In the News 2016 - Issue 7
SoS Newsletter- Advanced Book Block
 |
In the News |
This section features topical, current news items of interest to the international cybersecurity community. These articles and highlights were selected from various popular science and security magazines, newspapers, and online sources.
US News 
“Army Seeks to Use Cyber at Tactical Level,” FCW, 5 July 2016. [Online].
A pilot program from last year is giving the U.S. Army a good look at how it can protect its cyber space, as well as how it can use cyber capabilities to go on the offensive. The program integrated Army Cyber Command with several combat teams to test new cyber tactics. Several tests were conducted, including tasking one division with attacking a fictional enemy network.
See: https://fcw.com/articles/2016/07/05/army-cyber-tactical.aspx
“Wendy’s Breach Hit Over 1000 Stores,” Info Security Magazine, 8 July 2016. [Online].
What was thought to be a breach of roughly 300 locations has developed into a major incident now confirmed to have affected over 1000 Wendy’s restaurants. In a statement, Wendy’s confirmed that the data breach targeted cardholder names, debit and credit card numbers, expiration dates, verification values, and service codes. As compensation to all affected customers, Wendy’s is providing one year of “identity consultation.”
See: http://www.infosecurity-magazine.com/news/wendys-breach-hit-over-1000-stores/
“Obama Says U.S. Government Must Improve Cyber Security,” Reuters, 10 July 2016. [Online].
President Obama said that he believes there is room for improvement when it comes the government’s cyber security. He added that there have even been “hackers in the White House,” which should certainly raise some concerns. For a video of the President's comments, follow the link provided below.
See: http://www.reuters.com/article/us-usa-cybersecurity-obama-idUSKCN0ZQ0MN
“Keep smartphones backdoor free, urges cybersecurity expert Susan Landau,” Tech Republic, 11 July 2016. [Online].
The debate on whether or not backdoors should be created in smartphones for law enforcement still appears to be far from over; however, Susan Landau, professor of cybersecurity at Worcester Polytechnic Institute, believes the FBI went about it the right way when they cracked the iPhone belonging to one of the San Bernadino shooters without the need for a backdoor. She suggests Congress institute an “investigative center” to train FBI agents to be able to retrieve data when necessary, while still allowing companies to develop secure products.
See: http://www.techrepublic.com/article/keep-smartphones-backdoor-free-urges-cybersecurity-expert-susan-landau/
International News 
“Your Smartwatch Might be Giving Away Your Bank PIN, Say Scientists,” International Business Times, 7 July 2016. [Online].
A group of scientists from Bingham University in New York are claiming that they can use data from various wearable technologies combined with an algorithm they developed to correctly guess PINs and passwords. The scientists were able to track hand motion at “millimeter-level” by combining data from the devices’ accelerometers, gyroscopes, and magnetometers. After the data was passed through the team’s “Backward PIN-sequence Inference Algorithm,” the PIN was guessed correctly 90% of the time.
See: http://www.ibtimes.co.uk/smartwatches-fitness-trackers-can-give-away-your-bank-pin-scientists-warn-1569455
“Eleanor: Troubling New Mac OS X Malware Installs Backdoors, Steals Data and Hijacks Your Webcam,” International Business Times, 7 July 2016. [Online].
A new and particularly nasty piece of malware was discovered by researchers at BitDefender. The malware comes packed inside a fake version of the popular application EasyDoc Converter, meant to quickly change file formats to work with Microsoft Word. The malware allows the attacker to edit files, execute commands, run scripts, and also record videos or take photos, provided the machine has a built-in webcam. If you wish to download EasyDoc Converter, you can ensure you are getting the real thing by checking for Apple’s digital signature, which will only appear on the authentic version of the application.
See: http://www.ibtimes.co.uk/eleanor-troubling-new-mac-os-x-malware-installs-backdoors-steals-data-hijacks-your-webcam-1569503
“Poland’s No.2 Telecom Netia Says Suffered Cyber Attack,” Reuters, 8 July 2016. [Online].
Netia, Poland’s second largest telecommunications company has been breached according to a spokesperson. The attackers were able to take the company’s homepage offline as well as access customer information, including ID and bank account numbers. Netia announced that they will be in contact with every person who potentially had their information stolen. The company is currently investigating how exactly the attack was executed.
See: http://www.reuters.com/article/us-poland-netia-cybercrime-idUSKCN0ZO22K
“Facebook Testing ‘Secret Conversations’ End-to-End Encryption Feature for Messenger,” SC Magazine, 8 July 2016. [Online].
Facebook released a new feature for its Messenger application called “Secret Conversations.” The new feature boasts end-to-end encryption to ensure the user’s privacy. Facebook said that the update would improve the experience for users communicating about sensitive topics. “Secret Conversations” is launching as an optional feature, mainly because these messages will only exist on the device they originate from.
See: http://www.scmagazine.com/facebook-testing-secret-conversations-end-to-end-encryption-feature-for-messenger/article/508566/
“Datadog Chews on Data Breach, AWS User Credentials in Leak,” ZDNet, 11 July 2016. [Online].
Datadog announced that they were the victims of a data breach and as a result strongly recommended that users change their passwords immediately. Datadog said that they detected unauthorized access to several of their servers, some of which were used to store user credentials. The company said that they do not have confirmation as to what exactly was accessed or stolen, but preemptive measures should be taken just to be safe.
See: http://www.zdnet.com/article/datadog-chews-on-data-breach-aws-user-credentials-in-leak/
(ID#: 16-11368)
Note:
Articles listed on these pages have been found on publicly available internet pages and are cited with links to those pages. Some of the information included herein has been reprinted with permission from the authors or data repositories. Direct any requests via Email to news@scienceofsecurity.net for removal of the links or modifications to specific citations. Please include the ID# of the specific citation in your correspondence.