1. Singapore penalizes firms for data
breaches: Several organizations in Singapore have been fined and
issued warnings for breaching the country's Personal Data Protection Act
(PDPA), including local IT retail chain Challenger Technologies and Chinese
handset maker Xiaomi. The Act does not apply to public sector or Govt. K Box
entertainment had suffered a breach in 2014 but till date - failed to put in
place adequate data protection policies and security safeguards - they were
fined S$50,000. The Institution of Engineers in Singapore as well as Fei Fah
Medical Manufacturing were fined S$10,000 and S$5,000, respectively, for their
failure to implement sufficient security measures to safeguard the data of
their members and customers.
2. Creepy new ransomware uses image from
popular horror film: Another ransomware
has entered circulation. Known as BitcoinBlackmailer.exe or JIGSAW.
This malicious program starts encrypting your files while adding, with no
irony, the '.FUN' file extension. It also threatens to start deleting files if
the ransom is not paid within an allotted time, complete with countdown timer.
To add to the distress of the victim, the ransomware displays the face of the
character Billy the Puppet from the horror movie series Saw (see image below).
Forcepoint Security Labs was able to reverse engineer and retrieve the
encryption key. This malware can be detected and blocked by web security
solutions like Forcepoint using the ACE technology.
3. Samsam server-side ransomware targets
schools, hospitals: A new ransomware program called Samsam- uses
vulnerabilities in the JBoss application server to infect networks, with
attackers focusing on health care organizations and schools. Samsam and another
recent ransomware program known as Maktub do not require a connection to a
command-and-control server to encrypt data on a targeted system.
4. Security expert builds ransomware
blocker for Mac: An expert has built an utility that scans for untrusted
processes that are encrypting personal files, and stops them dead. The utility
is called "RansomWhere?". False positives are kept to a minimum
because ‘RansomWhere?’ explicitly trusts binaries signed by Apple. It also
trusts applications that are already present on the system when it is
installed. This is a double-edged feature - on the one hand it helps reduce
false positives, but on the other hand if ransomware is already present on the
system before RansomWhere? is installed, it may not be detected.
5. Python-Based Malware Infects European
Companies: IT security researchers have
discovered an unusual family of malicious code written entirely in the Python
programming language, making it easy to port to different operating systems.
The malware uses a modular design that allows it to carry out a selection of
different attacks, including executing files, logging keystrokes, mining
bitcoins, executing arbitrary Python code and communicating with a remote
server. The malware has targeted a number of European organizations,
particularly in Poland, the targets include a national research institution, a
shipping company, a large retailer and an IT organization, as well as a
construction company in Denmark and an optical equipment provider in France.
6. Manufacturers suffer increase in
cyber-attacks: The manufacturing sector is now one of the most
frequently hacked industries, second only to healthcare, financial services has
dropped to third place. Many manufacturing companies are behind the curve in
security because they have not been held to compliance standards like the
financial services has. Manufacturers also appear to be vulnerable to older
attacks, such as Heartbleed and Shellshock & SQL injection. Industrial
control systems also pose a challenge to manufactures as most of them use
decade old OS. Recommended Defensive Strategies are - Annual IT risk
assessment, Annual penetration tests, Conduct ongoing vulnerability scanning.
7. Apple v/s FBI: In
the New
York drug dealer iPhone case, Justice Dept. finds way into locked phone
and hence drops demand for Apple's help. In this case, no hacks needed, after
someone provided the passcode to unlock the device, according to the
prosecutor. In the other case, FBI director hinted that the agency spent more
than $1.3M to hack into the terrorist's iPhone.
8. Hackers can spy on your calls and track
location, using just your phone number: The famous ‘60 Minutes’
television show shocked some viewers Sunday evening when a team of German
hackers demonstrated how they spied on an iPhone used by U.S. Congressman, then
recorded his phone calls and tracked his movement through Los Angeles. Hackers
leverage a security flaw in SS7 (Signalling System Seven) protocol that allows
hackers to track phone locations, listen in on calls and text messages. The
weakness affects all phones, whether it's iOS, Android, or whatever, and is a
major security issue. The network operators are unwilling or unable to patch
the hole, there is little the smartphone users can do.
9. Long arm of law catches up: Two
International hackers, have been sentenced to 24 years and 6 months in prison
for their roles in developing and distributing SpyEye banking Trojan, a
powerful botnet similar to the infamous ZeuS malware. Both hackers were charged
with stealing hundreds of millions of dollars from banking institutions
worldwide. In a different case - A Former Reuters journalist, who was convicted
last year of helping the Anonymous group of hackers, has been sentenced to 24
months in prison for computer hacking charges. He was found guilty of giving
login credentials to Anonymous, using which the group defaced the Los Angeles
Times.
10. Don't fool around with politicians esp.
Lalu: An Indian engineering student, who
was arrested last week for hacking into and posting objectionable content on
Lalu Prasad’s Facebook page, was expelled from his college. He is a third year
student at a local engineering college in Bihar. The cyber cell arrested the
student and seized two mobile phones and a SIM card which he allegedly used.
Billy
the Puppet from the horror movie series Saw: