International News | Science of Security Virtual Organization

International News

“ICS-CERT in NTP flaw alert”, Infosecurity Magazine, 22 December 2014. The Network Time Protocol (NTP), used by machines to set accurate clocks, has been recently discovered to contain “several remotely exploitable vulnerabilities”, according to Infosecurity Magazine. NTP servers rose to concern after being targeted by 2014 DDoS attacks, which then declined following server patches. (ID# 14-70047)
See http://www.infosecurity-magazine.com/news/icscert-in-ntp-flaw-alert/.

“Bitcoin exec gets two years over illegal Silk Road funny money trading”, The Register UK, 22 December 2014. Charlie Shrem, former Bitcoin Foundation executive, will serve a two year prison sentence for illegal currency trading. The now-shuttered Silk Road black market site was worth $19 million at the time it was seized. (ID# 14-70048)
See http://www.theregister.co.uk/2014/12/22/bitcoin_exec_gets_two_years_for_role_in_silk_road_trading/.

“Sneaky Russian hackers slurped $15 million from banks”, The Register UK, 22 December 2014. The Anunak hackers group targets Russian and former CIS countries’ banks and payment systems, and has stolen more than $15 million, most of which has occurred during the last 6 months. Anunak attackers gain access to internal network of banks, so that money is stolen not from customers, but from the banks. (ID# 14-70049)
See http://www.theregister.co.uk/2014/12/22/russian_cyber_heist_gang_rakes_in_15m/.

“NUKE HACK fears prompt S Korea cyber-war exercise”, The Register, 22 December 2014. As a precaution following last week’s online leak of plant equipment designs and manuals, South Korean firm Korea Hydro and Nuclear Power Co (KHNP) will run “cyber-war drills”. Hackers released ominous warnings to stay away from the KHNP-run reactors over the holidays. (ID# 14-70050)
See http://www.theregister.co.uk/2014/12/22/nuclear_hack_threats_prompts_skorea_cyber_war_exercise/.

“Boeing turns to BlackBerry for help creating super-secret, self-destructing ‘Black’ smartphones”, ZDnet, 22 December 2014. Boeing, known for its aviation and defense work, teams up with Canadian company Blackberry to develop a self-destructing smartphone for government use. The DoD currenty approves of certain Blackberry models on its networks, while NSA allows Samsung Galaxy devices that use Knox. (ID# 14-70051)
See http://www.zdnet.com/article/boeing-turns-to-blackberry-for-help-creating-super-secret-self-destructing-black-smartphone/.

“Hacker posts more S. Korean reactor info on Internet”, Yonhap News Korea, 21 December 2014. Blueprints of South Korean nuclear reactors were leaked online, with warnings of more unauthorized releases unless authorities shut down the reactors. This has been the fourth online leak since December 15th, though none have directly affected the safety of the reactors. (ID# 14-70052)
See http://english.yonhapnews.co.kr/national/2014/12/21/94/0302000000AEN20141221003800315F.html.

“ISIS likely behind cyber-attack unmasking Syrian rebels”, Infosecurity Magazine, 20 December 2014. Fears mount that The Islamic State in Iraq and Syria (ISIS) is adding cyber-warfare to its list of destructive tactics. Raqqah is being Slaughtered Silently (RSS), an advocacy group for documenting ISIS human rights abuses, has been targeted by a spearfishing email containing an infected slideshow attachment. The group believes that the malware’s purpose is to send RSS’s location details to ISIS militants. (ID# 14-70053)
See http://www.infosecurity-magazine.com/news/isis-likely-behind-cyberattack/.

“Trojan program based on ZeuS targets 150 banks, can hijack webcams”, Computer World, 19 December 2014. Bank users around the world are targets for the Chthonic malware, based on the ZeuS banking malware. The malware modifies web pages, known as web injection, opened by customers. The malware then uses fake web forms to obtain sensitive information. (ID# 14-70054)
See http://www.computerworld.com/article/2861399/trojan-program-based-on-zeus-targets-150-banks-can-hijack-webcams.html.

“Critical flaw hits millions of home routers”, Infosecurity Magazine UK, 19 December 2014. A flaw in several home router models, Misfortune Cookie, makes vulnerable millions of customers across 189 countries. Attackers would be able to remotely control compromised routers using admin privileges. (ID# 14-70055)
See http://www.infosecurity-magazine.com/news/critical-flaw-hits-millions-of/.

