Cisco’s ruined Easter for netadmins by revealing three critical-rated flaws, with fixes landing today.
At the Chaos Communications Congress, experts come together to discuss the hottest topics concerning security, privacy, and human rights in the digital age. Naturally, the new European ePrivacy Regulation was on the agenda this year.
Welcome to the 30th edition of the Transatlantic Cable podcast. In this episode, Dave and I discuss a cryptocurrency that seems like it missed a huge naming opportunity, more calls to delete Facebook now, and a rocket man. For more details on the stories we discuss, please see the links below:
Promo As the global volume of data rises like an unstoppable tide, IT systems grow increasingly complex and sophisticated to accommodate it – yet cyber criminals constantly find ingenious new ways of stealing vital information or disrupting systems.
Recently, we renewed our countdown of the FBI’s 10 most wanted black-hat hackers. First up was Bezhad Mesri at number 10. He is accused of having compromised Home Box Office (HBO) employees’ emails and abused that access to steal data, extort the company for ransom, and leak the information online when he didn’t get his way.This week, we present No. 9 and No. 8: Viet Quoc Nguyen and nine individuals collectively known as the “JabberZeus” suspects.#9 – Viet Quoc NguyenBeginning around February 2009, Viet Quoc Nguyen a/k/a “Vandehiu” a/k/a “Peter Nguyen” partnered with Giang Hoang Vu a/k/a “Lee Vu” and others to defraud at least eight different email service providers (ESPs) and to send spam mail to numerous individual recipients.Nguyen and Vu’s malicious scheme began when they acquired crypters, covert monitoring tools, and malware. The two black-hat hackers then launched phishing email attacks against some of their targeted ESPs. Those campaigns delivered malware, thereby allowing Nguyen and Vu to access victimized employees’ computers in order to steal credentials for their employer’s systems.The stolen information laid the foundation for Nguyen and Vu to access the ESPs’ systems and steal confidential information including tens of millions of customers’ email addresses. In other cases, they abused that access to launch phishing attacks against other ESPs’ employees in order to infiltrate those companies’ systems. Sometimes they even leveraged the email addresses they stole to conduct spam mail campaigns leading to Nguyen’s affiliate-marketing websites.For his alleged crimes, a federal grand jury charged Nguyen with 29 counts including wire fraud, aggravated identity theft, and other offenses. It wasn’t long after that the United States District Court in the Northern District of Georgia in Atlanta, Georgia issued a federal warrant for his arrest on 3 October 2012.Nguyen is known to have resided in Deventer, Netherlands and Hanoi, Vietnam around the time that he is believed to have committed the crimes.#8 – The JabberZeus SuspectsIn 2012, the United States District Court for the District of Nebraska indicted nine individuals for having infected thousands of computers with the Zeus banking Trojan, malware which they used to steal millions of dollars from victims’ bank accounts.The charges against them include conspiracy to participate in a racketeering activity, conspiracy to commit computer fraud and identity theft, aggravated identity theft, and multiple counts of bank fraud.Those named in the indictment include the following:Vyacheslav Igorevich Penchukov, 32, of Ukraine, aka “tank” or father”Ivan Viktorvich Klepikov, 30, of Ukraine, aka “petr0vich” or “nowhere”Alexey Dmitrievich Bron, 26, of Ukraine, aka “thehead”Alexey Tikonov, of Russia, aka “kusanagi”Yevhen Kulibab, aka “jonni”Yuriy Konovalenko, aka “jtk0”John Doe #1, aka “lucky12345”John Doe #2, aka “aqua”John Doe #3, aka “mricq”Together, this cybercrime ring unlawfully installed the Zeus banking Trojan on victims’ computers, allowing them to steal usernames, passwords, and other information necessary for them to gain access to their victims’ banking accounts.By claiming they were employees of the victims and were authorized to manage their funds on their behalf, the JabberZeus suspects tricked a number of organizations, including a bank and a company based in Nebraska, into wiring more than $70 million to “money mules” based in the United States. These persons then forwarded some of the funds to the conspirators.In total, the JabberZeus suspects are believed to have successfully stolen or attempted to steal upwards of $220 million.While a number of individuals have been found, tried, and convicted, the scheme’s four masterminds—Penchukov, Klepikov, Bron and Tikonov—remain at large.
Facebook has announced its plans to expand its bug bounty program to include issues of app developers misusing users’ data.
Another Branch Prediction Attack
When Spectre and Meltdown were first announced earlier this year, pretty much everyone predicted that there would be many more attacks targeting branch prediction in microprocessors. Here’s another one:
The European Union has been warned to sort out data quality in its IT systems that manage asylum and migration, and improve efforts to ensure people know how to exercise their personal data rights.
Legacy technologies pose a threat to the European Union’s telecommunications infrastructure, a study by cybersecurity agency ENISA warns.
Neighbor is another startup with designs on your spare space. Not for letting to guests to bed down in, like Airbnb, but for self-storage. The 2017 founded, Salt Lake City based startup is announcing $2.5 million in seed funding today, raised from Peak Ventures and Pelion Ventures.
The world has been reeling in the wake of whistleblower revelations about how Cambridge Analytica, the notorious data analytics firm, used information from third party apps to compile profiles on 50 million Facebook users.
A recently discovered malware family written using the Golang (Go) programming language is targeting Linux servers and using a different binary for each attack, Talos warns.
The European Union (EU) adopted the General Data Protection Regulation or GDPR on April 2106 to keep personal data for EU citizens safe. In the wake of an increase in the number of malicious attacks that compromise businesses’ networks, it was high time government regulation stepped in to protect personal data.
Bram Cohen invented torrenting. Now he’s building a cryptocurrency called Chia that doesn’t waste electricity like Bitcoin, and top investors are lining up. Chia has just raised a $3.395 million seed round led by AngelList’s Naval Ravikant and joined by Andreessen Horowitz, Greylock and more. The money will help the startup build out its Chia coin and blockchain powered by proofs of space and time instead of Bitcoin’s energy-sucking proofs of work, which it plans to launch in Q1 2019.
A cyber attack can be as simple as an email that looks like it comes from your bank and includes an urgent link for you to click. When you take a close look at the email though you’ll see it isn’t real. Then if you hover your mouse over the link you’ll see that the web address looks fake, contains gibberish, or has names in it that aren’t associated with your bank. You may even find typos in the email or it could even look like it was written by someone whose second language is English.
Malicious crypto-miners have invaded the threat landscape over the past year, fueled by a massive increase in the value of crypto-currency.
Last month, I talked about the elegant beauty in offloading parts of your risk portfolio in four distinct ways.
A study from Vanderbilt University shows that remediating data breaches has a very real impact on mortality rates at hospitals.
Is there a solution that offers unified access management for systems such as Microsoft® Windows®, Linux®, and Mac®, regardless of if they are located on-prem or in the cloud? The short answer is yes – there is a modern cloud directory service that can not only manage access to systems, but to applications, files, and networks too. The longer answer is that the identity and access management (IAM) market has been searching for a unified access management solution that can securely manage and connect users to the IT resources they need, including systems, for a long time now. We’ll discuss the reasons why this is the case, but before we do that, we should outline what unified access management means.