Otakun is out this week so… Do you like news? I like news. Here’s some news!
- There are attempts to change Section 314 in the Patriot Act so that it also covers non-terrorism or money laundering investigations. There are concerns that this could put the privacy of innocent americans at risk.
- Read More @ https://news.slashdot.org/story/16/07/11/2338258/congress-is-trying-to-expand-the-patriot-act
- There was a breach with Datadog which included access to a database with user credentials. According to their website, their passwords were stored using bcrypt and a unique salt so it would take some time before anyone could make use of the data. On the side of caution, Datadog has invalidated all user passwords and brought in third party experts for the post-mortem on the attack.
- Read More @ https://nakedsecurity.sophos.com/2016/07/11/datadog-bitten-by-data-breach-kills-all-passwords/
- It appears that Europol arrested over 100 people across multiple countries who were responsible for producing and using counterfeit credit cards. During the arrests, they were able to bring down leaders and two production sites while also seizing 3000 counterfeit cards, many fake passports and a lot of money.
- Read More @ https://nakedsecurity.sophos.com/2016/07/11/big-carding-gang-bust-announced-by-europol-105-arrests-across-15-countries/
- A ruling at the US 9th Circut Court has created a very slippery slope. In the case presented, an employee passed their credentials to a former employee which has been deemed as breaking the law. This in turn means there could be major consequences if you allow friends or family to use your streaming service accounts or more.
- Read More @ https://www.schneier.com/blog/archives/2016/07/password_sharin_1.html
- Yikes, according to a recent report, the FDIC has had multiple compromises by hackers backed by the Chinese government between 2010 and 2013. There’s allegations that the former CIO at the time also wanted to keep this quiet so that it wouldn’t jeopardize the Senate confirmation for Martin J. Gruenberg for chairman.
- Read More @ https://threatpost.com/congressional-report-china-hacked-fdic-and-agency-covered-it-up/119276/
- Well, on top of the password sharing, it seems that another fantastic ruling was made which may suggest that accessing someone’s website who has told you not to is now a federal crime.
- Read More @ https://www.schneier.com/blog/archives/2016/07/visiting_a_webs.html
- F-secure has pulled together some of the top 4 excuses from companies that believe they don’t need to pay more attention to cyber security. Hmm, it reminds me of when somebody told me, “Hackers exist because cyber security exists. When cyber security goes away, the ‘hacking fad’ will disappear.” Makes you laugh a little bit right?
- Read More @ https://business.f-secure.com/the-top-4-cyber-security-excuses/
- “Sub-creatures! Gozer the Gozerian, Gozer the Destructor, Volguus Zildrohar, the Traveller has come! Choose and perish!” Ok, it was only fitting to throw a Ghostbusters quote in with the new one releasing this week whether I actually go see it or not. It appears that spear phishing campaigns targeting Russia and Eastern Europeans have been identified by Proofpoint. Users would get malicious links which would push them to infected pages that would pull down NetTraveler. These campaigns were hitting military, defense, weapon manufacturers and more.
- Read More @ http://www.scmagazine.com/nettraveler-resurfaces-in-chinese-apts-spear-phishing-campaign/article/508495/
- It appears that Omni Hotels point of sale systems were compromised and credit/debit card information was stolen. The infection is believed to have been active on their systems since December 23, 2015.
- Read More @ http://www.theregister.co.uk/2016/07/11/strike_omni_from_list_of_safe_hotels/
- PIA (Private Internet Access) announced that they will no longer have a Russian pressence due to the ISP’s requirement of storing at least one year’s worth of logs. PIA is a VPN service which prides itself on keeping your data encrypted and anonymous.
- Read More @ http://news.softpedia.com/news/russian-authorities-seize-servers-of-us-vpn-provider-506226.shtml
- Researches have built a new anymous network which resolves some issues with Tor. They claim that the network is hardened to prevent malicious rogue servers to gain access which has been known as Sybil attacks.
- Read More @ http://news.softpedia.com/news/riffle-our-anonymity-network-is-better-than-tor-says-mit-506231.shtml
- It appears that European energy companies are still in the sights of some potentially nation-state sponsored attacks. In this case, the malware dropped has been named SFG and was the predecessor of the malware Furtim.
- Read More @ https://threatpost.com/malware-dropper-built-to-target-european-energy-company/119195/
- Reports for 2015 indicate that cyber breaches cost companies roughly £34.1 billion last year. In response to this, a little over 20% of the polled companies stated they are “highly concerned” about viruses while half of the companies involved have upped their cyber defense.
- Read More @ http://www.infosecurity-magazine.com/news/breaches-cost-uk-orgs-34-billion/?utm_source=twitterfeed&utm_medium=twitter
That’s all we got for this week! Next week Otakun should be back for more news. The last bit of information I’d like to leave you with is that we have resolved some hardware issues for our intel server so that sucker is back up and running. This also means that we should be getting some more phish related posts up in the near future. Thanks for reading!