Topics

61

Technology News / Oxford and Cambridge club members face hard disk theft

« on: November 28, 2017, 09:34:05 AM »

Members of an exclusive club restricted to selected graduates of Oxford and Cambridge universities are being warned that computer data containing their personal details is feared stolen.

The Sunday Telegraph reported that the club believed a "back-up" hard drive had been taken from a locked room inside its London headquarters.

The information stored on it is said to include names, home addresses, phone numbers and some bank details.

The 5,000 members include Stephen Fry.

A spokeswoman from the club told the BBC that the "article in the Sunday Telegraph accurately reports what has happened".

She added: "An investigation is continuing, but I can't add anything else at this time."

The newspaper said the suspected theft had been discovered on 16 November.

It said both the police and the members had been notified, and that private investigators had been hired.

A spokesman for the Metropolitan Police was unable to provide any other information.

Although the Duke of Edinburgh and Prince of Wales are honorary members of the club, data about them has not been exposed, according to the Telegraph.

However, it added that Lord Rees - one of the country's leading astrophysicists - is among those thought to be affected.

The UK's Information Commissioner's Office states that organisations must take "appropriate" security measures to protect personal data and consider notifying the individuals concerned if there is a breach.

"We have been made aware of an incident involving the Oxford and Cambridge Club and are making enquiries," the watchdog told the BBC.

Among the advice it gives is to use encryption as well as to ensure quality doors and locks are used.

The club has not disclosed what measures it had taken.
source:bbc news

62

Control Cyber security Risks / YouTube investigates 'disturbing' autofill results

« on: November 28, 2017, 08:59:18 AM »

YouTube has changed the way its autofill feature works after reports that some word combinations brought up paedophilic phrases.

Over the weekend many people reported that typing "how to have" would be completed with several variations on "s*x with your kids".

Other searches produced responses that also used the asterisked "s*x" word.

Some speculated that an attempt to troll YouTube results was responsible for making the phrases appear.
Predatory comments

"Earlier today our teams were alerted to this profoundly disturbing autocomplete result and we worked to quickly remove it as soon as we were made aware," said a YouTube spokeswoman.

"We are investigating this matter to determine what was behind the appearance of this autocompletion," she added.

YouTube has not yet given an explanation of why the phrase "how to have s*x with your kids" was suddenly being so widely suggested.

Tony Stower, a policy and public affairs manager from the NSPCC, said YouTube should have done better.

"Social networks used by millions of children should never suggest dangerous or illegal content," he said. "It is not good enough for problems like this to go unaddressed until media coverage brings it to the attention of sites like YouTube."

Mr Stower said an amendment to a forthcoming UK bill covering data protection could mean all social networks have to put in place systems that try to keep people safe.

He said the NSPCC was urging politicians to back the bill when it comes up for a vote.

Charlie Warzel, writing on Buzzfeed, suggested that the use of the asterisk replacing the "e" in the word "sex" across lots of different searches suggested deliberate action was behind it.

"The results are very specific and could be the result of a co-ordinated campaign to game the algorithm," he said.

This could have been an attempt to populate YouTube with search results that embarrass the site, he said.

None of the videos that the "how to have" results linked to showed abuse of children.

The disturbing results came after a week in which YouTube was widely criticised for not doing enough to stop sexual predators targeting young users of the site.

Big brands including Mars, Lidl and Adidas pulled adverts from YouTube after investigations by the BBC and The Times found tens of thousands of predatory accounts being used to leave explicit comments on children's videos.
Source:bbc news

63

History & Latest Cyber crime / ackers hired by NHS

« on: November 28, 2017, 08:56:16 AM »

The NHS is to spend £20 million on a central cybersecurity unit that will use “ethical hackers” to probe for weakness in health service defences.

Health chiefs say they will monitor the internet for emerging threats with a beefed-up data security team to help hospitals in danger of being hacked, rather than wait for services to be hit.

The unit will be part of efforts to avoid a repeat of the Wannacry attack that disrupted a third of England’s hospitals in May and led to criticism of a disjointed NHS respose
Source:IT SEcurity

64

Software Engineering / Tech Tent: Tencent and electric bikes

« on: November 27, 2017, 11:56:46 AM »

China's social media superpower

Anyone who has been paying attention over recent years will have noticed Facebook becoming one of the world's most powerful and valuable companies, with an extraordinary and sometimes malign impact on the way we live.

