International News

---

"ICS-CERT in NTP flaw alert", Infosecurity Magazine, 22 December 2014. The Network Time Protocol (NTP), used by machines to set accurate clocks, has been recently discovered to contain "several remotely exploitable vulnerabilities", according to Infosecurity Magazine. NTP servers rose to concern after being targeted by 2014 DDoS attacks, which then declined following server patches. (ID# 14-70047)
See http://www.infosecurity-magazine.com/news/icscert-in-ntp-flaw-alert/.

"Bitcoin exec gets two years over illegal Silk Road funny money trading", The Register UK, 22 December 2014. Charlie Shrem, former Bitcoin Foundation executive, will serve a two year prison sentence for illegal currency trading. The now-shuttered Silk Road black market site was worth $19 million at the time it was seized. (ID# 14-70048)
See http://www.theregister.co.uk/2014/12/22/bitcoin_exec_gets_two_years_for_role_in_silk_road_trading/.

"Sneaky Russian hackers slurped $15 million from banks", The Register UK, 22 December 2014. The Anunak hackers group targets Russian and former CIS countries' banks and payment systems, and has stolen more than $15 million, most of which has occurred during the last 6 months. Anunak attackers gain access to internal network of banks, so that money is stolen not from customers, but from the banks. (ID# 14-70049)
See http://www.theregister.co.uk/2014/12/22/russian_cyber_heist_gang_rakes_in_15m/.

"NUKE HACK fears prompt S Korea cyber-war exercise", The Register, 22 December 2014. As a precaution following last week's online leak of plant equipment designs and manuals, South Korean firm Korea Hydro and Nuclear Power Co (KHNP) will run "cyber-war drills". Hackers released ominous warnings to stay away from the KHNP-run reactors over the holidays. (ID# 14-70050)
See http://www.theregister.co.uk/2014/12/22/nuclear_hack_threats_prompts_skorea_cyber_war_exercise/.

"Boeing turns to BlackBerry for help creating super-secret, self-destructing 'Black' smartphones", ZDnet, 22 December 2014. Boeing, known for its aviation and defense work, teams up with Canadian company Blackberry to develop a self-destructing smartphone for government use. The DoD currenty approves of certain Blackberry models on its networks, while NSA allows Samsung Galaxy devices that use Knox. (ID# 14-70051)
See http://www.zdnet.com/article/boeing-turns-to-blackberry-for-help-creating-super-secret-self-destructing-black-smartphone/.

"Hacker posts more S. Korean reactor info on Internet", Yonhap News Korea, 21 December 2014. Blueprints of South Korean nuclear reactors were leaked online, with warnings of more unauthorized releases unless authorities shut down the reactors. This has been the fourth online leak since December 15th, though none have directly affected the safety of the reactors. (ID# 14-70052)
See http://english.yonhapnews.co.kr/national/2014/12/21/94/0302000000AEN20141221003800315F.html.

"ISIS likely behind cyber-attack unmasking Syrian rebels", Infosecurity Magazine, 20 December 2014. Fears mount that The Islamic State in Iraq and Syria (ISIS) is adding cyber-warfare to its list of destructive tactics. Raqqah is being Slaughtered Silently (RSS), an advocacy group for documenting ISIS human rights abuses, has been targeted by a spearfishing email containing an infected slideshow attachment. The group believes that the malware's purpose is to send RSS's location details to ISIS militants. (ID# 14-70053)
See http://www.infosecurity-magazine.com/news/isis-likely-behind-cyberattack/.

"Trojan program based on ZeuS targets 150 banks, can hijack webcams", Computer World, 19 December 2014. Bank users around the world are targets for the Chthonic malware, based on the ZeuS banking malware. The malware modifies web pages, known as web injection, opened by customers. The malware then uses fake web forms to obtain sensitive information. (ID# 14-70054)
See http://www.computerworld.com/article/2861399/trojan-program-based-on-zeus-targets-150-banks-can-hijack-webcams.html.

"Critical flaw hits millions of home routers", Infosecurity Magazine UK, 19 December 2014. A flaw in several home router models, Misfortune Cookie, makes vulnerable millions of customers across 189 countries. Attackers would be able to remotely control compromised routers using admin privileges. (ID# 14-70055)
See http://www.infosecurity-magazine.com/news/critical-flaw-hits-millions-of/.

"Icann spear fishing attacks strikes at the heart of the internet", Infosecurity Magazine UK, 18 December 2014. Attackers were able to gain administrative access to files in the Centralized Zone Data System (CZDS), which experts say could have significant impact on root DNS servers and processes. (ID# 14-70056)
See http://www.infosecurity-magazine.com/news/icann-spear-phishing-attack/.

