1. Following Paris
attack, Clinton tells Silicon Valley to be a team player: Hillary Clinton wants Silicon Valley to stop being so
stubborn. That's the message from the Democratic front runner in the US presidential race following attacks in Paris last week that renewed debate
about technology's role in terrorism. Clinton told the tech industry it can't
simply ignore the federal government's need to track down extremists and tech
companies should not view government as its adversary. Federal officials have
repeatedly requested an option that wouldn't weaken encryption for everyone but
still make it possible for law enforcement to track potential foreign spies and
violent extremists.
2. Counter view:
Tech group rejects push to let Govt. into encrypted data: In its first comments since the attacks, which killed at
least 129 people and wounded hundreds more, the Information Technology Industry
Council (ITI) argued that ensuring access to encrypted devices would be ruinous
for global security. "We deeply appreciate law enforcement's and the
national security community's work to protect us," said ITI CEO in a
statement. "But weakening encryption or creating backdoors to encrypted devices
and data for use by the good guys would actually create vulnerabilities to be
exploited by the bad guys, which would almost certainly cause serious physical and
financial harm across our society and our economy.
3. Dyre banking
malware: Windows 10 and Edge browser now targets: The notorious Dyre banking malware has been updated to
take on Windows 10 machines and hook its claws into the Edge browser. Dyre
appeared on the cybercrime scene in July 2014 and has quickly gained a
reputation as a nasty piece of malware that aims to steal credentials. It's
been found to target Salesforce users and banking customers. When a Dyre
infected user tries to open any banking site, the credentials are first stolen
and then the malware tricks users to call a telephone number and the person on
the other end scams these victims.
4. Crooks use
old-school Conficker virus to infect police body cams: It is not surprising when Chinese phones come with pre-installed
malware but it is definitely surprising when police body cams come with pre-installed
malware. The malware infects PCs physically connected to the body cams and it
spreads quickly across the network. Conficker was a major concern a few years
ago, mostly for Windows devices. IoT
vendors are driven by time to market, functionality, and pricing pressures,
meaning they will invest very little time, effort and money on IoT device
security. This puts the onus of securing the devices before and after
installation, very much on the users.
5. 2015 has been
very successful year for hackers: The
number of data records lost (in the first 10 months) to hackers is more than
twice that of 2014. Researchers have now found that the Exploit kit activity is
on a massive upswing and that the command and control (CnC) infrastructure
behind these kits has mushroomed last quarter. The cybercrime economy thrives
on this infrastructure and hackers rent it for as low as $500/month and earn
$80k in returns. Angler, Magnitude, Neutrino, and Nuclear are the 4 major
exploit kit families, with Angler estimated to have 82% market share. If these
patterns remain consistent, one can expect 2016 to be deadlier than 2015.
6. A 23-year-old
Windows 3.1 system failure crashed Paris airport: A Paris airport was forced to shut down earlier this
month after a computer running Windows 3.1, a prehistoric operating system,
crashed in bad weather. The system connected the weather Bureau to ATC and this
crash grounded flights for several hours. Older / obsolete systems are likely
to have several known vulnerabilities and these remain prone to attacks and
crashes, with rarely any support from OEM.
7. Thousands of sites infected with Linux encryption ransomware: We
discussed this last week, now there are several reports of infections
coming in from various parts of the world. Researchers say the ransomware is
designed to infect Linux machines set up to host websites by exploiting
vulnerabilities in the Magento e-commerce platform and various content
management systems (CMSs). It is estimated that there are over 3000 infections
and the number will continue to rise. This infection does not depend on Social
engineering it is exploiting a known vulnerability and hence it is strongly
encouraged to update any outdated software.
8. HDFC bank to
monitor ATM fraud transactions on real time basis: Almost everybody carries a smart phone today and
location of the phone can be easily found out. The Bank will be able to use
this data and match it with the ATM location data. If the ATM card is being
used at a location which is at a different location from the phone, then it
will raise an alert. The bank's software can then either decline the
transaction or seek a confirmation from the user before allowing the
transaction. The bank is yet to lay down rules regarding the distance
between the ATM where the transaction is
taking place and the mobile phone.
9. Indian hackers target Pak Govt. entities: Two
India-based cyber hacking groups have attacked defense and government
establishments of Pakistan and some West Asian countries last month. The
attacks were in the form of spear phishing, where an email with an attachment
or link is sent to targeted individuals to gain unauthorized access to
confidential data, the links used were that of spoofed new agencies websites to
attract clicks. These APT attacks were only targeted to Govt. agencies.
10. Spy firm
publishes Price List for secret hacker techniques: The buying and selling of secret hacker techniques known
as “zero day exploits”, has long taken place in the dark, hidden from the
companies whose software those exploits target, and from the privacy advocates
who criticize the practice. But one zero-day broker is taking the market for
these hacking techniques into the open, complete with a full price list. See below. In related news, a different firm
that paid $1M
for latest Apple hack is also in the business of selling Zero day exploits.
No comments:
Post a Comment