But in the West at least far fewer people will have noticed the rise of Tencent. Yet this week, for a while, the Chinese tech giant surpassed the valuation of Facebook as investors reacted to another sparkling set of results.

I first came across the company five years ago when it set up a major operation in London to cover the 2012 Olympics for its vast social media audience. It was already clear that this was a company doing more innovative things with its platforms than the American social media platforms could manage.

Since then it has continued to expand into new territories and markets - just this week it brought its WeChat Pay service to both Malaysia and the UK.

Kitty Fok, managing director of research firm IDC China, tells us that social media isn't even Tencent's most lucrative business now. It comes in second after its gaming division which owns League of Legends maker Riot Games and most of Supercell, the firm behind Clash of Clans.

"Compared to Facebook which has the majority of its income coming from ads, Tencent provides a lot more variety of services to the market," she says. "And we're expecting it to diversify even more."
Image caption The WeChat service is now on show in London's V&A museum

Source:bbc news

65

Internet Risk / Warnings over net-connected Christmas gadgets

« on: November 27, 2017, 11:53:52 AM »

Net-connected toys and gadgets bought as Christmas gifts could put the privacy and safety of children at risk, warns the UK's data regulator.

Many toys have poor security, easy to guess passwords and cannot be updated to fix bugs, said deputy information commissioner Steve Wood.

Some are so poorly protected that they could be used by hackers as a route into a home network, he said.

He urged parents to take care when buying the smart devices.
Buying power

"You wouldn't knowingly give a child a dangerous toy, so why risk buying them something that could be easily hacked into by strangers?" said Mr Wood.

Anyone thinking about buying a connected toy or device should research it carefully, he said, to find out if it has a good or bad reputation when it comes to protecting the data it will handle.

Parents should ideally try out any gadget and familiarise themselves with privacy settings before wrapping it for Christmas Day, he added.

The pre-gift check should give parents a chance to change default usernames and passwords to stronger alternatives. It could also be a chance to turn off any remote viewing options on those devices and toys that sport a camera.

Parents should also vote with their wallet and avoid connected devices or wearables that have earned a reputation for leaking or losing data.

"If consumers reject products that won't protect them, then developers and retailers should soon get the message," he said.
Spying devices

Nick Viney, from security firm McAfee, said: "People must realise the value of their data to cybercriminals and not ignore the risks of being connected until it's too late.

"After families rip open their presents next month, they must take a moment to consider whether they're adequately protected."

Mr Wood's warning comes soon after a German regulator banned some smartwatches aimed at children.

The country's Federal Network Agency branded watches that can be used to track children as spying devices. The Agency said the watches broke strict surveillance laws.

Also, in mid-November, consumer advisers Which? issued a warning about the security risks of several net-connected toys. It wrote to retailers to ask them to stop stocking the toys and said many could be used as spying devices.

Source:BBC news

66

Security / Iranian Military Hacker Indicted for HBO Hack

« on: November 25, 2017, 10:57:40 AM »

The US DoJ has identified and indicted Iranian national, Behzad Mesri, in relation to this years HBO hack.

Source: IT security GURU

67

Security / MuddyWater Hackers Target Middle East

« on: November 25, 2017, 10:56:40 AM »

Saudi Arabia recently reportedly confirmed that the nation had been targeted with cybertattacks since February.
An unknown hacker group has been targeting Middle Eastern countries as well as others such as India, Pakistan, US and Georgia as part of what appears to be a massive cyber-espionage campaign. On Monday (20 November), the Saudi Arabian government's national cyber security center reportedly confirmed that the kingdom had been targeted by hackers since February.

The hacker group, dubbed MuddyWater, used fake documents, purporting to be from the NSA, Russian cybersecurity firm Kasperksy and the Iraqi government, among others, to trick victims into clicking on malicious documents. Security experts at Palo Alto Networks, who uncovered the campaign, said that the hackers are making use of a PowerShell-based first-stage backdoor called "POWERSTATS".
"The malicious documents were adjusted according to the target regions, often using the logos of branches of local government, prompting the users to bypass security controls and enable macros," Palo Alto Networks' Unit 42 security researchers said in a report.

The researchers said that the MuddyWater hacker group has been active throughout the year and apart from Saudi Arabia, has also targeted the UAE, Iraq, Israel and Turkey. The researchers noted that in some cases they found that the hackers had managed to have gained control of compromised accounts at third-party organisations. The hackers then used these compromised accounts to steal a legitimate document and create a malicious mimic to send it to a target.
For more details please visit:  http://www.ibtimes.co.uk/muddywater-hackers-target-middle-eastern-nations-using-fake-nsa-kaspersky-documents-1648228

68

Teaching & Research Forum / Russian Fancy Bear hackers' UK link revealed

« on: November 25, 2017, 10:52:31 AM »

When Russia's most notorious hackers hired servers from a UK-registered company, they left a trove of clues behind, the BBC has discovered.

