Latest News

13 hours ago
Devidutta Tripathy / Reuters

India’s City Union Bank Says Hackers Tried to Steal $2 Million Using SWIFT System

India’s City Union Bank said that cyber criminals” have hacked its systems and tried to transfer nearly $2 million through three unauthorized remittances to lenders overseas via the SWIFT financial platform. The funds were sent via correspondent banks to accounts in Dubai, Turkey and China. City Union said it hsd been able to block one of the remittances for $800,000 which was headed to an account in Dubai while another remittance for $300,000 was blocked by its destination Turkish account. Two of the remittances were routed through Standard Chartered Bank accounts, one in New York and one in Frankfurt, while one was routed through a Bank of America account in New York.

2 days ago
Tom Warren / The Verge

Intel Faces 32 Class Action Lawsuits, Three Shareholder Actions Over Meltdown, Spectre Flaws

Intel revealed in an SEC filing that it is currently facing 32 lawsuits over the Meltdown and Spectre CPU flaws. Thirty of the lawsuits reflect customer class actions where the plaintiffs seek monetary damages and equitable relief and two of the lawsuits reflect securities class action lawsuits, where the plaintiffs “allege that Intel and certain officers violated securities laws by making statements about Intel’s products and internal controls that were revealed to be false or misleading by the disclosure of the security vulnerabilities.” Intel is also facing action from three shareholders who have each filed shareholder derivative actions that allege certain board members and officers at Intel have failed “to take action in relation to alleged insider trading,” presumably in reference to Intel CEO Brian Krzanich’s stock sales.

2 days ago
Ben Coley / The Dispatch

Another North Carolina County, Davidson County, Crippled by Ransomware Attack

The Davidson County, NC, government has been crippled by a ransomware attack and all business conducted via computer has been halted due to the propagation of ransomware called Samas. The ransomware has encrypted more than 70 servers and an unknown number of desktops and laptops. The hackers are asking for an undisclosed amount of Bitcoin in ransom and have given the county a seven-day deadline. None of the phone systems operated by the county are functioning either, although 911 service is still operating. County officials say they have sufficient back-ups and adequate insurance to hire law firms with expertise in handling ransomware attacks. Still, officials say it will be months before the county’s systems are fully functional. Another ransomware attack struck nearby Mecklenburg County’s offices in December.

2 days ago
Lorenzo Franceschi-Bicchierai / Motherboard

Hacker Claims He Wiped Stalkerware Company Retina-X Studios’ Servers for Second Time

A vigilante hacker said he started wiping some cloud servers that belong to Retina-X Studios, a Florida-based company that sells spyware, also known as stalkerwar,e products targeted at parents and employers, but that are also used by people to spy on their partners without their consent. Retina-X’s products allow people to have practically full access to the smartphone or computer of their targets. In his previous attempt, the hacker gained the private key and credentials to containers inside the Android app of PhoneSheriff, one of Retina-X’s spyware products, provided by cloud provider Rackspace. Those containers’ key and credentials were stored in plaintext. This time Retina-X obfuscated the key but the hacker maintains it was easy to hack the company anyway.

2 days ago
Cynthia Brumfield / Metacurity

Friday Report: Cryptomining Craze Is Here to Stay and So, Apparently, Is Russian Meddling

Welcome to Metacurity’s Friday report where we try to make sense from the fire hose of information security stories of the week. (It’s been hard to make much sense of anything this week when seventeen children not far from my hometown were wiped off the planet while in the presumed safety of their schools. Parents around the globe, particularly in war zones, have faced similar tragedies and maybe we’re all getting sick of this destruction from all sources to really do something about it. But this is a report on information security, so I digress.)

Cryptocurrencies still grabbed their fair share of the cybersecurity headlines this week, with cryptomining seemingly all the rage. First, infosec consultant Scott Helme discovered that at least 4,275 sites, including UK, Australian, U.S. and other government websites around the world, were injected with a in-browser Coinhive Monero miner after a popular accessibility script, BrowseAloud by TextHelp.com, was infected with a contaminated script. (Read the rest of the report here.)

