills gap continues to grow: Frenzied
activity in the Indian internet space, especially the mushrooming of start-ups,
has brought the shortage of ethical hackers once again to the fore. The
industry estimates the availability of ethical hackers at a meagre
15,000-17,000, much in contrast against the 50,000-70,000 cyber security
professionals needed per year. An ethical hacker is a computer expert who hacks
into a network to test or evaluate the vulnerabilities, but without malicious
intentions. Industry estimates that by 2020 the annual requirement would shoot
to about 1 million cyber security professionals.
10. Chinese hackers
have been tracked to use the seven stage kill chain: They 'Recon' their victims by using the Watering Hole
Attacks - wherein they track their victims online activity and the websites the
victims visit. Once a list of often-visited websites has been collected, the cyber-attacker
will place a code (like adware) in these
trusted websites and redirect the users to malicious sites from where the
visitors are served an exploit kit in order to achieve the true goal --
compromising a victim's system. Once inside a targeted network, the hackers
tended to go for the domain controller in order to steal various credentials
and gain access to other network areas which may store sensitive data.
No comments:
Post a Comment