The hackers used the computers to attack the German parliament, hijack traffic meant for a Nigerian government website and target Apple devices.

The company, Crookservers, had claimed to be based in Oldham for a time.

It says it acted swiftly to eject the hacking team - dubbed Fancy Bear - as soon as it learned of the problem.

Technical and financial records from Crookservers seen by the BBC suggest Fancy Bear had access to significant funds and made use of online financial services, some of which were later closed in anti-money laundering operations.

Fancy Bear - also known as APT28, Sofacy, Iron Twilight and Pawn Storm - has been linked to Russian intelligence.
For more detail please visit bbc.

69

Control Cyber security Risks / Vancouver driver had phone and tablet tied to steering wheel

« on: November 22, 2017, 12:25:04 PM »

Vancouver driver had phone and tablet tied to steering wheel

A Canadian man took distracted driving to a new level by setting up his own entertainment system on his steering wheel with string.

He was caught when a traffic officer spotted him wearing headphones and noticed a tablet and mobile phone attached to the wheel.

The Vancouver Police Department's traffic unit sent out an image of the setup on social media.

Police had "a lengthy conversation about road safety" with the driver.

"Just when I think I've seen everything, a photo like this is captured by one of our officers," said Vancouver Constable Jason Doucette.

Earlier this month Vancouver police fined a driver who pulled up beside two officers while playing Pokémon Go.

source:BBC news

70

History & Latest Cyber crime / Keystroke record

« on: November 22, 2017, 12:22:00 PM »

More than 480 web firms record 'every keystroke'
Hundreds of web firms are tracking every single keystroke made by visitors, a study from Princeton University has suggested.

The technique - known as session replay - is used by companies to gain an understanding of how customers use websites.

More than 480 websites used the technique, according to the study.

Experts questioned the legality of using such software without user consent.

"These scripts record your keystrokes, mouse movements, and scrolling behaviour, along with the entire contents of the pages you visit, and send them to third-party servers," the researchers said in a blog.

"Collection of page content by third-party replay scripts may cause sensitive information such as medical conditions, credit card details and other personal information displayed on a page to leak to the third party as part of the recording. This may expose users to identity theft, online scams, and other unwanted behaviour," they added.

The researchers looked at seven firms that offer session replay software - FullStory, SessionCam, Clicktale, Smartlook, UserReplay, Hotjar and Yandex.

They found that 482 of the world's top 50,000 sites used scripts provided by one of these firms.

Firms using the software included the UK's news website the Telegraph, Samsung, Reuters, US retail giant Home Depot and CBS News.

Paul Edon, director at security firm Tripwire said: "The first area of concerns here is the legality of recording people's keystrokes without first informing them of the fact.

"If these websites do not alert the user to the fact that they are recording keystrokes, then I would class this under 'nefarious activity' as it is being less than honest, and the information is being collected without the user's knowledge."

71

History & Latest Cyber crime / Dat breach of Uber

« on: November 22, 2017, 12:20:03 PM »

Uber concealed huge data breach

More than 57 million customers and drivers hit by data breach the ride-sharing firm kept secret.

    For more details please visit http://www.bbc.com/news/technology-42075306

72

Software Engineering / Most businesses to invest in artificial intelligence by 2020

« on: November 22, 2017, 11:55:03 AM »

Eighty-five per cent of senior executives plan to invest in artificial intelligence (AI) and the Internet of Things (IoT) by 2020, according to a new survey of UK digital leaders by Deloitte.
The findings come from the first edition of a new regular report from Deloitte, the Digital Disruption Index. The index will track investment in digital technologies and create a detailed picture of their impact on the largest and most influential business and public sector bodies. The first edition includes responses from 51 organisations with a combined market value of £229bn.

Over half of survey respondents expect that by 2020, they will invest more than £10 million in digital technologies and ways of working – such as AI, cloud, robotics, blockchain, analytics, the IoT, and virtual and augmented reality. Seventy-three per cent say they will invest in robotics, 63 per cent in augmented and virtual reality, 62 per cent in wearables, 54 per cent in biometrics (such as voice and finger recognition), and 43 per cent in blockchain.