"Hidden backdoor in up to 10m Android phones", SC Magazine UK, 18 December 2014. Phones produced by Chinese manufacturer Coolpad have hidden backdoors installed, discovered by Palo Alto security firm. In response, Coolpad claims the backdoors are for "internal testing", but experts are skeptical. (ID# 14-70057)
See http://www.scmagazineuk.com/hidden-backdoor-in-up-to-10m-android-phones/article/389010/.

"London teenager pleads guilty to Spamhaus DDoS", Infosecurity Magazine UK, 18 December 2014. A 17-year-old teenager, arrested in April, has plead guilty to what was at the time the largest ever recorded DDoS. The teen targeted Spamhaus, an anti-spam company, and subsequently the content-delivery network CloudFlare. (ID# 14-70058)
See http://www.infosecurity-magazine.com/news/london-teenager-pleads-guilty/.

"Sony hack a 'serious national security matter': White House", Security Week, 18 December 2014. The recent cyber-attack carried out on Sony Pictures has escalated, with Sony making the decision to cancel release of "The Interview", a satirical film depicting the death of North Korean leader Kim Jong-Un. Following threats to attack cinemas that screened the film, Sony's decision to cancel release sets a "dangerous precedent". (ID# 14-70059)
See http://www.securityweek.com/sony-hack-serious-national-security-matter-white-house.

"Quantum physics behind 'unhackable' security authentication", SC Magazine UK, 17 December 2014. Researchers from universities in Twente and Eindhoven, Netherlands, propose Quantum Secure Authentication (QSA), an unclonable and unhackable authentication method using nanoparticles and photons on credit cards to create a unique, dynamic pattern. (ID# 14-70060)
See http://www.scmagazineuk.com/quantum-physics-behind-unhackable-security-authentication/article/388770/.

"Oslo mobiles eavesdropped", SC Magazine UK, 17 December 2014. Up to PS200,000 worth of mobile phone surveillance equipment has been discovered near Norwegian parliamentary and government buildings in Oslo. The discovered IMSI-catchers can rapidly register several hundred mobile numbers, which can then be eavesdropped upon. (ID# 14-70061)
See http://www.scmagazineuk.com/oslo-mobiles-eavesdropped/article/388765/.

"DoD prioritizes tech transfer to trusted Asian allies", FCW, 17 December 2014. The United States DoD has embarked on a security initiative to securely transport US defense technology to Asian ally countries, emphasizing "share what we can, protect what we must". South Korea, Japan, Australia, New Zealand, and Singapore hold friendly technology trade relations with the US. (ID# 14-70062)
See http://fcw.com/articles/2014/12/17/dod-tech-transfer.aspx.

"Mobile Threat Monday: Android apps hide windows malware", PC Magazine Security Watch, 15 December 2014. Ramnit Trojan-infected apps were available on Google Play Store, hiding malicious HTML files masquerading as About pages for the apps. The so-called Ramnit malware specifically targets the home Windows machine, and though uses Android devices as vehicles, do not damage them. (ID# 14-70063)
See http://securitywatch.pcmag.com/mobile-security/330363-mobile-threat-monday-android-apps-hide-windows-malware.

"North Korea under the spotlight for Sony hack", Infosecurity Magazine, 1 December 2014. Sony Pictures Entertainment was forced to shut down its corporate network and restrict access to company e-mail last week, when employees reported seeing an unauthorized message. The company suspects North Korean adversaries behind the attacks; the breach happens to coincide with the release of The Interview, a satirical film centered around deposing Kim Jong-un. (ID# 14-70064)
See http://www.infosecurity-magazine.com/news/north-korea-under-the-spotlight/

"Bing and Yahoo respond to 'right to be forgotten' requests", ZDNet Europe, 1 December 2014. Microsoft and Yahoo are complying with European user requests to stop returning search results for their names, particularly if the delivered links point to information that is out of date or excessive. (ID# 14-70065)
See http://www.zdnet.com/article/bing-and-yahoo-respond-to-right-to-be-forgotten-requests/.

