1. Snapchat apologizes to its employees: On its blog Snapchat says it is "impossibly sorry" after being
duped by a cyber-attacker who impersonated the CEO and was able to elicit
employee payroll information from the firm.
The phishing email wasn’t recognized and payroll information about some
current and former employees was disclosed externally. No internal systems were
breached, and no user information was accessed. Snapchat did all the right
things post the attack, it owned the mistake, reported to the authorities,
contacted the affected employees and also offered them two years of free
identity-theft insurance and monitoring, and is planning to redouble the
training programs around privacy and security in the coming weeks.
2. Sea Pirates hack shipping company to figure the cargo to steal: With very little knowledge & effort,
pirates were able to cause some serious damage to a shipping firm whose basic
security protection was not in place. Using very basic hacking techniques, the
pirates uploaded a malicious shell script on the shipping firm's Content
Management System (CMS) that ran the custom platform for managing stock and
cargo data. Through this they could download the cargo reports, which helped
them to board the right vessel, locate by bar code- specific crates containing
valuables, steal the contents of that crate and then depart the vessel without
further incident. It's becoming more and more critical for companies in every
industry, whether it be shipping, health or technology, to ramp up their
cybersecurity efforts.
3. Hack the Pentagon and get paid: The US Defense Department is inviting vetted white-hat hackers to hunt
for vulnerabilities in its public web pages under a pilot bug bounty program. Bug
bounty is gradually getting accepted in the corporate world, it is
surprising but welcome for a defense entity to run such a program.
4. ABCD - AnyBody Can DDoS: If you do not like any website and want it to be down for few hours or
days or weeks- just rent the 'Booter' service from Russian hackers for as low
as $13-$60 a day. These hackers have infected computers under their control,
which they use to mount 400Gbps attacks
towards the target to keep it offline. Another player who goes by the name 'Forceful'
also advertises and offers free five to ten minute DDos test. BBC
was a recent victim of DDoS.
5. University of California Berkeley hacked: The University of California, Berkeley, has
admitted to a second data breach which may have exposed the data of 80,000
people to misuse. Current and former students, faculty members and vendors
linked to the university are among those who have been warned about the
incident, which took place through financial management software which
contained a security flaw, allowing an attacker -- or group -- to access
internal services. UC Berkeley was last hit with a cyber-attack in December,
2014.
6. Malvertisers remain one step ahead: Malvertising
is the use of ad networks to serve unwitting visitors malware and exploit kits,
including Angler and Neutrino. Many legitimate websites rely on advertising to
generate revenue, and unfortunately, malware may slip through the net. To avoid
detection and being monitored by security researchers and other honey pots -
Malvertisers are using a new technique called Fingerprinting - through which
they will deliver payloads only to legitimate victims. Using Web-security
solutions and regular updates can keep Malvertisers at bay.
7. Amazon is going against the grain: Amazon has removed device
encryption from its tablets and phones, a day after the company filed a brief
supporting Apple in its fight against the FBI over encryption. In a statement
Amazon said it removed device encryption from its Fire OS 5 because the company
"found customers weren't using it." In other words, Amazon will
continue to encrypt your data in transit, but it won't scramble the contents of
its customers' Fire tablets or phones. That means thieves and law enforcement
will have an easier time grabbing user data from these devices without too much
effort. The timing is striking, given the tense moments the industry is going
through with the Apple
and FBI faceoff.
8. RSA conference 2016 - Lessons Learned From Real World CISOs: The
annual RSA conference was held last week in SFO, the theme this year was
'Connect to Protect'. Some of the lessons learned from experts and CISOs are:
(i) Organizations are particularly interested in being able to safely adopt new
technology, things like IoT and cloud. (ii) Don’t care what comes in, worry
about what leaves the network (iii) Reducing complexity & Protect the
sensitive data regardless of where it’s located.
9. RSA conference 2016 - 7 Attack Trends Making Security Pros Sweat: A look at the most dangerous threats and what
to expect for the rest of 2016. (i)Weaponization of Windows
PowerShell (ii) Stagefright-Like
Mobile Vulnerabilities (iii) Developer Environment Vulnerability Like Xcode
Ghost (iv) ICS (infrastructure control systems) Attacks (v) Targeting
Insecure Third-Party
Software Components (vi) Internet of (Evil) Things (vii) Changing
Malware Economics Presses Ransomware
Push.
No comments:
Post a Comment