International News

“In India, is web censorship justified in the name of national security?”, PBS News, 26 January 2015. In a new effort by India’s government to deter terrorist organizations from recruiting members and disseminating propaganda, the government has blocked sites such as GitHub, the Internet Archive, Vimeo, Pastebin, and more, all while keeping the blocks a secret. Indian government is bound by law to keep these changes under wraps. Critics are calling the move ineffective, and a blight on internet freedoms. (ID# 14-70104) See: http://www.pbs.org/newshour/updates/censorship-justified-name-national-security/

“Forbes web site was compromised by Chinese cyberespionage group researchers say”, The Washington Post, 10 February 2015. For three days, Forbes.com was unwittingly redirecting visitors from targeted organizations to a malicious third party site. Researchers are naming Codoso, a Chinese cyberespionage group, as the perpetrators. (ID# 14-70105) See: http://www.washingtonpost.com/blogs/the-switch/wp/2015/02/10/forbes-web-site-was-compromised-by-chinese-cyberespionage-group-researchers-say/

“Implanted RFID chip controls office access for Stockholm wokers”, EuroNews, 11 February 2015. Gone are the days of badge or printed pass authentication – at least in Stockholm anyway. Employees of the Epicenter office have been newly outfitted with RFID chips, implanted into the hand via syringe. Though wearing the chip is entirely voluntary, the notion has raise several privacy concerns. (ID# 14-70106) See: http://www.euronews.com/2015/02/11/implanted-rfid-chip-controls-office-access-for-stockholm-workers/

“Dutch government website outage caused by cyber attack”, Reuters, 11 February 2015. Dutch government main websites were crippled by DDoS attacks, rendering them inoperable for more than seven hours. The attack capitalized on the complexity and size of government websites to render backups ineffective. (ID# 14-70107) See: http://www.reuters.com/article/2015/02/11/us-netherlands-government-websites-idUSKBN0LF0N320150211

“Microsoft patches security flaw allegedly used by Chinese hackers to target U.S. Government”, IB Times, 11 February 2015. A series of Microsoft patches have been issued for vulnerabilities exploited by Chinese hackers, who compromised several websites, including Forbes.com in a “watering-hole” style attack. Experts identified this type of attack as a “chained zero-day exploit”. (ID# 14-70108) See: http://www.ibtimes.com/microsoft-patches-security-flaw-allegedly-used-chinese-hackers-target-us-government-1812306    

“Malware Links on U.S. car-defect website risked infecting users”, Bloomberg, 12 February 2015. A U.S. government database, used by motorists to report car defects, has been the subject of scrutiny after hundreds of infected files had to be removed. The database contained documents with malicious links leading users to a third-party site, where malware could infect their computers. Some of these files have been compromised and undetected for 10 years or more. (ID# 14-70109) See: http://www.bloomberg.com/news/articles/2015-02-12/malware-links-on-u-s-car-defect-website-risked-infecting-users  

“U.S. has raised concerns with China about new cyber rules: official”, Reuters, 13 February 2015. New cybersecurity rules in China are seen by the Obama administration as a “major barrier” to trade. The new rules require technology vendors in China to provide source code, and to adopt Chinese encruption algorithms. Though China’s Foreign Ministry spokeswoman insisted that China was committed to interacting with the outside world, these newest cybersecurity policies seem to say the opposite. (ID# 14-70110 See: http://www.reuters.com/article/2015/02/13/us-usa-china-cyber-idUSKBN0LG26420150213

“European banks getting targeted by malware”, SC Magazine UK, 13 February 2015. Findings released by Minded Security, a software security company, revealed that at least one in twenty devices used by European banking customers are infected with malware. The malware consisted of three percent unwanted adware, 1.5 percent spyware, and 0.5 percent banking malware. (ID# 14-70111)   See:  http://www.scmagazineuk.com/european-banks-getting-targeted-by-malware/article/398091/

“Report: Using malware, hackers steal millions from banks”, NPR, 16 February 2015. Hackers have made away with millions of dollars from up to 100 banks around the world. Kaspersky Lab has detailed the process of what it is calling “the most successful criminal cyber campaign”, executed by a combination of phishing bank employees and manipulating ATMs. Upon infecting machines, hackers waited until they hit an administrator computer, upon which keylogging and social engineering was leveraged to gain unauthorized access. Money was transferred to offshore accounts in Russia, Switzerland, Japan, the US, and the Netherlands. (ID# 14-70112) See: http://www.npr.org/blogs/thetwo-way/2015/02/16/386739804/report-using-malware-hacker-steal-millions-from-banks

“UK’s RBS launches fingerprint technology for mobile banking app”, Reuters, 17 February 2015. The Royal Bank of Scotland (RBS) has become the first bank to allow customers to authenticate using their fingerprints while on mobile devices. RBS has introduced the new service for 880,000 customers using Apple iPhones with the downloaded app. (ID# 14-70113) See: http://www.reuters.com/article/2015/02/18/us-rbs-technology-idUSKBN0LM00K20150218  

“JP Morgan goes to war”, Bloomberg, 19 February 2015. Recent cyberattacks on JP Morgan has spurred the creation of a security operation staffed largely with ex-military officers. The banking empire is gearing up against potential attacks from China, Iran, and Russia, and names the US government for being unable to prevent or respond to such breaches. The FBI recently dismissed JP Morgan’s claims that the recent attacks, which were traced back to a data center in St. Petersburg, Russia, were implemented with nation-state influence, but rather by a criminal actor. (ID# 14-70115) See: http://www.bloomberg.com/news/articles/2015-02-19/jpmorgan-hires-cyberwarriors-to-repel-data-thieves-foreign-powers

“Lenovo to stop pre-installing controversial software”, Reuters, 19 February 2015. Lenovo Group Ltd., the Chinese-based PC-making titan, has been under scrutiny for pre-installing the software “Superfish”, on consumer laptops, which allows third-party surveillance. The software enables itself to take over connections and determine them secure, even if they are not. Experts have condemned “Superfish” as malicious adware that can expose devices to exploitation. (ID# 14-70116) See: http://www.reuters.com/article/2015/02/19/us-lenovo-cybersecurity-idUSKBN0LN0XI20150219  

“Currency security breaches hidden by Indian government: Report”, CNBC, 20 February 2015. Security compromises in the printing of rupees were discovered in 2012, only to be intentionally covered up by Indian officials. An internal investigation revealed that a security thread inserted into rupees were from an Islamic nation, and was not recognizable. (ID# 14-70117) See: http://www.cnbc.com/id/102439297#

“Bitcoin hack report suggests inside job”, CNBC, 20 February 2015. An investigation into the now defunct Mt Gox, a Tokyo bitcoin exchange, revealed that hundreds of thousands of coins were purchased with fake money by an automated bot. By setting up accounts with fake US dollar balances, the bot was able to buy and withdraw coins. Mt Gox stated that it had lost track of 850,000 coins worth nearly $500 million. (ID# 14-70118) See: http://www.cnbc.com/id/102442027

“Italian privacy watchdog says to conduct inspections at Google U.S. offices”, Reuters, 20 February 2015. Google has agreed to inspections at its headquarters, in what marks as the first time a European Union regulator will inspect a company inside U.S. territory. Following investigations by several EU data protection authorities, the Italian data protection authority has emphasized ensuring its citizens’ data is handled in compliance with EU law. (ID# 14-70119) See: http://www.reuters.com/article/2015/02/20/us-google-privacy-italy-idUSKBN0LO22V20150220  

(ID#:14-3726)

Note:



Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.