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---

US News

---

"Drupal Admins:Assume Systems Have Been Compromised", Infosecurity Magazine, 30 October 2014. Content Management System (CMS) provider Drupal released a highly critical public service announcement warning that website admins that did install the patch for a SQLi flaw within 7 hours of its announcement should assume their site was compromised. Drupal warns that "applying the patch fixes the vulnerability but does not fix an already compromised website", and that attacks may not have left behind any evidence. (ID: 14-50176)
See http://www.infosecurity-magazine.com/news/drupal-assume-systems-compromised/

"Tor Node Red-Flagged for Slinging Malware", Infosecurity Magazine, 30 October 2014. The Tor Project announced the discovery of a malicious exit node, or "BadExit", that attempts to insert malware into binary files that TOR users download while using the anonymous browser. Though TOR guarantees anonymity, this event is seen by some, such as James Fox of KPMG, as an example that "anonymity online doesnit guarantee security". (ID: 14-50177)
See http://www.infosecurity-magazine.com/news/tor-node-red-flagged-for-malware/

"Microsoft Xbox Live back up, Sony PlayStation Network still down", Reuters, 26 December 2014. Hacking group "Lizard Squad" has claimed responsibility for interruptions of both Sony's PlayStation Network and Microsoft's Xbox Live. Though Xbox live was back up by Friday (with the exception of limited problems with third-party apps), the PlayStation Network remains down as of the 26th. The increase in business of the video game industry during the holiday season makes an interruption on Christmas day especially detrimental. (ID: 14-50179)
See http://www.reuters.com/article/2014/12/26/us-xbox-playstation-cybercrime-idUSKBN0K30RU20141226

"South Korea official says cannot rule out North's hand in hack of nuclear operator", Reuters, 23 December 2014. Following the hacking of and theft from Korea Hydro and Nuclear Power Co Ltd (KHNP), South Korean officials claim that North Korea has not been ruled out as a culprit. During the attack, which occurred on December 22nd, only non-critical data was stolen, and operations were not at risk. South Korea has requested the help of the U.S. in its investigation of the attacks, which "bore some similarities to previous cyberattacks in which North Korea has been involved." (ID: 14-50180)
See http://www.reuters.com/article/2014/12/23/us-southkorea-cybersecurity-usa-idUSKBN0K100D20141223

"Obama vows U.S. response to North Korea over Sony cyber attack", Reuters, 19 December 2014. President Obama has promised a U.S. response to the cyber attack of Sony Pictures over the movie "The Dictator", which depicts the assassination of Kim Jong Un. According to the President, Sony should not have given into the demands of the hackers in pulling the movie from theatres, calling it an instance of "a foreign dictator imposing censorship in America."(ID: 14-50181)
See http://www.reuters.com/article/2014/12/19/us-sony-cybersecurity-usa-idUSKBN0JX1MH20141219

"If South Koreais nuclear plant staff are vulnerable, then so are the reactors", Homeland Security News Wire, 24 December 2014. With increasing amounts of infrastructure connected to the internet, cyberattacks are shaping up to be an easy and cheap alternative to conventional ways of attacking enemies. When a South Korean nuclear plant was hacked (supposedly by North Korea), files were stolen that "reveal the role of the human operators in running the reactor", which is not good news considering that it is often the human factor that is often the weakest link in a cyber defense. (ID: 14-50182)
See http://www.homelandsecuritynewswire.com/dr20141224-if-south-korea-s-nuclear-plant-staff-are-vulnerable-then-so-are-the-reactors

"Obama signs five cybersecurity measures into law", Homeland Security Newswire, 23 December 2014. In the week leading up the Christmas, President Obama signed five pieces of cyber legislation: the Homeland Security Workforce Assessment Act, the Cybersecurity Workforce Assessment Act, the National Cybersecurity Protection Act (NCPA), and the Cybersecurity Enhancement Act, and the Federal Information Security Modernization Act (FISMA). A significant piece of cyber legislation has not become law since FISMA (Federal Information Security Management Act, at the time) in 2002 under President George Bush. (ID: 14-50183)
See http://www.homelandsecuritynewswire.com/dr20141223-obama-signs-five-cybersecurity-measures-into-law

"2008 Turkish oil pipeline explosion may have been Stuxnet precursor", Homeland Security Newswire, 17 December 2014. In 2008, an oil pipeline in Turkey exploded, and was later determined to be the result of human error and mechanical failure. However, Western intelligence services deduced that it was an early, Stuxnet-like cyber attack that caused the pipeline to build pressure and explode. Though the Kurdistan Workersi Party (PKK) claimed responsibility, experts doubt their technological capabilities and suspect that the sophisticated attack might have been state-sponsored. (ID: 14-50184)
See http://www.homelandsecuritynewswire.com/dr20141217-2008-turkish-oil-pipeline-explosion-may-have-been-stuxnet-precursor