2 days ago
SHARON LaFRANIERE / New York Times

Mueller Charges 13 Russians for Illegally Trying to Disrupt the 2016 Presidential Election

Robert Mueller, the special counsel investigating Russia’s interference in the 2016 presidential election, handed down indictments against 13 Russian nationals for illegally trying to disrupt the American political process, including efforts designed to boost the presidential candidacy of Donald Trump and hurt that of his rival, Hillary Clinton. In a 37-page indictment, Mueller said the 13 individuals have conspired since 2014 to violate laws that prohibit foreigners from spending money to influence federal elections in the United States and charged that the foreigners falsely posed as American citizens, stole identities and otherwise engaged in fraud and deceit using a Russia-based company called the Internet Research as a hub for a sophisticated campaign to spread misinformation, hold fake rallies and spend millions of dollars in the process of doing so. The group made a number of efforts to hide its tracks including running sites through U.S. hosting companies and operating a VPN to hide the true source of the campaign. Mueller also announced it has reached a plea deal with one American, Richard Pinedo, of Santa Paula, California, in connection with the Russian indictments. Pinedo had been charged with selling bank account numbers created using the stolen identities of US citizens to people or entities outside of the United States.

2 days ago
Mark Hodge / The Sun

Google to Investigate Claims That Iran Was Spying on Brits, Americans Using Play Store Apps

Following a report issued by the National Council of Resistance of Iran, which opposes the current Iranian regime, Google will investigate whether the Council’s claim that Iran used apps available via Google’s Play Store to spy on UK and American residents to hunt down anti-government protesters. The Council’s report maintains that apps from both Google’s store and Apple’s app store, specifically one popular among Iranian ex-pats called Mobogram, were weaponized to access contacts, track locations and read messages of Iranian ex-patriots.  The Council claims that the apps were used to threaten, arrest, torture and kill people.

2 days ago
Chris Smith / BGR

Apple Will Release Intermediate Update to Fix Telugu Character Bug That Crashes iPhones

Following the discovery that a single message containing an Indian character is capable of crashing anyone’s iPhone if received via chat apps, including iMessage, WhatsApp, Facebook Messenger, or email apps, Apple said it would issue an intermediate fix to address the problem, which will be fully addressed in the upcoming  iOS 11.3. The character comes from the Indian Telugu language.

2 days ago
Steve Holland / Reuters

Council of Economic Advisers Says Malicious Cyber Activity Cost U.S. $57-$109 Billion in 2016

The White House Council of Economic Advisers issued a report stating that malicious cyber activity cost the U.S. economy between $57 billion and $109 billion in 2016. Damages from cyberattacks could be larger than these figures which do not measure spillover from economically linked firms, the report says. The report defined malicious cyber activity as denial of service attacks, data and property destruction, business disruption (sometimes for the purpose of collecting ransoms) and theft of proprietary data, intellectual property, and sensitive financial and strategic information.

2 days ago
Timothy Gardner / Reuters

Energy Department Announces Creation of Energy Cybersecurity Office Following Fed Funding

The U.S. Department of Energy announced it is setting up an office, the Office of Cybersecurity, Energy Security, and Emergency Response, to protect the nation’s power grid and other infrastructure against cyber attacks and natural disasters. The announcement follows the inclusion in the White House’s FY 2019 budget of $96 million to protect the nation’s power grid and other infrastructure against cyber attacks and natural disasters.

3 days ago
Jenna McLaughlin / Foreign Policy

U.S. Preps for Cyberattacks on N. Korea, Eyes Plan to Target Country’s Use of Cryptocurrency

The U.S. administration is ramping up its intelligence capabilities regarding North Korea, with a specific focus on an initial strike against the country that could be digital, sources say. The government has reportedly for the past six months covertly begun laying the groundwork for possible cyberattacks on North Korea in countries including South Korea and Japan, including the installation of fiber cables as bridges into the region and setting up remote bases and listening posts, where hackers may attempt to gain access to a North Korean internet that’s largely cut off from the rest of the world. One former intelligence official with knowledge of the plans said a particular target could be North Korea’s heavy use of cryptocurrency, which Pyongyang has obtained through extensive hacking of foreign coin exchanges to compensate for sanctions levied against it. A possible attack on North Korea’s Bitcoin reserves is one option under exploration.

3 days ago
Jack Stubbs / Reuters

Hackers Stole $6 Million from Russian Bank Last Year By Exploiting SWIFT’s Network

Criminals exploited the international bank transfer organization SWIFT’s network to steal 339.5 million roubles ($6 million) from a Russian bank last year, Russia’s central bank has reported. The disclosure is buried at the bottom of a central bank report on digital thefts in the Russian banking sector and a central bank spokesman clarified later that hackers had taken control of a computer at a Russian bank and used the SWIFT system to transfer the money to their own accounts. This theft is the latest in a string of SWIFT-related attacks that became public when news broke that criminals stole $81 million from Bangladesh Bank in February 2016 by exploiting the SWIFT system.

