This Week in Security News: Trojans and Cyber Hacks
Credit to Author: Jon Clay| Date: Fri, 26 Jan 2018 14:00:47 +0000
Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Read on for the latest on trojanized malware, smart phone hacks, and cybersecurity legislation.
Dark Caracal Group Revealed: Group Used Trojanized Android Apps to Steal Data
Electronic Frontier Foundation identified a hacking group dubbed as Dark Caracal as the perpetrators behind cyberattacks that affected thousands of victims from over 20 countries.
Since they emerged back in 2007, these threat actors have managed to pull off some of the most notable and devastating targeted attacks—such as the widely-reported 2014 Sony hack—in recent history.
Tech firms let Russia probe software widely used by U.S. government
A Reuters review of hundreds of U.S. federal procurement documents and Russian regulatory records shows that the potential risks to the U.S. government from Russian source code reviews are more widespread.
Bug Allows Attackers to Bypass Uber’s Two-Factor Authentication System
Security researcher Karan Saini discovered a bug that allows an attacker to bypass the Uber app’s two-factor authentication feature.
OnePlus confirms up to 40,000 customers were impacted by credit card hack
The smartphone maker confirmed through its online forum that upwards of 40,000 customers may have had their numbers exposed to hackers.
Do You Have What it Takes to Protect Yourself from Phishing Attacks?
Phishing attacks used to be relatively simple to fend off. Cybercriminals used to send off their email messages without bothering to clean up telltale spelling and grammar mistakes or even making the sender’s address or name look believable.
How Containers & Serverless Computing Transform Attacker Methodologies
The pace of hacker innovation never slows. Now security technologies and methods must adapt with equal urgency. In technology, as in life, the only constant is change. As systems undergo innovation, so do the ways people attack them, adapting their methodologies in tandem with their motives to stay ahead of the curve and maximize returns.
HQ, The World’s Most Popular Trivia App, Just Got Hacked by a Bot
Over one million people tune in to play the quiz app daily, but no one has successfully hacked HQ in order to gain a significant advantage.
Bell Canada Massive Data Hack Means That Nearly 100,000 Canadians’ Phones Have Been Compromised
A Bell spokesperson confirmed that hackers have accessed account numbers, telephone numbers, email addresses and usernames, and have been taken from customers across the country.
How the private sector and US government can work together to defend against cyberattacks
Sharing information about cyberthreats that face both private corporations and the government can benefit both institutions, according to attorney and former CIA case officer Jack Rice.
How Secure Is Your Data When It’s Stored in the Cloud?
As cloud storage becomes more common, data security is an increasing concern. Companies and schools have been increasing their use of services like Google Drive for some time, and lots of individual users also store files on Dropbox, Box, Amazon Drive, Microsoft OneDrive and the like. They’re no doubt concerned about keeping their information private—and millions more users might store data online if they were more certain of its security.
Hacking nuclear systems is the ultimate cyber threat. Are we prepared?
Security experts say more hands-on demonstrations are needed to get the nuclear plant to think more creatively about growing cyber threats.
An Internet of Things ‘crime harvest’ is coming unless security problems are fixed
A senior police officer says IoT manufacturers must be held to account when their products open doors to new ways of committing crimes.
Colorado Legislature Considers Sweeping Privacy and Cybersecurity Legislation
Colorado legislators proposed legislation that, if enacted, would change the requirements for how Colorado entities protect, transfer, secure and dispose of documents containing personal information.
Pwn2Own Returns for 2018: Partners with Microsoft and Sponsored by Vmware
Now entering its second decade, the Pwn2Own
competition will be returning to Vancouver, BC, and the CanSecWest conference on March 14-16 of this year. From its humble beginnings to the 10th anniversary last year, the Pwn2Own contest has grown from a simple exhibition to one of the world’s most exclusive competitions for demonstrating practical attacks on the most up-to-date software and protections. This year’s event offers up to $2,000,000 USD in cash and prizes to security researchers who can successfully demonstrate their attacks in the various categories.
Did any of these stories surprise you? Let me know your thoughts below, or follow me on Twitter: @JonLClay.