Source: National Cyber Security – Produced By Gregory Evans The aviation industry is stepping up efforts to enlist coordinated international support in the battle against the threats posed to airlines and passengers by hackers and those seeking to exploit IT systems. The security of commercial airlines and whether the systems…
New Russian Hacker Exploit ‘Most Significant Cyber-Espionage Threat’ To US, NATO Partners
Source: National Cyber Security – Produced By Gregory Evans The Russian hacker group Pawn Storm is using a vulnerability in Adobe Flash Player to install malware on computers belonging to several “foreign ministries,” Trend Micro researchers reported Tuesday. Pawn Storm “is the most significant cyber-espionage threat to the U.S. government and her NATO…
Zero Day Weekly: Uber-Lyft hack war, DHS forced into cybersecurity strategy, ICS nuclear threat
Source: National Cyber Security – Produced By Gregory Evans Welcome to Zero Day’s Week In Security, ZDNet’s roundup of notable security news items for the week ending October 9, 2015. From The Hill: Senate Democrats press T-Mobile on data breach “Three Senate Democrats are seeking answers from credit agency Experian…
Cyber Security Threat 2015: Crowdfunding Site Patreon Targeted by Hackers; Large Amount of User Data Leaked Online
Source: National Cyber Security – Produced By Gregory Evans Patreon, the crowdfunding site designed for artists and creators, was recently targeted in a massive cyber attack. The data breach led to around 15GB of users’ information being stolen by the hackers and leaked online. The attack on the site was…
Android phone users warned of latest hacktest hacking threat
Source: National Cyber Security – Produced By Gregory Evans The Independent reports that all Android phones are vulnerable to a huge hack that could allow people to take over phones if people just watch one ‘innocent’ video. The bug has been called Stagefright 2 and is similar to a bug…
Security at SC beefed up after email threat
Source: National Cyber Security – Produced By Gregory Evans New Delhi: Security has been beefed up at the Supreme Court after it received an email threat to blow it up in retaliation for the execution of 1993 Mumbai blasts convict Yakub Memon. “The threat mail was received on the court’s…
ISIS social media accounts are buzzing with a spreadsheet of personal data on employees of the American, British, and Australian governments, including military personnel. The Islamic State claims this list was compiled using data stolen from government systems by its “hacking division,” although some experts who have reviewed the list say most of it was more likely created using simple Google searches of publicly available data. There are about 1,400 individuals included on the list. The list was accompanied by a message from the “Islamic State Hacking Division,” transcribed by Sky News: O Crusaders, as you continue your aggression towards the Islamic State and your bombing campaign against the Muslims, know that we are in your emails and computer systems, watching and recording your every move. We have your names and addresses, we are in your emails and social media accounts, we are extracting confidential data and passing on your personal information to the soldiers of the khilafah, who soon with the permission of Allah will strike at your necks in your own lands. So wait, we too are waiting. The Sydney Morning Herald criticizes Australian officials for being “caught on their heels” by the hit list, which includes Defense Force employees and a Victorian MP. Even though “Australia’s most senior Islamic State militant, former Melbourne man and terror recruiter Neil Prakash” was posting links to the hit list early Wednesday morning, at least half of the Australians targeted by ISIS said they were unaware of the threat until they were informed by the media… which contacted them using the phone numbers published by the Islamic State. “I’m completely at a loss,” said the aforementioned MP, who at least has access to a security detail assigned to protect elected officials. “What do I do? The police probably know less than you and I.” Defense Force employees on the list said they were in shock no one from the government had warned them. Various agencies of the Australian government declined to discuss the matter. In addition to Prakash – who crowed “Cyber war got em shook!” and “Kill them where you find them and enslave their women” on Twitter – the Herald reports “other prominent militants, including British man Junaid Hussain, who is third on a CIA kill list of Islamic State operatives, also used social media to promote the leak and encourage attacks.” Sky News reports the hit list includes British Foreign Office employees, plus a “local council employee.” Most of the names on the list are American, including personnel from the Air Force, Marines, NASA, FBI, and the Port Authority of New York and New Jersey. Russian state outlet RT.com says the list also includes “a worker in an Israeli magistrate’s court” and “someone in a college in Mississippi.” The RT.com article mentions some reasons for skepticism about the Islamic State’s claim that this list includes confidential information obtained by hackers: some of the phone numbers appear to be disconnected, while the purportedly stolen U.S. military passwords appearing on the list are “too weak to pass the guidelines of an official computer system operated by the Pentagon.” The Sydney Morning Herald also found some of the information published on the list to be outdated. “This is the second or third time they’ve claimed that and the first two times I’ll tell you, whatever lists they got were not taken by any cyber attack,” said Army Chief of Staff General Ray Odierno, as quoted by the UK Guardian. The Guardian also cites the opinion of computer security expert Troy Hunt, who said the of the supposedly hacked data: “It’s pretty clear that it’s been aggregated from different sources. It’s been put together on the basis of a .gov or .mil address. Even the passwords, they’re not strong enough to have come from a corporate or government. They’re not even strong enough to have come from an online service – you can’t create a Gmail account, for example, with a password of less than eight characters, and here we’re seeing some passwords of three letters.” The UK Daily Mail notes that Twitter administrators appear to have shut down the Islamic State Hacking Division’s account three times on Wednesday while it attempted to spread its hit list around, leading to the creation of a fourth terrorist account with the message, “Kuffar seem to be raging.”
Source: National Cyber Security – Produced By Gregory Evans ISIS social media accounts are buzzing with a spreadsheet of personal data on employees of the American, British, and Australian governments, including military personnel. The Islamic State claims this list was compiled using data stolen from government systems by its “hacking…
Cyber poltergeist threat discovered in Internet of Stuff hubs
Source: National Cyber Security – Produced By Gregory Evans New security research has revealed a whole new area of concerns for the soon-to-be-everywhere Internet of Things – smart home hubs. Hubs – devices that link into home networks to control lighting, dead-bolt locks and cameras – can be dangerously vulnerable…
Are There Differences Between Threat Intelligence Feeds?
Source: National Cyber Security – Produced By Gregory Evans While cyber threat intelligence hype is at an all-time high across the industry, many enterprise organizations are actually building internal programs and processes for threat intelligence consumption, analysis, and operationalization. This trend will likely continue. According to ESG research, 27% of…
Here’s how ‘Login through Facebook’ is a serious cyber security threat!
Source: National Cyber Security – Produced By Gregory Evans Isn’t it scary to think that anyone can book rides using your Uber account and pay using your PayTM wallet? Well, it might be happening right here, right now as you read through this article. Mohit Bagga and Tajinder Pal Singh…