3 days ago
Nick Statt / The Verge

Coinbase User Bank Accounts’ Unauthorized Withdrawals Due to Card Processing Glitches

U.S. cryptocurrency exchange Coinbase says a rash of unauthorized bank account withdrawals were due to credit and debit card processing glitches and not a hack. Coinbase said it has found a solution to the problem and will refund all customers in full for erroneous charges. The problem stems from a recent change card issuers and banks recently requested, asking the merchant category code (MCC) for digital currency purchases be changed for a number of the major credit card networks. Purchases that occurred between January 22nd, 2018 and February 11th, 2018 may have been refunded and reprocessed, resulting in erroneous charges.

3 days ago
Chris Bing / Cyberscoop

IT Service Provider to Pyeongchang Olympics May Have Been Hacked Months Ago

Hackers appeared to have compromised Atos, a multinational IT service provider hosting the cloud infrastructure for the Olympics Games in Pyeongchang, months ago, prior to last week’s opening ceremony cyberattack, according to evidence analyzed by experts. Evidence posted to VirusTotal and information associated with the malware responsible for last week’s attack, dubbed Olympics Destroyer by Cisco Talos, indicate that hackers likely previously penetrated a series of computer systems belonging to Atos as far back as December. Atos has confirmed that there is an investigation into a possible breach related to the Winter Olympics.

3 days ago
Eric Geller / Politico

U.S., Australian and New Zealand Governments Join UK in Blaming Russia for NotPetya

The White House has surprisingly joined the UK in blaming Russia for the devastating NotPetya malware attacks last year, even going so far as to threaten international consequences for what it called a “reckless and indiscriminate cyber-attack” in a statement issued condemning Russia for the damage it caused. The Trump Administration has so far been reluctant to criticize Russia, particularly for something that might be considered digital malfeasance. The Australian and New Zealand governments joined its English-speaking counterparts in condemning Russia’s behavior.

3 days ago
Zack Whittaker / ZDNet

Unsecured AWS S3 Bucket Exposed Sensitive Documents for 117,000 Fedex Customers

Passports, driver licenses and other sensitive documents and data for thousands of FedEx customers were left exposed online due to an unsecured AWS S3 server, researchers at Kromtech Security Center said. Kromtech posted details of the exposed server alongside ZDNet. The researchers found 117,000 scanned documents stored in a publicly available Amazon S3 bucket. The photo ID scans were accompanied by completed US Postal Service forms that included names, home addresses, and phone numbers of people who requested to have mail delivered by an authorized agent. The data was initially compiled by a now-defunct company called Bongo International that helped North American retailers and brands sell online to consumers in other countries, which was later bought by Fedex in 2014 and renamed  FedEx Cross-Border International before it was shut down a year later. Despite the shutdown of this unit, documents on the server date up to September 2015. The server was secured within hours of ZDNet contacting Fedex.

4 days ago
Charlie Osborne / ZDNet

Second Hack the Air Force Bug Bounty Challenge Found 106 Vulnerabilities

The second Hack the Air Force bug bounty program has resulted in 106 vulnerabilities being reported and fixed, Air Force bug bounty partner HackerOne said. The 20-day competition to find vulnerabilities in federal systems resulted in $103,883 in payouts, bringing the total amount of financial rewards to over $233,000 to date. The highest bounty paid in this second round reached $12,500.

4 days ago
Catalin Cimpanu / Bleeping Computer

Intel Launches New Side Channel Bug Bounty Program With Rewards Up to $250,000

In the wake of the Meltdown and Spectre chip disasters, Intel has launched a new side channel bug bounty program through buy bounty facilitator HackerOne that will pay up to $250,000 in rewards. Like the Meltdown and Sepctre bugs, side channel bugs are those vulnerabilities rooted in the component’s hardware design and which are exploitable via local software. Intel is also beefing up its normal bug bounty program in collaboration with HackerOne, offering rewards from $500 to $100,000.