"Quantum physics makes fraud-proof credit cards possible", Homeland Security Newswire, 16 December 2014. As financial transactions are becoming more common in the digital world, keeping sensitive personal data safe is becoming increasingly challenging. Dutch researchers have been able to create an unbreakable key and authentication system which is based on quantum physics. Quantum-Secure Authentication, as it is known, uses a kind of "question-and-answer" exchange that cannot be copied or replicated, thanks to the principle of quantum uncertainty, as displayed by photons. (ID: 14-50185)
See http://www.homelandsecuritynewswire.com/dr20141216-quantum-physics-makes-fraudproof-credit-cards-possible

"Turla Trojan Unearthed on Linux", TechNewsWorld, 09 December 2014. Kaspersky Labs has found new variants of Turla -- a Trojan that has been found exclusively in Windows machines in the past -- in Linux systems. As with its predecessors, Linux Turla is very stealthy, requiring no elevated privileges and being undetectable by the command-line tool "netstat". Turla is suspected to be Russian in origin, and has built-in protective measures that make it hard to reverse-engineer. (ID: 14-50186)
See http://www.technewsworld.com/story/81460.html

"The Sony Breach Carries Broad Implications Surrounding National Security", Forbes, 19 December 2014. The recent Sony breach carries hefty national security implications, considering the international level at which it took place. David Parnell interviews Roberta D. Anderson, co-founder of the K&L Gates LLP global Cyber Law and Cybersecurity practice group. (ID: 14-50187)
See http://www.forbes.com/sites/davidparnell/2014/12/19/the-sony-breach-carries-broad-implications-surrounding-national-security/?ss=Security

"What Do Security Professionals Think Sony Should Have Done Differently?", Forbes, 26 December 2014. In the wake of the most recent Sony cyber breach, many security professionals are questioning the competence of Sony's cyber defensive strategy, as well as an inability to learn from past mistakes. Sony is accused by some of not taking necessary precautions, such as proper password encryption, infrastructure defense tools, and of not having a strong response plan. (ID: 14-50188)
See http://www.forbes.com/sites/quora/2014/12/26/what-do-security-professionals-think-sony-should-have-done-differently/?ss=Security

"Backoff POS Malware Vets Targets via Surveillance Cameras", InfoSecurity Magazine, 23 December 2014. The notorious "Backoff" POS malware is not unusual in that it targets payment card information on point-of-sale devices, but RSA researchers have discovered that Backoff infections often correlate with attacks on security camera networks. The hackers use security cameras to determine if a machine that has been breached actually belongs to a business, or is just an RDP service on a personal computer. (ID: 14-50189)
See http://www.infosecurity-magazine.com/news/backoff-vets-targets-via/

"Staples Confirms Breach, 1.2Mn Cards Affected", InfoSecurity Magazine, 22 December 2014. Retail store Staples has confirmed that is was the victim of yet another high-profile data breach, with around 1.2 million payment card credentials stolen from 115 affected stores. Staples initially contacted law enforcement in October regarding a suspected breach. In the month or so that it was active, POS malware was able to steal "cardholder names, payment card numbers, expiration dates and card verification codesoeverything needed to carry out online fraud." (ID: 14-50190)
See http://www.infosecurity-magazine.com/news/staples-confirms-breach-12mn-cards/

"ISIS Likely Behind Cyber-attack Unmasking Syrian Rebels", InfoSecurity Magazine, 20 Dec 2014. ISIS is suspected to have been behind an "unmasking attack" on Raqqah is being Slaughtered Silently (RSS), a Syrian group that is advcating against human rights abuses in the ISIS-held town of Ar-Raqqah. The attackers used a "spearfishing" email, which provided a link that downloaded malware on to the victim's computer, and in turn emailed the victim's IP address to the attacker. (ID: 14-50191)
See http://www.infosecurity-magazine.com/news/isis-likely-behind-cyberattack/

"Garden-variety DDoS attack knocks North Korea off the Internet", Computerworld, 23 December 2014. The entirety of North Korea's internet went down on Monday the 22nd after a presumed DDoS attack. With a mere 1024 IP addresses, North Korea's "pipeline" to the internet is so small and weak that such an attack is not "difficult from a resource or technical standpoint", according to security researcher Ofer Gayer. Though it is possible for a DDoS attack to be carried out by an individual, many believe this attack may have been state-sponsored. (ID: 14-50192)
See http://www.computerworld.com/article/2862652/garden-variety-ddos-attack-knocks-north-korea-off-the-internet.html

---

Note:

Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to SoS.Project (at) SecureDataBank.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.

---