 |
In the News |
This section features topical, current news items of interest to the international security community. These articles and highlights are selected from various popular science and security magazines, newspapers, and online sources. The articles listed here will be featured in the next publication of the Science of Security newsletter.
US News 
"Russian Attackers Hack Pentagon", InfoSecurity Magazine, 07 August 2015. [Online]. On around July 25th, the Pentagon was forced to shut down the server for its Joint Chiefs of Staff unclassified email system after an attack by Russian attackers. It is not known for sure whether or not the attack, which resulted in the leak of "large quantities of data", was authorized by the Russian Government or not. (ID#: 15-50423) See http://www.infosecurity-magazine.com/news/russian-attackers-hack-pentagon/
"Chinese Hackers May Have Burrowed Into Airlines", Tech News World, 11 August 2015. [Online]. Travel reservations processor Sabre confimed that it suffered a breach in systems containing sensitive data on as many as a billion passengers. United Airlines, which shares some network infrastructure with Sabre, is still recovering from an incident last month that was speculated to have been an attack, leading government officials to believe that China-based hackers are targeting travel infrastructure. (ID#: 15-50424) See http://www.technewsworld.com/story/82365.html
"Terracotta VPN, the Chinese VPN Service as Hacking Platform", Cyber Defense Magazine, 06 August 2015. [Online]. RSA Security reports that Chinese virtual private network provider Terracotta VPN use brute-force attacks and Trojans on vulnerable Windows servers to provide infrastructure for launching cyber attacks. Terracotta uses these compromised servers to offer a service that allows hackers to launch cyber attacks from seemingly legitimate and respected IP addresses. (ID#: 15-50425) See http://www.cyberdefensemagazine.com/terracotta-vpn-the-chinese-vpn-service-as-hacking-platform/
"Planned Parenthood reports second website hack in a week", Reuters, 30 July 2015. [Online]. Following controversy over alleged sale of illegal fetal tissue, Planned Parenthood has announced that it's websites were hit with a large DDoS attack that prompted the organization to keep its websites offline for the day. The day before, Planned Parenthood announced an attack against its information systems, possibly resulting in the compromise of employee's personal information. (ID#: 15-50422) See http://www.reuters.com/article/2015/07/30/us-usa-plannedparenthood-cyberattack-idUSKCN0Q409120150730
"Ashley Madison attack prompts spam link deluge", BBC, 31 July 2015. [Online]. Infidelity website Ashley Madison suffered a breach in which attackers claimed to have personal information from 37 million accounts, claiming that they would release it if the website was not shut down. The hackers have not yet released the data, prompting spammers to release fake links to the non-extant data. Many of these links, according to a BBC investigation, lead victims to fake data, scam pages, and malware. (ID#: 15-50411) See http://www.bbc.com/news/technology-33731183
"Windows 10 Will Use Virtualization For Extra Security", Information Week, 22 July 2015. [Online]. The highly anticipated Windows 10 operating system has many new features that are being marketed to consumers, but one over-looked advancement that doesn't appeal to the non-tech-savvy is security. Microsoft claims to have taken a fundamentally new approach to security; new features like virtualization place critical operating system components in their own containers, making them inaccessible to hackers. (ID#: 15-50417) See http://www.informationweek.com/software/operating-systems/windows-10-will-use-virtualization-for-extra-security/a/d-id/1321415
International News 
See: http://www.technewsworld.com/story/82463.html
"KeyRaider Malware Busts iPhone Jailbreakers", Tech News World, 03 September 2015. [Online]. Malicious software, now being called KeyRaider, has affected a multitude of jailbroken iPhone users. The malware infiltrated the phones through the third-party app store, Cydia. Reports claim that the malware has stolen up to 225,000 active Apple accounts, certificates, and even receipts.
See: http://www.technewsworld.com/story/82450.html
"Baby Monitors Riddled with Security Holes", Tech News World, 02 September 2015. [Online]. Rapid7 released a report detailing their study of several major brands of baby monitors recently. The report stated that many top brands are littered with vulnerabilities. One top consultant for the group said that many of the security flaws would allow the video and audio from the monitors to be watched anywhere.
See: http://www.technewsworld.com/story/82449.html
"Cybersecurity bill could 'sweep away' internet users' privacy, agency warns", The Guardian, 3 August 2015. [Online]. A new revision of the Cybersecurity Information Sharing Act bill will be voted on by the Senate. The bill allows companies with large amounts of information to share it with the appropriate government agencies, who can then share the information as they see fit. The bill has turned a lot of attention to companies such as Google and Facebook who possess large amounts of user's data and online habits. (ID#: 15-60044)
See: http://www.theguardian.com/world/2015/aug/03/cisa-homeland-security-privacy-data-internet
"Hacking Victim JPMorgan Chasing Cybersecurity Fixes", Investors, 4 August 2015. [Online]. Last year, JP Morgan Chase suffered a cyber attack that compromised the contact information of roughly 76 million customers. Although no accounts or social security numbers were taken, the company is planning on taking measures to prevent another major attack. The bank says that theire cyber security budget will be increased from $250 million to $500 million in order to improve upon their analytics, testing and coverage. (ID#: 15- 60043)
See: http://news.investors.com/business/080415-764935-jpmorgan-chase-to-double-cybersecurity-spending.htm
“Hackers Remotely Kill a Jeep on the Highway – With Me in it”, Wired, 21 July 2015. [Online]. Charlie Miller and Chris Valase successfully hacked in to a Jeep Cherokee from a remote computer, all while the car was being driven miles away. The two were able to take full control of nearly everything from the windshield wipers and air conditioning to the steering wheel itself. They plan on releasing some of their findings at Black Hat in Las Vegas in August. (ID#: 15-60042)
See: http://www.wired.com/2015/07/hackers-remotely-kill-jeep-highway/
“The Dinosaurs of Cybersecurity Are Planes, Power Grids and Hospitals”, Tech Crunch, 10 July 2015. [Online]. One of the most prominent risks in cybersecurity comes in the form of infrastructure and things like airplanes and hospitals. As these systems are compromised, patches are developed to remedy the problem. However patches are slow to roll out and take a great deal of time to develop. By the time patches are complete, often, the damage has already been done. (ID#: 15-60040)
See: http://techcrunch.com/2015/07/10/the-dinosaurs-of-cybersecurity-are-planes-power-grids-and-hospitals/
“Microsoft is Reportedly Planning to Buy an Israeli Cyber Security Firm for $320 Million”, Business Insider, 20 July 2015. [Online]. A new report shows that Microsoft has a deal in place to purchase the Israeli cybersecurity company, Adallom. Adallom is expected to become Microsoft’s cyber security center for the entirety of Israel. Adallom was founded in 2012 and has since grown to 80 employees. (ID#: 15-60041)
See: http://www.businessinsider.com/r-microsoft-to-buy-israeli-cyber-security-firm-adallom-report-2015-7
(ID#: 15-7299)
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.