“Icann spear fishing attacks strikes at the heart of the internet”, Infosecurity Magazine UK, 18 December 2014. Attackers were able to gain administrative access to files in the Centralized Zone Data System (CZDS), which experts say could have significant impact on root DNS servers and processes. (ID# 14-70056)
See http://www.infosecurity-magazine.com/news/icann-spear-phishing-attack/.

“Hidden backdoor in up to 10m Android phones”, SC Magazine UK, 18 December 2014. Phones produced by Chinese manufacturer Coolpad have hidden backdoors installed, discovered by Palo Alto security firm. In response, Coolpad claims the backdoors are for “internal testing”, but experts are skeptical. (ID# 14-70057)
See http://www.scmagazineuk.com/hidden-backdoor-in-up-to-10m-android-phones/article/389010/.

“London teenager pleads guilty to Spamhaus DDoS”, Infosecurity Magazine UK, 18 December 2014. A 17-year-old teenager, arrested in April, has plead guilty to what was at the time the largest ever recorded DDoS. The teen targeted Spamhaus, an anti-spam company, and subsequently the content-delivery network CloudFlare. (ID# 14-70058)
See http://www.infosecurity-magazine.com/news/london-teenager-pleads-guilty/.

“Sony hack a ‘serious national security matter’: White House”, Security Week, 18 December 2014. The recent cyber-attack carried out on Sony Pictures has escalated, with Sony making the decision to cancel release of “The Interview”, a satirical film depicting the death of North Korean leader Kim Jong-Un. Following threats to attack cinemas that screened the film, Sony’s decision to cancel release sets a “dangerous precedent”. (ID# 14-70059)
See http://www.securityweek.com/sony-hack-serious-national-security-matter-white-house.

“Quantum physics behind ‘unhackable’ security authentication”, SC Magazine UK, 17 December 2014. Researchers from universities in Twente and Eindhoven, Netherlands, propose Quantum Secure Authentication (QSA), an unclonable and unhackable authentication method using nanoparticles and photons on credit cards to create a unique, dynamic pattern. (ID# 14-70060)
See http://www.scmagazineuk.com/quantum-physics-behind-unhackable-security-authentication/article/388770/.

“Oslo mobiles eavesdropped”, SC Magazine UK, 17 December 2014. Up to £200,000 worth of mobile phone surveillance equipment has been discovered near Norwegian parliamentary and government buildings in Oslo. The discovered IMSI-catchers can rapidly register several hundred mobile numbers, which can then be eavesdropped upon. (ID# 14-70061)
See http://www.scmagazineuk.com/oslo-mobiles-eavesdropped/article/388765/.

“DoD prioritizes tech transfer to trusted Asian allies”, FCW, 17 December 2014. The United States DoD has embarked on a security initiative to securely transport US defense technology to Asian ally countries, emphasizing “share what we can, protect what we must”. South Korea, Japan, Australia, New Zealand, and Singapore hold friendly technology trade relations with the US. (ID# 14-70062)
See http://fcw.com/articles/2014/12/17/dod-tech-transfer.aspx.

“Mobile Threat Monday: Android apps hide windows malware”, PC Magazine Security Watch, 15 December 2014. Ramnit Trojan-infected apps were available on Google Play Store, hiding malicious HTML files masquerading as About pages for the apps. The so-called Ramnit malware specifically targets the home Windows machine, and though uses Android devices as vehicles, do not damage them. (ID# 14-70063)
See http://securitywatch.pcmag.com/mobile-security/330363-mobile-threat-monday-android-apps-hide-windows-malware.

“North Korea under the spotlight for Sony hack”, Infosecurity Magazine, 1 December 2014. Sony Pictures Entertainment was forced to shut down its corporate network and restrict access to company e-mail last week, when employees reported seeing an unauthorized message. The company suspects North Korean adversaries behind the attacks; the breach happens to coincide with the release of The Interview, a satirical film centered around deposing Kim Jong-un. (ID# 14-70064)
See http://www.infosecurity-magazine.com/news/north-korea-under-the-spotlight/

“Bing and Yahoo respond to ‘right to be forgotten’ requests”, ZDNet Europe, 1 December 2014. Microsoft and Yahoo are complying with European user requests to stop returning search results for their names, particularly if the delivered links point to information that is out of date or excessive. (ID# 14-70065)
See http://www.zdnet.com/article/bing-and-yahoo-respond-to-right-to-be-forgotten-requests/.

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.