4 days ago
Benjamin Mullin / Wall Street Journal

Google’s Chrome Browser Filtering That Will Block Intrusive Ad Launches Today

Starting today, Google Chrome will begin flagging advertising formats that fail to meet standards adopted by the Coalition for Better Ads, a group of advertising, tech and publishing companies, including Google, a unit of Alphabet Inc. Sites with unacceptable ad formats, such as annoying ads like pop-ups, auto-playing video ads with sound and flashing animated ads, will receive a warning that they’re in violation of the standards. If those problematic ads aren’t fixed within 30 days, Google will block them from displaying in Chrome. Chrome’s ad-blocker is aimed at intrusive or annoying ads and hasn’t been specifically designed to block malicious ads that contain malware or other security threats.

4 days ago
JEN WIECZNER / Fortune

Poisoned Google Ads Let Ukrainian Group ‘Coinhoarder’ Steal $50M in Cryptocurrency

A Ukrainian hacker group dubbed Coinhoarder has stolen more than $50 million in cryptocurrency from users of Blockchain.info, a popular provider of digital currency wallets, researchers at Cisco Talos report based on a six-month investigation they conducted with Ukraine’s Cyberpolice. The thieves gamed Google search results on popular cryptocurrency search terms such as blockchain or bitcoin wallet to deliver links to malicious websites masquerading as legitimate domains for Blockchain.info wallets such as “blokchien.info/wallet” and “block-clain.info.” Once on the fake websites, users entered private information that gave the thieves access to the users’ actual wallets.

Podcasts

2 days ago
ISC StormCast

Skype Update Vulnerability Fixed in October; iOS Indian Character DoS

Johannes Ullrich talks about Skype Update Vulnerability Fixed in October, iOS Indian Character DoS, Executing Code in Word Without Macros, Phishing Via Google Ads Against Blockchain.info.


2 days ago
Security Conversations

Episode 11 – Aanchal Gupta, Facebook

Ryan Naraine talks with Aanchal Gupta who became CISO at Skype before tackling complex problems for the largest social network in the world, Facebook. (Photo by NordWood Themes on Unsplash.)


3 days ago
ISC StormCast

More CPU Flaws Coming; OpenSSL Tests TLS 1.3; Double Door Botnet

Johannes Ullrich talks about Meltdown Prime and SpectrePrime: More CPU Exploits Coming, Winter Olympics Attack Launched via IT Provider, OpenSSL Releases TLS 1.3 Alpha as Part of OpenSSL 1.1.1 pre release 1, Double Door Botnet.


4 days ago
War on the Rocks Podcast

THE BIG CYBER SPECTACULAR

In our latest episode, Usha Sahay and Ryan Evans were joined by Thomas Rid, Michael Sulmeyer, and a mystery guest (Corinna Fehst) to talk about cyber-security, election meddling, reports about U.S. intel agencies buying back pilfered hacking tools, going dark, legislatures as the vulnerable soft cyber underbelly of democracies, and the different threats posed by Russia and China. (Photo by Aziz Acharki on Unsplash.)


Cybersecurity Events

Feb. 19-22M3AAWGSan Francisco, CAUSA
Feb. 20-21European Information Security SummitLondonUK
Feb. 21-22Pacific Rim Critical Infrastructure Security SummitHonolulu, HIUSA
Feb. 22Cybertech Latin America Panama CityPanama
Feb. 22-23DevSecCon SingaporeSingaporeSingapore
Feb. 23Security TitansScottsdale, AZUSA
Feb. 23-24BSides NoVaHerndon, VAUSA
Feb. 24CrikeyConBrisbaneAustralia
Feb. 24-255th International Conference on Computer Science and Information Technology (CoSIT 2018)DubaiUAE
Feb. 26-27Source Security Conference and TrainingMesa, AZUSA
Feb. 26-27 International Privacy + Security ForumWashington, DCUSA
Feb. 26-Mar. 2Financial Cryptography and Data Security 2018Santa Barbara Beach ResortCuraçao
Feb. 25-Mar. 3SANS New York CityNew York, NYUSA
Feb. 27-28CU IT Security & Risk Management Summit?San Antonio, TXUSA
Feb. 27-28Cyberthreat 2018LondonUK


Subscribe to Our Newsletter!

Subscribe to our newsletter and get our daily and highly enjoyable summary of cybersecurity developments you must know if you want to stay ahead.

We don't spam and we value your privacy. We don't sell or share our subscriber lists ever.