BF-SIRT Newsletter 2016-25

The top stories from this week consist of stories such as Let’s Encrypt celebrates big HTTPS milestone, and that firm pays $950,000 penalty for using Wi-Fi signals to secretly track phone users. You can also read a story about 5 tips for staying cyber-secure on your summer vacation, and that it’s not all about ransomware – keyloggers are still alive and well.

And did you know that Facebook CEO tapes over his webcam. Maybe you should do the same?

Top 5 Security links
AirPort owners: Apple’s patched a mystery vulnerability
Bitcoin rival Ethereum fights for its survival after $50 million heist
Google Simplifies two-step verification
Patched libarchive vulnerabilities have big reach
Microsoft rolls out new data classification and security Service

Top 5 Business Intelligence links
How to educate healthcare employees to stop ransomware
CEO salaries should be linked to their firm’s cyber security, says UK parliament
Consumer security vs user experience in a mobile world
Make your company too expensive to hack
Majority of SMBs would not pay ransomware attackers

BF-SIRT Newsletter 2016-24

The top stories from this week consist of stories such as CrowdStrikes analysis and identification of two Russian intelligence adversaries present in the American Democratic National Committee (DNC) network, and a black market is selling access to government servers for 6$.

You can also read a story about the zero-day flaw in Adobe Flash being actively exploited by the cyberespionage group ScarCruft, and how a German university student used typosquatting in programming language package managers to get code run on military and government machines.

Top 5 Security links
North Korea mounts long-running attack on South Korea
Support forum company suffers data breach of 45 million accounts
the iMesh data breach, leaking information on 51 million accounts
White hats have found more than 100 vulnerabilities in Pentagon infrastructure
SS7 allows Facebook account compromise using phone number

Top 5 Business Intelligence links
Symantec acquiring BlueCoat
Mossack Fonseca worker arrested in Switzerland
Microsoft secretly adds snooping codes in Visual Studio 2015, claim debugging feature
How to prevent data from leaving with a departing employee
Companies pay out billions to fake CEO email scams

BF-SIRT Newsletter 2016-23

The top stories from this week consist of stories such as how the decline in Cyber Attacks against banks is bad for everyone else, and that 100 million credentials from ‘Russia’s Facebook’ go on sale.You can also read a story about the hacking of the Mitsubishi Outlander PHEV hybrid, and that ransomware dominates the threat landscape.
Following up last week’s stories, there is a new report on security vulnerabilities in the PC initialization/update process, and TeamViewer confirms number of abused user accounts is “significant”, but continues to maintain that the compromises are the result of external password breaches.

Top 5 Security links
Facebook Patches Vulnerability in Messenger App
Firefox 47 fixes 13 vulnerabilities, boosts YouTube playback, HTML5 support
Millions Of Systems Worldwide Found Exposed On The Public Internet
RIP ROP: Intel’s cunning plot to kill stack-hopping exploits at CPU level
Windows BITS ‘Notification’ Feature Used to Deliver Malware

Top 5 Business Intelligence links
China pledges tighter privacy as it centralizes personal health data
In 2016, Is There a Safe Way to Transmit Confidential Data and Documents?
Ransomware adopting self-replication
SWIFT threatens to give insecure banks a slap if they don’t shape up
Top 5 Items for Sale on the Dark Web, and What Businesses Can Learn From Them

BF-SIRT Newsletter 2016-22

The top stories from this week consist of stories such as how preloaded OEM software update tools is riddled with security flaws, and that TeamViewers users are experiencing unauthorized remote control.
You can also read a story about an alleged 0-day Windows exploit for sale at $90,000, and that DDOS prices are plunging.

Top 5 Security links
KeePass Password Safe update check vulnerable to MITM, wont fix
Google pays $65k to shutter 23 Chrome bugs
427 million MySpace passwords leaked
65 million Tumblr passwords leaked
Mobile malware uses API and legitimate, open source projects to bypass Android security

Top 5 Business Intelligence links
93% of all phishing emails are now ransomware
50 bank heist hackers arrested in Russia
Data thieves are increasingly resorting to intimidation and extortion
Ransomware campaign managers make $90k annually
Corporates can learn from criminals and spies – OPSEC