This year alone, 30 per cent of UK organisations will invest more than £10 million in these technologies. But when compared with corporate IT budgets this represents a rather modest amount of investment. According to separate Deloitte research, the majority of IT functions have budgets of over £20 million, while a quarter of corporate IT functions spend more than £75 million annually.

As a likely consequence, at this stage only nine per cent of executives believe that UK companies are world leading at exploring and implementing digital technologies and ways of working.

73

Software Engineering / Hackers steal $30.95 Million of Bitcoin from Tether

« on: November 22, 2017, 11:47:32 AM »

In an official statement posted on its website yesterday, Tether, a startup that offers 1-to-1 dollar-backed digital tokens [USDT], said a hacker stole funds worth $30,950,010.

Tether claims the hack took place on Sunday, November 19, and the hacker removed funds from the main Tether Treasury wallet and moved it to the 16tg2RJuEPtZooy18Wxn2me2RhUdC94N7r address.

"As Tether is the issuer of the USDT managed asset, we will not redeem any of the stolen tokens, and we are in the process of attempting token recovery to prevent them from entering the broader ecosystem," the company said.
Tether preparing hard fork

This "process of attempting token recovery" is a hard fork of the underlying Omni Layer protocol that powers the USDT tokens.

If successful, the hard fork will return the stolen funds into the Tether Treasury wallet. The hard fork will work similarly to a time machine, reversing the hack.

This method of dealing with the Tether hack is similar to the solution used by the Ether team to recoup after the infamous DAO hack in the summer of 2016 when an attacker stole $150 million from almost 11,000 investors.

The Tether team said it is still investigating the source of the hack and has nothing to add at this moment. "The Tether Reserve remains in surplus of the 1:1 backing of USDT and has more than the necessary currency on deposit to redeem all existing tethers," the team added.
Tether is world's 19th most popular cryptocurrency

According to Coinmarketcap.com, Tether is ranked as the 19th most valuable cryptocurrency, with a market capitalization of $674 million.

The company said it issued over $300 million worth of USDT (1-to-1 dollar-backed tokens) in the last week alone.

USDT is accepted on a large number of cryptocurrency exchanges —16 at the time of writing— and is used to trade against Bitcoin, Bitcoin Cash, NEO, Ethereum, Litecoin, Dash, and OMG.

Bitcoin price dropped 5.5% after the Tether announcement. Bitcoin had reached a new all-time high yesterday, being traded at roughly $8,120 before the Tether hack announcement.
By Catalin Cimpanu

74

Evening Program (FSIT) / Japanese companies hit by month long ransomware attacks

« on: November 20, 2017, 03:27:52 PM »

ONI goes phishing

It all started when security firm Cybereason analyzed some computers that were infected with a ransomware called ONI. This ransomware has been analyzed before, but it was not understood how the ONI victims were being infected. After analysis by Cybereason researchers, it was discovered that the infected computers had also been previously targeted by a spear phishing campaign that installs a RAT, or Remote Access Trojan, on the victim's computer.

These phishing emails pretend to be receipts that contain a zip attachment with a malicious Word document inside it. When a user opens the document and enables macros, a VBScript script will be launched that downloads and install a copy of the Ammyy Admin RAT onto the infected computer.

By Lawrence Abrams

75

Textile Engineering / Vectra 2018 Cyber Security predictions

« on: November 20, 2017, 03:25:46 PM »

    Ransomware attack trends will split based on motives

Ransomware as a disruptive or destructive attack will increase. Cyber warcraft is the new oil – in essence, total control of corporate networks or industrial plants have become as valuable as energy resources and motivate nation states. However, we will see a decrease in ransomware purely for financial gain as fewer victims pay up.

North Korea will continue to use cyber-attacks to gain access to much-needed hard currency. North Korea showed the world their cyber skills when hackers successfully stole $81 million from New York Federal Reserve in 2016 and when hackers launched the WannaCry attack on the NHS in May 2017. Although, the hackers intended to get away with $1 billion in the New York Federal Reserve attack, $81 million is still a significant loss. The army of hackers is 6,000 strong, demonstrating that the country poses a devastating threat to any targets it chooses. Further, North Korea’s lack of electronic infrastructure makes it less susceptible to retaliatory cyberattacks than most nations. Even more concerning, the lines between nation state cyberwarfare and cybercrime will become increasingly blurred.

Posted by: Dean Alvarez November 14, 2017   in THIS WEEK’S GURUS